How to Build a Locked-Down Windows POS Terminal (Without Expensive Kiosk Software)

04 June


If you manage IT operations for retail environments or hypermarkets, you know the struggle: you need a Point of Sale (POS) terminal to do exactly one thing—run the billing software.

You don't want cashiers minimizing the app, browsing the internet, or accidentally changing system settings. While Windows has a built-in "Assigned Access" (Kiosk Mode) feature, it has major limitations. It isn't available on Windows 11 Home, and worse, it only allows you to pin modern Microsoft Store apps, completely ignoring the traditional .exe billing software most businesses actually rely on.

So, how do you lock down a standard Windows PC to a single, touch-only retail application?

The answer is a Custom Shell Replacement. By combining a simple registry tweak with an invisible background script, you can force Windows to bypass the standard desktop entirely and boot straight into your billing software. If the user accidentally closes the app, it instantly reopens. No start menu, no taskbar, no escape.

Here is the complete, field-tested guide to setting it up.

Phase 1: Prepare the Cashier Account

You must create a dedicated user account for the terminal so your main Administrator profile remains unaffected.

  1. Log into your main Administrator account on the Windows PC.
  2. Go to Settings > Accounts > Other users.
  3. Click Add account and create a new local user (e.g., name it Cashier).
  4. Crucial Step: Ensure this account type is set to Standard User. Never give this account administrative privileges, or the lockdown won't be secure.
  5. Sign out of your Admin account and sign into the new Cashier account once so Windows can build the profile folders.
  6. Open your billing application (or browser, like Brave) to ensure it runs properly and clear any "first-time setup" pop-ups.
  7. Sign out of the Cashier account and log back into your Administrator account.

Phase 2: Create the Auto-Loop Failsafe

This script acts as our safety net. If a cashier accidentally closes the billing app on a touch screen, this script ensures it immediately reopens.

  1. Open Notepad.
  2. Copy and paste the code below. (Be sure to replace the file path inside the quotes with the exact path to your specific billing software or browser).
@echo off
:loop
start /wait "" "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe"
goto loop
  1. Go to File > Save As.
  2. Change the "Save as type" dropdown to All Files (*.*).
  3. Save this file directly to the root of your C: drive as: C:\pos_looper.bat

Phase 3: Create the Invisible Wrapper

Because we are running a .bat file, Windows will naturally want to display a black Command Prompt window in the background. We don't want users seeing or tapping that. This VBScript acts as an invisible wrapper to hide the console window completely.

  1. Open a new, blank window in Notepad.
  2. Copy and paste only these two lines of code exactly as written:
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "C:\pos_looper.bat", 0, True
  1. Go to File > Save As.
  2. Change the "Save as type" dropdown to All Files (*.*).
  3. Save this file directly to the root of your C: drive as: C:\HideCMD.vbs

Phase 4: Configure the Custom Registry Shell

This is where the magic happens. We are going to tell Windows that when the "Cashier" logs in, it shouldn't load explorer.exe (the normal desktop). Instead, it should load our invisible script.

  1. Press Win + R, type regedit, and press Enter to open the Registry Editor.
  2. In the left-hand navigation pane, click once on the HKEY_USERS folder to highlight it.
  3. From the top menu, select File > Load Hive...
  4. Navigate to C:\Users\Cashier (or whatever you named the user profile).
  5. Locate and open the hidden file named NTUSER.DAT. (If you don't see it, ensure "Hidden items" is enabled in Windows Explorer, or just type NTUSER.DAT into the File name box and hit Enter).
  6. When prompted for a Key Name, type: CashierHive
  7. In the left pane, drill down to this exact location:
    HKEY_USERS\CashierHive\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    (Note: If the Winlogon folder does not exist, right-click the CurrentVersion folder, select New > Key, and name it Winlogon).
  8. Click on the Winlogon folder. In the right-hand pane, right-click the empty space, select New > String Value, and name it exactly: Shell
  9. Double-click your new Shell value and paste the following absolute path into the "Value data" box:
    C:\Windows\System32\wscript.exe C:\HideCMD.vbs
  10. Click OK.
  11. Critical Final Step: Scroll back up to the top of the left pane, click once on the CashierHive folder to highlight it. Go to the top menu and select File > Unload Hive... and confirm. This safely saves the changes to the user's registry.

Phase 5: Deployment & IT Maintenance

Your terminal is now completely locked down and ready for the retail floor.

When the cashier logs in, the screen will be entirely blank for a moment before the billing application launches in full screen. Because the invisible auto-loop is running, closing the app will simply cause it to relaunch instantly.

How to perform IT Maintenance:
Since there is no Start menu, taskbar, or desktop to interact with, you will need a physical keyboard to escape the kiosk. Whenever you need to update the software or change network settings, plug in a keyboard, press Ctrl + Alt + Delete, and click Sign out. From there, you can log back into your Administrator account to manage the system normally.
Samad

Posted by Samad

Post a Comment

0 Comments