Highlights
- TruFace (1:1 – UPN + Face Authentication)
- Certificate-Based Authentication (CBA) for Single Sign-On (SSO)
- Automatic certificate renewal before expiry
- Group Policy support to limit concurrent signed-in users
- Native Windows profile cleanup policy support
- ARM architecture support
- Bug Fixes
Enhancements
TruFace (1:1 – UPN + Face Authentication) TruFace now supports face-based authentication using a 1:1 verification model, where the user is first identified (e.g., via UPN or badge) and then verified using facial recognition. A live video-based liveness check ensures the presence of a real user before securely matching against enrolled face. Certificate-Based Authentication (CBA) for SSO Shared Workstation users can now seamlessly access web and enterprise applications using Certificate-Based Authentication (CBA) after signing in to the desktop. The short-lived certificate issued during Shared Workstation sign-in is automatically reused for SSO, enabling passwordless access without additional prompts. It uses the same certificate issued at Shared Workstation sign-in certificates are automatically cleaned up at session end. Automatic Certificate Renewal Before Expiry Shared Workstations now proactively renew user certificates before they expire, ensuring uninterrupted desktop access and SSO continuity. It prevents login or SSO failures due to expired certificates. Limit Concurrent Signed-in Users via Group Policy Administrators can now centrally control how many users may be signed in concurrently on a Shared Workstation using a TruU-provided Group Policy. The New GPO: Limit Concurrent Signed-in Users - Default limit: 10 users - Configurable range: 1–40 users - When the limit is exceeded, the oldest active session is automatically signed out. The Shared Workstation runtime now reads this value from the standard Windows Policies registry path, fully aligning with enterprise GPO lifecycle management. Capacity Summary:| Configuration | Observed Capacity | Recommended Range |
|---|---|---|
| 8 GB RAM | ~14 users | 10–12 users |
| 16 GB RAM | ~35–40 users | 30–35 users |
- Fixed several login and UI issues, including missing text on the login screen and windows that could not be closed during administrative credential prompts.
- Improved uninstall behavior to ensure cleanup of cached data, registry settings, and system configuration changes.
- Resolved logging, error-handling, and diagnostics issues to improve troubleshooting and operational stability.
- Addressed edge-case failures related to system metadata collection and service startup.
Upgrade Notes
- Existing deployments can upgrade directly from v25.3.0 to v26.1.0.
- No configuration changes are required for existing environments unless new GPO features are desired.
- Administrators should review and optionally deploy the new TruU Shared Workstation ADMX/ADML templates to take advantage of GPO-based controls.
- Shared Workstation supports all .NET 8 versions; however, TruU recommends using .NET 8.0.22 (with latest security patches) for optimal stability and smooth operation.
Downloads
The following artifacts are available with this release:- Shared Workstation Installer (x64/x86/ARM).
- Group Policy templates (ADMX/ADML) are now available for download directly from the Admin Console, enabling streamlined configuration and deployment of TruU policies.
Known Limitations
- If Shared Workstation is installed while Chrome or Edge browsers are running, CBA SSO activation may require a browser to restart.
- Profile cleanup behavior depends on Windows-supported policies; TruU does not perform direct profile deletion.
- Multi-user RDP within the same session is not supported for now, and users will see an error message indicating that they must log in with the required account in a new session. Long term, we will address this properly as part of the SSO-based approach instead of relying on certificates.
Known Issues
| Ticket Number | Component | Summary |
|---|---|---|
| NA | NA | NA |