다음을 통해 공유

OneDrive – Next Generation Sync Client Deployment guide

  • 아티클

https://msdnshared.blob.core.windows.net/media/2016/05/0640_NinjaAwardTinyGold.pngGold Award Winner

Introduction

Recently Microsoft published an new sync client for OneDrive For Business. Let’s say: OneDrive Next Generation Sync Client : OneDrive NGSC.

In this wiki we will see what the new sync client can bring to your Enterprise deployment and how to take advantage of some options offered. The actual deploy guide is great but a little bit straight and forward to understand all the capabilities and wanted to share a simple step by step to start using (-testing) this client.

If not already made, please take a look to these articles:

OneDrive product is great to use, but when it comes to the corporate world, the limited functionally of the previous sync clients can prevent enterprise-scale deployment. So many questions were not answered before: How to control the OneDrive client? How deploy pre-configured settings to the end-users? How to differentiate "personal" and "professional" accounts? How to control bandwidth when deploying OneDrive to thousands of end-users? How monitor installation?

With the OneDrive NGSC, some of these questions can now be answered. At least partially. The product is still very young, but on the right track. Many features has been introduced with user feedback at https://onedrive.uservoice.com.

Improvements

  • News features : Selective Sync, Add Account, MaxFileSize, ...
  • Both Corporate and Personal account using the same client
  • Allow deploying the client as a standalone product. (as per user basis)
  • Allow pre-configuration of some policy through registry
  • Allow controlling bandwidth consumption?

Differences between groove.exe and onedrive.exe

OneDrive has a big history with naming convention but for this document we will call the old client “Groove.exe” and the new client “OneDrive.exe”

In short:

  • OneDrive for Business Next Generation Sync Client - syncs OneDrive for Business accounts that are part of Office 365. It's built on the sync client used by the OneDrive consumer service.
  • OneDrive for Business sync client (Office or Standalone) - syncs OneDrive for Business on-premises accounts (accounts that aren't part of Office 365), plus SharePoint team sites and libraries.
  • OneDrive - syncs your personal OneDrive consumer service. Essentially the same technology as the new OneDrive for Business sync client.

Basically saying, you will now have the Office OneDrive(groove.exe) and the OneDrive NGSC(onedrive.exe):

  • %LocalAppdata%\Microsoft\OneDrive\OneDrive.exe
  • C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE"

Note: Support for SharePoint Online library is coming (?).

Sync capabilities

groove.exe onedrive.exe
SharePoint Server - Library
 yes no
SharePoint Server - MySite
 yes no
SharePoint Online - Library
 yes (soon?)
SharePoint Online - OneDrive
 yes yes
OneDrive (Outlook.com)
 yes yes
Sync features

- Max file Size
 2GB 10GB
- Selective sync no yes
- Max file limit
 20 000
 30 Mi (150 000 per folder)
- IT Control
 very limited more control

The scenario: Windows 7 Domain joined

For this demonstration we've used this basic environment:

  • Windows 7 - 64Bit computer, Domain joined
  • Office 2013 - Click-to-Run - Last update
  • Office 365 tenant
  • Outlook.com personal account
  • SharePoint Online (-my + libraries)
  • SharePoint Server (on premises)

Note:

  • Windows 10 computers will have the Onedrive.exe client installed by default
  • Office 2016 Click-to-Run will install by side OneDriveSetup.exe : "C:\Program Files (x86)\Microsoft Office\root\Integration\OneDriveSetup.exe"

This scenario will look like this in the Explorer view. Cloudy isn't?


Step 1: Setup environment

In this package you will have:

DefaultToBusinessFRE.reg
 Registry Settings "Business as Default"
EnableAddAccounts.reg Registry Settings "Allow User to Add additional account
OneDrive.adml Policy : Language resource file (en-us)
OneDrive.admx Policy : Language neutral file
OneDrive_MultiTenant.admx Policy : Language neutral file (multi-tenant)

For this example, we will only speak about the OneDrive.admx; not the MultiTenant.admx.

Warning: Only one of these policy definitions should be used. If used together, MMC Group policy will drop an error about declaring the same object twice.

INF : OneDrive Outlook.com

If you go to https://onedrive.live.com/about/en-us/download/ , you will get the new client with the following key set:
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Personal] @="Main"

Adapt Policy settings

OneDriveSetup.exe comes with some administrative settings, more detailed information here.

  • Open and edit the OneDrive.admx and adapt the following lines:

For this scenario, we will use these settings:

DefaultRootDir
 Set the default path to the local OneDrive Folder
DefaultToBusinessFRE Launch the welcome to OneDrive (business)
DisableCustomRoot Block users from changing the path location

**
**Don’t forget to adapt these line of the .admx file:

  • {INSERT YOUR CHOSEN PATH HERE} = "C:\OneDrive_DATA\
  • Child folders(Per Business) will have %Path%\OneDrive - %DisplayName%"\ structure

Note: The Custom Path must exist or need to be created before.

  • {INSERT YOUR TENANT'S GUID HERE} = "12345678-abcd-1234-abcd-123456789abc"

Note: See "Quickly Find the tenant GUID" below.
 

Setup group policy definition:

Group Policy Definition:

  • Copy the Onedrive.adml to C:\Windows\PolicyDefinitions\en-US
  • Copy the OneDrive.admx to C:\Windows\PolicyDefinitions\

Group Policy Settings

  • Create at least one GPO containing one or more settings:

Note: As these settings are User Configuration, let the default “authenticated users” or add some User Security Group in the filtering. These settings will be deployed by registry item and need to be pushed before deploying the OneDrive NGSC client.

Quick Find: Tenant GUID

  • Login into https://portal.office.com/ as an administrative user
  • Show Source Page
  • Search for this string : \ActiveDirectoryExtension\Directory\[TENANT GUID] like : 12345678-abcd-1234-abcd-123456789abc

Step 2: Deploy OneDriveSetup.exe

The installation will proceed into two steps when running OneDriveSetup.exe

  • OneDriveSetup.exe /PerComputer
    • Will be deployed under "C:\Program Files(X86)\Microsoft OneDrive\
    • Need admin rights
  • OneDriveSetup.exe /PerUser
    • Will be run from ProgramData to %LocalAppdata%\Microsoft\OneDrive
    • No admin rights

If you want to install and detect OneDrive.exe with SCCM  See this blog post

For example, simply deploying the client silently (without starting OneDrive)

\\SERVER\SHARE\OneDrive_NGSC\OneDriveSetup.exe /Silent

After the OneDriveSetup has been run with a setup user, you can call the installation for a user without admin rights with :


 

      C:\ProgramData\Microsoft OneDrive\setup\OneDriveSetup.exe /PerUser /ChildProcess
%LocalAppData%\Microsoft\OneDrive\OneDrive.exe

Step 3: Test settings

With the above settings, you should get the following:

  • User cannot add personal account
  • User cannot change default location
  • The first run will go to the “business” login page

If your deployment of Office 365 is setup with Single-Sign-On or if the users credential for login.microsoftonline.com are remembered in credential manager, the end-user will only have to click a button to “sign-in” and start syncing their files.
**
**

Registry item

The previous GPO we made will push some settings:

As you can see, the "Business1" account with "ConfiguredTenandID" map to the \Tenants\GUID Key with our settings set in the ADMX file.
If you use the multi-tenants setup, each "BusinessX" should map to his corresponding \Tenants\GUID.

For example : Business1 to "C:\OneDrive_Data" and Business2 to "%UserProfile%".

First Sync Process

In an empty configuration, the above settings will produce the following screens to the end-users:

  • Welcome Screen (DefaultToBusinessFRE)
  • Choose "logged on account" or "Professional account"
  • OneDrive folder (with DefaultRootDir and DisableCustomRoot)
  • Selective Sync screen

Login "Personal" or "Professional"

  • Here the difference between using the “DefaultToBusinessFRE” Configuration

Without the DefaultToBusinessFRE registry settings, the sign-in page will be the Outlook.com one (left).

Note: the second page (right) will be replaced by the AD FS login page if you’re in a Federated Setup.

Procmon trace:

Informative:

If you observe the OneDrive.exe client with procmon.exe you will see the following key called (in that order):

HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\MainAccount
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\Accounts\Business1\UserFolder
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\Accounts\Business1\NamespaceRootId
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\Accounts\Business1\ConfiguredTenantId
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\Accounts\Business1\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\Accounts\Business1\Business
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\Accounts\Business1\FirstRun
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\Accounts\Personal
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Software\Microsoft\OneDrive\CurrentVersionPath

Step 4: Advanced settings & ClientPolicy.ini

In the %localappdata%\Microsoft\OneDrive you will find for each account you configure two file:

  • Global.ini
  • ClientPolicy.ini

These files are automatically created when the user first link his OneDrive account (personal or corporate)**.

Note:** procmon.exe show OneDrive.exe is looking for a file named SPO.INI, so the SharePoint Libraries support is not that far away!

These files are created after a sync configuration. So we cannot directly push the ClientPolicy.ini at logon. These policies settings should be modify on the fly and the Onedrive.exe client need to be restarted. These files also contains specifics users settings, automatically grabbed on first sync or after each new synchronization made with the same "Business1/Personal" account.

If you look closer to the ClientPolicy.ini you will get more settings. Some of them can be useful in an enterprise deployment.

If these settings can be implemented with Group Policy rather than in a configuration file, this will be easier to manage! Here is hoping Microsoft will bring us some light on how to use it (as they are not new).

ClientPolicy.ini

Closer look at the file located under %LocalAppData%\Microsoft\OneDrive\Settings\ Account

(full file edited)




      [PolicySettings]  
      PolicyDocumentPollIntervalSeconds = 26663  
      BackoffOnErrorsIntervalSeconds = 143  
      PolicyDocumentPrefetchIntervalSeconds = 5063  
      BackgroundPollShortIntervalSeconds = 93  
      BackgroundPollLongIntervalSeconds = 87863  
      UploadBatchMaxFolderCount = 50  
      UploadBatchMaxDocumentCount = 50  
      UploadBlockSizeKB = 8160  
      DownloadBlockSizeKB = 8160  
      MaxFileSizeBytes = 10737418240  
      Tier1MaxFileSizeBytes = 10737418240  
            Tier1FileInclusionList =         |doc|docm|docx|dot|dotm|dotx|odc|odp|ods|odt|pot|potm|potx|pps|ppsm|ppsx|ppt|pptm|pptx|rtf|vdw|vdx|vsd|vsdm|vsdx|vssm|vssx|vst|vstm|vstx|vsw|vsx|vtx|xla|xlam|xlm|xls|xlsb|xlsm|xlsx|xlt|xltm|xltx|xlw|  
      MaxItemsInOneFolder = 150000  
      LowVisibilityFileExclusionList = ~$*|._*|*.laccdb|*.tmp|*.tpm|thumbs.db|EhThumbs.db|Desktop.ini|.DS_Store|Icon  
      |.lock  
      HighVisibilityFileExclusionList = *#*|*%*|*.| *|* |*.files|*_files|*-Dateien|*_fichiers|*_bestanden|*_file|*_archivos|*-filer|*_tiedostot|*_pliki|*_soubory|*_elemei|*_ficheiros|*_arquivos|*_dosyalar|*_datoteke|*_fitxers|*_failid|*_fails|*_bylos|*_fajlovi|*_fitxategiak|*_vti_*|~|~site|~sitecollection|~masterurl|~templatepageurl  
            FilenameExclusionList =        
  
      CoAuthSupportedFileExtensionsList = |doc|docm|docx|odt|odp|pps|ppsm|ppsx|ppt|pptm|pptx|vsd|vsdx|ods|xls|xlsb|xlsm|xlsx|  
      CoAuthMinimumProtocolVersions = unknown|0|0|23|33|Z;winword.exe|16|0|43|44|D;winwordd.exe|16|0|43|44|D;excel.exe|16|0|43|44|D;exceld.exe|16|0|43|44|D;powerpnt.exe|16|0|43|44|D;powerpntd.exe|16|0|43|44|D;visio.exe|16|0|43|44|D;visiod.exe|16|0|43|44|D;excelim.exe|16|0|23|33|U;pptim.exe|16|0|23|33|U;wordim.exe|16|0|23|33|U;  
      CloudSizeLimitForFullSyncInKB = 0  
      IsCloudSizeCheckNeededForFullSync = false  
      PathEncoding = UrlEncode  
      OfficeProgID = Office.LocalSyncClient  
      OfficeRegKey = HKEY_CURRENT_USER\Software\Microsoft\Office\15.0  
      OfficeExcludeList = |  
      MaxClientMBTransferredPerDay = 131072  
      MaxClientRequestsPerDay = 500000  
      NumberOfConcurrentUploads = 1  
      AllowUserOverrideOfConcurrentUploads = false  
      RootFolderName =  
      SkyApiURL =  
      SyncHeartbeatEnabled = true  
      SyncHeartbeatInterval = 60  
      SyncVerificationEnabled = true  
      SyncVerificationInterval = 720  
      SyncProgressInterval = 60    
    NumberOfConcurrentStorageRequests = 6    
    LoggingMaxLogFileSizeMB = 1    
    MaxLogFilesToKeep = 80    
    LogUploadUri = https://storage.live.com/clientlogs    
    MaxLogUploadRetries = 3    
    LoggingMinTimeBetweenLogUploadsInSeconds = 10    
    PathChangeSubscriptionScenarioName = PathChange    
    LogUploadTimeboundDurationDays = 30    
    SelfHealingBackOffPeriodInSeconds = 604800    
    ClientNotificationCoalesceSeconds = 120    
    UploadBatchMaxFileCommitCount = 10    
    DeferredDownloadRetrySeconds = 600    
    LogUploadRetryTimeSeconds = 600    
    IdlePhase1MaxDurationSeconds = 300    
    IdlePhase2MaxDurationSeconds = 3600    
    IdlePhase3MaxDurationSeconds = 4294967295    
    Office15MinVersion = 15.0.0.0    
    Office16MinVersion = 16.0.0.0    
    BlockSharedFolderSync = false    
    HashAlgorithm = XORHash    
    MaxUrlLength = 260    
    AllowWnsSubscriptions = true    
    FullSyncMaxItemCount = 500    
    IncrementalSyncMaxItemCount = 50    
    SyncVerificationMaxItemCount = 503    
    PeriodicRetryIntervalSeconds = 30    
    PeriodicRetryMaxIntervalSeconds = 300    
    MaxInlineUploadSizeKB = 0

Tested successfully: MaxFileSizeBytes; Tier1MaxFileSizeBytes ; MaxClientMBTransferredPerDay ; MaxClientRequestsPerDay

ClientPolicy: Usage and Samples

The clientpolicy.ini file remains untouched for tenant settings. However, some cool features can be used at minor cost. The Onedrive.exe process should be restarted to read the new configuration file.

Restrict file extension

On security purpose or to avoid involuntary data import:

  • Exclude a file extension from syncing:
    • HighVisibilityFileExclusionList = |*.tstfile| *.myapp|


Exclude file name:

  • FilenameExclusionList = |password.txt|*pass.word|...

(The resolution message is not really corresponding.)

Max Transfer per day

We can imagine control basically the total transferred MB per day per client:

  • (Default) : MaxClientMBTransferredPerDay = 131072
  • (Sample) : MaxClientMBTransferredPerDay = 10240

After the limit, user will receive an error message: Please try again tomorrow.

Debugging log tool:

The new OneDrive NGSC client come with a built-in log collector:

  • %LocalAppdata%\Microsoft\OneDrive\version%\CollectOneDriveLogs.bat

Actual Limitations

You should read & follow this before implementing the new client! See this link: https://support.microsoft.com/en-us/kb/3125202

Other Resources: