Group Policies Controlling OneDrive

We have been working as a company to get closer to work anywhere at any time environment, so we moved our Share Folders to Share Point. While doing this there were many challenges specifically in the Transition process to get the user to still use their Local Application.

So we used the Onedrive Application which in itself has some challenges one of them being Bandwith and User Credentials. Then I discovered Group Policies and Controlling OneDrive.

Working with OneDrive

Before we jump into the Group Policy for OneDrive lets quickly have a look at the options on the App.

Settings

Starting with the Settings Tab you can control whether it automatically starts when you sign into the workstation. Various options on when to pause the sync and notifications that should be shown. For the most part, this is all fine with defaults. There are two options that I would suggest turning on.

  • Warn me Before removing Files from the Cloud
  • Save Space and download files as you use them

Although restoring OneDrive files is not difficult a user must be absolutely sure that when they delete documents it is not by accident. Restoring Files can be very timeconsuming.

When your bandwidth is limited that 500 MB file downloading on 50 Workstations while only 4 people work on it can really cripple a Network. Users should only download the files that they use.

Account

This is where all the Locations you are syncing shows. The only suggestion is to choose only the folders that you use. A lot of time users has access to additional resources that they use on occasion only. Limiting these folders from syncing makes the process much faster.

Backup

We all know those users that only knows one way of working and that is to save everything they do the desktop. When they clean their desktop it goes to the Documents folder but never gets sorted to the correct location. Onedrive has the ability to back up these locations. This is incase the workstation Fails or worse gets stollen.

Network

Very simple either limit your Upload\Download rate according to what best fits your internet speed. My suggestion get a proper internet connection if you intend to work online and Don’t Limit your bandwidth.

Office

This feature allows you and other people to work on the same document at the same time. Out of personal experience if you intend to use this feature rather use the WebApp it is much smoother. Not a setting I personally use due to the Resources that seems to go very slow.

The GPO

Getting the files

Allot of Group Policies is not present by default in the Group Policy Management and needs to be imported. OneDrive is one of these Policies. To get the files is very simple. Install the newest version of OneDrive onto PC with preferably the newest update of the Operating system (Windows 10).

Browse to the folder %localappdata%\Microsoft\OneDrive\ within you will find the newest version number Folder and then a Folder adm. By default, you should have a OneDrive.adml and OneDrive.admx. If your Environment is primarily english these files are fine. If not a list of available langue folders is available within you will find the correct OneDrive.amdl for your preferred language. Copy this with the OneDrive.admx file.

On the server browse too %systemroot%\PolicyDefinitions and paste the OneDrive.admx file. Within the folder, you will find the Language folder which you then paste the OneDrive.adml file.

Create the GPO

Open Group Policy Management > Group Policy Objects and Create a New Policy. As Always choose a Proper Name for the Policy. For this, we are controlling on the PC level so the name used: CC – OneDrive.

On the newly created Policy browse too Computer Configuration > Policies > Administrative Templates > OneDrive.

This is where the real fun happens because not only do you have similar options to the above-mentioned settings on the App but there are additional options that are not available on the App.

The option, for the most part, is very self-explanatory and like most GPO if you open it there is an extensive explanation on what each option does.

I want to concentrate on the main problem we had and that is bandwidth and user credentials. We did set up Microsoft SSO but the desired effect did not take place with all application. OneDrive is one of them causing issues when user passwords change.

For this I enabled the Setting: Silently sign in users to the OneDrive Sync Client with their Windows Credentials. I still suggest reading the rest of the help file as we choose this to try and simplify the login process for users.

Then for the Bandwith, there are two Options we enabled. The one is fairly logical Use OneDrive Files On-Demand, this will only download files as they are being used. The rest will show available but on the cloud and not locally which saves a lot of initial bandwidth.

The second option is something that I am sure most people ignore but if you read the help file it specifically talks about the Sync Speed: Allow OneDrive to disable Windows permission inheritance in folders synced Read-Only

Quote from GPO Help Description:

This setting lets the OneDrive sync client remove all inherited permissions within read-only folders syncing on a user’s PC.

If you enable this setting, the OneDrive sync client can disable permission inheritance in read-only folders to improve sync speed.

If you disable or do not configure this setting, the OneDrive sync client will preserve permission inheritance in read-only folders. Sync speed may be significantly slower.

So this is a very situational GPO but depending on your Sharepoint Setup this can improve the user experience a lot.

Windows 7

We have a make the mention we run a dual environment with Windows 7 and Windows 10 respectively. Although Windows 7 updated completely the OneDrive setting for Files on Demand does not work. It is not even in the Application settings. A good practice before using OneDrive is to Roll out Windows 10. Alternatively rather force users to use the Web App. Once they into using the online app the rest of the work comes Naturally.

********************************************************

If you liked what you read Please Share.
I’d love it if you followed me on YouTube and Facebook.

Also, feel free to subscribe to my posts by email.
Donations for the site can be made here.
Thanks for reading.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *