device-lockdown-windows-10

How To Set Device Lockdown Windows 10?

You can lock down your Windows 10 device using a built-in lockdown feature. The steps to enable the device lockdown Windows 10 features are mentioned below.

device lockdown Windows 10

Keyboard filter:

This feature helps to suppress undesirable key processes or combinations. Usually, a user can alter the function of the device using key combinations like Ctrl + Alt + Delete, Ctrl + Shift + Tab, Alt + F4, and so on. You can enable this Keyboard Filter feature to prevent users from using these key combinations. This feature works with physical keyboards, on-screen keyboard, and the touch keyboard. This feature also helps to detect dynamic layout changes.

  • To enable Keyboard Filter feature, open the Administrative Command Prompt window and enter the ‘DISM /online /enable-feature /featurename:Client-DeviceLockdown /featurename:Client-KeyboardFilter’ command without including the single quotes.
  • If prompted, type‘Y’ to reboot your device into audit mode.
  • If you want to block the function of the Ctrl + Alt + Del keys, launch the Administrative PowerShell window and enter the following commands correctly.
  • $key = “Ctrl+Alt+Del”
  • $setkey = Get-WMIObject -class WEKF_PredefinedKey –computer localhost –namespace root\standardcimv2\embedded | where {$_.Id -eq “$key”}; $setkey.Id = $key
  • $setkey.Enabled = 1;
  • $setkey.Put() | Out-Null;
  • Once the computer restarts, the operation of the Ctrl + Alt + Del keys will be blocked.

Unified Write Filter:

  • The Unified Write Filter feature is used to protect the device configuration. To enable this feature, enter the ‘DISM /online /enable-feature /featureName:Client-DeviceLockdown /featureName:Client-UnifiedWriteFilter’ command without including the quotes in the Administrative Command Prompt window.
  • Restart the Windows 10 computer and enter the following commands to enable the device lockdown Windows 10 and overlay and protection.
  • uwfmgr volume protect
  • uwfmgr filter enable
  • Once you restart the Windows 10 computer, all writes will be directed to the RAM overlay.
  • If you want to disable the Unified Write Filter feature, enter the ‘uwfmgr filter disable’ command without the single quotes in the Administrative Command Prompt window.

Unbranded boot:

  • Unbranded boot helps to suppress Windows elements as well as the crash screen.
  • To enable the device lockdown Windows 10 and Unbranded boot feature, type the following command in the Administrative Command Prompt window and press the Enter key.
  • DISM /online /enable-Feature /featureName:Client-DeviceLockdown
  • DISM /online /Enable-Feature /FeatureName:Client-EmbeddedBootExp

Configuring Unbranded boot settings:

  • The Unbranded boot settings, along with its command are given here.
  • Disabling the F8 key for accessing the Advanced startup options menu – bcdedit.exe -set {globalsettings} advancedoptions false
  • Disabling the F10 key for accessing the Advanced startup options menu – bcdedit.exe -set {globalsettings} optionsedit false
  • Suppressing all Windows UI elements – bcdedit.exe -set {globalsettings} bootuxdisabled on

Custom Logon

  • You can use this feature to suppress the Windows 10 UI elements related to the Welcome screen and shutdown screen.
  • To enable this feature, enter ‘DISM /online /enable-feature /featurename:Client-DeviceLockdown /featurename:Client-EmbeddedLogon’ command in the Administrative Command Prompt window.
  • If prompted, select the No option.
  • To modify the registry entries, enter the commands given below.
  • Reg add “HKLM\SOFTWARE\Microsoft\Windows Embedded\EmbeddedLogon” /v BrandingNeutral /t REG_DWORD /d 1
  • Reg add “HKLM\SOFTWARE\Microsoft\Windows Embedded\EmbeddedLogon” /v HideAutoLogonUI /t REG_DWORD /d 1
  • Reg add “HKLM\SOFTWARE\Microsoft\Windows Embedded\EmbeddedLogon” /v HideFirstLogonAnimation /t REG_DWORD /d 1
  • Reg add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI” /v AnimationDisabled /t REG_DWORD /d 1
  • Reg add “HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization” /v NoLockScreen /t REG_DWORD /d 1
  • Reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v UIVerbosityLevel /t REG_DWORD /d 1
  • If prompted, select the Yes option.
  • Now, you have to restart the Windows 10 computer.
  • And successfully complete the device lockdown Windows 10 settings.