This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 47%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Hello,
We have a lab environment with 20 computers that users are allowed to run a number of third party applications. All computers auto login with the same azure user account.
What we would like to do is have the computers wipe any saved or created files during a user session on reboot. Also if a user deletes a shortcut on the desktop that icon would reappear on reboot.
Is there any way to setup a mandatory profile on these computer with Intune?
We look into Kiosk mode however I think that this profile might be to restrictive for this environment.
Any help is greatly appreciated.
Did you check this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@PRK , For shared device, we can try to configure shared multi-user profile which RahulJindal mentioned. In the profile, we can set "Share PC mode" as enable to turn on shared PC mode. In shared PC mode, only one user can sign in to the device at a time. set "Guest account" as guest to create a guest account locally on the device that will be shown on the sign-in screen. Set "Account management" as enable and "Account deletion" as "Immediately after log-out" to make sure that created guests accounts are deleted immediately after log-out;. We can also configure other settings we want. Here is the setting I configured in my environment:
For apps, we can try to deploy app to the device group which are enrolled into Intune to get the apps we want:
https://oliverkieselbach.com/2020/02/19/intune-application-targeting-for-windows-10-win32-apps-explained/
Note: Here is a link for the reference.
I have deployed a win32 app to our device and then login the device using the guest account. When I try to delete the app in control panel, it shows "The system administrator has set policies to prevent this installation" to prevent the uninstall.
Also, I create a file on desktop, after restart, the file is not there.
I think this is what you want. You can try. Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@PRK , Hope things are going well. I am writing to see if there's anything unclear in our previous post. If yes, feel free to let us know. We are always glad to help.
Thanks and have a nice day!