In the end I no longer used 'Kiosk' mode in IE as the scope changed when it was Demo'ed. However the correct GPO for keeping IE open is located under:
UserConf\Administrator Templates\Windows Components\Internet Explorer\Browser Menus\FileMenu: Disable closing of the browser and Explorer Windows
This coupled with:
UserConf\Administrative Templates\System\Custom User Interface
Pointing to "C:\Program Files\Internet Explorer\iexplore.exe"
Along with some other lockdown policies (No taskmanager, disk access, removable devices etc) and you wind up with a pretty robust Kiosk machine.
EDIT:
For any future Google'rs I ended up scrapping the kiosk mode altogether. It caused way to many problems.
In the end I still used IExplorer.exe as the shell but wrote a Powershell login script to simply scan for an IExplorer process and if not found restart it. This allowed the users to still have the flexibility of tabbed browsing etc but if they happened to accidentally close the session it just reopened to the homepage.
The script is below and just set through GPO as a login script:
Start-Job -ScriptBlock {
While (1 -ne 0){
Start-Sleep -Seconds 5
If (-not(Get-Process iexplore -ea silentlycontinue | select *| Where-Object {$_.MainWindowHandle -ne 0})){
Start-Process -FilePath "$($env:ProgramFiles)\Internet Explorer\iexplore.exe"
}
}
} | Wait-Job
To add an update, using the policy there are a few caveats:
You can't close the browser OR tabs, so users opening multiple tabs will continue to exist regardless
It seems to cause issues with browsing to different sites, displaying an error 'restrictions on this computer prevent you...'
I'm doing some more testing at the moment as this has again changed what I'm looking at. – mhouston100 – 2015-04-01T00:27:41.290