
To streamline productivity, you can leverage OneDrive GPO management to control user access and settings. OneDrive GPOs can be used to configure OneDrive settings, such as syncing files and folders.
By using OneDrive GPOs, you can simplify the management of OneDrive settings across your organization. This can save time and reduce errors.
OneDrive GPOs can be used to configure settings such as OneDrive sync, file sharing, and data retention.
A fresh viewpoint: Onedrive Settings
Group Policy Management
Group Policy Management is a powerful tool that allows administrators to centrally manage OneDrive settings across an organization. This makes it easier to ensure compliance with corporate policies and security requirements.
To start controlling OneDrive with Group Policy Objects (GPOs), you need to copy the OneDrive ADMX templates from a Windows machine with an up-to-date Sync Client into your Active Directory Central Store. The source files can be found at %localappdata%\Microsoft\OneDrive\BuildNumber\adm\.
A GPO is a set of rules that can be applied to computers and users in an Active Directory domain. By setting up a GPO for OneDrive personal accounts, you can ensure that all users have the same settings when it comes to their OneDrive account.
For more insights, see: Group Drive Google
You can configure OneDrive settings under Computer Configuration\Policies\Administrative Templates\OneDrive or User Configuration\Policies\Administrative Templates\OneDrive. This includes settings such as file size limits, storage quotas, and access permissions.
To prevent users from changing the location of their OneDrive folder, you should use Group Policy Objects (GPOs) to lock down the location of the OneDrive folder so that users cannot change it. This ensures that all users have access to the same set of files, and that no data is lost due to accidental moves or deletions.
Here are some common OneDrive settings that can be configured using Group Policy:
- Prevent users from changing the location of their OneDrive folder
- Prevent users from redirecting their Documents, Pictures, or Desktop folders to OneDrive
- Set up a GPO for OneDrive personal accounts
- Prevent users from saving new files to OneDrive
- Silently move Windows known folders to OneDrive
- Prevent authentication from automatically happening
These settings can be configured under Computer Configuration\Policies\Administrative Templates\OneDrive or User Configuration\Policies\Administrative Templates\OneDrive.
Folder Management
Folder Management is crucial to maintaining a smooth and secure OneDrive experience. You can prevent users from changing the location of their OneDrive folder to avoid data loss and synchronization issues.
To do this, use Group Policy Objects (GPOs) to lock down the location of the OneDrive folder. This will ensure that all users have access to the same set of files and prevent accidental moves or deletions.
For more insights, see: How to Remove Dropbox Folder
If a user attempts to change the location of their OneDrive folder, they will be unable to do so if this setting is enabled. This is because the location of the OneDrive folder is locked down by the GPO.
Enabling this setting will prevent synchronization issues and data loss. It's a simple yet effective way to manage OneDrive folders and keep your data safe.
You can also configure the Sync client to hard-delete the contents of an added folder when it's unmounted. This can be done by setting the "AddedFolderHardDeleteOnUnmount" registry key value to 1.
Broaden your view: If I Delete Onedrive Will It Erase Everything
Security and Permissions
Enabling the "PermitDisablePermissionInheritance" policy can improve the performance of the OneDrive sync app when syncing read-only folders.
This policy removes inherited permissions within read-only folders syncing on a user's PC, but doesn't change their permissions to view or edit content in SharePoint.
We don't recommend setting this policy for users not syncing read-only content, as it may cause issues.
Having a GPO in place for OneDrive personal accounts makes it easier to manage user accounts across multiple devices.
By setting up a GPO, you can ensure all users have the same settings for their OneDrive account, including file size limits, storage quotas, and access permissions.
For more insights, see: Onedrive Not Synching
Disable Permission Inheritance in Read-Only
Disabling permission inheritance in read-only folders can significantly improve the performance of the OneDrive sync app. This is especially true for users who only have read-only permission to certain content.
You can enable this setting by going to the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive] and setting the "PermitDisablePermissionInheritance" value to dword:00000001. This will remove all inherited permissions within read-only folders syncing on a user's PC.
Enabling this setting for a user doesn't change their permissions to view or edit content in SharePoint, so you don't have to worry about affecting their access rights. However, it's recommended to only set this policy for users syncing read-only content, as it may not be necessary for others.
For more insights, see: Onedrive Permissions
Set Automatic Download Storage Limit
To set a storage limit for automatic downloads, you can specify a maximum size in MB that a user's OneDrive can reach before prompting them to choose which folders to sync. This setting is used with Silently sign in users to the OneDrive sync app with their Windows credentials on devices that don't have OneDrive Files On-Demand enabled.
The default value is 500 MB, but you can adjust this to a threshold of up to 4,294,967,295 MB. To do this, enter the tenant ID and the maximum size in the Options box, select Show, and then enter the desired value.
For example, if you set the maximum size to 5,000 MB, any user with a OneDrive larger than this will be prompted to choose the folders they want to sync before the OneDrive sync app downloads the files. This helps prevent users from accidentally syncing large amounts of data without realizing it.
Broaden your view: Gdrive Large Size Movies
Block Accounts by Organization
If you want to prevent users from uploading files to another organization, you can block syncing OneDrive accounts for specific organizations by specifying a list of blocked tenant IDs.
This setting lets you control which organizations can upload files to your OneDrive account, and it's a great way to keep your files organized and secure.
Worth a look: How to Transfer Files from Google Drive to Apple Icloud
To enable this setting, go to the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive\BlockTenantList] and add the tenant ID you want to block.
If a user has already added the blocked account, the files will stop syncing, so make sure to block the account before files are uploaded.
However, keep in mind that this setting doesn't work if you also enable the Allow syncing OneDrive accounts for only specific organizations setting, so choose one or the other.
Allow syncing OneDrive accounts for only specific organizations is another setting that lets you control which organizations can upload files to your OneDrive account.
This setting takes priority over blocking syncing for specific organizations, so if you enable both, the allowing setting will override the blocking setting.
To enable this setting, go to the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList] and add the tenant ID you want to allow.
If a user tries to add an account from an organization that isn't allowed, they'll get an error and won't be able to upload files.
Explore further: Syncing with Onedrive
App Management
App Management is a breeze with OneDrive GPO. Having a GPO in place makes it easier to manage user accounts across multiple devices.
By setting up a GPO for OneDrive personal accounts, you can ensure that all users have the same settings. This includes file size limits, storage quotas, and access permissions.
With a GPO, you can simply apply changes to the policy instead of configuring each device individually. This saves time and reduces the risk of human error.
On a similar theme: Disable Onedrive Group Policy
Limit App Upload Rate to Throughput Percentage
Limiting the upload rate of an app to a percentage of throughput can be a great way to balance performance across different tasks on a computer. This setting allows you to specify the percentage of the computer's upload throughput that the app can use to upload files.
Setting this throughput as a percentage lets the app respond to both increases and decreases in throughput. The lower the percentage you set, the slower the files get uploaded.
Intriguing read: Remove Dropbox from a Computer

We recommend a value of 50% or higher. The sync app periodically uploads without restriction for one minute and then slows down to the upload percentage you set. This pattern lets small files upload quickly while preventing large uploads from dominating the computer's upload throughput.
You can configure this setting using the Group Policy editor by setting the "AutomaticUploadBandwidthPercentage" registry key to a value described in the following example: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"AutomaticUploadBandwidthPercentage"=dword:00000032. This sets the upload throughput percentage to 50.
If you enable this setting, computers use the percentage of upload throughput that you specify when uploading files to OneDrive, and users can't change it.
A fresh viewpoint: How Long Does Dropbox Keep Deleted Files
Silent App Login
You can prevent the OneDrive sync app from generating network traffic until users sign in. This setting lets you block the OneDrive sync app from generating network traffic until users sign in to OneDrive or start syncing files on their computer.
If you enable this setting, users must sign in to the OneDrive sync app on their computer, or select to sync OneDrive or SharePoint files on the computer, for the sync app to start automatically.
Suggestion: How to Sign Out of Onedrive

Users must sign in to the OneDrive sync app on their computer, or select to sync OneDrive or SharePoint files on the computer, for the sync app to start automatically.
If you enable the Silently sign in users to the OneDrive sync app with their Windows credentials feature, users who are signed in on a PC that's joined to Microsoft Entra ID can set up the sync app without entering their account credentials.
Broaden your view: How to Sign into Onedrive
Set App Update Ring
You can set the update ring for the OneDrive sync app to control how users receive updates. This setting lets you specify the ring for users in your organization, and when you enable it, users can't change it.
There are three rings to choose from: Insiders, Production, and Deferred. Insiders ring users receive builds that let them preview new features coming to OneDrive.
The Production ring is the default, and it's recommended to leave everyone else in the organization in this ring to ensure they receive bug fixes and new features in a timely fashion. This way, you can focus on deploying updates to a select group of users.
If this caught your attention, see: Features of Onedrive
To set the update ring, you'll need to configure the "GPOSetUpdateRing" setting in the registry. The value for this setting is a dword that you can set to 4 for Insider, 5 for Production, or 0 for Deferred.
If you configure the setting to 5 for Production, or 0 for Deferred, the Get OneDrive Insider preview updates before release checkbox in the sync app won't appear on the Settings > About tab. This means users won't be able to join the Windows Insider program or the Office Insider program to get updates on the Insiders ring.
Sharing and Collaboration
Coauthoring and sharing in Office desktop apps lets multiple users edit an Office file stored in OneDrive simultaneously.
This feature also enables users to share files from the Office desktop apps, making it easier to collaborate with others. Disabling this setting will disable coauthoring and in-app sharing for Office files.
If you disable this setting, both copies of the file are kept when file conflicts occur, rather than overwriting the changes.
Consider reading: How to Store Files on the Cloud
Shared Resources
To prevent users from syncing libraries and folders shared from other organizations, you can modify the "BlockExternalSync" setting to the enabled state. This is done by entering the value 1 in the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive].
Enabling this setting will prevent users at your organization from using B2D Sync, which can be a security risk. This is because users will no longer be able to sync libraries and folders shared from other organizations.
To restore B2B Sync capability for your users, simply modify the setting to the disabled state by entering the value 0 in the same registry key. This will allow users to sync libraries and folders shared from other organizations once again.
Preventing users from sharing files with people outside your organization is also a crucial security measure. This can be done by using the OneDrive GPO settings to restrict file sharing permissions.
Restricting file sharing permissions will allow you to control who has access to shared files and limit the ability of users to share files with anyone outside your organization.
If this caught your attention, see: Shared with Me Onedrive
Coauthor in Office Apps
Coauthoring lets multiple users edit an Office file stored in OneDrive at the same time. This feature is available in Microsoft 365 Apps for enterprise, Office 2019, or Office 2016 desktop apps.
To enable coauthoring, you need to keep the "EnableAllOcsiClients" setting enabled, which is located in the registry key [HKCU\SOFTWARE\Policies\Microsoft\OneDrive]. Disabling this setting will disable coauthoring and in-app sharing for Office files.
If you disable coauthoring, both copies of the file will be kept when file conflicts occur. This means you won't be able to resolve conflicts automatically, and you'll need to manually resolve them.
Discover more: Windows 11 Onedrive Disable
Frequently Asked Questions
How do I disable files on demand OneDrive group policy?
To disable the "Files On-Demand" feature in OneDrive via group policy, press Win+R, type gpedit, and navigate to Computer Configuration > Administrative Templates > OneDrive > Use OneDrive Files On-Demand settings. Disable the policy to turn off Files On-Demand.
Sources
- https://learn.microsoft.com/en-us/sharepoint/use-group-policy
- https://climbtheladder.com/10-onedrive-gpo-best-practices/
- https://practical365.com/controlling-onedrive-synchronization/
- https://stackoverflow.com/questions/78603513/group-policy-stop-default-office-suite-save-locations-to-onedrive
- https://hansbrender.com/2022/06/06/onedrive-group-policies-part-1/
Featured Images: pexels.com