--- title: "Multiuser and User Switching on Shared Devices (Windows only)" slug: "multiuser-and-user-switching-on-shared-devices-windows-only" updated: 2026-04-07T08:59:07Z published: 2026-04-07T08:59:07Z canonical: "support.perimeter81.com/multiuser-and-user-switching-on-shared-devices-windows-only" stale: true --- > ## Documentation Index > Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt > Use this file to discover all available pages before exploring further. # Multiuser and User Switching on Shared Devices (Windows only) Check Point SASE Agent version 11.7 enhances security on shared Windows devices by detecting when users switch accounts and applying [Internet Access](/v1/docs/internet-access-overview) policies specific to each user. The agent ensures each monitored device receives user-specific security by enforcing individual policies, browsing restrictions, and private resource access based on group membership. [Security events](/v1/docs/security-events) are logged under the active user's account for accurate tracking. This provides administrators with clear visibility and control over user activity on all monitored devices. ### User Identification and Policy Assignment - For Domain and Active Directory or Entra Synced Users: 1. The agent automatically detects the domain user using the User Principal Name (UPN). 2. The device is reassigned to the detected user. 3. User-specific policies and restrictions are applied immediately. - For Local or Non-Domain Users (UPN Unavailable): 1. A new user account is automatically created in the Check Point SASE Administrator portal. Note - Local users are created in the `%username%.%devicename%@%tenantname%.local` format. Each local user account uses an additional user license. 2. The new user is assigned to the default group policy named **All users**. 3. The device remains protected by this policy. Important - Access to private resources (for example, VPN connections) is not available for local users.