Skip to main content
Policy NameDefault SettingConfigurable Options
Limit Concurrent Signed-in Users10 Users1-999 users (value below 1 is auto-adjusted)
Deleted User Profiles Older Than a Specified Number of DaysNot ConfiguredInteger Value (days), enforced at system restart

Purpose

To define and enforce user session limits and automated profile lifecycle management on shared Windows workstations. These policies are intended to preserve system stability, optimize disk usage, and maintain a consistent user experience in multi-user environments.

Scope

These policies apply to all shared Windows workstations within the organization where multiple users may sign in over time or concurrently.

Policy Details

  1. Configure Limit Concurrent Signed-In Users
Description: Specifies the maximum number of users who can be signed in concurrently on a shared workstation. Options:
  • Not Configured or Disabled: The default limit of 10 concurrent users is enforced.
  • Enabled: Administrators can configure an integer value between 1 and 999.
    • Allowing more than a few concurrent users will slow down the system’s performance, if possible, allow only one user login at a time or keep the number to the lower possible value
    • Values below 1 are automatically adjusted to 1.
    • When the configured limit is reached and a new user attempts to sign in, the oldest active session is automatically signed out, allowing the new user to sign in successfully. Default Setting: 10 users.
  1. Delete User Profiles Older Than a Specified Number of Days
Description: Automatically deletes local user profiles that have not been used within a specified number of days. Profile cleanup is evaluated and performed during system restart. Options:
  • Not Configured or Disabled: No automatic deletion of user profiles is performed.
  • Enabled: Administrators specify an integer value representing the number of days of inactivity after which user profiles are eligible for deletion.
    • One day is interpreted 24 hours after the profile was last accessed.
    • At the next system restart, the User Profile Service deletes all profiles exceeding the configured inactivity threshold. Implementation Notes:
    • Profile deletion is performed using Windows supported mechanisms only.
    • Profiles currently in use are not deleted.
    • This policy is commonly used in shared, lab, kiosk, or transient-user environments.
    • This policy is Microsoft default policy if you encounter any issue with this policy, please reach out Microsoft Default Setting: Not Configured.

Configuration Steps

  1. Open Group Policy Management Console (GPMC).
  2. Navigate to: Computer Configuration → Administrative Templates → TruU → Frontline Access → Limit Concurrent Signed-In Users
Configure the following settings as required:
  • Limit Concurrent Signed-in User
Computer Configuration → Administrative Templates → System → User Profiles. Configure the following settings as required:
  • Delete user profiles older than a specified number of days on system restart
  1. Link and enforce the GPO to the appropriate Organizational Units (OUs).

Recommendations

  • Set the concurrent user limit based on workstation hardware capacity and usage patterns.
  • Enable profile deletion by age in environments with frequent user turnover to prevent disk space exhaustion.
  • Carefully select the inactivity threshold to balance storage optimization with user convenience.
Configuring Physical Access Badge for Shared Workstation Shared Workstation Installation and Deployment