This week is all about a closer look at Shared PC Mode on Windows 11. More specifically, this week is all about managing account management capabilities in Shared PC Mode. Account management in Shared PC Mode is about managing the accounts on the device, determining the users that can sign on to the device, and configuring what automatically starts. This post will mainly focus on the first, managing the accounts on the device. Especially on a device that is being shared between many users, it is important to make sure that those accounts are managed properly to prevent the disk from filling up completely. Luckily, within the capabilities of Shared PC Mode there are options for managing those accounts, including cleaning up accounts when needed. This post will provide a closer look at the configuration options for managing accounts, and the eventual experience with that.
Introducing account management in Shared PC mode
When looking at managing account management on Shared PCs, it is all about enabling Shared PC Mode with the right settings. Enabling Shared PC Mode can be done by using Enable Shared PC Mode With OneDrive Sync or Enable Shared PC Mode. Either of those settings will enable Shared PC Mode with the additional configurations that are set by the IT administrator. It is important though that any configuration for Shared PC Mode must be in place before actually enabling Shared PC Mode. Any setting that is set once Shared PC Mode is already enabled, will not be applied. For managing the accounts on the device, it starts with Enable Account Manager. That setting is used for enabling the account manager.
The account manager is used for cleaning the accounts stored locally on the device. By default, when enabling Shared PC Mode, the default deletion policy will automatically start deleting cached Entra ID and Active Directory accounts when the disk space gets low. That behavior can be tuned by using additional configuration settings. Those settings are described in the table below.
| Setting | Value | Description |
|---|---|---|
| Deletion Policy | 0 – Delete immediately 1 – Delete at disk space threshold 2 – Delete at disk space threshold and inactive threshold | This policy setting is used to configure when accounts will be delete. |
| Disk Level Caching | [0 – 100] | This policy setting is used to determine when to stop deleting accounts when available disk space reaches the specified threshold, given as percent of total disk capacity. |
| Disk Level Deletion | [0 – 100] | This policy setting is used to determine when to start deleting accounts when available disk space falls below the specified threshold, given as percent of total disk capacity. |
| Inactive Threshold | [0 – 4294967295] | This policy setting is used to determine when to start deleting accounts when they haven’t been logged-on during the specified period, given as number of days. |
Besides managing those accounts, it is also good to be familiar with the behavior of all the possible locally created accounts. Locally created accounts, when using the Guest and Kiosk sign in options, will be deleted automatically at sign out. Manually created local accounts, however, won’t be deleted when turning on Shared PC Mode. On top of that, newly created local accounts won’t be deleted by the account manager either. For managing the created local accounts on the device, the setting Delete user profiles older than a specified number of days on system restart can be used. That will help with keeping it all clean.
The last configuration that is important to be familiar with, is the ability to exempt accounts from deletion. For that, the SID can be added to the registry: HKLM\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\.
Configuring account management in Shared PC mode
After being familiar with the configuration options for managing account management on Shared PCs, it is good to look at the configuration of those different options. The good thing is that those settings are all available via the Settings Catalog. That includes the ability to clean locally created accounts. The following eight steps walk through the configuration of configuring the account cleanup for device in Shared PC Mode, by using the available settings in the Settings Catalog. It provides all the settings that might add value to the configuration of Shared PC mode, including the additional configurations for Shared PC Mode.
- Open the Microsoft Intune admin center portal and navigate to Devices > Windows > Configuration profiles
- On the Windows | Configuration profiles blade, click Create > New Policy
- On the Create a profile blade, select Windows 10 and later > Settings catalog and click Create
- On the Basics page, provide at least a unique name to distinguish it from similar profiles and click Next
- On the Configuration settings page, as shown below in Figure 1, perform the following actions and click Next
- Click Add settings in Settings picker and go through the following
- Navigate to Shared PC and select at least the following settings Deletion Policy, Disk Level Caching, Disk Level Deletion, Enable Account Manager, and Inactive Threshold
- Configure the required settings for the environment with the values like the following
- Select Delete at disk space threshold with Deletion Policy to configure when accounts will be deleted
- Specify 50 with Disk Level Caching to configure when to stop deleting accounts
- Specify 25 with Disk Level Deletion to configure when to start deleting accounts
- Select true with Enabled Account Manager to enable account manager
- Specify 30 with Inactive Threshold to configure when to start deleting inactive accounts
- Navigate to Administrative Templates > System > User Profiles and select at least Delete user profiles older than a specified number of days on system restart
- Select Enabled with Delete user profiles older than a specified number of days on system restart to configure when to start deleting old user profiles
- Specify 30 with Delete user profiles older than (days) to determine how old those profiles can be
- Select Enabled with Delete user profiles older than a specified number of days on system restart to configure when to start deleting old user profiles
- On the Scope tags page, configure the required scope tags and click Next
- On the Assignments page, configure the assignment and click Next
- On the Review + create page, verify the configuration and click Create
Verifying account management in Shared PC Mode
After creating the configurations for managing account management in Shared PC Mode, it is pretty straightforward to verify the configurations on the device. That can be done by going through the log files again, but can also be verified by going through the registry. The most important information is stored here HKLM\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC and everything related to the account manager is stored in the key AccountManagement. That contains values for the different configurations made for managing the accounts on the device. The key Exemption is used to store the keys for the different user SIDs for accounts that should be excluded from the account manager.
More information
For more information about configuring Shared PC Mode, refer to the following docs.
- Manage multi-user and guest Windows devices | Microsoft Learn
- Configure a shared or guest Windows device | Microsoft Learn
- Shared PC technical reference | Microsoft Learn
- SharedPC CSP | Microsoft Learn
Discover more from All about Microsoft Intune
Subscribe to get the latest posts sent to your email.