This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 67%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
I've been trying to build out a restrictive profile for public user accounts on shared laptops. We need the local profiles for these accounts to be deleted on logoff, and I've achieved this using a combination of Shared PC settings and Assigned Access. I had to write a custom Assigned Access XML to allow users to save to their external drives (the basic kiosk template provided in intune does not allow for this). Now that I've been able to give them access to external drives, I noted that they are able to access the settings app through the file explorer window. Normally I could remove the pinned shortcuts at the top of the file explorer window via admx templates assigned to the user, but it seems that admx templates do not apply during first user login, which will always be the case as we are deleting their profiles during logoff. I was wondering if there is a way to force admx processing synchronously, similar to synchronous policy processing in GP, to ensure they get their admx settings on first login?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Robert Meany,Thanks for posting in Q&A.
Based on my experience, when you create ADMX policies from Intune or and assign them to a user, the user needs to log into the device and sync with Intune to get the relevant policy, you can try to sync with Intune to get the ADMX policy when user first login in.
Honestly, I've never encountered this issue, but you could try assigning the ADMX policy to the device group and see if you can apply it the first time the user logs in.
Hope it will help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Robert Meany,Hope things going well.
If there is any update, feel free to let me know.