8,330 questions
Need more info, Local GP or AD GPO?
Do both GP's show being applied via gpresult /R?
Windows 2016 Group Policy (Computer Configuration) with PowerShell
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 31%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
Will
616
Reputation points
When I deployed a Group Policy with PowerShell as shown below. I found out something wrong is when my computer logon to AD Domain, the GPO with PowerShell was applied to my client's computer. When I restarted my client's computer then I login to AD Domain once again, nothing was happened. There is a PowerShell : IF statement inside, it will determine whether or not the specific registry was produced when we setup our OneDrive APP. When user re-login to AD Domain, the action will be carried out. that mean when user login/ logout twice, the PowerShell will do 1 jobs separately. First time, user login to AD Domain, PowerShell will write registry data for configuring the OneDrive specific case. this part works well. Second time, user re-login to AD Domain, PowerShell will change some default settings in Registry (This part failed, because I use the following command: Start-Transcript -Path "$($env:windir)\Temp\PS_odConfiguration_Transcript.txt" -Force) . I am realized the PowerShell should be correct, because I carried out this command in the Windows Server 2016 and it works well. Does anyone know what happened and have any idea on it. Thanks.
First time: It is correct that the following code was carried out
New-ItemProperty -Path $_HKLM -Name SharePointOnPremFrontDoorUrl -Value $_SharePointOnPremFrontDoorUrl -PropertyType String -Force
New-ItemProperty -Path $_HKLM -Name SharePointOnPremPrioritization -Value 1 -PropertyType DWord -Force
New-ItemProperty -Path $_HKLM -Name SharePointOnPremTenantName -Value $_SharePointOnPremTenantName -PropertyType String -Force
New-ItemProperty -Path "HKCU:\Software\Classes\New Key #1" -Name SharePointOnPremTenantName -Value $_SharePointOnPremTenantName -PropertyType String -Force
Second time (When user re-login, the following code should be carried out, but nothing happened)
if((Test-Path $_DefaultOneDriveFromExplorerRegPath -ErrorAction SilentlyContinue) -eq $true)
...
My PowerShell
Start-Transcript -Path "$($env:windir)\Temp\PS_odConfiguration_Transcript.txt" -Force
$_Logfile = "$($env:windir)\Temp\PS_odConfiguration.txt"
$_HKLMRoot = "HKLM:\Software\Policies\Microsoft"
$_HKLM = "HKLM:\Software\Policies\Microsoft\OneDrive"
# $_HKCRPath = "HKCR:\CLSID"
$_HKCU = "HKCU:\HKEY_CURRENT_USER\Software\Classes\CLSID"
$_SharePointOnPremFrontDoorUrl = "https://doclib.test.cmmp.gov.hk";
$_SharePointOnPremTenantName = "Unclassified"
$_OgcioOneDriveFolderName = "Doclib - Unclassified"
$_DefaultOneDriveFromExplorerRegPath = "HKCU:\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
if((Test-Path $_HKLM -ErrorAction SilentlyContinue) -eq $true)
{
if((Get-ItemProperty -LiteralPath $_HKLM -Name SharePointOnPremTenantName).SharePointOnPremTenantName -ne $_SharePointOnPremTenantName)
{
Write-Host ($(Get-Date -Format "o"), " ", (Get-ItemProperty -LiteralPath $_HKLM).SharePointOnPremTenantName)
($(Get-Date -Format "o"), " ", (Get-ItemProperty -LiteralPath $_HKLM).SharePointOnPremTenantName) >> $_Logfile
($(Get-Date -Format "o"), " ", "Get started with SharePointOnPremTenantName") >> $_Logfile
Set-ItemProperty -Path $_HKLM -Name SharePointOnPremTenantName -Value $_SharePointOnPremTenantName -Type String
($(Get-Date -Format "o"), " ", "Get started with SharePointOnPremTenantName # DONE") >> $_Logfile
}
if((Get-ItemProperty -LiteralPath $_HKLM -Name SharePointOnPremFrontDoorUrl).SharePointOnPremFrontDoorUrl -ne $_SharePointOnPremFrontDoorUrl)
{
Write-Host ($(Get-Date -Format "o"), " ", (Get-ItemProperty -LiteralPath $_HKLM).SharePointOnPremFrontDoorUrl)
($(Get-Date -Format "o"), " ", (Get-ItemProperty -LiteralPath $_HKLM).SharePointOnPremFrontDoorUrl) >> $_Logfile
($(Get-Date -Format "o"), " ", "Get started with SharePointOnPremFrontDoorUrl") >> $_Logfile
Set-ItemProperty -Path $_HKLM -Name SharePointOnPremFrontDoorUrl -Value $_SharePointOnPremFrontDoorUrl -Type String
($(Get-Date -Format "o"), " ", "Get started with SharePointOnPremFrontDoorUrl # DONE") >> $_Logfile
}
if((Test-Path $_DefaultOneDriveFromExplorerRegPath -ErrorAction SilentlyContinue) -eq $true)
{
Write-Host ($(Get-Date -Format "o"), " ", $_DefaultOneDriveFromExplorerRegPath)
($(Get-Date -Format "o"), " ", $_DefaultOneDriveFromExplorerRegPath) >> $_Logfile
$_Acl = Get-Acl $_DefaultOneDriveFromExplorerRegPath
($(Get-Date -Format "o"), " ", $_acl) >> $_Logfile
$_Rule = New-Object System.Security.AccessControl.RegistryAccessRule ("litwareinc\Administrator","FullControl","Allow")
($(Get-Date -Format "o"), " ", $_rule) >> $_Logfile
$_Acl.SetAccessRule($rule)
$_Acl |Set-Acl -Path $_DefaultOneDriveFromExplorerRegPath
($(Get-Date -Format "o"), " ", $_DefaultOneDriveFromExplorerRegPath) >> $_Logfile
Set-ItemProperty -LiteralPath $_DefaultOneDriveFromExplorerRegPath -Name System.IsPinnedToNameSpaceTree -Value 0
Get-ChildItem $_HKCU -rec -ea SilentlyContinue | foreach {
$_CurrentKey = (Get-ItemProperty -LiteralPath $_.PsPath)
($(Get-Date -Format "o"), " ", $_CurrentKey) >> $_Logfile
# 04271989-C4D2
if (($CurrentKey.PSChildName -like "*04271989-C4D2*") -eq $true)
{
Write-Host ($(Get-Date -Format "o"), " The Registry of OneDrive was found")
($(Get-Date -Format "o"), " ", $CurrentKey.PSChildName) >> $_Logfile
$_Acl = Get-Acl $CurrentKey.PSPath
($(Get-Date -Format "o"), " ", $_Acl) >> $_Logfile
$_Rule = New-Object System.Security.AccessControl.RegistryAccessRule ("litwareinc\Administrator","FullControl","Allow")
($(Get-Date -Format "o"), " ", $_Rule) >> $_Logfile
$acl.SetAccessRule($rule)
$acl |Set-Acl -Path $CurrentKey.PSPath
# Write-Host ($(Get-Date -Format "o"), " ", $CurrentKey.PSParentPath)
# Write-Host ($(Get-Date -Format "o"), " ", $CurrentKey.PSChildName)
$_regPath = $CurrentKey.PSPath
($(Get-Date -Format "o"), " ", $_regPath) >> $_Logfile
$_Value = Get-ItemProperty -LiteralPath $_regPath
($(Get-Date -Format "o"), " ", $_Value) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $_regPath)
Write-Host ($(Get-Date -Format "o"), " ", $_value."(default)")
try
{
Write-Host $(Get-Date -Format "o")
Write-Host "Get started on updating new registry value $_OgcioOneDriveFolderName"
($(Get-Date -Format "o"), " Get started on updating new registry value $_OgcioOneDriveFolderName") >> $_Logfile
Set-ItemProperty -LiteralPath $_regPath -Name "(Default)" -Value $_OgcioOneDriveFolderName
Write-Host "To UPDATE new registry value $_OgcioOneDriveFolderName # DONE"
($(Get-Date -Format "o"), " To UPDATE new registry value $_OgcioOneDriveFolderName # DONE") >> $_Logfile
break
}
Catch [System.UnauthorizedAccessException]
{
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].Exception)
($(Get-Date -Format "o"), " ", $Error[0].Exception) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].ErrorDetails)
($(Get-Date -Format "o"), " ", $Error[0].ErrorDetails) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].ScriptStackTrace)
($(Get-Date -Format "o"), " ", $Error[0].ScriptStackTrace) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].TargetObject)
($(Get-Date -Format "o"), " ", $Error[0].TargetObject) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].PSMessageDetails)
($(Get-Date -Format "o"), " ", $Error[0].PSMessageDetails) >> $_Logfile
}
Catch [System.IO.DirectoryNotFoundException]
{
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].Exception)
($(Get-Date -Format "o"), " ", $Error[0].Exception) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].ErrorDetails)
($(Get-Date -Format "o"), " ", $Error[0].ErrorDetails) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].ScriptStackTrace)
($(Get-Date -Format "o"), " ", $Error[0].ScriptStackTrace) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].TargetObject)
($(Get-Date -Format "o"), " ", $Error[0].TargetObject) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].PSMessageDetails)
($(Get-Date -Format "o"), " ", $Error[0].PSMessageDetails) >> $_Logfile
}
Catch
{
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].Exception)
($(Get-Date -Format "o"), " ", $Error[0].Exception) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].ErrorDetails)
($(Get-Date -Format "o"), " ", $Error[0].ErrorDetails) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].ScriptStackTrace)
($(Get-Date -Format "o"), " ", $Error[0].ScriptStackTrace) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].TargetObject)
($(Get-Date -Format "o"), " ", $Error[0].TargetObject) >> $_Logfile
Write-Host ($(Get-Date -Format "o"), " ", $Error[0].PSMessageDetails)
($(Get-Date -Format "o"), " ", $Error[0].PSMessageDetails) >> $_Logfile
}
}
}
}
}
else
{
Write-Host ($(Get-Date -Format "o"), " Get started on OneDrive preset")
($(Get-Date -Format "o"), " ", "Get started with OneDrive preset") >> $_Logfile
# Set the location to the registry
Set-Location -Path $_HKLMRoot
($(Get-Date -Format "o"), " ", $_HKLMRoot) >> $_Logfile
# Create a new Key
Get-Item -Path $_HKLMRoot | New-Item -Name OneDrive -Force
# Create new items with values
New-ItemProperty -Path $_HKLM -Name SharePointOnPremFrontDoorUrl -Value $_SharePointOnPremFrontDoorUrl -PropertyType String -Force
New-ItemProperty -Path $_HKLM -Name SharePointOnPremPrioritization -Value 1 -PropertyType DWord -Force
New-ItemProperty -Path $_HKLM -Name SharePointOnPremTenantName -Value $_SharePointOnPremTenantName -PropertyType String -Force
New-ItemProperty -Path "HKCU:\Software\Classes\New Key #1" -Name SharePointOnPremTenantName -Value $_SharePointOnPremTenantName -PropertyType String -Force
# Get out of the Registry
Pop-Location
Write-Host ($(Get-Date -Format "o"), " Get started with OneDrive preset # DONE")
($(Get-Date -Format "o"), " ", "Get started with OneDrive preset # DONE") >> $_Logfile
}
Stop-Transcript
Windows for business Windows Server User experience PowerShell
Windows for business Windows Client for IT Pros User experience Other
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2020-10-01T23:43:32.257+00:00 Hi,
Thanks for posting here!
Would you please tell more about the configuration information for the GPOs?
The GPOs were based on the computer configuration or the user configuration?
What the scripts used to do?
If possible ,please share a screenshot of the gpresult, you can use the command :gpresult /h report.html to get the gpresult.
Best Regards, -
Will 616 Reputation points
2020-10-02T06:33:52.427+00:00 Hi fan fan,
I rephrase the question more detailed once again. Does you have any idea on it?
Thanks
-
Will 616 Reputation points
2020-10-02T06:49:24.023+00:00 Hi Fan Fan,
I also upload gpresult.txt for you to look at. Thanks. the policy is called "Custom Group Policy"
-
Will 616 Reputation points
2020-10-02T13:46:11.82+00:00 Hi Fan Fan,
When we install the OneDrive, the default connection is for M365/ OneDrive. My client is to use SharePoint 2019 On Premise, we need to add the Registry to change the default OneDrive connection behavior towards to On Premise.
the sample script is like the following:New-ItemProperty -Path $_HKLM -Name SharePointOnPremPrioritization -Value 1 -PropertyType DWord -Force New-ItemProperty -Path $_HKLM -Name SharePointOnPremTenantName -Value $_SharePointOnPremTenantName -PropertyType String -Force New-ItemProperty -Path "HKCU:\Software\Classes\New Key #1" -Name SharePointOnPremTenantName -Value $_SharePointOnPremTenantName -PropertyType String -ForceAs for changing OneDrive default folder name is as shown above, start from this line:
if((Test-Path $_DefaultOneDriveFromExplorerRegPath -ErrorAction SilentlyContinue) -eq $true)Thanks
Sign in to comment
1 answer
Sort by: Most helpful
-
Anonymous
2020-10-01T15:52:24.36+00:00 -
Will 616 Reputation points
2020-10-02T06:31:52.38+00:00 Hi Larry,
It's a AD GPO. And I rephrase the question more detailed once again. Sure, I use gpresult command to see whether the GPO was applied. It turns out that it is applied. but the command: it show haven't been performed (Second time).
Thanks
-
Will 616 Reputation points
2020-10-02T06:50:26.447+00:00 Hi Larry,
I uploaded GPRESULT as well. Thanks. My Policy called "Custom Group Policy"
-
Anonymous
2020-10-05T05:58:47.313+00:00 Hi,
Sorry for not familiar with the scripts, and i can't give you advice for that .
For the GPO, based on my understanding , you want the scripts to run when user logon , we need to set the scripts through the logon scripts under user configuration instead of the startup scripts under the computer configuration.
Fan -
Anonymous
2020-10-08T06:52:14.773+00:00 Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards, -
Will 616 Reputation points
2020-10-10T16:47:00.3+00:00 Hi FanFan,
If we set the scripts through the logon scripts under user configuration, cannot work. but anyway, I attempt to figure out what happened. Thanks
-
Anonymous
2020-10-12T00:25:39.457+00:00 Thanks for your updates!
For the logon scripts, if it didn't work ,you can also check the permission the scripts need.
Or a schedule task can be also considered for the users, and you can set the permission when configure the schedule task through GPP.
Best Regards,
Sign in to comment -