The requirement is to be able to run a kiosk application on Windows 10 which has unrestricted capability on the host computer to make arbitrary system calls and launch any kind of app including Appx and Win32. The kiosk app can be fully trusted - it may be thought of as a side-loaded in-house app for machines equipped with conventional keyboard and mouse to be used in a public setting. The user should not be able to circumvent or escape the kiosk app.
Assigned access fits the general idea, except that assigned access only works for Appx which are not full trust (no access to the needed APIs to launch Win32 apps, etc.). These restrictions appear to be by design, so it would be unlikely this approach could successfully meet the stated requirements. Although it is possible to author a WPF app as a "full trust" Appx, it won't work in kiosk mode.
Replacing the Windows shell with a custom one (the kiosk app) would work except that some of the tasks the kiosk app needs to be able to perform require the presence of the explorer shell (e.g. launch an Appx - requires services provided by the explorer shell).
Running a Win32 app above the lock screen might be a solution, if it were possible (I believe this is what assigned access does with its Appx).
Running an app in any normal fashion would require that many hotkey combinations are disabled or intercepted, including [CTRL][Alt][Del], which seems to be a major issue/challenge. It seems there is no way to prevent the user from invoking task manager or otherwise circumventing an app to gain unsecured/unmediated access to the system.
Is there any way to meet the requirement as I've outlined? If so, what is the technique and (if relevant), what APIs are central to the approach?
Update:
Although the full-trust converted WPF AppX could be installed and selected for assigned access, it "did not work" because of some issues found to have been recorded in the event log, specifically: Applications and Services Logs > Microsoft > Windows > Apps > Microsoft-Windows-TWinUI/Operational. Observed behavior was that upon user login, a blue screen would be displayed with the familiar Windows spinner, which would flicker every second or so as if something was being retried over and over. The associated event log messages (all source "Apps") are:
ActivateApplicationForContractByAppIdAsUserWithHost of the app LockDownSample_y1sem70fxfdf6!LockDownSample for the Windows.Launch contract failed with This app does not support the contract specified or is not installed.. (Event ID: 5985)
The app LockDownSample_y1sem70fxfdf6!LockDownSample is not registered for the Windows.Launch contract or is not installed. (Event ID: 5951)
The app Microsoft.WindowsMaps_8wekyb3d8bbwe!App is not registered for the Windows.PreInstalledConfigTask contract or is not installed. (also Event ID: 5951)
Activation via contract helper of the app Microsoft.WindowsMaps_8wekyb3d8bbwe!App for the Windows.PreInstalledConfigTask contract failed with Class not registered. (Event ID: 5990)
Is this due to an intentionally imposed limitation, or is this something which can be resolved?
Update 2:
Found this recent question: Windows 10 assigned access app fails to start due to not registered for Windows.Launch contract
This fairly accurately describes my experience with Assigned Access for a full-trust kiosk app, concluding with the answer "not yet supported".
