Darrin Moore
asked on
How to disable/remove One drive from a network environment?
How to disable/remove One drive from a network environment? I don't want my users to be able to save documents to One Drive in any capacity and my preference would be to remove the option altogether if possible. I've uninstalled One Drive on the PC's when rolling them out, but i'm guessing that it gets reinstalled whenever the computers receive Windows updates. I'd prefer to be able to remove that option without having to touch each workstation.
All windows 10 computers, running in a domain environment with newly installed Office 365.
All windows 10 computers, running in a domain environment with newly installed Office 365.
ASKER
i'm unfamiliar with using ADMX. Are those add-ins to be able to able to manipulate certain items within Group Policy? Downloadable from Microsoft?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I do have that option (thankfully).
Good. Now read what it does and configure it.
ASKER
Haha...I will do it! I appreciate the help :)
ASKER
Done!
You are welcome. :-)
Tomorrow I can give you a script to uninstall OneDrive.
ASKER
Thank you, McKnife...i'll keep an eye out for that. Much appreciated!
Here is a way to disable completely onedrive for users.
SharePoint Admin Center >> Click on "User Profiles" from left navigation >> Click on "Manage User Permissions" link under "People"
Uncheck the Create Personal Site permission and check Disable OneDrive checkboxes to disable OneDrive for all users.
now to hide onedrive from office launcher.
SharePoint Admin Center >> Click on Settings from the left navigation
click Hide button for onedrive.
This will stop syncing data and also accessing onedrive through o365 applications.
SharePoint Admin Center >> Click on "User Profiles" from left navigation >> Click on "Manage User Permissions" link under "People"
Uncheck the Create Personal Site permission and check Disable OneDrive checkboxes to disable OneDrive for all users.
now to hide onedrive from office launcher.
SharePoint Admin Center >> Click on Settings from the left navigation
click Hide button for onedrive.
This will stop syncing data and also accessing onedrive through o365 applications.
I gathered the code that is about OneDrive as it comes with windows. Please note that there is also OneDrive included in some versions of Office!
The code is these 4 batch lines:
The code is these 4 batch lines:
icacls c:\Windows\SysWOW64\OneDriveSetup.exe /grant system:f
ren c:\Windows\SysWOW64\OneDriveSetup.exe OneDriveSetup.exebak
for /f %%a in ('dir /b c:\users') do rd c:\users\%%a\appdata\local\microsoft\onedrive /s /q
reg delete "HKLM\DEFAULT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v OneDriveSetup /f
If you want to delete the onedrive update tasks, there's an additional powershell 2-liner:Get-ScheduledTask | where TaskName -like "OneDrive Standalone Update Task*" | Unregister-ScheduledTask -confirm:$false
Get-ScheduledTask | where TaskName -like "User_Feed_Synchronization*" | Unregister-ScheduledTask -confirm:$false
Advanced PS script to remove OneDrive.
# Stop OneDrive Process and Uninstall
taskkill /f /im OneDrive.exe
& "$env:SystemRoot\SysWOW64\OneDriveSetup.exe" /uninstall
# Take Ownsership of OneDriveSetup.exe
$ACL = Get-ACL -Path $env:SystemRoot\SysWOW64\OneDriveSetup.exe
$Group = New-Object System.Security.Principal.NTAccount("$env:UserName")
$ACL.SetOwner($Group)
Set-Acl -Path $env:SystemRoot\SysWOW64\OneDriveSetup.exe -AclObject $ACL
# Assign Full R/W Permissions to $env:UserName (Administrator)
$Acl = Get-Acl "$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$env:UserName","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "$env:SystemRoot\SysWOW64\OneDriveSetup.exe" $Acl
# Take Ownsership of OneDriveSettingSyncProvider.dll
$ACL = Get-ACL -Path $env:SystemRoot\SysWOW64\OneDriveSettingSyncProvider.dll
$Group = New-Object System.Security.Principal.NTAccount("$env:UserName")
$ACL.SetOwner($Group)
Set-Acl -Path $env:SystemRoot\SysWOW64\OneDriveSettingSyncProvider.dll -AclObject $ACL
# Assign Full R/W Permissions to $env:UserName (Administrator)
$Acl = Get-Acl "$env:SystemRoot\SysWOW64\OneDriveSettingSyncProvider.dll"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$env:UserName","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "$env:SystemRoot\SysWOW64\OneDriveSettingSyncProvider.dll" $Acl
# Take Ownsership of OneDrive.ico
$ACL = Get-ACL -Path $env:SystemRoot\SysWOW64\OneDrive.ico
$Group = New-Object System.Security.Principal.NTAccount("$env:UserName")
$ACL.SetOwner($Group)
Set-Acl -Path $env:SystemRoot\SysWOW64\OneDrive.ico -AclObject $ACL
# Assign Full R/W Permissions to $env:UserName (Administrator)
$Acl = Get-Acl "$env:SystemRoot\SysWOW64\OneDrive.ico"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$env:UserName","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "$env:SystemRoot\SysWOW64\OneDrive.ico" $Acl
# $env:LOCALAPPDATA\Microsoft\OneDrive
# Assign Full R/W Permissions to $env:UserName (Administrator)
$Acl = Get-Acl "$env:LOCALAPPDATA\Microsoft\OneDrive"
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$env:UserName","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "$env:LOCALAPPDATA\Microsoft\OneDrive" $Acl
REG Delete "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
REG Delete "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
# Allow for NTFS Permissions to Apply
Start-Sleep -Seconds 60
# Restart Windows Shell to release of FileSyncShell64.dll
taskkill /f /im explorer.exe
explorer.exe
Remove-Item -Path "$env:SystemRoot\SysWOW64\OneDriveSetup.exe"
Write-Output "OneDriveSetup.exe Removed"
Remove-Item -Path "$env:SystemRoot\SysWOW64\OneDriveSettingSyncProvider.dll"
Write-Output "OneDriveSettingSyncProvider.dll Removed"
Remove-Item -Path "$env:SystemRoot\SysWOW64\OneDrive.ico"
Write-Output "OneDrive.icon Removed"
Remove-Item -Path "$env:USERPROFILE\OneDrive" -Recurse -Force
Write-Output "USERProfile\OneDrive Removed"
Remove-Item -Path "$env:LOCALAPPDATA\Microsoft\OneDrive" -Recurse -Force
Write-Output "LocalAppData\Microsoft\OneDrive Removed"
Remove-Item -Path "$env:ProgramData\Microsoft OneDrive" -Recurse -Force
Write-Output "ProgramData\Microsoft OneDrive Removed"
Remove-Item -Path "C:\ProgramData\Microsoft OneDrive" -Recurse -Force -ErrorAction Ignore
Write-Output "C:\ProgramData\Microsoft OneDrive Removed"
Remove-Item -Path "C:\OneDriveTemp" -Recurse -Force -ErrorAction Ignore
Write-Output "C:\OneDriveTemp Removed"
ASKER
Wow. You guys are incredible. I am grateful for the help and will be using several of these suggestions.
(Maybe you will need to download the ADMX for Windows 10).