Pre-requisite Tasks
Download the Latest Version of
OneDrive from:
Download the Latest OneDrive for
Business ADMX template.
Assumptions
You have a working knowlege and access to Group
Policy Management console, permissions to update ADMX templates and packaging rights within System Center Configuration manager.
The Goal - Deploy OneDrive For Business
In the my environment we currently have the following:
Windows 7 X64 systems which we
are planning to migrate to Windows 10.
System Centre Configuration
Manager 2007R3 which will die along with Windows 7.
This step-by-step walk-through will focus on deploying OneDrive to Windows 7 using this older SCCM version
with a view to migrating user-data into the cloud prior to upgrading users with
Windows 10.
Group Policy Configuration
Step
1. Extract the Onedrive ADMX template downloaded from the
above location.
2. Open OneDrive.admx in notepad and edit it to include your
tenant ID where it says {INSERT YOUR TENANT'S GUID HERE}” please note that you
do not need to keep the curly brackets (or braces if you prefer) there are two
entries to be modified.
3. Edit the section that says {INSERT YOUR CHOSEN PATH HERE}
to choose the default installation directory for OneDrive. In my case I have
chosen the default to be C:\Users\%USERNAME%\AppData\Local\Microsoft\OneDrive.
Above: Highlighted areas have been altered. |
4. Save the ADMX file and then upload both the ADMX and ADML
into your central store \\yourdomain\SYSVOL\yourdomain\Policies\PolicyDefinitions
5. The next step is to customise the (limited) set of GPO
options for your environment. In my environment I only want to deploy OneDrive
to Laptop computers, due to this I’ve created two policies relating to OneDrive
Settings.
The G_U_M_Global_OneDrive_Pilot
– Contains both user and computer settings that can be applied to all users to
have OneDrive installed. This is
currently assigned at the Grants_Zones level and applies to all users and
machines in the lower rationalised group. It is being security filtered to a
security group called “S_Grants_OneDrive”. It contains the following settings:
These settings are applied to the computer object. They prevent using the
“remote file fetch” feature of OneDrive.
“Automatically Launch the Onedrive Client FRE in business mode” – Makes
OneDrive for Business the default logon experience instead of domestic
OneDrive.
“Configure machine to receive updates after consumer Production” – Delays
the updating of OneDrive to the latest consumer version (essentially allows MS
to test the production on consumers first)
“Prevent users from configuring personal accounts” – Stops users from
adding their own personal accounts. Business account only.
6.
That’s all the settings you get on the latest ADMX template.
Additional settings such as bandwidth utilisation and enabling ADAL must be
entered as registry keys. I’m deploying the following Keys via GPO.
Enables Microsoft Azure Active Directory Authentication Library (ADAL) – Modern
authentication
|
Enables Silent Account Configuration.
|
Limits upload bandwidth usage to 50% of available.
|
Other registry settings are available and a complete listing can be found
here:
7. In addition to this, I also created a new environmental
variable called “OneDriveSync” in the same policy, this will allow easier
direction to the OneDrive folder. This is set to only be created if the
OneDrive folder exists and points to %userprofile%\OneDrive – My Organisation Name
8. Next I’ve created a shortcut to the OneDrive Executable on
the user’s desktop, this will be useful either for the user to initiate the
installation of the OneDrive software if the user clicks it, or if it already exists access the
OneDrive Contents. I’ve called the shortcut “My OneDrive” the it points to
%localappdata%\microsoft\OneDrive\OneDrive.exe
9.
Next I’ve set up a scheduled task, This task will launch the
OneDrive executable for the first time. (as by default OneDrive is not normally
launched until the user initiates it) the task will be set to run as
%loggedondomain%\%loggedonuser% and points to the OneDrive Executable at
%localappdata%\Microsoft\Onedrive\Onedrive.exe
10.
The next GPO is called G_U_M_Global_Folder_Redirection_OneDrive_Loopback
– this applies only to laptop Devices, it is set to be first in the processing order
ahead of any existing folder redirection policies. Again, it is security
filtered to the same security group. S_Grants_OneDrive. In my environment
loopback processing is enabled in “merge” mode due to previous folder
redirection policy and location of Users OU.
11.
Under the user settings > Policies> Windows Settings
> Folder Redirection the following
redirects have been put in place to redirect Contacts, Desktop, Documents,
Links, Searches, Music, Start Menu, Videos, Pictures and Saved Games to the
relevant %OneDriveSync% folder and copy
any existing contents to this location.
shows redirection of contacts and documents |
shows redirection of links, music, start menu, videos. |
Shows folder redirection of Pictures, Saved Games and Searches. |
SCCM Package Configuration
12.
Next, the SCCM job for Deployment of the OneDrive for Business software
was created. Using the OneDrive Executable downloaded earlier, this was copied
to my source share.
13.
In addition I have copied a customised deployment
notification script I will call prior to installation, this includes a
countdown. The file can be customised with any message. A copy of the code for
this is available here. (just rename to .hta)
14.
An installation .cmd file was created and contains the
following settings:
This was then saved into the SCCM source location with the OneDrive
executable.
15.
Next an SCCM package was created containing the deployment.
The program triggered is peruser_business_2.cmd – this is the .cmd file we
created previously. This is set to run “hidden” to prevent user interaction.
|
Estimated disk space was set to 300MB, time allowed was 10 minutes to
complete installation (in reality it will be much faster). The program was set
to be allowed to run on any platform.
|
16.
A deployment collection was created , for the moment this is
simply a static collection that we will manually add systems to. In the future
for deployment, the deployment groups will be staged in here. Eventually this
will contain all Windows 7 laptop devices in the estate.
17.
The Advertisement for deployment was created with the
following settings:
The package, program and collection are set to the ones we just created.
|
Advertisement start time is set from creation date, no expiration date. Set
to run “as soon as possible” and “rerun if failed previously” has been
configured.
|
This is the completed configuration required to deploy OneDrive silently without user interaction . Below will attach a run-through of the end-user
experience during deployment. I hope this has been useful to someone. If so, please leave a +1. Many thanks.
No comments:
Post a Comment