While an article like this isn’t what most people think of when they hear “cybersecurity”; many businesses’s discover the breach originated from a Kiosk Machine. They are often insecure and have unmonitored network access within the organization.

Microsoft’s Assigned Access feature allows us to lock down a Windows device so that it only runs specific applications under a dedicated local user account.

In this article, I’ll provide an Assigned Access script using PowerShell for Windows 10/11, ensuring an auto-login setup without requiring a password. This method is ideal for environments such as a meeting or conference room where you want to limit user access only to essential applications like Calculator, Microsoft Teams, and the Settings app. Feel free to modify the XML to include other AMUID or EXE for applications not included in my example.