Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Solution Framework
  3. Security Posture & Compliance

Category filter

Beyond Local Accounts: Mastering Windows Shared PC Mode

Jump To

In high-traffic enterprise environments—such as healthcare clinics, laboratories, call centers, and educational institutions—Windows devices must support rapid user turnover without compromising performance or security. Hexnode Shared PC Orchestration utilizes the Windows SharedPC CSP (Configuration Service Provider) to automate account lifecycles and disk maintenance at a 500,000-device scale.

Shared PC Mode: Technical Architecture

Windows Shared PC mode is a Microsoft feature designed for shared devices. It is configured using the SharedPC CSP and supports automatic user lifecycle management. Hexnode can deploy these settings using Custom Configuration (OMA-URI / CSP) policy, which supports deploying Windows CSP-backed settings including the SharedPC CSP.

1. Automated Account Lifecycle Management

When Shared PC mode is enabled, Windows takes full control of user profile cleanup. Windows automatically manages local and domain user profiles and deletes old user profiles based on:

  • Inactivity thresholds – Number of days since last sign-in.
  • Disk space pressure – When available storage drops below a defined level.

Configurable CSP nodes

Administrators can control this behaviour using:

  • EnableSharedPCMode – Turns Shared PC mode on.
  • DeletionPolicy – Defines when profiles are removed.
  • InactiveThreshold – Sets inacticity duration before deletion.
  • DiskLevelDeletion – Triggers cleanup when disk is low.

Result:

  • Prevents accumulation of stale user profiles.
  • Helps maintain disk availability.
  • Reduces risk of leftover personal data on shared machines.

This is ideal for environments where dozens of users log in daily and data privacy is critical.

2. Guest and Domain Account Models

Shared PC mode supports multiple identity models, allowing organizations to match access to their environment.

Supported Account Types

  • Guest Only – Temporary local accounts with no password.
  • Domain Only – Entra ID (Azure AD) or Active Directory users.
  • Guest + Domain – Both options appear at sign-in.

Guest Mode Behavior

In Guest mode:

  • Windows creates a temporary local user profile.
  • The profile is automatically deleted at sign-out.
  • No data is retained between sessions.

Hexnode’s Role

Using SharedPC CSP values, Hexnode allows administrators to:

  • Choose the sign-in model.
  • Combine guest and domain access if needed.
  • Enforce the same identity logic across all shared devices.

This flexibility supports use cases like:

  • Public kiosks (Guest only)
  • Corporate hot-desking (Domain only)
  • Training labs (Guest + Domain)

Performance & Login Optimization

Shared PCs must remain fast even with heavy daily usage. Shared PC mode reduces overhead by design, but Hexnode allows further tuning. This is critical in environments like call centers or exam labs where login speed directly impacts productivity.

Administrators can improve login speed by:

  • Disabling unnecessary Windows setup experiences (via CSP or policy).
  • Restricting background services not needed for shared use.
  • Pre-deploying required applications to all devices, so that apps are already available at first login. Applications can be deployed:
    • At the device level.
    • Before users sign in.

Security & Access Control

  • Restricted Access Controls (Hexnode Policies): Using Windows Restrictions and Hexnode management, administrators can control access on shared PCs:
    • External storage / USB drives – Block removable media.
    • Folder & file locations – Restrict where users can read/write data.
    • Task Manager – Prevent non-admin users from ending processes.
    • MDM profile removal – Prevent users from removing Hexnode management.
  • Fast User Switching: Controlled using SharedPC CSP deployed through Custom Configuration (OMA-URI). Ensures proper session handling and resource optimization for multiple users.
  • Device Sanitization: Use Wipe Device remote action in Hexnode to reset devices to a clean state. Custom scripts can be used for automated cleanup when required.

Shared PC Policy Matrix

Feature Implemented Through Benefit
Shared PC Mode Windows SharedPC CSP Built-in multi-user optimization
Account Cleanup SharedPC CSP Automatic deletion of old profiles
Guest Sessions SharedPC CSP Temporary sessions with auto-cleanup
App Pre-Deployment Hexnode App Management Faster first login
Kiosk Mode Shell Launcher / Assigned Access Dedicated single-app or multi-app usage
Security Restrictions Hexnode Windows Restrictions Prevents tampering

Implementation Checklist

  1. Identify Shared Devices: Group devices intended for multi-user use.
  2. Create Shared PC Configuration: In Hexnode, deploy a custom configuration profile using SharedPC CSP settings:
    • Enable Shared PC mode
    • Set account model (Guest, Domain, or both)
    • Configure deletion and inactivity thresholds
  3. Configure Identity Access: Define whether users authenticate via:
    • Guest access
    • Entra ID
    • Active Directory
    • Hexnode Access
  4. Apply Security Restrictions: Use Hexnode policies to:
    • Block system tools
    • Restrict file system access
    • Lock down settings
  5. Deploy Required Apps: Assign mandatory apps at the device level so they’re available before first login.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework