Intune / Win11 / Shared Computer / Profiles

Question

Good Day,

We have a issue with a configuration within Intune, in combination with Windows 11. Account deletion from the Shared multi-user device does not work.

We're having multiple Windows 10 computers, and a few Windows 11 machines.

This is the setting we are reffering to:
---

---

On Windows 10, the user profile is deleted everytime we logoff. On Windows 11, the user profile is not deleted.

What we tried already:

• Reimaged the machine with Windows 10. Setting works, Upgrading to Win11, Setting gets applied, profile does not get deleted.
• Clean install with Windows 11, Setting gets applied, profile does not get deleted.
• Contacted Microsoft Intune Support, they are referring tot Windows 11, and saying its not their problem.
• Contacted multiple MEM specialist, unfortunatly no luck.
• Checked every enty in the event manager, we dont see anything different from our Windows 10 machine.
• Checked if there was a task failing, nothing unusual.
• Crosschecked it with different Windows 11 images, from conventional instalaltions to VM's. All Win11 instances are not deleting the profile.

So customers of ours want to upgrade to Windows 11, but are using the Shared multi-user device configuration policy. We have 2 different tentants on where this issue appears, and for now we dont want to upgrade machines on other tenants that are using this policy.

The monitoring section of Intune / MEM is reporting that the policy is applied succesfully, and there is no error.

Is there someone who can help me solve this issue? Or give me some pointers on where i can look?

Thank you in advance

Answer 1

I think, you need to restart the host to release the user account for deletion. If the account is locked, it cannot be deleted.

I have set InactiveThreshold to 7 days, but the Shared PC maintenance Schedules Task has deleted my Admin user folder on Windows 11 even though, the account was active within that 7 days. Strange. Will try the below PS script now:

$adminName = "LocalAdmin"
$adminPass = 'Pa$$word123'
invoke-expression "net user /add $adminName $adminPass"
$user = New-Object System.Security.Principal.NTAccount($adminName) 
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
$sid = $sid.Value;
New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force

As per: https://learn.microsoft.com/en-us/windows/configuration/set-up-shared-or-guest-pc?tabs=intune

Answer 2

Hi there,

As it is obvious that the same configuration works well in Windows 10 that this is a bug with Windows 11. I would suggest you not upgrade to Windows 11 until there is a fix or a reason for this behavior in Windows 11.

I would suggest you not upgrade to Windows 11 until there is a fix or a reason for this behavior in Windows 11.

In the meantime make sure that the procedure is done rightly by following this article, Windows 10/11 and newer settings to manage shared devices using Intune

https://learn.microsoft.com/en-us/mem/intune/configuration/shared-user-device-settings-windows Control access, accounts, and power features on shared PC or multi-user devices using Intune

https://learn.microsoft.com/en-us/mem/intune/configuration/shared-user-device-settings You can raise feedback to the Microsoft team.

The Feedback Hub app lets you tell Microsoft about any problems you run into https://support.microsoft.com/en-us/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332

Hope this resolves your Query !!

-------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer–