UWP assigned access (or kiosk mode)

I’ve done a PoC on a UWP assigned access app and thought I’d share some findings.

First what is assigned access or kiosk mode which its also called.

In Windows 10 one can set an app to be the only thing a user can do when logging in. Once a kiosk user logs on the app starts and the user can only log out (ctrl+alt+delete) besides using the app. This is great for companies to have something displayed on a computer but not allowing anyone reach the file system or other sensitive things. There are many other uses for this e.g. at a party and only running the music app and not allowing intoxicated guests access to your whole computer. There is one major restriction and that is that is not available on Windows 10 Home. So if you don´t find assigned access in your computer settings make sure your not running the home version.


Now developing a UWP app for assigned access and testing it can be a bit tedious. I highly recommend to use two computers, one for developing and one for running the app. But if you just want to try it out you can use one computer and I will describe how and what to think about.

First the app must be configured to run in assigned access. Not every app can do this out of the box. You need to set these lines in the Package.appxmainfest file:

  <uap:Extension Category="windows.aboveLockScreen" />

Now that we have the app, create a user to run in assigned access mode. After the user is created go to settings/assigned access and select the user. But wait the app will not be selectable because that user does not have the app installed. Now to the hard part. To install the app on that user you can either make an installation package or what I think is better just open visual studio when logged on to the kiosk user and run the app. To do this place the code for the app somewhere where both users can find it. However make sure the app is not installed on your developer(admin) user because if it is it will not be able to run it but complain about already installed. Do something like these steps:

  • uninstall the app from the developer account if it has been run
  • log on to the kiosk account and install/run the app
  • log out from kiosk
  • log on to developer
  • setup assigned access in settings, select kiosk user and app
  • log on to kiosk and see that your app runs on start

Like I said a little tedious to do this on one computer. But wait there is more. Now you want to add/change something in your app.

  • ctrl+alt+delete out off assigned access
  • log on to your developer account
  • Open task manager and log out the kiosk user (in Users section)
  • open settings and turn off assigned access for kiosk
  • log on to kiosk user
  • Now you can modify the app in visual studio or uninstall it and log on developer to modify it there

I have not tried the two computer setup yet since this was a small PoC but hopefully it will involve fewer steps. And the possibility to attach a remote debugger. If any reader has done this please share your finding in the comments.

Some findings

When the app runs in assigned access mode it has some limitations. One is that it can’t show multiple windows. Another is that dispatch from another thread is hard to get working. During my test it worked sometimes and not some other times. When searching for it the trick should be to use CoreApplication.GetCurrentView().Dispatcher in assigned access and CoreApplication.MainView.CoreWindow.Dispatcher when not. But I still had problems. But how to know when In assigned access? This is at least easy, in App.xaml.cs setup this code:

 public static bool IsAssignedAccess { get; private set; }   

protected override void OnLaunched(LaunchActivatedEventArgs e)
                IsAssignedAccess = LockApplicationHost.GetForCurrentView() != null;
                IsAssignedAccess = false;

now one can ask if (App.IsAssignedAccess) to check it. I think LockApplicationHost.GetForCurrentView() only works in OnLanched so make sure it in there.

I also did have some major problems with wifi check. Since in assigned access the app takes up the whole screen so if you want the user to see wifi status, battery, clock etc you have to do it yourself. To check wifi signal strength one can run this code:

var result = await DeviceInformation.FindAllAsync(WiFiAdapter.GetDeviceSelector());
if (result.Count < 1) return;
var firstAdapter = await WiFiAdapter.FromIdAsync(result[0].Id);
var connectedProfile = await firstAdapter.NetworkAdapter.GetConnectedProfileAsync();
var bars = connectedProfile?.GetSignalBars();
WifiSignalBars = bars != null ? Convert.ToInt32(bars) : (int?) null;

Before this is run according to documentation one should check

var access = await WiFiAdapter.RequestAccessAsync();
if (access != WiFiAccessStatus.Allowed)

but this crashed the app so I just commented it out it worked anyway, but perhaps it will be problems later on I have not foreseen. Remember to add <DeviceCapability Name=”wiFiControl” /> in Package.appxmainfest to get this code working.


Setting up assigned access is quite easy but test your app thoroughly in assigned access mode before releasing it so all functions works. It is a bit many steps to test so one will probably develop most of it as a normal UWP app and then later on do the assigned access test but don´t forget them. Hopefully I will have the opportunity to do a full app so I might come back and do a follow up post.

This Post Has 3 Comments

  1. Max

    Thanks for your post. Getting Dispatcher is headache for assigned access apps. And looks like it work different way in Win 8.1 and Win 10.

  2. Windows 10 MDM

    Thanks for the post. As kiosk mode in Windows device is a specialized function that is being widely used in the workplace. As it helps in prevent employees from access other unusual apps and website during working hours.

Leave a Reply