Created
July 28, 2024 11:06
-
-
Save Joaquim3/94c88230d3066aba12c012615c206bc4 to your computer and use it in GitHub Desktop.
POWERSHELL ⇢ Force accounts to be linked to Onedrive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #------------------------------------------------------------------------------ | |
| # Purpose : By using this script, you avoid having to use the forms from GPEDIT.MSC manually | |
| # Usage : This forces windows users to autoconnect to Onedrive and be linked. | |
| # | |
| # Required : OneDrive must be installed before using this. | |
| # : An ENTRA-INTUNE administrator Account Office 365 (professional / school) must first be SET on Windows, before using this. | |
| # | |
| # Run as administrator | |
| # info : Users are still able to disable synchronization of some folders. | |
| # source : https://admx.help/?Category=Windows_10_2016&Language=en-us | |
| #------------------------------------------------------------------------------ | |
| cls | |
| # For Powershell : just clic YES to ALL when prompted. | |
| #-------------------------------------------------------------------- | |
| # Disallow script restrictions policies | |
| #-------------------------------------------------------------------- | |
| #Set-Executionpolicy RemoteSigned | |
| #Set-ExecutionPolicy -Scope "CurrentUser" -ExecutionPolicy "Unrestricted" | |
| #-------------------------------------------------------------------- | |
| # Just create OneDrive key if not exists | |
| #-------------------------------------------------------------------- | |
| if (Get-Item 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -ea 0) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive EXISTS" | |
| } else { | |
| New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft' -Name "OneDrive" -ItemType "key" | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive CREATED" | |
| } | |
| #--------------------------------------------------------------------- | |
| # Use OneDrive Files On-Demand | |
| # FilesOnDemandEnabled : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'FilesOnDemandEnabled' -ea 0).FilesOnDemandEnabled) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-FilesOnDemandEnabled EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'FilesOnDemandEnabled' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-FilesOnDemandEnabled CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Silently move Windows known folders to OneDrive | |
| # KFMSilentOptIn : must be set to your TENANT ID from Entra | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptIn' -ea 0).KFMSilentOptIn) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptIn EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptIn' -Type "String" -Value '4c1220d3-d4b8-4d93-9d0f-a363394b6cc0' | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptIn CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Silently sign in users to the OneDrive sync app with their Windows credentials | |
| # SilentAccountConfig : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'SilentAccountConfig' -ea 0).SilentAccountConfig) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-SilentAccountConfig EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'SilentAccountConfig' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-SilentAccountConfig CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Silently move Windows known folders to OneDrive | |
| # KFMSilentOptInDesktop : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptInDesktop' -ea 0).KFMSilentOptInDesktop) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptInDesktop EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptInDesktop' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptInDesktop CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Silently move Windows known folders to OneDrive | |
| # KFMSilentOptInDocuments : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptInDocuments' -ea 0).KFMSilentOptInDocuments) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptInDocuments EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptInDocuments' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptInDocuments CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Silently move Windows known folders to OneDrive | |
| # KFMSilentOptInPictures : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptInPictures' -ea 0).KFMSilentOptInPictures) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptInPictures EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMSilentOptInPictures' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMSilentOptInPictures CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Prevent users from redirecting their Windows known folders to their PC | |
| # KFMBlockOptOut : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMBlockOptOut' -ea 0).KFMBlockOptOut) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMBlockOptOut EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\OneDrive' -Name 'KFMBlockOptOut' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\OneDrive\-KFMBlockOptOut CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Silently sign in users to the OneDrive sync app with their Windows credentials | |
| # EnableADAL : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKCU:\SOFTWARE\Microsoft\OneDrive' -Name 'EnableADAL' -ea 0).EnableADAL) { | |
| Write-Output "Key : HKCU:\SOFTWARE\Microsoft\OneDrive\-EnableADAL EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\OneDrive' -Name 'EnableADAL' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKCU:\SOFTWARE\Microsoft\OneDrive\-EnableADAL CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Create Onedrive key if not exists | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'OneDrive' -ea 0).OneDrive) { | |
| Write-Output "Key : HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\-OneDrive EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'OneDrive' -Type "String" -Value '\"C:\\Program Files\\Microsoft OneDrive\\OneDrive.exe\" /background' | |
| Write-Output "Key : HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\-OneDrive CREATED" | |
| } | |
| #-------------------------------------------------------------------- | |
| # Save documents to OneDrive by default | |
| # DisableLibrariesDefaultSaveToSkyDrive : must be set to '0' | |
| #-------------------------------------------------------------------- | |
| if (Get-Item 'HKLM:\Software\Policies\Microsoft\Windows\Skydrive' -ea 0) { | |
| Write-Output "Key : HKLM:\SOFTWARE\Policies\Microsoft\Skydrive EXISTS" | |
| } else { | |
| New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows' -Name "Skydrive" -ItemType "key" | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Skydrive CREATED" | |
| } | |
| if ((Get-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\Skydrive' -Name 'DisableLibrariesDefaultSaveToSkyDrive' -ea 0).DisableLibrariesDefaultSaveToSkyDrive) { | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Skydrive\-DisableLibrariesDefaultSaveToSkyDrive EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Skydrive' -Name 'DisableLibrariesDefaultSaveToSkyDrive' -Type "DWord" -Value '00000000' | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Skydrive\-DisableLibrariesDefaultSaveToSkyDrive CREATED" | |
| } | |
| #--------------------------------------------------------------------- | |
| # Always use classic logon | |
| # LogonType : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'LogonType' -ea 0).LogonType) { | |
| Write-Output "Key : HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\-LogonType EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'LogonType' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\-LogonType CREATED" | |
| } | |
| #--------------------------------------------------------------------- | |
| # Enumerate local users on domain-joined computers | |
| # EnumerateLocalUsers : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if ((Get-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\System' -Name 'EnumerateLocalUsers' -ea 0).EnumerateLocalUsers) { | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\System\-EnumerateLocalUsers EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\System' -Name 'EnumerateLocalUsers' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\System\-EnumerateLocalUsers CREATED" | |
| } | |
| #--------------------------------------------------------------------- | |
| # Always install with elevated privileges | |
| # AlwaysInstallElevated : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if (Get-Item 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -ea 0) { | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Installer EXISTS" | |
| } else { | |
| New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows' -Name "Installer" -ItemType "key" | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Installer CREATED" | |
| } | |
| if ((Get-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -Name 'AlwaysInstallElevated' -ea 0).AlwaysInstallElevated) { | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Installer\-AlwaysInstallElevated EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -Name 'AlwaysInstallElevated' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Installer\-AlwaysInstallElevated CREATED" | |
| } | |
| #--------------------------------------------------------------------- | |
| # Prevent users from uninstalling applications from Start | |
| # NoUninstallFromStart : must be set to '1' | |
| #-------------------------------------------------------------------- | |
| if (Get-Item 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' -ea 0) { | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Explorer EXISTS" | |
| } else { | |
| New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows' -Name "Explorer" -ItemType "key" | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Explorer CREATED" | |
| } | |
| if ((Get-ItemProperty 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' -Name 'NoUninstallFromStart' -ea 0).NoUninstallFromStart) { | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Explorer\-NoUninstallFromStart EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' -Name 'NoUninstallFromStart' -Type "DWord" -Value '00000001' | |
| Write-Output "Key : HKLM:\Software\Policies\Microsoft\Windows\Explorer\-NoUninstallFromStart CREATED" | |
| } | |
| #--------------------------------------------------------------------- | |
| # Prevent access to registry editing tools | |
| # DisableRegistryTools : must be set to '2' | |
| #-------------------------------------------------------------------- | |
| if (Get-Item 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -ea 0) { | |
| Write-Output "Key : HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System EXISTS" | |
| } else { | |
| New-Item -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies' -Name "System" -ItemType "key" | |
| Write-Output "Key : HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System CREATED" | |
| } | |
| if ((Get-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'DisableRegistryTools' -ea 0).DisableRegistryTools) { | |
| Write-Output "Key : HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System\-DisableRegistryTools EXISTS" | |
| } else { | |
| Set-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'DisableRegistryTools' -Type "DWord" -Value '00000002' | |
| Write-Output "Key : HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System\-DisableRegistryTools CREATED" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment