Archiv

Archive for the ‘Group Policy’ Category

OneDrive | Update: Exclude specific kinds of files from being uploaded

23. November 2020 1 Kommentar

new  Group Policy: Exclude specific kinds of files from being uploaded

[Supplement 23.11.2020]
This is a post to a blog post from 11/16/20. Please read here first

Documentation

The Microsoft documentation on Group Policy "Exclude certain file types from uploading" is partly incorrect and incomplete.

Incorrect:

The registry key is incorrect

Missing information:

currently no Office formats are supported. I have only tested this with docx, xlsx and pptx.  Microsoft has informed me that the documentation will be adapted.

In the wildcard description only the asterisk [*] is described. But also the question mark [?] works.

Examples:

In the group policy are stored: Files Synchronization
Try.* Tryt Blocked
  Try.mdb Blocked
  Try.docx Synchronized
  Try.xlsx Synchronized
*Exclude*.txt A Exclude Textfile.txt Blocked
  A Exclude Textfile.mdb Synchronized
  A Exclude Textfile.docx Synchronized
TestEx??*.txt TestEx12.txt Blocked
  TestEx13.txt Blocked
  TestEx4.txt Blocked
  TextEx56 Try.pptx Synchronized

Where does this Group Policy work?

This is a computer group policy. Currently, this Group Policy applies to all synchronized areas:

  • OneDrive Personal
  • OneDrive for Business
  • SharePoint document libraries
  • Local synchronization of files "shared with me”
  • Synchronization of "Add to OneDrive" files

Existing files will still be synchronized. Only new files are scanned.

Workaround:

The user can switch to the browser and upload the file manually. Afterwards, this file will also be synchronized. So it is clear that this Group Policy cannot be used as a security feature!

Exclusion:

an exclusion on folder level is not possible.

View

The user does not (yet) get a display which names and wildcards have been created. He has no possibility to read out these parameters.

OneDrive | Exclude specific kinds of files from being uploaded

18. November 2020 3 Kommentare

new GPO: Exclude specific kinds of files from being uploaded

[Update 11/23/2020]

The post has become bigger, so I wrote a separate blog post about it. So first read here, then switch to the new blog post

 

Exclude specific kinds of files from being uploaded is the name of a new Group Policy for the OneDrive Syn Client.

Requirement: You have installed the Insider version 20.201.1005.0006
According to the announcement the functionality will be rolled out in the first weeks of December 2020.

Don’t worry, at the moment Group Policy is not working yet. I’m in contact with the OneDrive product group of Microsoft in Redmond, USA to find out why the functionality is not yet available. I will keep you up to date (best is to subscribe to this blog- right sidebar email subscription)

First of all. With every OneDrive update, not only will you get a new version of the sync engine, but you’ll also get the latest version of the Group Polices in 16 languages.  The version 20.201.1005.0006 contains the admx and adml files, and these are almost all Group Policies that can be used for OneDrive. (Storage Sense can be found in the Windows system)

The above group policy allows at machine level to exclude files from uploading by specifying their name. The administrator can also use wildcards.

Example:

Configuration Exclusion of
Verkauf.docx all files with the name Verkauf.docx
*Verkauf*.docx docx files, in which the name Verkauf occurs
*.pst All pst files

But there are a few little things to consider:

  • The OneDrive Sync Client 20.201.1005.0006 or higher is required
  • It is a computer policy, affects all files that are synchronized.
  • Files already synchronized are not touched
  • If a file should be uploaded nevertheless, this is possible in the web browser.

Here are some pictures to test the functionality on individual devices:

Group Policy Editor: OneDrive Computer Policy

As we can see, this is a computer policy.

selected Group Policy: Exclude specific kinds of files from being uploaded

this is now the opened policy. An error has crept in on the tab under the options. I have already informed Microsoft about it.

Keywords to hide If you click on Show keywords, they will be displayed.
Display in OneDrive Display in OneDrive
new icon in Windows Explorer and in Windows Explorer a new icon

Display in Windows Explorer

and this is what it looks like in the Explorer.

Display in Windows Explorer

Summary:

  • Not clarified are other placeholders in Group Policy, such as "Test??.docx".
  • What is not clarified is that the policy also affects other additional tenants.
  • The user does not know which files / placeholders have been entered.
  • Not a bad idea, but bypassing it via web browser is too cumbersome

Virtual M365 Saturday Ottawa

4. September 2020 2 Kommentare

01 M365 Ottawa

42 days left. The the organizers will start the Virtula M365 Saturday Ottawa.

I will speak about Group Policies in OneDrive. This is an Oline Event and here you will see the differnet Sessions and Speakers.

So please Register here… and we will see us there. Virtual

OneDrive – new Version 20.154.0802.0003 | Group Policy

2. September 2020 Hinterlasse einen Kommentar

new OneDrive Insiders Version 20.154.0802.0003

With the Update came during the week. Not on the weekend. On 8/26/2020 I installed version 20.154.0802.0003. An insiders version. And I was curious. Because with the installation also a ghost or duplicate, which had been there for some time, disappeared. Microsoft told me that you did not know where this duplicate came from. But that it would be gone with version 20.154.xxxx.xxxx. What am I talking about?

OneDrive: double Entries in Windows Explorer

I have two identical entries, but only one common memory location. But in the meantime I found out what causes such a behaviour. For a Remote OneDrive Workshop I rolled out a group policy on this machine.

It is the group policy Configure team site libraries to sync automatically

This Group Policy automatically adds a selected library on the device.

Co,me back later, (This group policy takes some time to run) opne the Windows Explorer, the selected SharePoint Online Library was entered, the content synchronized, but also the second icon was there.

Microsoft was informed about the behavior. If someone notices the same behavior, then notice this blog post, I will post the update here.

 

[Update 09/09/2020]

all-clear

Today I received the new Insiders version 20.169.0823.0003. And as if by magic the shadow entry is gone.

ESPC20 – Learn from Home

31. August 2020 2 Kommentare

The countdown is on to ESPC20 Online – only a few weeks to go!

ESPC20 Online is a new virtual conference offering you affordable, world-class Microsoft 365 learning at your fingertips, from wherever you are in the world. Tune in live Oct 14th & 15th or catch up on-demand across 100+ sessions from SharePoint, Office 365 & Azure experts.

Join me for my ESPC20 Online session:

OneDrive Group Policies – User Adoption from Admins Perspective

ESPC20 - OneDrive Group Policies - User Adoption from Admins Perspective

More and more Group Policies for OneDrive and for your Windows 10 were established to give administrators control over the devices, storage and behaviour. This session describes the user behaviour to sync many files from different libraries for collaboration, not only from their own tenant, but also from other tenants through B2B sync, but give the administrators full control via Group Policies. This session also shows, how administrators are helping user adoption, to establish automatically connection, help the users with OneDrive issues, before the users know them. One more step for Users adoption for OneDrive and collaboration. And it ends with the TOP 10 of Group Policies for OneDrive and Windows 10 devices.

 

Benefits of Attending this Session:

  1. User adoption from an admins perspective
  2. Administrators approach users
  3. Fewer collaboration issues for a user through group policies

 

ESPC is always top quality and I am truly looking forward to this year’s virtual conference. Check out some of ESPC’s reasons why you don’t want to miss this event.

Reasons to Attend ESPC20 Online

Refresh – With so much change, keep up with the product developments and practices that matter most.

Revitalise – Find new and better ways of working, to bring new energy and effectiveness to your work.

Investment – Invest in your team, yourself and your career by learning new skills or mastering current ones.

Access – With no travel, watch live or on-demand at a time that suits you from the comfort of your workspace.

Experts – Hear from the best of the best – Microsoft Product Team members, RDs, MVPs, MCMs and independent experts.

Depth – With levels catering from Level 100-400 there is something for everyone.

Network – Build your professional network online, with like-minded people from across the globe.

Vendors – Find the best solutions from the best local, European and Global providers.

Independence – Information and advice you can trust, learn what’s trendy and what works.

Breadth – Attend a variety of session types across the biggest SharePoint, Office 365 and Azure topics.

Affordability – Enjoy the quality of ESPC with incredibly affordable prices and options.

I hope to see you at ESPC20 Online! You can book your place here

M365 Saturday Gurgaon 2020

27. Juli 2020 2 Kommentare

01 M365 Gurgaon

Where is Gurgaon? Ohh, it’s in India. 30 km south of Dehli.
And I will be there. In person? Unfortunatelly not.

Mr.OneDrive will be virtually there. With a session, I have presented initially during Microsoft Ignite 2019 in Orlando.

OneDrive Drive Group Policies – Not only for the enterprise

You may register here for the Saturday, August 29th , 2020

[update]

The Event is postponed to Saturday, September 19th, 2020

OneDrive | Group Policy Change : Allow syncing OneDrive accounts


GPO change: Allow syncing OneDrive accounts for only specific organizations

Microsoft announced. that the behavior for the Group Policy Allow syncing OneDrive accounts for only specific organizations will be changed.

Currently, if you have enabled the setting but have not specified a Tenant ID, the setting will block all organizations.

With this change, having the setting enabled without a Tenant ID being specified will have the same effect as if the feature were disabled.

You do not need to do anything unless you were intentionally relying on the behavior of enabling this setting with no Tenant ID in order to prevent OneDrive from syncing with any organization. In that case, you should mark the setting as Disabled rather than Enabled with a blank Tenant ID.

These changes start beeing roll out mid-May 2020 and will be completed in early June

Resource

Microsoft 365 admin Center : MC211659

OneDrive | jetzt korrekte Dokumentation bei Gruppenrichtlinien

23. Oktober 2019 12 Kommentare

OneDrive Gruppenrichtlinien: Jetzt korrekte Übersetzung für lokalisierte Versionen

Manchmal dauert es etwas länger, aber irgendwann ist es dann soweit. Die deutsche Dokumentation bei den Gruppenrichtlinien zu OneDrive ist jetzt endlich korrekt.

Hier waren ursprünglich zwei Überstzungsteams von Microsoft beteiligt.

  1. Das GPO Team hat eine eigene Übersetzung der Gruppenrichtlinien vorgenommen.
  2. Das Dokumentations-Team hat die US  Namen selbst übersetzt.

Das führte dazu, dass Administratoren, die mit der deutschen, lokaliserten Version arbeiten wollen, keine Übereinstimmung vorgefunden haben. Jetzt hat sich das, nicht nur in der deutschen, sondern in allen lokaliserten Sprachversionen erledigt. Vielen Dank Microsoft.

 

Hier die Auflistung aller OneDrive Gruppenrichtlinien (23.10.19)

Synchronisierung von OneDrive-Konten nur für bestimmte Organisationen zulassen

Benutzer dürfen auswählen, wie Synchronisierungskonflikte bei Office-Dateien behandelt werden

Synchronisierung von OneDrive-Konten nur für bestimmte Organisationen sperren

Gemeinsame Dokumenterstellung und Teilen in Office-Desktop-Apps

Teamwebsitebibliotheken für die automatische Synchronisierung konfigurieren

Synchronisierung in getakteten Netzwerk fortsetzen

Synchronisierung fortsetzen, wenn Geräte den Stromsparmodus aktiviert haben

Synchronisierte Teamwebsitedateien in reine Onlinedateien konvertieren

Das Lernprogramm deaktivieren, das am Ende der OneDrive-Einrichtung angezeigt wird

Downloadgeschwindigkeit des Synchronisierungsclients auf eine feste Rate begrenzen

Uploadrate des Synchronisierungsclients auf einen Prozentsatz des Durchsatzes begrenzen

Uploadgeschwindigkeit des Synchronisierungsclients auf eine feste Rate begrenzen

Den Synchronisierungsclient am Generieren von Netzwerkdatenverkehr hindern, bis sich Benutzer anmelden

Benutzer am Ändern des Speicherorts ihres OneDrive-Ordners hindern

Benutzer am Remoteabrufen von Dateien hindern

Benutzer am Verschieben ihrer bekannten Windows-Ordner auf OneDrive hindern

Benutzer am Umleiten ihrer bekannten Windows-Ordner auf ihren PC hindern

Benutzer am Synchronisieren von Bibliotheken und Ordnern hindern, die aus anderen Organisationen geteilt wurden

Benutzer an der Synchronisierung persönlicher OneDrive-Konten hindern

Benutzer zum Verschieben bekannter Windows-Ordner auf OneDrive auffordern

Empfangen von Updates des OneDrive-Synchronisierungsclients auf dem Enterprise-Ring

Benutzer müssen umfangreiche Löschvorgänge bestätigen

Standardspeicherort des OneDrive-Ordners festlegen

Maximale Größe des OneDrive eines Benutzers festlegen, die automatisch heruntergeladen werden kann

Updatering für Synchronisierungsclient festlegen

Bekannte Windows-Ordner automatisch auf OneDrive verschieben

Benutzer automatisch mit ihren Windows-Anmeldeinformationen beim OneDrive-Synchronisierungsclient anmelden

OneDrive-Dateien bei Bedarf verwenden

Bug: Configure Team site libraries to sync automatically

25. September 2019 Hinterlasse einen Kommentar

Group Policy: Configure team site libraries to sync automatically
Wer derzeit eine Team site library automatisch per Gruppenrichtlinie ausrollen möchte, wird bei der Konfiguration beim Ermitteln der eindeutigen ID , bestehend TenantID+WebID+ListID+WebUrl auf ein Problem stoßen, weil beim Klicken auf die Share-Funktion als SharePoint Online Administrator das PopUp Fenster den Link nicht anzeigt.

Das liegt nicht am Browser und ich habe Microsoft darüber informiert. Der Bug wurde bestätigt und die korrigierte Version wird derzeit wieder auf alle Tenants wieder ausgerollt. Das Ganze kann aber noch eine Weile dauern.

Workaround:

Natürlich lässt sich dieser Wert auf per PowerShell ermitteln und die einzelnen Werte per String-Manipulation auf einen einzelnen String „umbauen“:

So sollte der String aussehen:

tenantId=2ac0e372%2AF9bf%2D4c2a%2Dbe89%2D7b69e0724eb4&
siteId=%7B1bee354e%2D28b5%2D4d69%2D9bd3%2Db73b81dd1c56%7D&
webId=%7B7210d0e0%2D56f0%2D45d1%2D95ac%2D9aca68287fd9%7D&
listId=%7B67997B16%2DE45D%2D4646%2D91F5%2D3ABBC75BE765%7D&
webUrl=https%3A%2F%2Fmvphb%2Esharepoint%2Ecom%2Fsites%2Fmbuf%2Dmarketing&version=1

 

Aber natürlich ist es einfacher, zu warten…..

 

[Update 11.10.19]

In meinem Tenant funktioniert diese Funktion wieder. Bitte den Browser Cache leeren !

OneDrive | Storage Sense (with group Policies)

20. August 2019 Hinterlasse einen Kommentar

Windows 10 - Speicheroptimierung

I’m always asked what it’s like with the different OneDrive status symbols. Most of my OneDrive workshops I do not get any, or only wrong answers. This is the reason to write another blog post about it. Of course I have already described it several times:

So, if the gentle reader could follow this, then maybe a few additional explanations:

Today I can see and edit files if necessary, even I have a small hard disc. Microsoft has changed NTFS. With Files On Demand synchronization only rudimentary information from the cloud is synchronized to the device. The actual content is not. So I can therefore look at the file in Explorer, even mini-pictures stuck in the linked list of NTFS file system. And do not take a room on your hard disc.

OneDrive Files onDemand: Status "Cloud Only "

Because the content will not be editable until the content has been synchronized from the cloud to the device, the attribute changes, the icon also and the file is now editable. Also costs space on the hard disk. In Explorer, I can also decide to throw away the local "content" of the file. Free up space. I’m talking about throwing away, not deleting. Deleting a file will move it to the local recycle bin. When it is emptied, the entry of the file in the NTFS is resolved. It is still present on the hard disk, but the operating system does not know it anymore. The place will eventually be overwritten. When freeing up memory, however, only the pointer showing the beginning of the content is eliminated. The entry in NTFS is retained, the attribute and thus the icon in the Windows File Explorer is changed. Nothing is synced to the cloud because the cloud is still full content.

OneDrive Files onDemand: Status "Local available" und "Always available"

In both Windows and Mac, we have 4 icons:

  • Cloud Only
  • Local available
  • Always available
  • Syncing

OneDrive Status Symbols

Many do not know, that’s why I explain here the difference between "Local available" and "always available”.

Files On Demand came with the Windows version 1709 and at this point there was no difference. Because the Windows programmers have spent a whole year to implement an algorithm in Windows to clean up. Meanwhile (half a year later) one speaks of intelligent tidying up. Here I do not agree with Microsoft, in the age of Artificial Intelligence could have solved the cleaner and more elegant. But with the Windows version 1903 at least the administrators have a tool (group guidelines) made available, which until then only the user had in his own hands. For each library, the user can choose when and how often to clean up. (System Preferences: System, Storage, Storage Sense, Local Available Cloud Content). I myself have 10 or more entries that I can influence individually, whether, and if so, how often you want to clean up.

Hello Microsoft, the user wants to work, and not maintain settings!

As written, as of Windows version 1903, administrators can now change this globally. But what happens there?

Every time a file that is only available in the cloud is clicked on, it is synchronized, ie downloaded. Only on this device. The icon changes, the file is now available on this device (even without Internet). If I edit this file and save the content, the file is synced back to the cloud. If I do not set up my files manually, I can leave that to the system too. According to the selected properties, the system will automatically do that now so that the space of my hard disk does not become too small. And convert these files to "Cloud Only". The content is then no longer available locally on this device. If you convert these files by clicking on "Available available", they will not be touched by any memory optimization and will always be available on this device, even without the Internet.

Many administrators do not know that. As of Windows version 1903, administrators have access to additional Windows Group Policies, where this cleanup is set uniformly for the entire company, but you should know anyway. If no setting is stored in the system settings, you should occasionally clean up manually.

 

Where can these group policies be found?

They have a name: memory guidelines. We find these under Computer Configuration, Administrative Templates, System, Storage Sense.

However, these can only be found as of Windows 10, Version 1903 and higher

    • This is the alphabetical listing. First we have to turn on the process "global". Furthermore, depending on the group policy,

I advise users to be informed

    . Because depending on the setting, you ensure that, for example, the wastebasket is tidied up. In your office, it goes without saying that the cleaning crew empties the wastebasket, but not on your computer, right?

Allow Storage Storage Global

Storage Sense can automatically clean some of the user’s files to free up disk space. By default, Storage Sense is automatically turned on when the machine runs into low disk space and is set to run whenever the machine runs into storage pressure. This cadence can be changed in Storage settings or set with the "Configure Storage Sense cadence" group policy.

Enabled:

Storage Sense is turned on for the machine, with the default cadence as ‘during low free disk space’*). Users cannot disable Storage Sense, but they can adjust the cadence (unless you also configure the "Configure Storage Sense cadence" group policy).

Disabled:

Storage Sense is turned off the machine. Users cannot enable Storage Sense.

Not Configured:

By default, Storage Sense is turned off until the user runs into low disk space or the user enables it manually. Users can configure this setting in Storage settings.

Remarks:

*) My demand from Microsoft has shown that there is no fixed value that can be used for ‚during low free disk space‘. Of course, a calculation is deposited, but this will not be disclosed, and Microsoft will adjust this value in the newer versions of Windows.

 


So if "Global" was turned on, you should also configure the interval of memory optimization.

Configure Storage Sense cadence

Configure Storage Sense cadence

Storage Sense can automatically clean some of the user’s files to free up disk space.

If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect.

Enabled:

You must provide the desired Storage Sense cadence. Supported options are: daily, weekly, monthly, and during low free disk space. The default is 0 (during low free disk space).

Disabled or Not Configured:

By default, the Storage Sense cadence is set to “during low free disk space”. Users can configure this setting in Storage settings.

 


And if these are configured, immediately follows the deletion of temporary files:

Temporary Files Cleanup

Allow Storage Sense Temporary Files Cleanup

When Storage Sense runs, it can delete the user’s temporary files that are not in use. If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect.

Enabled:

Storage Sense will delete the user’s temporary files that are not in use. Users cannot disable this setting in Storage settings.

Disabled:

Storage Sense will not delete the user’s temporary files. Users cannot enable this setting in Storage settings.

Not Configured:

By default, Storage Sense will delete the user’s temporary files. Users can configure this setting in Storage settings.

Remarks

The following Files will be deleted:

  • Temporary setup files
  • Old indexed content
  • System cache files
  • Internet cache files
  • Device Driver packages
  • System downloaded program files
  • Dated system log files
  • System error memory dump files
  • System error minidump files
  • Temporary system files
  • Dated Windows update temporary files

Configure Storage Sense Recycle Bin cleanup threshold

When Storage Sense runs, it can delete files in the user’s Recycle Bin if they have been there for over a certain amount of days.

If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect.

Enabled:

You must provide the minimum age threshold (in days) of a file in the Recycle Bin before Storage Sense will delete it. Support values are: 0 – 365.

If you set this value to zero, Storage Sense will not delete files in the user’s Recycle Bin. The default is 30 days.

Disabled or Not Configured:

By default, Storage Sense will delete files in the user’s Recycle Bin that have been there for over 30 days. Users can configure this setting in Storage settings.

Remarks:

In Control Panel, the user can only set this value between Never, 1 Day, 30, Days, 60 Days. Group Policy allows values between 0 and 365

 

Configure Storage Sense Downloads cleanup threshold

When Storage Sense runs, it can delete files in the user’s Downloads folder if they have been there for over a certain amount of days.

If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect.

Enabled:

You must provide the minimum age threshold (in days) of a file in the Downloads folder before Storage Sense will delete it. Support values are: 0 – 365.

If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder.

Disabled or Not Configured:

By default, Storage Sense will not delete files in the user’s Downloads folder. Users can configure this setting in Storage settings.

Remarks:

In Control Panel, the user can only set this value between Never, 1 Day, 30, Days, 60 Days. Group Policy allows values between 0 and 365

 


But that’s not all. Space is also freed up with the next group policy

Configure Storage Sense Cloud Content dehydration threshold

When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t been opened in a certain amount of days.

If the group policy "Allow Storage Sense" is disabled, then this policy does not have any effect.

Enabled:

You must provide the number of days since a cloud-backed file has been opened before Storage Sense will dehydrate it. Support values are: 0 – 365.

If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, or never dehydrating cloud-backed content.

Disabled or Not Configured:

By default, Storage Sense will not dehydrate any cloud-backed content. Users can configure this setting in Storage settings.

Remarks:

NTFS is not just the date when the file was created. But also a date when it was last opened. And exactly this date is used for the calculation and the optimization. If the current date is greater than the date of the last access added to the value of this group policy, the file is automatically "dehydrated" into "available only in the cloud", so the content is discarded. The cloud still contains the original file

 


Comment:

Although storage sense is part of Windows 10 version 1903, while the system settings can be used to configure individual and different document libraries differently in terms of time, Group Policy is missing. Not surprisingly, most users will not get lost in memory optimization pages. Second, each user has access to different document libraries in different areas. Document Libraries that have been synchronized must therefore be considered "global" in Group Policy. And according to Microsoft, they will too. This means that administrators must also provide information to the users here.

%d Bloggern gefällt das: