Hello! Today I would like to talk about deploying the next generation OneDrive client for Windows 7, Windows 8.1, and Windows 10 during an SCCM OS Deployment Task Sequence.
What is the next generation OneDrive client?
OneDrive and OneDrive for Business started as SkyDrive, followed by SkyDrive for Business. These were the first generation of a “cloud” file sync engine. Finally Microsoft got into the cloud sync/backup business. After some updates and a rename to OneDrive, we were had two very different engines that make up OneDrive and OneDrive for Business.
OneDrive is a personal cloud file sync that you used with your Microsoft account. Not a lot from a user experience changed since SkyDrive. Although they reduced the amount of free storage you get a while back, you still get 5 GB of free Cloud storage with access anywhere. You can up that plan for a fee to get more storage:
Learn more here https://onedrive.live.com/about/en-us/plans/
OneDrive for Business was a different sync engine (Groove.exe) where you were prompted to enter in a Sharepoint URL to sync content (bundled with Office 2013/2016). Very different experience to say the least and in many cases confusing to business users.
Thankfully Microsoft superseded both of these engines with a shiny new all in one engine! We now have a single installer where you can add your personal Microsoft account and have access to your personal files as well as add your organization account and sync/access your company files (still to Sharepoint) with the same user experience of having a drive in Windows Explorer (like OneDrive personal has always been)
This is what the experience of the new OneDrive looks like on Windows 10 when configured for both personal and business.
In many cases however, enterprises want to prevent users from saving company data into their personal OneDrive account. I completely agree with this in the vast majority of cases. Data loss prevention is critical and this is just another layer that needs to be addressed.
Luckily this can be accomplished very easily with Group Policy, or even a registry setting (use Group Policy though!). Download (here) the latest OneDrive ADMX files, add them to your Central Store (you are using a Central Store right?) and then configure as desired:
Deploying OneDriveSetup.exe during OS Deployment Task Sequences
The following will outline an approach that I have taken successfully. As you will see, depending on which OS you are deploying to, there are variations in deployment methodology. We will be creating a Package with multiple programs that will be added to our Task Sequences.
First download OneDriveSetup.exe from here, and place into a new package source directory.
Create a new file called InstallOneDrive-Win7.cmd and put the following content in it. Replace YourCompany with your company name, or choose whatever name you want.
MD C:\Windows\YourCompany MD C:\Windows\YourCompany\OneDrive Copy "%~dp0OneDriveSetup.exe" C:\Windows\YourCompany\OneDrive /Y REM Load Default User's Registry to HKLM\defuser, then import the settings needed. reg.exe load HKEY_LOCAL_MACHINE\defuser c:\users\default\ntuser.dat reg.exe ADD HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v OneDrive /T REG_SZ /D "C:\Windows\Fabick\OneDrive\OneDriveSetup.exe /silent" /F reg.exe unload HKEY_LOCAL_MACHINE\defuser
As you can see this will in inject a RunOnce key into the default user hive. Since OneDrive is a per user install, this will execute the installer silently for each user who logs into the machine.
Create a new file called InstallOneDrive-Win8.cmd and put the following content in it. Replace YourCompany with your company name, or choose whatever name you want.
MD C:\Windows\YourCompany MD C:\Windows\YourCompany\OneDrive Copy "%~dp0OneDriveSetup.exe" C:\Windows\YourCompany\OneDrive /Y "C:\Windows\YourCompany\OneDrive\OneDriveSetup.exe" /PerComputer /silent
For Windows 8.1, we are actually installing directory with a /PerComputer switch. This will provision OneDrive for each user silently
Windows 10 (1511)
Windows 10 includes a version of the next gen OneDrive client however it is outdated. We will use the following procedure to update it as well as prevent it from popping up a user login dialog.
Create a new file called InstallOneDrive-Win10.cmd and put the following content in it.
%SYSTEMROOT%\system32\takeown /f %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe %SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /Grant System:(F) Copy %~dp0onedrivesetup.exe %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe reg.exe load HKEY_LOCAL_MACHINE\defuser c:\users\default\ntuser.dat reg.exe ADD HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v OneDriveSetup /T REG_SZ /D "C:\Windows\SYSWOW64\OneDriveSetup.exe /silent" /F reg.exe unload HKEY_LOCAL_MACHINE\defuser
As you can see we need to take ownership and apply permissions to the native OneDriveSetup.exe before we can overwrite it with the latest version. We then modify the default user hive to add a silent switch to the install. This executes for each new user who logs in.
Place each the of the cmd files into your package source directory, then create the SCCM Package with a program for each of 3 different cmd files.
For each of your Task Sequences, add an “Install Package” task in the State Restore phase to install the appropriate batch file.
Using these easy batch scripts you now have a single SCCM Package that will provision the next generation client for each OS. Couple that with the Policy to disable personal use and you now have a company data sync engine that could (should) replace traditional Offline file sync.
You can even couple that with folder redirection and have a full backup/offline files access infrastructure. Get a new machine? Need to rebuild? No problem! Sign back into OneDrive and all your data is back. 🙂 Read all about how to redirect folders here:
Note: If you want to prompt users to login to OneDrive simply remove the silent switches from the Windows 7 and Windows 10 scripts, and change /PerComputer to /PerUser for Windows 8.1.