onedrive gpo management for Streamlined Productivity

Author

Reads 314

A Person Holding a Folder of a Top Secret Files Label
Credit: pexels.com, A Person Holding a Folder of a Top Secret Files Label

To streamline productivity, you can leverage OneDrive GPO management to control user access and settings. OneDrive GPOs can be used to configure OneDrive settings, such as syncing files and folders.

By using OneDrive GPOs, you can simplify the management of OneDrive settings across your organization. This can save time and reduce errors.

OneDrive GPOs can be used to configure settings such as OneDrive sync, file sharing, and data retention.

A fresh viewpoint: Onedrive Settings

Group Policy Management

Group Policy Management is a powerful tool that allows administrators to centrally manage OneDrive settings across an organization. This makes it easier to ensure compliance with corporate policies and security requirements.

To start controlling OneDrive with Group Policy Objects (GPOs), you need to copy the OneDrive ADMX templates from a Windows machine with an up-to-date Sync Client into your Active Directory Central Store. The source files can be found at %localappdata%\Microsoft\OneDrive\BuildNumber\adm\.

A GPO is a set of rules that can be applied to computers and users in an Active Directory domain. By setting up a GPO for OneDrive personal accounts, you can ensure that all users have the same settings when it comes to their OneDrive account.

For more insights, see: Group Drive Google

Credit: youtube.com, Control OneDrive using Group Policy on client machine

You can configure OneDrive settings under Computer Configuration\Policies\Administrative Templates\OneDrive or User Configuration\Policies\Administrative Templates\OneDrive. This includes settings such as file size limits, storage quotas, and access permissions.

To prevent users from changing the location of their OneDrive folder, you should use Group Policy Objects (GPOs) to lock down the location of the OneDrive folder so that users cannot change it. This ensures that all users have access to the same set of files, and that no data is lost due to accidental moves or deletions.

Here are some common OneDrive settings that can be configured using Group Policy:

  • Prevent users from changing the location of their OneDrive folder
  • Prevent users from redirecting their Documents, Pictures, or Desktop folders to OneDrive
  • Set up a GPO for OneDrive personal accounts
  • Prevent users from saving new files to OneDrive
  • Silently move Windows known folders to OneDrive
  • Prevent authentication from automatically happening

These settings can be configured under Computer Configuration\Policies\Administrative Templates\OneDrive or User Configuration\Policies\Administrative Templates\OneDrive.

Folder Management

Folder Management is crucial to maintaining a smooth and secure OneDrive experience. You can prevent users from changing the location of their OneDrive folder to avoid data loss and synchronization issues.

To do this, use Group Policy Objects (GPOs) to lock down the location of the OneDrive folder. This will ensure that all users have access to the same set of files and prevent accidental moves or deletions.

For more insights, see: How to Remove Dropbox Folder

Credit: youtube.com, How to deploy and manage OneDrive sync app via Group Policy Object

If a user attempts to change the location of their OneDrive folder, they will be unable to do so if this setting is enabled. This is because the location of the OneDrive folder is locked down by the GPO.

Enabling this setting will prevent synchronization issues and data loss. It's a simple yet effective way to manage OneDrive folders and keep your data safe.

You can also configure the Sync client to hard-delete the contents of an added folder when it's unmounted. This can be done by setting the "AddedFolderHardDeleteOnUnmount" registry key value to 1.

Security and Permissions

Enabling the "PermitDisablePermissionInheritance" policy can improve the performance of the OneDrive sync app when syncing read-only folders.

This policy removes inherited permissions within read-only folders syncing on a user's PC, but doesn't change their permissions to view or edit content in SharePoint.

We don't recommend setting this policy for users not syncing read-only content, as it may cause issues.

Having a GPO in place for OneDrive personal accounts makes it easier to manage user accounts across multiple devices.

By setting up a GPO, you can ensure all users have the same settings for their OneDrive account, including file size limits, storage quotas, and access permissions.

For more insights, see: Onedrive Not Synching

Disable Permission Inheritance in Read-Only

Credit: youtube.com, Everything You Need to Know About Windows Folder Permissions

Disabling permission inheritance in read-only folders can significantly improve the performance of the OneDrive sync app. This is especially true for users who only have read-only permission to certain content.

You can enable this setting by going to the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive] and setting the "PermitDisablePermissionInheritance" value to dword:00000001. This will remove all inherited permissions within read-only folders syncing on a user's PC.

Enabling this setting for a user doesn't change their permissions to view or edit content in SharePoint, so you don't have to worry about affecting their access rights. However, it's recommended to only set this policy for users syncing read-only content, as it may not be necessary for others.

For more insights, see: Onedrive Permissions

Set Automatic Download Storage Limit

To set a storage limit for automatic downloads, you can specify a maximum size in MB that a user's OneDrive can reach before prompting them to choose which folders to sync. This setting is used with Silently sign in users to the OneDrive sync app with their Windows credentials on devices that don't have OneDrive Files On-Demand enabled.

Credit: youtube.com, Allow or Block Automatic File Downloads for Apps in Windows 10 [Tutorial]

The default value is 500 MB, but you can adjust this to a threshold of up to 4,294,967,295 MB. To do this, enter the tenant ID and the maximum size in the Options box, select Show, and then enter the desired value.

For example, if you set the maximum size to 5,000 MB, any user with a OneDrive larger than this will be prompted to choose the folders they want to sync before the OneDrive sync app downloads the files. This helps prevent users from accidentally syncing large amounts of data without realizing it.

Broaden your view: Gdrive Large Size Movies

Block Accounts by Organization

If you want to prevent users from uploading files to another organization, you can block syncing OneDrive accounts for specific organizations by specifying a list of blocked tenant IDs.

This setting lets you control which organizations can upload files to your OneDrive account, and it's a great way to keep your files organized and secure.

Credit: youtube.com, organized and policies blocked from unauthorized people. how to give security permissions

To enable this setting, go to the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive\BlockTenantList] and add the tenant ID you want to block.

If a user has already added the blocked account, the files will stop syncing, so make sure to block the account before files are uploaded.

However, keep in mind that this setting doesn't work if you also enable the Allow syncing OneDrive accounts for only specific organizations setting, so choose one or the other.

Allow syncing OneDrive accounts for only specific organizations is another setting that lets you control which organizations can upload files to your OneDrive account.

This setting takes priority over blocking syncing for specific organizations, so if you enable both, the allowing setting will override the blocking setting.

To enable this setting, go to the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive\AllowTenantList] and add the tenant ID you want to allow.

If a user tries to add an account from an organization that isn't allowed, they'll get an error and won't be able to upload files.

Explore further: Syncing with Onedrive

App Management

Credit: youtube.com, Install and Manage OneDrive from Intune only, No SCCM and Group Policies required. Demo.....

App Management is a breeze with OneDrive GPO. Having a GPO in place makes it easier to manage user accounts across multiple devices.

By setting up a GPO for OneDrive personal accounts, you can ensure that all users have the same settings. This includes file size limits, storage quotas, and access permissions.

With a GPO, you can simply apply changes to the policy instead of configuring each device individually. This saves time and reduces the risk of human error.

On a similar theme: Disable Onedrive Group Policy

Limit App Upload Rate to Throughput Percentage

Limiting the upload rate of an app to a percentage of throughput can be a great way to balance performance across different tasks on a computer. This setting allows you to specify the percentage of the computer's upload throughput that the app can use to upload files.

Setting this throughput as a percentage lets the app respond to both increases and decreases in throughput. The lower the percentage you set, the slower the files get uploaded.

People Discussing a Home Insurance Policy
Credit: pexels.com, People Discussing a Home Insurance Policy

We recommend a value of 50% or higher. The sync app periodically uploads without restriction for one minute and then slows down to the upload percentage you set. This pattern lets small files upload quickly while preventing large uploads from dominating the computer's upload throughput.

You can configure this setting using the Group Policy editor by setting the "AutomaticUploadBandwidthPercentage" registry key to a value described in the following example: [HKLM\SOFTWARE\Policies\Microsoft\OneDrive]"AutomaticUploadBandwidthPercentage"=dword:00000032. This sets the upload throughput percentage to 50.

If you enable this setting, computers use the percentage of upload throughput that you specify when uploading files to OneDrive, and users can't change it.

Silent App Login

You can prevent the OneDrive sync app from generating network traffic until users sign in. This setting lets you block the OneDrive sync app from generating network traffic until users sign in to OneDrive or start syncing files on their computer.

If you enable this setting, users must sign in to the OneDrive sync app on their computer, or select to sync OneDrive or SharePoint files on the computer, for the sync app to start automatically.

Network cables as supply for work of system
Credit: pexels.com, Network cables as supply for work of system

Users must sign in to the OneDrive sync app on their computer, or select to sync OneDrive or SharePoint files on the computer, for the sync app to start automatically.

If you enable the Silently sign in users to the OneDrive sync app with their Windows credentials feature, users who are signed in on a PC that's joined to Microsoft Entra ID can set up the sync app without entering their account credentials.

Broaden your view: How to Sign into Onedrive

Set App Update Ring

You can set the update ring for the OneDrive sync app to control how users receive updates. This setting lets you specify the ring for users in your organization, and when you enable it, users can't change it.

There are three rings to choose from: Insiders, Production, and Deferred. Insiders ring users receive builds that let them preview new features coming to OneDrive.

The Production ring is the default, and it's recommended to leave everyone else in the organization in this ring to ensure they receive bug fixes and new features in a timely fashion. This way, you can focus on deploying updates to a select group of users.

If this caught your attention, see: Features of Onedrive

Credit: youtube.com, Keep apps secure and updated with advanced app management and patching - Microsoft Tech Accelerator

To set the update ring, you'll need to configure the "GPOSetUpdateRing" setting in the registry. The value for this setting is a dword that you can set to 4 for Insider, 5 for Production, or 0 for Deferred.

If you configure the setting to 5 for Production, or 0 for Deferred, the Get OneDrive Insider preview updates before release checkbox in the sync app won't appear on the Settings > About tab. This means users won't be able to join the Windows Insider program or the Office Insider program to get updates on the Insiders ring.

Sharing and Collaboration

Coauthoring and sharing in Office desktop apps lets multiple users edit an Office file stored in OneDrive simultaneously.

This feature also enables users to share files from the Office desktop apps, making it easier to collaborate with others. Disabling this setting will disable coauthoring and in-app sharing for Office files.

If you disable this setting, both copies of the file are kept when file conflicts occur, rather than overwriting the changes.

Shared Resources

Credit: youtube.com, Resource sharing and collaboration

To prevent users from syncing libraries and folders shared from other organizations, you can modify the "BlockExternalSync" setting to the enabled state. This is done by entering the value 1 in the registry key [HKLM\SOFTWARE\Policies\Microsoft\OneDrive].

Enabling this setting will prevent users at your organization from using B2D Sync, which can be a security risk. This is because users will no longer be able to sync libraries and folders shared from other organizations.

To restore B2B Sync capability for your users, simply modify the setting to the disabled state by entering the value 0 in the same registry key. This will allow users to sync libraries and folders shared from other organizations once again.

Preventing users from sharing files with people outside your organization is also a crucial security measure. This can be done by using the OneDrive GPO settings to restrict file sharing permissions.

Restricting file sharing permissions will allow you to control who has access to shared files and limit the ability of users to share files with anyone outside your organization.

If this caught your attention, see: Shared with Me Onedrive

Coauthor in Office Apps

Credit: youtube.com, Co-author your documents in Microsoft 365 apps

Coauthoring lets multiple users edit an Office file stored in OneDrive at the same time. This feature is available in Microsoft 365 Apps for enterprise, Office 2019, or Office 2016 desktop apps.

To enable coauthoring, you need to keep the "EnableAllOcsiClients" setting enabled, which is located in the registry key [HKCU\SOFTWARE\Policies\Microsoft\OneDrive]. Disabling this setting will disable coauthoring and in-app sharing for Office files.

If you disable coauthoring, both copies of the file will be kept when file conflicts occur. This means you won't be able to resolve conflicts automatically, and you'll need to manually resolve them.

Frequently Asked Questions

How do I disable files on demand OneDrive group policy?

To disable the "Files On-Demand" feature in OneDrive via group policy, press Win+R, type gpedit, and navigate to Computer Configuration > Administrative Templates > OneDrive > Use OneDrive Files On-Demand settings. Disable the policy to turn off Files On-Demand.

Nancy Rath

Copy Editor

Nancy Rath is a meticulous and detail-oriented Copy Editor with a passion for refining written content. With a keen eye for grammar, syntax, and style, she has honed her skills in ensuring that articles are polished and engaging. Her expertise spans a range of categories, including digital presentation design, where she has a particular interest in the intersection of visual and written communication.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.