Forum Discussion
Start OneDrive when using a RemoteApp in WVD
We are in the process of documenting how to auto-start OneDrive in a Remote App scenario.
We will be documenting the following registry entry:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\RailRunonce
I believe this works the same as the regular run keys, except that anything listed under this key will be launched when the remote session starts.
What happens is that in a remote session, Explorer.exe is not used as the Windows shell. rdpshell.exe is run instead. rdpshell.exe does not process Run entries. It does do the RailRunonce key though.
DannyBoy65 thanks for the reply! I must have per machine as im using W10 multi session as a session host. the weird behavior here is that it does work but after couple days it stops. Running in circles here and MS nor O365 supports helps, I have 2 cases opened and they haven't provide the solution nor a clear path to follow...
Hi luzmariae ! I apologize but its been a while since I set this up. I just went through my settings and there are a few things to note:
1) RailRunOnce must be enabled
2) OneDrive Installer must be Machine-Wide
3) I used GPOs to have OneDrive silently sign in users, use files-on-demand, sync specific SharePoint Libraries, and most importantly limit each user to one session. This is very important as OneDrive has no idea how to log itself in if its running on multiple sessions for the same user.
4) If the accounts have 2FA enabled, I had to log in as the user to the FULL Remote Desktop experience, follow the OneDrive 2FA prompts, and then log off. This is a bit of a pain since the 2FA prompts return every 60 days or so. So sometimes, I need to log in as the user to the full remote desktop experience again to re-input the 2FA prompts. If you don't use 2FA (or have your IP configured in the 2FA exceptions) this step isn't necessary.
After all that, I was able to launch a RemoteApp and have OneDrive launch in the background without any issues.
If you need more detail, let me know. Happy to help where I can.
Edit: Updated with more information and clarity.
Sure jrngsg !
Login to portal.azure.com and navigate to "Multifactor Authentication" (you may have to search for it in the Azure search bar). Then under "Configure", click the link for "Additional Cloud-Based MFA Settings". Then you'll see a box labeled "Skip multi-factor authentication requests from the following range of IP address subnets". Add your public IP addresses and subnet mask in CIDR format. Now, if a user authenticates from any of those IP addresses you added, they will not be prompted for 2FA.
Regarding the registry key, I don't think you need it. I might be wrong, but if you're using Office 365, Modern Auth is enabled by default on Outlook (if its updated) and your tenant. See here for more info:
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online
Hope that helps!
mirthrock Thank you so much for reverting back!!!
I had more guidance from you in a single post than having two open cases with OneDrive and WVD...
I don't have 2FA for Onedrive, and the only point i'm not clear (completed as you did) is the point 4:
I used GPOs to have OneDrive silently sign in users, use files-on-demand, sync specific SharePoint Libraries, and most importantly limit each user to one session. Is too much to ask if I can see your GPO configuration for those settings? I will research also from my side but I would like to have your input as well.
Thank you again for your help!!
