Configure OneDrive as Folder Redirection
As you already understood from the subject, I’m going to show you how to configure OneDriver service as folder redirection.
Before we initiate our task, make sure your machines are up to date and verify there is no an old GPO or any anti-virus software that can block us from continuing.
1TB is quite a big usage which not really uses by users, we can consider redirecting users data to OneDrive, I know that there are many organizations that already have implemented this and haven’t complaint about some issues besides Microsoft common restrictions, some people likes to define this method as “Backup” what I can’t confirm that because it is not backup… from my point of view putting users data on ONEDIRVE absolutely reducing file server space, along with that, we can agree unanimously that ONEDRIVE is available from anywhere, which is amazing, but user’s data is exposure likewise, and the most upsets thing is that we don’t have full control on ONEDRIVE management besides GPO settings that we can apply. But yes, I would take this for long POC, at least 10-20 users, for a month and then gather an information from them and decided with my IT colleagues what are the consequences of this project, let carry on.
For Restrictions and limitations when you sync files and folders:
- Don’t re-sync PST or any Outlook files, there is official limitation with redirection these type of files
- If you need to move a data manually to one drive for making a tidy you can use in Robocoby tool which comes also with GUI edition.
- Don’t change the default location of sync location.
- Download Office ADMX:
- Some GPO settings you can apply to ONE DRIVE through deploying Register Key:
First, we have to prevent users from changing the location of their OneDrive:
- under User Configuration\Policies\Administrative Templates\OneDrive, double-click Prevent users from changing the location of their OneDrive folder.
- Select the Enabled option, and then click OK.
We have to create a new environment variable which will contain the location:
Open you GPO and Create the following Group Policy Object: User Configuration\Preferences\Windows Settings\Environment
Create a new Environment, name OneDrive,
Set value: %userprofile%\<Default folder,>.
Go to common tab then tick Item-level targeting check box, and then click Targeting.
Match type: “Folder exists”
Path: %userprofile%\<Default folder,>.
The second step is to apply Folder Redirection GPO:
I guess that you already know where folder redirection GPO setting is:
Who does not know:
User Configuration\Policies\Windows Settings\Folder Redirection
Then, go to settings tab and untick the Move the “contents of Documents to the new location option”
How to Deal with Ransomware?
Microsoft says that the traffic to OneDrive is encrypted, Microsoft uses in multiple encryptions, methods to enhance secure data to Microsoft Cloud, such as IPSEC, TLS, SSL, As-256, BitLocker and more. However, I have seen some people who complained about that ransom reach to Onedrive as well:
The recovery way is pretty easier, directly from OneDrive, click on you click and then select “Version History”, then Restore
A good Powershell script for OneDrive:
This logonscript for your clients or RDS/Citrix servers persistently maps a OneDrive for Business or Sharepoint Online library to a driveletter. It’s written in Powershell and automatically maps your account if you have ADFS, or will prompt for credentials if you do not have ADFS.