Silently configure OneDrive using Windows 10 or domain credentials

Deleted
Not applicable

Hi ,

In reference to :

(Preview) Silently configure OneDrive using Windows 10 or domain credentials  

https://support.office.com/en-us/article/Use-Group-Policy-to-control-OneDrive-sync-client-settings-0...

 

I have a few questions;

 

The article states that "This policy lets you configure the OneDrive sync client silently using the primary Windows account on Windows 10, and domain credentials on Windows 7 and later."

 

What is a primary windows account on windows 10? I have a Win 10 and i sign in using a domain account. 

 

I created the registries for EnableADAL and SilentAccountConfig , restarted the sync client and also the machine.

 

This does not sign me in to my account automatically. Is there something i am missing?

 

I noticed a few things after adding the registries;

 

1.Theres a new file added under C:\Users\username\AppData\Local\Microsoft\OneDrive\settings called PreSignInSettingsConfig.json

 

2..Everytime i launch the onedrive app and the sign in screen appears; it creates a new update file at:

C:\Users\username\AppData\Local\Microsoft\OneDrive\setup\logs and the contents of the file say its trying to refer to the .json file mentioned in 1.

 

I am not sure what i am doing wrong, any help would be appreaciated.

59 Replies

HI Priyanka

 

Did you able to implement this feature? If so please share how did you resolved it?

 

Avian

Also curious how to get this feature to work.

i was hoping to get some response on this..

Still waiting ...

Can OneDrive be a replacement for file server?

Yesterday MS Engineer show me silentconfig feature in their lab test environment on W7/W10. When I test in my environment where I have MFA, it is not working for me. It seems it is not compatible with MFA or there might be some setting to be update on tenant level or in user registry settings

 

Can anyone from MS advise on this?

 

Avian

HI Avian,

 

How is this MFA configured or triggered? do you have a test user you can exclude from the being targetted by MFA and test if the config works with them?

 

I have ADFS set up and i am not sure if thats what is giving a problem to the silent cofig configuration.

By adding the registry key and the group policy settings including Files on Demand I finally have gotten it to auto configure the basic configuration, but now I'm stuck with it asking the user what to sync.  With Files on Demand checked - I don't want anything synced by default.  Anybody have ideas how to get past this step?

Can you please share what changes you made in registry?

Let me try this.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive] "EnableADAL"=dword:1

 

Attached is screenshot of group policy

I might have gotten this figured out.  I configured one more GP policy - "The Maximum size of a user's OneDrive for Business before they will be prompted to choose which folders are downloaded".  My OneDrive size is 3GB - I set it to 5GB just like the example with my tenant #.  Rebooted and OneDrive was ready to go.

https://techcommunity.microsoft.com/t5/OneDrive-Blog/Previews-for-Silent-Sync-Account-Configuration-...

 

Hi Jeremy

 

As you suggested I made the changes in registry and then I rebooted machine. I tested in W7 and w10 machine both. I am using ODB Client version 17.3.7073.1013. Please let me know If I am still missing anything.

 

Please see attached images.

reg0.JPGreg1.JPGreg2.JPG

I spoke too soon.  My second test computer isn't working with these settings either.  I've seen other posts say that after waiting a few days it starts working.  Like MS is rolling features out slowly.  I keep running the scheduled tasks for Onedrive - hoping that will kick something off.  Nothing yet.

 

Second computer has the exact same version of Onedrive that the working one has (17.3.7076.1026), but Settings tab doesn't have the Files On Demand check box.... ?

Hey Guys, I finally got this to work.. A few things to check: 1.The GPO that distributes the registry key for SilentConfig - ENSURE that the this is linked to the OU that has Computer objects in it. 2.EnableADAL registry key - ensure that this key is created under the context of the user that you are trying to configure onedrive with. 3.If 1 and 2 are in place and this still isnt working, go the following key - change it to 0 and test the behavior again: regedit: HKCU\Software\Microsoft\OneDrive\ClientEverSignedIn - change this to 0. The silent config is supposed to run once, and if this is already set to 1 i am assuming it wont run again. Hope this helps. Priyank

Hi Priyank

First I uninstalled the onedrive from my machine. Then set ENABLEADAL and silentconfig and as you suggested I changed HKCU\Software\Microsoft\OneDrive\ClientEverSignedIn  to 0 earlier it was 1.

 

Rebooted machine, but no luck.

 

In your last post you mentioned GPO that distributes the registry key for SilentConfig - ENSURE that the this is linked to the OU that has Computer objects in it.  Can you please explain more about this?

I am attaching screenshot for your reference, let me know If I am still missing anything

reg4.JPGreg1.JPGreg2.JPG

 

Can you share screenshot of onedrieve related registry and GPO settings of your machine?

Avian

Hi Avian,
The settings look good..
When i mentioned the OU,it was for people who are distributing the keys using a GPO..i am assuming you have manually made these keys on the test machine?
When you reboot and launch onedrive,what is the behavior?

Yes, I am setting registry manually.

 

After rebooting, ODB WIzard start, asking to enter credential (UPN).

 

Please advise.

 

Avian

The EnabaleADAL key, are downloading the key from the MS site and importing it or manually creating it?
If you are familiar with the tool fiddler, try this out..
Install fiddler, enable “decrypt https traffic”..
log off from the machine..log back in and run fiddler and start capturing..
Now launch the onedrive app..
Check the traces and see if theres any rewuest being sent out for authentication..

Hi Priyanka

I added EnabaleADAL manually as well as import registry.

 

I am not sure how to do tracing, please advise and let me know what I need to trace.

 

Have you tested using MFA and ADFA, because we are using MFA with ADFS. I am not sure ADFS will support or not for Silent Auto Configuration.

 

Avian

Hi Avian,

 

Yes my environment is setup with ADFS. I do not have any second factor of authentication set up though.Just curios what are you using for MFA?

 

Fiddler captures network traffic, so basically when you launch the onedrive client, with the silent auto config, there should be some https traffic to get the user signed in... Hopefully if it is failing at anypoint, the fiddler traces would give you an idea about it.

 

You can just google for fiddler and download it first.

The link below shows you how to "decrypt https traffic".

 

Once its all set up, launch fiddler start capturing(F12) and then launch the onedrive client and check the traffic.

 

Thanks,

Priyank