1. Home
  2. Knowledge Base
  3. Applications
  4. Windows 10 Touch Screen Security Configuration Recommendations
  1. Home
  2. Knowledge Base
  3. Network Configuration & Security
  4. Windows 10 Touch Screen Security Configuration Recommendations

Windows 10 Touch Screen Security Configuration Recommendations

This document outlines the recommended Windows 10 configuration settings for instances where EngagePHD™ is installed on Windows 10 Media Player hardware not provided or imaged by Ping HD and used in Touch Screen applications.

The following sections are Ping HD’s recommendations; however, you/your customer may have your/their own corporate network security policies in place that must be taken into consideration and evaluated based on individual needs/concerns.



1) Local Area Network Setting

a) Create VLAN so that no other devices share the same LAN as the Media Player.
b) Create whitelist policies on the Firewall that only allows network traffic to:

  • engagephd.com – 146.20.125.30 (use of domain name is preferred, but IP address may change, Ping HD will notify in advance of any IP address changes)
  • pinghd.com – 146.20.125.29 (use of domain name is preferred, but IP address may change, Ping HD will notify in advance of any IP address changes)
  • *.teamviewer.com (this allows Ping HD support to remotely access the Media Player for support.
  • Ports 80, 443, 5938
  • Plus any other websites that might be required as part of 3rd party content, websites if re-directing from a touch screen application etc…

This will prevent anyone from browsing any unauthorized websites and viewing inappropriate content.

 

2) Windows 10 Settings

a) Fully update Windows 10 player for Security updates then disable Windows updates.

 

To disable:

  • Hold Windows Key + “R”
  • Type services.msc
  • Scroll all the way down to “Windows Updates
  • Right click then click “Properties
  • Under “General” Tab you will see “Startup Type”
  • Click and choose “Disabled
  • Click ok to close window.

b) Disable Edge Swipe (Group Policy Editor)

  • Hold Windows Key + “R”
  • Type gpedit.msc
  • Go To Computer Configuration / Administrative Templates / Windows Components / Edge UI
  • Double click on “Allow Edge Swipe” on right hand side
  • Choose disabled on left hand side and Click “Apply” and then “OK”

 

c) Disable Pinch and Zoom.

  • Open EngagePHD base.props by going to C:\EngagePHD\EngagePHD
  • Right click base.props and choose “Open With”
  • Choose Notepad
  • Add entry “–disable-pinch” (Without quotes)
  • Save and Exit

d) Disabling Action Center (Registry)

  • Hold Windows Key + “R”
  • Type regedit
  • Navigate HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
  • Right click on the empty space on the right side and select New – DWORD (32-bit)
  • Name it DisableNotificationCenter
  • Double click the entry and give it a value date of 1
  • Click ok
  • Close Registry.

e) Disabling Action Center (Group Policy Editor)

  • Hold Windows Key + “R”
  • Type gpedit.msc
  • Go to User Configuration / Administrative Templates / Start Menu / Taskbar
  • Double click on “Remove notifications and Action Center
  • Select “Enabled” and Click “Apply” and then “OK”

 

** We do have Registry Entries already created for Disabling the Edge Swipe and Disabling the Action Center**


3) EngagePHD Kiosk 

Install EngageKiosk (https://go.engagephd.com/EngageKiosk.zip). This is an application that sits in the background and performs the following functions.

a) Looks for the secret key sequence to stop the EngageKiosk Application for 5 minutes to allow IT/System Maintenance. Key sequence is:

  • Esc
  • CTRL (left key)
  • CTRL (right key)
  • Enter
  • Esc

 

OR

  • Esc
  • Enter
  • Caps
  • Enter
  • Caps
  • Esc

b) Ensures that PingPlayer.exe is running (this is our EngagePHD Application Software).
c) EngageKiosk then checks to see if Chrome is the active window and makes sure the HMTL title of our application is the main tab.
d) If either of those conditions b) and c) above do not exist, EngageKiosk stops all instances of Google Chrome and PingPlayer.exe and then starts PingPlayer.exe again within 4 seconds.


4) Anti-Virus Software 

Install Anti-Virus Software.  This should be driven by Corporate Policy and implemented accordingly.  If no corporate policy exists, then Ping HD recommends https://www.webroot.com

Updated on January 23, 2019

Was this article helpful?

Related Articles

Need Help?
helpdesk@engagephd.com / 888.386.4545
CONTACT US / CHAT