The Windows Shared PC Mode Policy configures Windows 10+ devices for shared use. When enabled, it restricts certain user actions and can automatically delete user profiles or data once a session ends—helpful if multiple users need to sign in and out of a single computer. This is especially useful for:
Kiosk Stations (e.g., conference-room computers)
Classroom or Lab PCs (students rotate through devices daily)
Shipping Stations (warehouse PCs used by different employees in shifts)
Possible Use Cases
Guest Mode
Anyone can sign in without specific credentials (no username/password).
User data is automatically wiped on sign-out.
Ideal for a “walk-up” kiosk scenario.
Domain-Joined Mode
Only domain-joined (on-prem AD or Azure AD) accounts can sign in.
Profiles can be automatically removed based on disk space or inactivity thresholds.
Note: Shared PC Mode does not directly force “local account plus M365 sign-in for apps.” Generally, Windows manages OS-level sign-in, while Microsoft 365 (Office, Teams, etc.) has its own sign-in process. However, ephemeral user profiles and sign-out policies will help ensure a “fresh start” for each new user.
Policy Fields
When you create a Windows Shared PC Mode Policy in Swif, you’ll see the following fields. Many are optional—only adjust what fits your scenario. By default, these settings are off (or set to default), so no changes are applied until you enable Shared PC Mode.
Enable Shared PC Mode
Description: Turns on Shared PC Mode. If disabled, none of the other Shared PC Mode settings apply.
Type: Boolean
Default: False
Requirement: Windows 10+
When this is True, additional fields become configurable (listed below).
Account Model
Description: Defines which type of accounts can sign in on this shared device.
Type: Integer
Default:
0(allow guest accounts only)Options:
0: Guest-only accounts1: Domain-joined accounts only2: Both domain-joined and guest accounts
Requirement: Windows 10+
Deletion Policy
Description: Specifies when user profiles are deleted.
Type: Integer
Default:
0(Delete immediately)Options:
0: Delete immediately1: Delete when disk space is low (requires Disk Level Deletion)2: Delete when disk space is low and an inactivity threshold is reached (requires Disk Level Deletion and Inactive Threshold)
Requirement: Windows 10+
Disk Level Deletion
Description: When Deletion Policy is set to 1 or 2, this is the disk space percentage below which profiles are removed.
Type: Integer (0–100)
Default:
25Requirement: Windows 10+
Inactive Threshold
Description: Deletes accounts after a specified number of inactive days (when Deletion Policy = 2).
Type: Integer (0–4294967295) = days
Default:
30daysRequirement: Windows 10+ (version 1703 or later)
Enable Account Manager
Description: Enables an account manager service to handle automatic account creation/deletion.
Type: Boolean
Default: False
Requirement: Windows 10+
Restrict Local Storage
Description: Prevents users from accessing local storage.
Type: Boolean
Default: False
Requirement: Windows 10+
Set Education Policies
Description: Configures certain education-specific policies on sign-in (commonly used in schools).
Type: Boolean
Default: False
Requirement: Windows 10+
Sign On Resume
Description: Requires the user to sign in again after waking the device from sleep.
Type: Boolean
Default: False
Requirement: Windows 10+
Set Power Policies
Description: Enforces default OS power settings for shared devices (e.g., shorter sleep times).
Type: Boolean
Default: False
Requirement: Windows 10+ (version 1607 or later)
Sleep Timeout
Description: How many seconds before the device goes to sleep (0 = never sleeps).
Type: Integer (0–4294967295)
Default:
300seconds (5 minutes)Requirement: Windows 10+
Maintenance Start Time
Description: Daily maintenance window start time in minutes after midnight (0–1440).
Type: Integer
Default:
0(midnight)Requirement: Windows 10+
Enable Shared PC Mode with OneDrive Sync
Description: Uses a variant of Shared PC Mode that can sync user data to OneDrive.
Type: Boolean
Default: False
Requirement: Windows 10+
Creating & Deploying the Policy in Swif
Navigate to Policies: In the Swif Admin Console, select Device Management > Policies.
Create New: Click + Create Policy, and choose Windows Shared PC Mode Policy.
Configure Settings:
Enable Shared PC Mode: Toggle on to activate shared mode.
Account Model: Decide if you want domain-only, guest-only, or both.
Deletion Policy: Choose how (and when) user profiles should be deleted. If you pick
1or2, remember to configure Disk Level Deletion or Inactive Threshold.Toggle other fields such as Enable Account Manager, Restrict Local Storage, etc., depending on your environment.
Assign to Devices: Select the Windows 10+ devices/groups to apply this policy.
Save & Deploy: Once saved, Swif will push the policy at the next device check-in. The device will then adopt Shared PC Mode behavior.
Example 1: Guest-Only Kiosk
Suppose you have a kiosk station that anyone can walk up to and use, with no password required, and it wipes all data on sign-out:
Enable Shared PC Mode: True
Account Model:
0(Guest-only)Deletion Policy:
0(Delete immediately)Enable Account Manager: True
Restrict Local Storage: True (optional, for extra security)
Users see a “guest” style login; once they log off, everything is reset for the next user.
Example 2: Domain-Joined Shared Device
If your devices are part of Active Directory or Azure AD:
Enable Shared PC Mode: True
Account Model:
1(Domain-joined accounts only)Deletion Policy:
2(delete profiles on low disk + inactivity threshold)Disk Level Deletion: 25% (just an example)
Inactive Threshold: 30 days
Enable Account Manager: (optional)
Enable Shared PC Mode with OneDrive Sync: True (optional, so user data syncs to OneDrive)
Now only domain/AD accounts can sign in. Their profiles stay around unless disk space is low and they haven’t signed in for 30 days.
Limitations & Notes
Local User Sign-In
True “local user + ephemeral session” is not officially supported by the default Shared PC Mode. You can use guest accounts (Account Model = 0) or domain-joined accounts if you want ephemeral profiles.
For detailed kiosk or local-account workflows, additional Windows Group Policy settings might be required.
Enforcing M365 Sign-In
Windows Shared PC Mode does not force a user to sign in to Office/Microsoft 365 apps. Instead, once the user logs into Windows (domain or guest), they can optionally sign into Office. When they sign out of Windows, the local profile is deleted (depending on your Deletion Policy), so any cached M365 credentials go away with it.
Immediate vs. Conditional Deletion
Deletion Policy = 0 for immediate removal.
Deletion Policy = 1 or
2relies on disk space or inactivity triggers.“Immediate” is best if you want a truly fresh device after every sign-out.
OneDrive Sync
With Enable Shared PC Mode with OneDrive Sync, users on domain-joined devices can sync their files to OneDrive during their session. Once they sign out and the local profile is removed, their files remain safe in OneDrive.
Windows Version
All fields require Windows 10 or newer. Some settings (e.g., Inactive Threshold, Set Power Policies) require specific builds of Windows 10 (1607, 1703, etc.). Check Microsoft docs for the exact minimum version.
Conclusion
Swif’s Windows Shared PC Mode Policy provides a powerful way to set up multi-user or kiosk-style Windows devices, either with guest or domain accounts. By configuring the Account Model, Deletion Policy, and other optional settings:
You can automatically remove user profiles (for privacy and security)
Restrict access to local storage
Enforce OneDrive sync for domain accounts
Shorten or customize power settings to save energy
This ensures each new user session starts fresh, minimizing leftover data and simplifying management. For more advanced or custom local-account scenarios, you may need to supplement with additional Windows policies or GPO configurations. If you have any questions, please reach out to Swif Support.