fix(kiosk): pivot to Explorer + policy lockdown (WebView2 blank as SL shell) #11

SilverLABS · 2026-06-09T17:52:21Z

SilverLABS commented

2026-06-09 17:52:21 +00:00

5th VM e2e conclusion + operator-approved pivot.

What we proved across runs #1–#5: the kiosk mechanism is solid — Shell Launcher engages on the sm-bootstrap autologon, elevation is now silent (online UAC re-assert), and the Welcome app launches fullscreen as the shell. But the MAUI/WebView2 wizard renders blank when it IS the bare Shell Launcher shell (no Explorer): no crash (no WER), WebView2 never initializes, even the startup log never writes. The same app rendered fine in the earlier build when launched via FirstLogonCommands with Explorer present.

Pivot (operator decision): keep Explorer as the shell so WebView2 works; lock the session down by policy instead of replacing the shell.

autounattend.xml — restore FirstLogonCommands to launch the wizard elevated over the normal first-logon session.
Configure-Kiosk.ps1 — drop Shell-Launcher-as-shell; keep the lockdown: Keyboard Filter (Win/Start, lock, Alt+Tab, Ctrl+Shift+Esc, Alt+F4, Win+R), DisableTaskMgr / DisableLockWorkstation / HideFastUserSwitching, and silent-elevation UAC. The wizard runs fullscreen-topmost (covers the taskbar).
RevertKioskAsync — disable the Keyboard Filter rules for the real user (nothing to undo on the shell); keep escape-policy + secure-UAC restore. Tests updated.
Keeps the welcome.log diagnostics from #10 to confirm the wizard renders next run.

Verified: kiosk parses, autounattend valid XML, welcome solution 29/29. Next: rebuild → restage → 6th VM run — expecting the wizard to finally render (Explorer present) inside a locked-down session.

Lockdown trade-off vs the original "Shell Launcher v2" spec: Explorer is running but hidden behind the fullscreen wizard and its escapes are blocked — slightly less airtight than no-Explorer, but the onboarding actually works. The pure SL kiosk can be revisited later (would need WebView2-without-Explorer solved).

🤖 Generated with Claude Code

5th VM e2e conclusion + operator-approved pivot. **What we proved across runs #1–#5:** the kiosk *mechanism* is solid — Shell Launcher engages on the `sm-bootstrap` autologon, elevation is now silent (online UAC re-assert), and the Welcome app launches fullscreen as the shell. **But the MAUI/WebView2 wizard renders blank when it IS the bare Shell Launcher shell** (no Explorer): no crash (no WER), WebView2 never initializes, even the startup log never writes. The *same app* rendered fine in the earlier build when launched via `FirstLogonCommands` with **Explorer present**. **Pivot (operator decision):** keep Explorer as the shell so WebView2 works; lock the session down by policy instead of replacing the shell. - **autounattend.xml** — restore `FirstLogonCommands` to launch the wizard elevated over the normal first-logon session. - **Configure-Kiosk.ps1** — drop Shell-Launcher-as-shell; keep the lockdown: **Keyboard Filter** (Win/Start, lock, Alt+Tab, Ctrl+Shift+Esc, Alt+F4, Win+R), **DisableTaskMgr / DisableLockWorkstation / HideFastUserSwitching**, and **silent-elevation UAC**. The wizard runs fullscreen-topmost (covers the taskbar). - **RevertKioskAsync** — disable the Keyboard Filter rules for the real user (nothing to undo on the shell); keep escape-policy + secure-UAC restore. Tests updated. - Keeps the `welcome.log` diagnostics from #10 to confirm the wizard renders next run. Verified: kiosk parses, autounattend valid XML, welcome solution **29/29**. Next: rebuild → restage → 6th VM run — expecting the wizard to finally render (Explorer present) inside a locked-down session. Lockdown trade-off vs the original "Shell Launcher v2" spec: Explorer is running but hidden behind the fullscreen wizard and its escapes are blocked — slightly less airtight than no-Explorer, but the onboarding actually works. The pure SL kiosk can be revisited later (would need WebView2-without-Explorer solved). 🤖 Generated with [Claude Code](https://claude.com/claude-code)

SilverLABS added 1 commit 2026-06-09 17:52:21 +00:00

fix(kiosk): pivot to Explorer + policy lockdown (WebView2 wizard renders blank as the SL shell)

Build SilverMetal Enhanced - Windows ISO / build (pull_request) Successful in 7m31s

Details

e3b010530c

5th VM e2e: with the kiosk fully working mechanically (SL engages, silent UAC,
app launches fullscreen as the shell), the MAUI/WebView2 wizard STILL renders
blank — WebView2 never initializes when the app is the bare Shell Launcher shell
with no Explorer (the same app rendered fine in the earlier build launched with
Explorer present). Operator decision: pivot.

- autounattend.xml: restore FirstLogonCommands to launch the wizard elevated over
  the normal (Explorer) first-logon session — where WebView2 works.
- Configure-Kiosk.ps1: drop Shell-Launcher-as-shell entirely; keep the lockdown —
  Keyboard Filter (Win/Start/lock/task-switch/Task-Mgr/Alt+F4), DisableTaskMgr /
  LockWorkstation / FastUserSwitch, and silent-elevation UAC. The wizard runs
  fullscreen-topmost over the locked-down Explorer (covers the taskbar).
- RevertKioskAsync: disable the Keyboard Filter rules for the real user (no SL to
  undo); keep escape-policy + secure-UAC restore. Tests updated.

Keeps the diagnostics from #10 (welcome.log) to confirm the wizard renders.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

SilverLABS merged commit 2dc7882483 into main

2026-06-09 18:00:15 +00:00

SilverLABS deleted branch fix/kiosk-explorer-lockdown

2026-06-09 18:00:15 +00:00

SilverLABS referenced this issue from a commit

2026-06-09 18:00:16 +00:00

Merge pull request 'fix(kiosk): pivot to Explorer + policy lockdown (WebView2 blank as SL shell)' (#11) from fix/kiosk-explorer-lockdown into main

SilverLABS referenced this pull request

2026-06-09 19:15:55 +00:00

fix(bitlocker): add recovery-password protector + save key (TPM+PIN-only was unrecoverable) #12

Sign in to join this conversation.