OneDrive Files on Demand – update!

OneDrive logo

After our initial post getting the new Windows 10 1709 OneDrive client up and running with Files on Demand we had one or two little snags left to fix. Both of which are now resolved so thought I’d make a quick ICYMI post to cover the final pieces of the puzzle to getting everything up and running perfectly šŸ™‚

Outdated client on the image

In true MS fashion the 1709 ISO ships with the old OneDrive client (epic fail) which means users have an annoying wait while it updates. There’s also the possibility to start off with the wrong client and therefore syncing files down by mistake.

I was trying out an updater script that would copy over the new client but didn’t have much success in MDT. After looking more closely at the logs with CMTrace I could see it failing on the copy operation so I added a Suspend action and tried each step manually. That flagged up an access denied error.

I then realised that MDT runs its scripts as the local Administrator user rather than SYSTEM as SCCM would, therefore the script’s permissions need tweaking for MDT use:

%SYSTEMROOT%\system32\takeown /f %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe >> %SYSTEMROOT%\logs\Onedrive.log
%SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /Grant Administrator:(F) >> %SYSTEMROOT%\logs\Onedrive.log
Copy OneDriveSetup.exe %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe >> %SYSTEMROOT%\logs\Onedrive.log /Y
%SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /Remove Administrator:(F) >> %SYSTEMROOT%\logs\Onedrive.log

This works like a charm! The updated client is installed during the Task Sequence and the first run as a user now begins with the 2017 client.

I’m also thinking of setting up a scheduled task on the MDT server to pull down the latest OneDrive client at regular intervals so the Task Sequence always deploys the latest version. That should do the trick until Microsoft see sense and push it out properly via WSUS.

Silently configure OneDrive using the primary Windows account

The final piece of the puzzle is to make the client log in via SSO so users have a fully configured OneDrive without any additional login prompts. I was puzzled by this not working initially as the GPO looks straightforward but it didn’t seem to do anything.

I’d read that the SSO relies on ADAL (aka modern authentication) so I initially wondered if our SSO provider hadn’t implemented that yet. That didn’t seem to make much sense as ADAL has been out for a while now so I hit Google a bit more deeply to try and find some further detail.

Soon came to this page, which I’m sure I’ve seen before:

Ref: https://support.office.com/en-gb/article/Use-Group-Policy-to-control-OneDrive-sync-client-settings-0ecb2cf5-8882-42b3-a6e9-be6bda30899c#silentconfig

The key (pun not intended, honest!) is the EnableADAL.reg file that’s squirrelled away at the bottom of the page. Deploy that via GPP et voila, one perfect blue OneDrive icon without any user interaction šŸ™‚

What next?

Having got Files on Demand working how we want with minimal cache, SSO and the latest client we can now move onto piloting it with our users. I’ve been tweaking Windows 10 GPOs today for some of the newer features such as Windows Defender Security Center, Exploit Protection etc. so the configuration is looking good enough for some early adoption!

Advertisements

5 Responses to OneDrive Files on Demand – update!

  1. adriankielbowicz says:

    Hey,

    Did you find any issues with OneDrive opening up when new users log in? Iā€™m seeing OneDrive loading up (grey icon) then after few seconds the icon disappears and never comes back. If I manually search for OneDrive and start it up then it works fine and icon remains in the taskbar (turns blue too and it syncs OK)

    Adrian

    • gshaw0 says:

      Hi Adrian, we get something similar in that it starts, waits for a minute or so then closers and reopens Explorer before going blue and then the “you are Syncing” notification pops up.

      How is your client set up, is it using single sign on?

  2. adriankielbowicz says:

    Hey, yeah I have configured ADAL authentication and my icon is initially grey, then it disappears and never really comes back unless I manually start OneDrive. Once I start OneDrive explorer reloads and the blue icon appears in the tray saying it is syncing. I have waited about 5 minutes hoping the icon will eventually appear but no luck.

    • adriankielbowicz says:

      Partial fix, just noticed that my OneDriveSetup.exe was still the old version so my copy script wasn’t working as expected. Fixed that now and getting a lot further.

      I can see OneDriveSetup.exe appearing as a running process (no tray icon though) but it disappears after about 30 seconds. If I then manually open OneDrive it loads up including blue the tray icon and starts syncing files (everything is pre-configured at this point it seems). Is your OneDrive doing the same or does it open automatically as soon as you sign in? Explorer still reloads just before the OneDrive opens up so that part seems to be common.

  3. gshaw0 says:

    Most of ours load automatically but had one the other day that’s doing the same thing you’re seeing. Came back a few days later and the client was running so must’ve started by itself as we haven’t advertised it much with our Win10 pilot users so doubt anyone has gone to manually open it via the Start Menu.

    MS really need to offer a different behaviour for enterprise where the auto update process is disabled and goes via WSUS instead as any other update normally would.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: