Previews for Silent Sync Account Configuration and Bandwidth Throttling for OneDrive

At Ignite, we announced two new features for IT Administrators. The first was Silent Sync Account Configuration for OneDrive which will allow you to silently configure OneDrive using Windows 10 or domain credentials for Windows 7 and Windows 8 on the first run.  The second was the ability to let you set the maximum download throughput rate for computers running the OneDrive sync client. Both of these features are now in preview.


Silent Sync Account Configuration


Important: If you enable this setting, ADAL (Azure Active Directory Authentication Library) must be enabled or the account configuration will fail. Download and open EnableADAL.reg to enable ADAL and restart the sync client.


This policy lets you configure the OneDrive sync client silently using the primary Windows account on Windows 10, and domain credentials on Windows 7 and later.


If you enable this setting, OneDrive.exe will attempt to sign in to the work or school account using these credentials. It will check the available disk space before syncing, and if it is large, OneDrive will prompt the user to choose their folders. The threshold for which the user is prompted can be configured using DiskSpaceCheckThresholdMB. OneDrive will attempt to sign in on every account on the computer and once successful, that account will no longer attempt silent configuration.


If you enable this setting and the user is using the previous OneDrive for Business sync client, the new sync client will attempt to take over syncing. The new sync client will attempt to import the user's sync settings from the previous sync client.


If you disable this setting, OneDrive will not attempt to automatically sign in users.





This policy can be used with DiskSpaceCheckThresholdMB as well as DefaultRootDir.


Please let us know if you have feedback on this feature or encounter any issues. Right-click the OneDrive icon in the notification area and click "Report a problem." Please tag any feedback with "SilentConfig" so that your feedback will be sent directly to engineers working on this feature.


Configure the maximum OneDrive size for downloading all files automatically   


This setting is used in conjunction with SilentAccountConfig. Any user who has a OneDrive that's larger than the specified threshold (in MB) will be prompted to choose the folders they would like to sync before the OneDrive sync client (OneDrive.exe) downloads the files.



Example: "1111-2222-3333-4444" = dword:0005000

(where "1111-2222-3333-4444" is the Tenant ID and 0005000 sets a threshold of 5000MB)


How to set the maximum download throughput that OneDrive.exe uses   

This policy lets you set the maximum download throughput rate in kilobytes (KB)/sec for computers running the OneDrive sync client. The minimum rate is 50 KB/sec and the maximum rate is 100,000 KB/sec. The lower the download throughput rate that you configure, the longer computers running OneDrive.exe will take to download files. 


By default, the download throughput rate is unlimited and can be configured by the user directly in the sync client. If you enable this setting, computers affected by this policy will use the maximum download throughput rate that you specify, and the users will not be able to change the download rate in sync client settings themselves. Note, that OneDrive.exe must be restarted on users’ devices to apply the configuration specified in this setting. If you disable this setting, users can configure the maximum download rate for their computer by opening sync client settings and clicking the Network tab. 


We recommend that you use this setting in cases where Files On-Demand is NOT enabled and where strict traffic restrictions are required, such as when you initially deploy the sync client in your organization or enable syncing of team sites. We don't recommend that you use this setting on an ongoing basis because it will decrease sync client performance and negatively impact the user experience. 


Enabling this policy sets the following registry key value to a number from 50 through 100,000. For example:


[HKCU\SOFTWARE\Policies\Microsoft\OneDrive] "DownloadBandwidthLimit"=dword:00000032


The above registry key sets the download throughput rate limit to 50KB/sec, using the hexadecimal value for 50, which is 00000032.


All the computer configuration policies can be found under Computer Configuration\Policies\Administrative Templates\OneDrive.


Additional Group Policies to control OneDrive Sync can be found here


Questions? Feedback? Feel free to drop in your questions below


Senior Member

Are there CSPs for OneDrive for these settings?  Custom ADMX backed CSPs aren't possible since these settings are in a restricted part of the registry.  We'll be migrating all of our users to AAD only joined W10 PCs starting next month and want to use these settings.

Frequent Visitor

We’re getting more and more «cloud only» customers. I really hope there’s a CSP coming really soon so we can push this out with Intune...




No CSP's yet as we are still in preview. I will bring it back to the engineering team for awareness. I encourage you to add it to onedrive.uservoice.com so it can get upvoted as well for awareness.

Occasional Visitor

Thank you for your reply Stephen,


I've submitted this to uservoice now: https://onedrive.uservoice.com/forums/262982-onedrive/suggestions/32026432-onedrive-csp-for-mdm-mana...

Occasional Contributor

I have added it to the uservoice but something which is painful is when users are changing computers, all the sharepoint libraries are to be synced "manually"again (You have to go in the browser in each libraires you were syncing before and click on Sync...) https://onedrive.uservoice.com/forums/262982-onedrive/suggestions/32029009-changing-computer

Super Contributor

Is there anything else that needs to happen before auto login works? Can I just take an imaged machine, run the ADAL reg update on it, and restart the client, long as it's joined to my domain and they have an account it will try to login? I just tried and it never did try to login, think I might be missing a step? 

Frequent Visitor



This policy lets you configure the OneDrive sync client silently using the primary Windows account on Windows 10, and domain credentials on Windows 7 and later.



With Windows 10, what exactly is the "primary Windows account"? If the machine is Active Directory domain joined, is this the logged on user?


Occasional Contributor

Has anybody gotten /silentConfig working?


I think I have everything in place - ADAL, SilentAccountConfig, DiskSpaceCheckThresholdMB, client (.7076.), and I'm still getting prompted for sign-in and folders.

Frequent Visitor

James - no its not working for me. I've tried on Win7 and Win10 but no luck. 

Super Contributor

No luck with my few tries of getting it to work. Not sure what we could be missing

Occasional Contributor

Not working for me either.  MS Ignite demos made it look super easy.  Guess it was just smoke and mirrors.

Super Contributor

Something tells me the version of client we have doesn't have the bits in it for this to work right, probably need a later version. 

Occasional Visitor

I have the SilentConfig working fine. However, the DiskSpaceCheckThresholdMB isn't working... Everytime it syncs on that first run it prompts me to choose which folders I want to sync... I have the GPO fully configured.

Occasional Visitor
Not working for me. I'm using Windows 10 1709 (Education), OneDrive v17.3.7076.1026. All required Reg / GPO's are in place. We sync via AADSync if that matters.
Occasional Visitor

So I figured this one out and it's not good for my environment. 


Windows 7- worked no problem on my test Win7 Vm's, it used the Domain Creds to log in. 

Windows10- It does not work with the Domain Creds. It uses the Windows WORK account which will not work for me since our computers are joined to Active Directory and if we have to tell every user to add a WORK ACCOUNT to their profile it completely defeats the "SilentConfig".


Onedrive Team, Can you guys please make it that it looks at Domain Credentials in Windows10 too?