DisplaySync/ docs

Installing DisplaySync

This is where the kiosk image becomes a DisplaySync sign. We install the desktop sign Electron app, write its .env configuration, register the auto-start scheduled task, and verify it boots, connects, and shows the QR claim screen.

The recommended path is provision-windows.ps1 from the desktop-sign repo — it does the install, the kiosk configuration work, and verifies the result in one command. The manual path is below it.

Don't claim the sign on the build machine

Once the sign app launches and connects, it generates a unique sign ID and writes config to %APPDATA%\DisplaySync Sign. If you let it claim, every cloned image will inherit the same identity until the desktop sign's clone detection clears it. Cleaner: install the app, don't launch it, capture the image. The first boot on each clone generates a fresh ID. See Capturing the image for the cleanup step.

Prerequisites

  • Completed Base Windows setup (Windows 11 Pro, patched, networking pre-staged)
  • Logged in as imgadmin (the image-builder admin), not DisplaySync
  • Internet access to reach GitHub Releases (or the installer pre-staged locally)
  • Backend URL for your environment (typically https://api.displaysync.live for production)

Path A: Run the provisioner

The shipping provisioner lives at desktop-sign/scripts/provision-windows.ps1 in displaysync-app. Copy it to the build machine, then from an elevated PowerShell:

# Dry-run first to preview every change
.\provision-windows.ps1 -BackendUrl https://api.displaysync.live -DryRun

# Apply for real
.\provision-windows.ps1 -BackendUrl https://api.displaysync.live `
  -Hostname "EVENT-SIGN-01"

The script:

  1. Verifies it's running as Administrator on Windows 10/11 Pro
  2. Tests connectivity to <BackendUrl>/health
  3. Downloads the latest desktop-sign release from GitHub (or uses -InstallerPath if you pass a local .exe)
  4. Runs the NSIS installer with /S for silent install
  5. Creates the DisplaySync kiosk user with a generated 16-character password
  6. Configures Winlogon auto-login
  7. Writes the .env file with backend URL and update settings
  8. Registers the DisplaySync Sign scheduled task at user logon
  9. Disables monitor sleep, standby, and hibernate
  10. Sets Windows Update active hours (6 AM–11 PM, install at 3 AM)
  11. Applies the kiosk hardening registry policies
  12. Sets the hostname (if -Hostname is provided)

On completion it prints a summary banner, including the kiosk user's generated password — capture this once, the registry stores it but never shows it again. Then it offers to reboot.

Useful flags:

FlagPurpose
-Version <semver>Pin a specific release tag instead of latest
-InstallerPath <path>Use a pre-staged .exe (offline build, no GitHub call)
-KioskUser <name>Override the default DisplaySync user name
-KioskPassword <pw>Use a known password instead of generating one
-Hostname <name>Rename the device on first reboot
-SkipWindowsUpdateDon't touch Windows Update settings (do it yourself later)
-DryRunPreview every change without applying

Path B: Install manually

When you want to understand exactly what's being installed, or you can't run the script (locked-down build environment, custom hardware, etc.):

1. Download the installer

Releases live on GitHub at woodedlawn/displaysync-app (private). Find the latest desktop-sign release and download the *-x64.exe asset.

2. Run the installer silently

Start-Process -FilePath ".\DisplaySync-Sign-1.0.0-x64.exe" `
  -ArgumentList "/S" -Wait

NSIS installer flags:

FlagPurpose
/SSilent install (no UI)
/D=<path>Install to a custom directory (must be the last argument)
/RESETWipe any existing identity and config under %APPDATA%\DisplaySync Sign before installing

Default install location: C:\Program Files\DisplaySync Sign.

3. Write the .env configuration

The app reads its configuration from <install-dir>\resources\.env at startup:

$envPath = "C:\Program Files\DisplaySync Sign\resources\.env"
@"
# DisplaySync Sign configuration
BACKEND_URL=https://api.displaysync.live
WS_URL=wss://api.displaysync.live
KIOSK_MODE=true
AUTO_UPDATE_ENABLED=true
AUTO_CHECK_UPDATES=true
AUTO_DOWNLOAD_UPDATES=true
UPDATE_CHECK_INTERVAL=4
LOG_LEVEL=info
"@ | Set-Content -Path $envPath -Encoding UTF8

The minimum required keys are BACKEND_URL, WS_URL, and KIOSK_MODE=true. The rest are sensible production defaults.

Per-sign overrides

After install, the app also reads %APPDATA%\displaysync-sign\config.json. Values there override the .env — useful for staging a sign with a non-default backend without rebuilding the image. Don't commit anything sensitive to a baked image.

4. Register the auto-start scheduled task

See Kiosk configuration → Auto-start the sign app. The task definition is identical to what the provisioner creates.

Verify

Sign out of imgadmin and let the kiosk user auto-login. You should see:

  1. Auto-login within a few seconds of the Windows boot screen
  2. Sign app launches full-screen, cursor hidden after 3 seconds
  3. QR claim screen appears with a QR code, the sign's short code, and the API URL displayed in small text at the bottom
  4. Backend reachability — open the Status Dashboard with Ctrl+Shift+S and confirm:
    • Connection Status: Connected
    • Sign ID: a fresh UUID
    • Backend URL: matches your .env
    • IP Address: the device's local IP
    • Cache Status: Active

If anything fails, jump to Troubleshooting → Sign won't claim or Kiosk won't start.

What's next

Decision point:

  • If you need remote-access overlay networking for support (recommended for unattended fleets): continue to Tailscale integration.
  • If you don't need Tailscale (rare for production): continue to Crash recovery for the watchdog details.

Either way, do not claim this sign on the build machine. Reset its identity before capturing the image.

PreviousKiosk configurationNext Tailscale integration