diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index dd4a062b..c9a3491c 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -318,7 +318,14 @@
           "hide": { "type": "integer", "default": 0, "description": "Sum of: 1 = Hide header, 2 = Hide tab, 4 = Hide footer, 8 = Hide title, 16 = Hide left bar, 32 = Hide back buttons" },
           "footer": { "type": "string", "default": null, "description": "This is a HTML string displayed at the bottom of the web page when a user is logged in." },
           "loginfooter": { "type": "string", "default": null, "description": "This is a HTML string displayed at the bottom of the web page when a user is not logged in." },
-          "guestDeviceSharing": { "type": "boolean", "default": true, "description": "When set to false, the desktop/terminal sharing link feature is not available." },
+          "guestDeviceSharing": {
+            "type": [ "boolean", "object" ],
+            "default": true,
+            "description": "When set to false, the desktop/terminal sharing link feature is not available.",
+            "properties": {
+              "maxSessionTime": { "type": "number", "description": "When set, limits the maximum length of a guest session, in minutes." }
+            }
+          },
           "autoRemoveInactiveDevices": { "type": "integer", "default": 0, "minimum": 0, "maximum": 2000, "description": "Number of days a device can be inactive before it's removed. 0 disables this feature. Device group setting will override this value." },
           "deviceSearchBarServerAndClientName": { "type": "boolean", "default": false, "description": "When set to true, the devices search box will match on both the server name and client name of a device." },
           "agentSelfGuestSharing": {
diff --git a/meshuser.js b/meshuser.js
index 7b4c43b0..1383006a 100644
--- a/meshuser.js
+++ b/meshuser.js
@@ -559,7 +559,11 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
             serverinfo.magenturl = 'mc://' + agentServerName + ((agentHttpsPort != 443) ? (':' + agentHttpsPort) : '') + ((xdomain != '') ? ('/' + xdomain) : '');
             serverinfo.domainsuffix = xdomain;
 
-            if (domain.guestdevicesharing === false) { serverinfo.guestdevicesharing = false; }
+            if (domain.guestdevicesharing === false) { serverinfo.guestdevicesharing = false; } else {
+                if (typeof domain.guestdevicesharing == 'object') {
+                    if (typeof domain.guestdevicesharing.maxsessiontime == 'number') { serverinfo.guestdevicesharingmaxtime = domain.guestdevicesharing.maxsessiontime; }
+                }
+            }
             if (typeof domain.userconsentflags == 'number') { serverinfo.consent = domain.userconsentflags; }
             if ((typeof domain.usersessionidletimeout == 'number') && (domain.usersessionidletimeout > 0)) { serverinfo.timeout = (domain.usersessionidletimeout * 60 * 1000); }
             if (user.siteadmin === SITERIGHT_ADMIN) {
@@ -3949,9 +3953,9 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                 else if (command.nodeid.indexOf('/') == -1) { command.nodeid = 'node/' + domain.id + '/' + command.nodeid; }
                 else if ((command.nodeid.split('/').length != 3) || (command.nodeid.split('/')[1] != domain.id)) { err = 'Invalid domain'; } // Invalid domain, operation only valid for current domain
                 if (common.validateString(command.guestname, 1, 128) == false) { err = 'Invalid guest name'; } // Check the guest name
-                else if ((command.expire != null) && (typeof command.expire != 'number')) { err = 'Invalid expire time'; } // Check the expire time in hours
-                else if ((command.start != null) && (typeof command.start != 'number')) { err = 'Invalid start time'; } // Check the start time in seconds
-                else if ((command.end != null) && (typeof command.end != 'number')) { err = 'Invalid end time'; } // Check the end time in seconds
+                else if ((command.expire != null) && (typeof command.expire != 'number')) { err = 'Invalid expire time'; } // Check the expire time in minutes
+                else if ((command.start != null) && (typeof command.start != 'number')) { err = 'Invalid start time'; } // Check the start time in UTC seconds
+                else if ((command.end != null) && (typeof command.end != 'number')) { err = 'Invalid end time'; } // Check the end time in UTC seconds
                 else if (common.validateInt(command.consent, 0, 256) == false) { err = 'Invalid flags'; } // Check the flags
                 else if (common.validateInt(command.p, 1, 7) == false) { err = 'Invalid protocol'; } // Check the protocol, 1 = Terminal, 2 = Desktop, 4 = Files
                 else if ((command.expire == null) && ((command.start == null) || (command.end == null) || (command.start > command.end))) { err = 'No time specified'; } // Check that a time range is present
@@ -3967,6 +3971,13 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                     break;
                 }
 
+                // Correct maximum session length if needed
+                if ((typeof domain.guestdevicesharing == 'object') && (typeof domain.guestdevicesharing.maxsessiontime == 'number') && (domain.guestdevicesharing.maxsessiontime > 0)) {
+                    const maxtime = domain.guestdevicesharing.maxsessiontime;
+                    if ((command.expire != null) && (command.expire > maxtime)) { command.expire = maxtime; }
+                    if ((command.start != null) && (command.end != null)) { if ((command.end - command.start) > (maxtime * 60)) { command.end = (command.start + (maxtime * 60)); } }
+                }
+
                 // Get the device rights
                 parent.GetNodeWithRights(domain, user, command.nodeid, function (node, rights, visible) {
                     // If node not found or we don't have remote control, reject.
diff --git a/views/default.handlebars b/views/default.handlebars
index e77e4081..04992619 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -7471,7 +7471,11 @@
             x += addHtmlValue("Type", '<select id=d2shareType style=float:right;width:250px onchange=showShareDeviceValidate()>' + y + '</select>');
             var options = { 1 : "1 minute", 5 : "5 minutes", 10 : "10 minutes", 15 : "15 minutes", 30 : "30 minutes", 45 : "45 minutes", 60 : "60 minutes", 120 : "2 hours", 240 : "4 hours", 480 : "8 hours", 720 : "12 hours", 960 : "16 hours", 1440 : "24 hours", 2880 : "2 days", 5760 : "4 days", 0 : "Unlimited" }
             y = '';
-            for (var i in options) { y += '<option value=' + i + '>' + options[i] + '</option>'; }
+            for (var i in options) {
+                if ((serverinfo.guestdevicesharingmaxtime == null) || ((i > 0) && (i <= serverinfo.guestdevicesharingmaxtime))) {
+                    y += '<option value=' + i + '>' + options[i] + '</option>';
+                }
+            }
             x += addHtmlValue("Validity", '<select id=d2timeRange style=float:right;width:250px onchange=showShareDeviceValidate()><option value=0>' + "Starting now" + '</option><option value=1>' + "Time range" + '</option></select>');
             x += '<div id=d2modenow>';
             x += addHtmlValue("Expire Time", '<select id=d2inviteExpire style=float:right;width:250px>' + y + '</select>');