Hello everyone,
I encountered an issue with the Silently Sign Users in with Windows Creds. It will work the first time logging into OneDrive on the machine, however, if I were to unlink the account or sign out, the GPO will not run again. I will log out and restart the computer, and the GPO will still not run again.
I found that after this GPO runs, it creates a registry key called "SilentAccountConfig" at the location HKLM\SOFTWARE\Policies\Microsoft\OneDrive. This registry key is set to 1 meaning that it has been completed. I have tried to set the key to 0 and tried deleting it to see if the GPO would run again. It unfortunately does not.
Silently configure user accounts
I have followed these steps:
- Verify SilentAccountConfig
- Unlink all pre-existing Business instances in OneDrive.
- Clear the registry of any previous successful Silent Business Config runs:
reg delete HKCU\Software\Microsoft\OneDrive /v SilentBusinessConfigCompleted /f
reg delete HKCU\Software\Microsoft\OneDrive /v ClientEverSignedIn /f
reg delete HKCU\Software\Microsoft\OneDrive /v PersonalUnlinkedTimeStamp /f
reg delete HKCU\Software\Microsoft\OneDrive /v OneAuthUnrecoverableTimestamp /f
- Set the Silent Config policy registry entry (must be run from an administrator CMD window):
reg add HKLM\SOFTWARE\Policies\Microsoft\OneDrive /v SilentAccountConfig /t REG_DWORD /d 0x1 /f - Sign out of Windows (Ctrl+Alt+Delete Sign out).
- Sign in to Windows.
- I have ensured that Verify Single Sign On (SSO) is configured.
- Remove any OneAuth failure timestamps
reg query HKCU\Software\Microsoft\OneDrive /v OneAuthUnrecoverableTimestamp
reg delete HKCU\Software\Microsoft\OneDrive /v OneAuthUnrecoverableTimestamp /f
None of which seems to work for me.
My question is: how do I allow silently sign into OneDrive GPO to apply every time a user signs into their account. If it does mean I have to run a script to remove/add registry keys to make it work, what would it look like? Any advice would be helpful
