Administrative settings for the new OneDrive sync client
A variety of OneDrive and OneDrive for Business settings can be centrally administered through group policy. The group policy objects are available as part of the OneDrive Deployment Package.
The following User Configuration group policies are available:
-
Configure OneDrive.exe to receive updates after consumer production
-
Prevent users from changing the location of their OneDrive folder
The following Computer Configuration group policies are available:
Using group policy with OneDrive
Before you can begin administering OneDrive with group policy, you must download the OneDrive Deployment Package and add the OneDrive.admx and OneDrive.adml files to your group policy central store.
These policies work by setting registry keys on the computers in your domain, which the OneDrive sync client (OneDrive.exe) recognizes. The sections below describe what each policy does and the default behavior if you do not configure it.
A note about using these policies: when you enable or disable a setting, the corresponding registry key is updated on computers in your domain. If you later set the policy back to Not configured, the corresponding registry key is not modified and the effective policy setting does not change. So after you configure a setting, use the Enabled and Disabled settings for that policy going forward.
User Configuration group policies
User Configuration policies can be found under User Configuration\Policies\Administrative Templates\OneDrive.
Coauthoring and in-app sharing for Office files
The Coauthoring and in-app sharing for Office files policy enables live co-authoring and in-app sharing for Office files opened locally from your computer. Coauthoring and in-app sharing for Office files is allowed by default. (Coauthoring is available in Office 2013 and Office 2016.)
If you enable this setting, coauthoring and in-app sharing for Office is enabled, but users can disable it on the Office tab in the sync client if they wish.
If you disable this setting, coauthoring and in-app sharing for Office files is disabled, and the Office tab is hidden in the sync client. If you disable this setting, then the Users can choose how to handle Office files in conflict setting will act as disabled and in case of file conflicts, the file will be forked.
Delay updating OneDrive.exe until the second release wave
OneDrive.exe updates roll out in two waves. The first wave starts when an update becomes available and normally takes one to two weeks to complete. The second wave starts after the first wave completes.
The Delay updating OneDrive.exe until the second release wave policy prevents OneDrive sync clients from being updated until the second wave. This gives you some extra time to prepare for upcoming updates.
By default, updates are installed as soon as they're available during the first wave.
If you enable this setting, OneDrive sync clients in your domain will be updated during the second wave, several weeks after updates are released broadly to Office 365 customers.
If you disable this setting, OneDrive sync clients will be updated as soon as updates are available during the first wave.
Prevent users from changing the location of their OneDrive folder
The Prevent users from changing the location of their OneDrive folder allows you to prevent users from changing the location of their OneDrive sync folder.
To use this policy, you must update the OneDrive.admx file in your group policy central store and add your tenant ID as shown below.
<policy name="DisableCustomRoot" class="User" displayName="$(string.DisableCustomRoot)" explainText="$(string.DisableCustomRoot_help)" key="SOFTWARE\Microsoft\OneDrive\Tenants\{INSERT YOUR TENANT'S GUID HERE}" valueName="DisableCustomRoot"> <parentCategory ref="OneDriveNGSC" /> <supportedOn ref="windows:SUPPORTED_Windows7" /> <enabledValue> <decimal value="1" /> </enabledValue> <disabledValue> <decimal value="0" /> </disabledValue> </policy> This setting only applies to the tenant that you specify in the ADMX file. If you need to apply this setting to more than one tenant, see Considerations when using per-tenant settings later in this article.
If you enable this setting, users cannot change the location of their "OneDrive – {tenant name}" folder during the Welcome to OneDrive wizard. This forces users to use either the default location, or, if you've set the Set the default location for the OneDrive folder setting, ensures all users have their local OneDrive folder in the location that you've specified.
If you disable this setting, users can change the location of their sync folder during the Welcome to OneDrive wizard.
Prevent users from synchronizing personal OneDrive accounts
The Prevent users from configuring personal OneDrive accounts policy allows you to blocks users from syncing files from consumer (Microsoft Account based) OneDrive. By default, users are allowed to synchronize personal OneDrive accounts.
If you enable this setting, users will be prevented from setting up a sync relationship for their personal OneDrive account. If they had previously been synchronizing a personal OneDrive account, they are shown an error when they start the sync client, but their files remain on the disk.
If you disable this setting, users are allowed to synchronize personal OneDrive accounts.
Set the default location for the OneDrive folder
The Set the default location for the OneDrive folder policy allows you to set a specific path as the default location of the OneDrive folder when users go through the Welcome to OneDrive wizard when configuring file synchronization. By default, the path is under %userprofile%.
To use this policy, you must update the OneDrive.admx file in your group policy central store and add your tenant ID and the desired default path as shown below.
<policy name="DefaultRootDir" class="User" displayName="$(string.DefaultRootDir)" explainText="$(string.DefaultRootDir_help)" key="SOFTWARE\Microsoft\OneDrive\Tenants\{INSERT YOUR TENANT'S GUID HERE}" valueName="DefaultRootDir"> <parentCategory ref="OneDriveNGSC" /> <supportedOn ref="windows:SUPPORTED_Windows7" /> <enabledValue> <string>{INSERT YOUR CHOSEN PATH HERE}</string> </enabledValue> <disabledValue> <string></string> </disabledValue> </policy> This setting only applies to the tenant that you specify in the ADMX file. If you need to apply this setting to more than one tenant, see Considerations when using per-tenant settings later in this article.
If you enable this setting, the local OneDrive – <tenant name> folder location will default to the path that you specify in the OneDrive ADMX file.
If you disable this setting, the local OneDrive – <tenant name> folder location will default to %userprofile%.
Users can choose how to handle Office files in conflict
The Users can choose how to handle Office files in conflict policy determines what happens when there's a conflict between Office 2016 file versions during synchronization. By default, the users is allowed to decide if they want to merge changes or keep both copies. Users can also configure the sync client to always fork the file and keep both copies. (This option is only available for Office 2016. With earlier versions of Office, the file is always forked and both copies are kept.)
If you enable this setting, users can decide if they want to merge changes or keep both copies. Users can also configure the sync client to always fork the file and keep both copies.
If you disable this setting, then the file is always forked and both copies are kept in the case of a sync conflict. The configuration setting in the sync client is disabled.
Computer Configuration group policies
Computer Configuration policies can be found under Computer Configuration\Policies\Administrative Templates\OneDrive.
Set the maximum percentage of upload bandwidth that OneDrive.exe uses
The Set the maximum percentage of upload bandwidth that OneDrive.exe uses policy allows you to configure the maximum percentage of the available bandwidth on the computer that OneDrive sync will use to upload. (OneDrive only uses this bandwidth when syncing files.) The bandwidth available to a computer is constantly changing, so a percentage allows sync to respond to both increases and decreases in bandwidth availability while syncing in the background. The lower the percentage of bandwidth OneDrive sync is allowed to take, the slower the computer will sync files. We recommend a value of 50% or higher. The default maximum percentage is 99%. Sync enables upload limiting by periodically allowing the sync engine to go full speed for one minute and then slowing down to the upload percentage set by this setting. This enables two key scenarios. First, a very small file will get uploaded quickly because it can fit in the interval where sync is measuring the maximum possible speed. Second, for any long running upload, sync will keep optimizing the upload speed per the percentage value set by this setting.
If you enable this setting, computers affected by this policy will use the maximum bandwidth percentage that you specify.
If you disable this setting, computers will use maximum bandwidth percentage determined by the service.
Prevent users from using the remote file fetch feature to access files on the computer
The Prevent users from using the remote file fetch feature to access files on the computer policies allow you to block users from using the fetch feature when they are logged in with their Microsoft account to OneDrive.exe. The fetch feature allows your users to go to OneDrive.com, select a Windows computer that's currently online and running the OneDrive Sync Client, and access all your personal files from that computer. By default, users can use the fetch feature.
There are two policies - one for 32-bit computers and one for 64-bit computers.
If you enable this setting, users will be prevented from using the fetch feature.
If you disable this setting, users can use the fetch feature.
Policies for multiple tenants
There are two settings that are tenant-specific:
-
Set the default location for the OneDrive folder
-
Prevent users from changing the location of their OneDrive folder
If you have more than one tenant, and you want to use one or both of these settings with additional tenants, then you need to modify the OneDrive.admx and OneDrive.adml files in your group policy central store.
Using Set the default location for the OneDrive folder with multiple tenants
In the OneDrive.admx file, the Set the default location for the OneDrive folder policy is called DefaultRootDir. To use this policy with more that one tenant, you must add a new policy definition to OneDrive.admx for each additional tenant. Add these policy definitions to the bottom of the file above the </policies> tag in the Insert multi-tenant settings here section.
Use the following syntax, replacing {TenantName} with a unique name for that tenant, and adding your tenant ID and the default path that you want to use.
<policy name="DefaultRootDir_{TenantName}" class="User" displayName="$(string.DefaultRootDir_{TenantName})" explainText="$(string.DefaultRootDir_help)" key="SOFTWARE\Microsoft\OneDrive\Tenants\{INSERT YOUR TENANT'S GUID HERE}" valueName="DefaultRootDir"> <parentCategory ref="OneDriveNGSC" /> <supportedOn ref="windows:SUPPORTED_Windows7" /> <enabledValue> <string>{INSERT YOUR CHOSEN PATH HERE}</string> </enabledValue> <disabledValue> <string></string> </disabledValue> </policy> Additionally, update the OneDrive.adml file in the Insert multi-tenant settings here section above the </stringTable> tag with the following syntax, again replacing {TenantName} with the same name that you used above.
<string id="DefaultRootDir_{TenantName}">Set the default location of the OneDrive folder for {TenantName}</string> Using Prevent users from changing the location of their OneDrive folder with multiple tenants
In the OneDrive.admx file, the Prevent users from changing the location of their OneDrive folder policy is called DisableCustomRoot. To use this policy with more that one tenant, you must add a new policy definition to OneDrive.admx for each additional tenant. Add these policy definitions to the bottom of the file above the </policies> tag in the Insert multi-tenant settings here section.
Use the following syntax, replacing {TenantName} with a unique name for that tenant, and adding your tenant ID and the default path that you want to use.
<policy name="DisableCustomRoot_{TenantName}" class="User" displayName="$(string.DisableCustomRoot_{TenantName})" explainText="$(string.DisableCustomRoot_help)" key="SOFTWARE\Microsoft\OneDrive\Tenants\{INSERT YOUR TENANT'S GUID HERE}" valueName="DisableCustomRoot"> <parentCategory ref="OneDriveNGSC" /> <supportedOn ref="windows:SUPPORTED_Windows7" /> <enabledValue> <decimal value="1" /> </enabledValue> <disabledValue> <decimal value="0" /> </disabledValue> </policy> Additionally, update the OneDrive.adml file in the Insert multi-tenant settings here section above the </stringTable> tag with the following syntax, again replacing {TenantName} with the same name that you used above.
<string id="DefaultRootDir_{TenantName}">Prevent users from changing the location of their OneDrive folder for {TenantName}</string> 
No comments:
Post a Comment