In this tutorial you will learn how to manage OneDrive with group policy (GPO). The OneDrive Group Policy objects work by setting registry keys on the computers in your domain. When you enable or disable a setting, the corresponding registry key is updated on computers in your domain.
I will guide you through obtaining the required GPO policies and importing them to Group Policy Management. Afterwards we will go through a simple deployment of OneDrive policies using Group Policy.
- Install OneDrive Policies
- Explain OneDrive Policies
- Deploy OneDrive Policies
Task 1: Install OneDrive Policies
- You can download the OneDrive GPO Templates From Here.
- Locate these two files.
If you just want to review OneDrive policies in Group Policy Management, you can put these files your local store:
- Copy ONEDRIVE.ADML to C:\Windows\PolicyDefinitions\en-US
- Copy ONEDRIVE.ADMX to C:\Windows\PolicyDefinitions\
To use the OneDrive polices on your corporate network, you can put these files in the Active Directory Central Store:
- Copy ONEDRIVE.ADML to \\<your domain>\sysvol\<your domain>\Policies\PolicyDefinitions\en-US
- Copy ONEDRIVE.ADMX to \\<your domain>\sysvol\<your domain>\Policies\PolicyDefinitions\
Task 2: Explain OneDrive Policies
OneDrive Administrative Templates are responsible to for management of registry-based policies that allows you to configure many settings on Windows machine. With the availability of these Administrative Templates in Group Policy Management for Windows 10 and Windows 11 it is helping Administrators to easily manage applications on Windows 10 and Windows 11 or later devices using device configuration profiles. These templates are applied through Computer Configuration Administrative Templates.
There are a variety of Computer Configuration Policies that can be applied to make your life and users lives easier.
Task 3: Deploy OneDrive Policies
We finally made it to the task where we can use Group Policy Administrative Template for OneDrive to apply settings that will be pushed to the domain joined devices. What we will configure are the policies below.
- Silently Sign in users to the OneDrive Sync client.
- Silently move Windows known folder to OneDrive.
- Prevent users from moving known folders.
- Set File on-Demand states.
1. Open Group Policy Management
2. Locate Group Policy Objects, right click it and select New from the menu.
3. Enter the name OneDriveManagement and click ok.
4. Locate the newly created policy OneDriveManagement, right click it and select Edit from the menu.
5. Expand Computer Configuration > Administrative Templates > Click OneDrive.
6. Locate Silently sign in users to the OneDrive Snyc. Edit the Policy and mark it as Enabled.
7. Locate Silently move Windows known folders to OneDrive. Edit the Policy and mark it as Enabled.
8. Locate Prevent users from moving their Windows known folders to OneDrive. Edit the Policy and mark it as Enabled.
9. Locate Silently move Windows known folders to OneDrive. Edit the Policy and mark it as Enabled.
10. Locate Use OneDrive Files On-Demand. Edit the Policy and mark it as Enabled.
11. Place your OneDriveManagement policy into the OU where your user workstations are located.
12. Push group policy update to all computers, at the next reboot/startup OneDrive Policies will be applied.