OneDrive Disable / Hide in Windows 10

OneDrive, if you’re not using it, it’s just another annoying thing in Windows 10.  If you’re able to use it, awesome.  But for those environments that want it gone, here is how I’ve removed it from our environment.  I’m using several methods to attack this thing to drive it into submission.

Update - 9/19/16 - With 1607, the Group Policy has improved, and this can be basically all done using the updated ADMX files for 1607. – Same policy shown in #2
image

 

  1. OSD Steps
  2. Group Policy
  3. AppLocker

So, Let me break this down:

  1. OSD (3 Steps) – Scripts available Here
    1. Tweak - Remove OneDrive ShellFolder (Command Line Step)
      REG ADD "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder" /V Attributes /T REG_DWORD /D 4035969101 /F
      image
    2. Tweak - Delete OneDriveSetup registry Key (Command Line Step)
      OneDriveRemove\DeleteOneDriveSetup-DefaultUser-RegisteryRun.cmd
      image
      Batch File Contents: (mounts Default user Profile, delete the run registry key for OneDrive)
      reg.exe load HKEY_LOCAL_MACHINE\defuser c:\users\default\ntuser.dat
      reg.exe delete HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v OneDriveSetup /f
      reg.exe unload HKEY_LOCAL_MACHINE\defuser
      image
    3. Tweak - Remove OneDrive App (Command Line Step) - 9/19/16 - Edit, this step is now failing in 1511 & 1607, I've set to Continue on Error for now.
      %SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall
      image
  2. Group Policy (Make sure you have the latest 1511 ADMX files
    1. Machine Policy \ Administrative Templates\Windows Components\OneDrive
      Prevent the usage of OneDrive for file storage = Enabled
      image
  3. AppLocker (Add to your already implemented AppLocker configuration, not covering that here)
    1. Deny ONEDRIVESETUP.EXE, in WINDOWS LIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
      1. Create New EXE Rule, Choose Deny
        image
      2. Choose Publisher:
        image
      3. Browse to c:\Windows\SysWOW64 and choose OneDriveSetup.exe
        image
      4. Change the Slider to File Name, so it will block any version of that file.
        image
      5. Leave the Exceptions default (Blank)
        image
      6. Add Description if you like
        image
      7. Click Create
        image

After implementing these 3 processes, OneDrive is no longer showing up in our environment.

Pin Items to TaskBar during OSD in Windows 10 (1511)

Updated Method for 1607  HERE, this method below still works, but Nickolaj goes through the new built in export / import method available in 1607.

 

image

This one took me a little while.  The hard one was Internet Explorer, which I had to do completely differently than the others.

In this post I’ll give two ways to do it, the first way worked for all of them but Internet Explorer, and I was able to do natively without any “3rd” party tools.  The second way uses a Free Utility a community member wrote, which I was able to use to Pin Internet Explorer. Note, I was unable to remove Edge from the taskbar, still haven’t figured that one out yet.
The Scripts used are located HERE in the subfolder TaskBarPins

Method 1 - Registry Edit & File Copy – Using this to Pin the Office Icons

    1. Create your Folder for the Source Files on your ConfigMgr Source Share
    2. Pin all of the Items you want
    3. Copy the contents from %AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar to a Subfolder in your Source called TaskBar
      image
      image
    4. Export this KEY from the registry to your Source Folder: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
      image
    5. Edit your exported Registry File, replace HKEY_Current_User with HKEY_LOCAL_MACHINE\defuser, so the string looks like:
      [HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
      image
    6. Create a Batch file that contains these lines: (This will mount the default profile keys and allow you to import your exported keys into the default user profile registry, and copy the shortcuts into the default user TaskBar location)

reg.exe load HKEY_LOCAL_MACHINE\defuser c:\users\default\ntuser.dat
reg.exe import "TaskBarPins\TaskBarPinItems-OfficeOWXP.reg"
reg.exe unload HKEY_LOCAL_MACHINE\defuser

xcopy TaskBarPins\TaskBar\*.lnk "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar"  /Q /Y /I
image

 

  1. Add Command Line Step in TS - cmd.exe /c TaskBarPins\TaskBarPinItems.cmd, referencing the Windows10 OSD Package
    image
    My Windows 10 OSD Package.  It contains all of the tweaks in one package, which is why in the command line, I have to reference the folder name, then the script.
    image

Method 2 - Using PinTo10.exe tool provided by community member – This was the only way I’ve been successful in getting IE to Pin to TaskBar.  Information was found here on Connect.Microsoft.Com – You can get the Utility referenced in that thread HERE – It will also be in the Download I provide with all of the Scripts HERE

    1. Create your Folder for the Source Files on your ConfigMgr Source Share (I’m using the same folder as the one created for Method 1), mine looks like:
      image
    2. Create a batch file with these contents call PinTo10-Setup.cmd (Sorry for word wrap)

reg.exe load HKEY_LOCAL_MACHINE\defuser c:\users\default\ntuser.dat
reg.exe ADD HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v PinIE /T REG_SZ /D "c:\cabs\PinTo10IE.cmd" /F
reg.exe unload HKEY_LOCAL_MACHINE\defuser


xcopy "TaskBarPins\TaskBar\Internet Explorer.lnk" "c:\programdata\Microsoft\Windows\Start Menu\Programs\Accessories"  /Q /Y /I
xcopy "TaskBarPins\PinTo10IE.cmd" "c:\cabs\" /Y /S
xcopy "TaskBarPins\PinTo10.exe" "c:\cabs\" /Y /S

image

    1. Create a batch file with these contents called PinTo10IE.cmd:

echo off
ECHO Pinning Internet Explorer to TaskBar
c:\Cabs\PinTo10.exe /PTFOL01:"c:\programdata\Microsoft\Windows\Start Menu\Programs\Accessories" /PTFILE01:"Internet Explorer.lnk"
image

      1. Save those 2 Batch files & the PinTo10.exe you downloaded to your Source Folder, should like similar to my example in Method2 – Step1
      2. In the TS, add a command line Step: cmd /c TaskBarPins\PinTo10-Setup.cmd

, referencing the Windows10 OSD Package

image

Basically what’s happening, the Setup Script Adds a line to the RunOnce registry that will trigger a script to call the PinTo10 script on a users’s first logon.  It then copies the Shortcut it will PIN in the Taskbar to the ProgramData Folder, the PinTo10.exe Utility & PinTo10.cmd files to c:\Cabs. At first logon, you’ll see a command box popup while it’s doing the pin.  Then you’ll see Internet Explorer show up in the TaskBar.

image

image

image

 

If you like, you can modify the PinTo10.cmd file to include all of the items you wish to PIN, and do all of them in One step, I already had the Office Icons setup, so I didn’t bother changing everything over.