Locking Down Multi-User Computers with Kiosk Functionality

Managing multi-user computers can feel like an uphill battle, especially for organizations with large workforces, user bases or physical showrooms. From high schools and universities to retail stores and enterprise offices, the concept of shared devices has become the norm across institutional lines. Take, for example, a typical computer lab environment: Millions of students in the U.S. rely on campus-owned devices for their independent research, classroom assignments, printing documents and more. At brick-and-mortar retail locations, consumers are able to play around with laptops, PCs and tablets before purchasing. Corporate offices are also moving toward coworking spaces and “hotdesking” – a practice that eliminates assigned workstations and allows employees to share desks and devices, according to Jeff Pochepan, president of the Strong Project and INC contributor. 

While vastly different environments rely on multi-user computers, the benefits of a shared IT framework are quite similar. The most obvious advantage is cost savings on hardware and software licenses. For enterprises, allowing employees to share devices removes the need to purchase and loan computers on an individual basis; it also reduces the number of software licenses required to support a large, dynamic workforce. Universities benefit from this practice in the same way, offering greater flexibility and convenience for students who depend on campus-owned computers for their studies. In retail environments, multi-user devices can act as a kiosk for customer appointments or as selling tools for new pieces of technology. Despite the benefits, managing multi-user computers comes with a high level of risk if the proper protections and administrative processes aren’t in place.

Why are multi-user computers difficult to manage?

The primary benefit of shared computers is also one of the biggest risks for private networks and IT systems: More end users on a single workstation means a higher likelihood of tech-related issues and security incidents. While users are usually able to sign in with dedicated credentials, the computer’s operating system, software and applications are shared. This cross-functionality introduces a variety of management challenges, especially considering each user has their own needs and preferences. Some of the top challenges of overseeing multi-user computers include:

  • Configuration drift: IT administrators spend a lot of time ensuring on-site computers have the proper configurations, helping maximize efficiency and harden devices against external threats. However, when multiple users work on the same device, these core settings can slowly drift away from their ideal state. As IBM explains, configuration drift occurs when slight, incremental adjustments are made by end users, which start to add up over time. These changes can lead to errors and other IT problems that can be difficult to resolve, as tech teams must identify and fix these subtle differences using, in many cases, guesswork.
  • Software, OS and application patching: Every computer needs frequent patching to maintain performance and minimize the risk of zero-day exploits. Back in March 2020, Microsoft released a security alert that warned users of an unpatched vulnerability in Adobe Type Manager that enabled remote code executions against Windows 7 devices. These sorts of vulnerabilities are shockingly common in today’s digital landscape, which is why IT administrators must keep a close watch over workstations’ OS, software and application patches. When it comes time to send out new versions, organizations can take weeks (even months) unless they have a centralized patching tool that can quickly send batch updates to every computer in their network.
  • Malware and ransomware: Multi-user computers also face greater security risks compared to individual workstations, as a single employee error can render the device inoperable for all other users. Upholding best practices in cybersecurity is essential to safeguarding private networks, which is why threat detection and mitigation tools are so widespread. However, research from Verizon found that 94% of malware was delivered via email in 2019. Since each user is assessing their own email profile, the threat of malware and ransomware is often heightened. The same is true for infected links, dummy websites and other attack vectors – once malware has been installed, IT teams may need to completely reimage the computer before it can be used.
  • Unauthorized downloads: When multiple users are able to download programs and applications without direct oversight, shared computers can quickly become bogged down with unnecessary applications. Of course, restricting users’ ability to access or obtain certain applications and software can prevent them from completing critical tasks. The ability to balance user needs with best practices in device hygiene is essential for improving the performance of multi-user computers in any environment. But without a centralized management platform, IT leaders may struggle to maintain visibility and control over shared devices.


Protecting multi-user computers with Faronics’ Deep Freeze

Faronics’ Deep Freeze is a powerful reboot-to-restore application that gives IT administrators complete control over every computer in their network. Using this cloud-based platform, organizations can freeze multi-user computers in their ideal state, helping prevent configuration drift, mismatched OS and software patches and unauthorized application downloads. Thanks to kiosk mode, Deep Freeze empowers end users to solve their own technical issues with a simple reboot of their device, including malware and ransomware infections. The core features of Faronics’ reboot-to-restore technology include:

  • Centralized management console: Using a single interface, IT administrators can easily deploy, configure and manage multi-user computers across different physical locations, saving organizations time and money.
  • ThawSpace: By creating virtual partitions, organizations can retain important data and applications even if there’s no physical partition available on the computer.
  • Automatic updates: With Deep Freeze, IT administrators can automatically download Windows OS updates and software patches on every device in their network. Using the scheduling feature, organizations can establish fixed maintenance windows to reduce disruption and unplanned downtime.
  • Batch maintenance tasks: In addition to automatic patching, Deep Freeze allows users to schedule all kinds of updates using a batch file or third-party management solution. This flexibility can help ensure all multi-user computers are performing effectively and that administrative tasks can be performed on individual workstations or device groups.
  • Kiosk mode: With kiosk mode, organizations can control the user experience, maintain workstation security, standardize computing environments and manage all devices remotely. Compared to “open” computing systems, kiosk environments offer more security, oversight and control, especially for devices that are open to the general public.


To learn more, browse our product page or sign up for a free trial today.

About The Author

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape and windows technologies like steady state alternative that change our lives, and what we can expect in the future.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.