Once Upon a Time in the Automount of OneDrive Team Sites

Last Updated on February 23, 2023 by rudyooms

In this blog, we’ll be talking about how to make sure your Team Sites are synced automatically to all your devices within a few minutes. Microsoft offers this option as well, only their solution might take up to 8 hours! Today I’ll show you how to speed up this process. 

I will divide this blog into multiple parts

  1. Configure team site libraries to sync automatically in intune
  2. The problem
  3. Conclusion

1. Configure Team Site libraries to sync automatically

For anyone who wants to sync the team site libraries automatically, you can easily configure it in Intune.  You can search for “configure team site” in the administrative templates.

Please Note: It’s not best practice to sync all those sites to your device, the OneDrive app has its limits even when using the x64 version

OneDrive 64 Bits and the 300.000 files sync issue (call4cloud.nl)

Looking at the picture above, you only need to have the Sharepoint Site ID. In the past, you could simply click on sync in SharePoint and press “Copy Library ID”

But that prompt could not be shown! If that’s the case, we need to create it manually. You could do so by pressing F12 to open the developer pane, clicking on the Network tab, and clicking the clear button to clear previous requests.

Now we have everything in place, press the sync button

We need to add the above settings in this line of text (except the tenant id… but I hope you know how to find that one!)

tenantId=[TENANTID]&siteId=[SITEID]&webId=[WEBID]&listId=[LISTID]&webUrl=[WEBURL]

Here is an example:

tenantId=02ad5f9c-3696-477b-8cb3-9ba4e0a9ac9c&siteId={87a9f4b2-757b-4663-b19e-d58398f0f1e4}&webId={d1135130-a5e3-41d2-a8f1-a547508eaf04}&listId={265BA069-9F1C-4065-83AC-B7C7A0CE4C28}&webUrl=https://wvdcloud901026.sharepoint.com/sites/Office%5FTemplates&version=1

2. The problem

Okay, not my cup of tea. I feel users should be able to decide which team sites are important for them. Also, It’s very user-friendly to set up.  

Back to the issue at hand, when you configure the sync through Intune, the whole process could take up to 8 hours. While often users need access to a file or folder within minutes. For most businesses, this is an unacceptable timeframe. 

https://docs.microsoft.com/en-us/onedrive/use-group-policy#AutoMountTeamSites

Now there’s an easy way to make your ever-loving customers very happy. As they’ll have access to their files and folders in explorer within minutes! 

3. The Solution

All we have to do is change the following “Timerautomount” registry key through PowerShell and nothing more!

HKCU\Software\Microsoft\OneDrive\Accounts\Business1

Option 1: Using Reg.exe in the User Context

You can push a PowerShell script in Intune to make sure this registry key is changed.  But this will only change the key one time!. After a successful Onedrive startup and checking for sites to mount this key will be reset. So you will need to make sure the timerautomount will be changed on each login

PowerShell Script Content: 

reg add "HKCU\Software\Microsoft\OneDrive\Accounts\Business1" /v Timerautomount /t REG_QWORD /d 1 /f 

Please Note: A way better option would be to simply create a scheduled task to make sure this setting is configured on each login. But let’s take a look at some other options!

Option 2:  ProActive Remediations User Context

You could use Proactive remediations in the user context to change those settings.

You will need to run this script using the logged on credentials because it needs to be deployed in the HKCU, so running it in the system context is not going to do what we want

Detection Script



$Path = "HKCU:\SOFTWARE\Microsoft\OneDrive\Accounts\Business1"
$Name = "Timerautomount"
$Type = "QWORD"
$Value = 1

Try {
    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
    If ($Registry -eq $Value){
        Write-Output "Timer Automount Set to zero"
        Exit 0
    } 
    Write-Warning "Timer Automount Not configured to zero"
    Exit 1
} 
Catch {
    Write-Warning "Another Issue Occured"
    Exit 1
}

Remediation Script

$Path = "HKCU:\SOFTWARE\Microsoft\OneDrive\Accounts\Business1"
$Name = "Timerautomount"
$Type = "QWORD"
$Value = 1

Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value 

Option 3: Proactive Remediations System Context

If like me, you’re blocking PowerShell for your regular users… Here’s a quick and easy way to push HKCU changes in the registry while blocking PowerShell. Isn’t that nice

This option above is way way way better because it will make sure the “Timerautomount” will be reset each hour and it could even run in the system context!

Conclusion 

Having easy access to files and folders through explorer is still something that a lot of users value. Microsoft’s solution simply takes an unacceptable amount of time for most businesses. If like me, you don’t want to wait 8 hours before having access to your files in explorer… Simply look at the options I offered above and decide what fits your business best. 

9 thoughts on “Once Upon a Time in the Automount of OneDrive Team Sites

    1. Hi,

      When the timerautomount is processed once, it will be deleted. But why not creating a script like this? To make sure it is set to 0 at each logon

      $content = @’
      Windows Registry Editor Version 5.00
      [HKEY_CURRENT_USER\Software\Microsoft\OneDrive]
      “SilentBusinessConfigCompleted”=”0”
      “EnableAdal”=dword:00000001
      “EnableTeamTier_Internal”=dword:00000001
      [HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Business1]
      “EnableADALForSilentBusinessConfig”=dword:00000001
      “TimerAutoMount”=hex(b):01,00,00,00,00,00,00,00
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity]
      “EnableAdal”=dword:00000001
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing]
      “EulasSetAccepted”=”16.0,”
      ‘@

      # create custom folder and write PS script
      $path = $(Join-Path $env:ProgramData CustomScripts)
      if (!(Test-Path $path))
      {
      New-Item -Path $path -ItemType Directory -Force -Confirm:$false
      }
      Out-File -FilePath $(Join-Path $env:ProgramData CustomScripts\onedrive.reg) -Encoding unicode -Force -InputObject $content -Confirm:$false

      # register script to run at logon
      $WshShell = New-Object -comObject WScript.Shell
      $Shortcut = $WshShell.CreateShortcut(“$env:ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\config.lnk”)
      $Shortcut.TargetPath = ‘”c:\windows\System32\reg.exe”‘
      $Shortcut.Arguments = “import c:\programdata\CustomScripts\onedrive.reg”
      $Shortcut.WorkingDirectory = ‘”c:\programdata\CustomScripts\”‘
      $Shortcut.Save()

  1. We’re rolling out a new site for a department so I think I’m okay with using the admin template and it taking up to 8 hours, but how can I assign that to the Teams site group?

    Looks like Intune won’t let me target any Microsoft 365 groups for Device Configuration profiles. I also can’t add that M365 group to another security group. Do I need to maintain two groups for this?

    1. That’s correct… Security groups define who can access resources, and are recommended for your groups in Intune. So you can’t use Microsoft 365 groups… sometime like 1,5 years ago that option was removed

      1. With the new query “memberof” (currently in preview) for dynamic users groups, you can bypass this restriction by simply creating a new SG that dynamically fetches members of your M365 Group objectID.

  2. Have been using the Automount and Timerautomount trick for quite some time now with succes.

    However, I am running into an issue. We have several offices. All Site libraries are in one Automount policy.

    If a user has the rights for a certain library, it will synchonize. Perfect!

    But now the request is that a manager wants access to all libraries. Giving him the rights to all libraries and sync all libraries are way too much files to handle for Onedrive.

    I thought I could solve it by splitting up my Automount policies for each office. But then it will give a conflict, because of the same polies.

    How to give this manager the rights to synchronize some sites, and give him access to other sites through webaccess without synchronizing them. Seems impossible?

  3. Hi There,
    Just wanted to say a massive thank you for the first part of this article where you’ve gone and provided a really easy way to get the string for the Tenant ID with the parameters for WebID, SiteID, FolderID etc. There’s plenty of articles out there with powershell scripts [that in my experience haven’t worked or been extremely buggy], or people saying to log a case with MS etc. Your method is by far the easiest and cleanest available

Leave a Reply

Your email address will not be published. Required fields are marked *

6  +  3  =