I would like to share a recent discovery on how to keep the OneDrive up to date to improve the first run user experience and prevent old OneDrive Install and immediate update to latest version. This can prolong the time it takes for OneDrive to become available for use/visible to users (via Start/File Explorer) which can take between 30-60 seconds (or greater)
Let’s begin by where the OneDrive setup is located and what version are distributed with different editions of windows 10.
Windows 10 is shipped with a built-in OneDriveSetup.exe located in C:\Windows\SysWow64
- Anniversary Edition (1607): – 17.3.6381.0405
- Creator Edition (1703): – 17.3.6816.0313
The Latest version (at time of writing) is now 17.3.6917.0607 – Release notes available here
Within a month (based in the frequency of the updates based on the last 12 months) of any edition release it will be out of date and require updating.
Deep Dive into how Onedrive Install & Update
When a user first logs on to Windows 10 the Onedrive client is installed in the user profile C:\Users <username>\AppData\Local\Microsoft\OneDrive via the Run Registry entry and then it starts by updating itself to the latest version automatically.
Two log file will be located in the following folder C:\Users <username>\AppData\Local\Microsoft\OneDrive\setup\logs to show the progress of installation
- Install_<date>.log file
- Install-PerUser_<date>.log file
Opening ie. Install-PerUser_2017-07-10_213402_1838-1b90.log you’ll see the install Location/Version/Command Executed evidence below:
Directly after the initial installation from built-in package a separate Install-PerUser_<date>.log file will be created and will automatically begin to install of latest version of OneDrive. Again Location/Version/Command Executed evidence below:
C:\Users <username>\AppData\Local\Microsoft\OneDrive will contain the following contents (NOTE the update folder which indicates an update has taken place)
All of the above can sometime take 30-60 seconds to complete and for OneDrive to be visible on the Start Menu/File Explorer.
How to Keep OneDrive update to date on your Master Image
Step 1: Login as Administrator
Step 2: Run the following commands to takeownership of file & full control (ensure to run as administrator)
%SYSTEMROOT%\system32\takeown /f %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe %SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /Grant %DOMAIN%\%USERNAME%:(F)
Step 3: Copy the Latest OndriveSetup.exe and replace the existing %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe with the new one.
Step 4: Revert Owner back to Trusted Installer
%SYSTEMROOT%\system32\icacls.exe %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /setowner "NT SERVICE\TrustedInstaller"
Step 4: Log off administrator
Verify OneDriveSetup is installing from latest version
Step 1: Log in as Normal User
Step 2: Open C:\Users <username>\AppData\Local\Microsoft\OneDrive\setup\logs folder , you’ll only have 1 x Install-Per user log file which indicates only one setup has been run.
Step 3: Open Install-PerUser_…log file.
Step 4: In the logs entries the OneDriveSetup.exe App Version will be the version which was replaced in the previous section.
Step 5: Verify installation folder contained in C:\Users <username>\AppData\Local\Microsoft\OneDrive has latest App Version folder (NOTE there is no update folder which indicates no update has taken place)
Conclusion
The above commands can be converted into SCCM Task Sequence/automated during initial install build of Image, i hope the above gives a overview on the how it updates and how the image can be modified to keep it fully up to date and prevent unnecessary upgrades taking place.
This info can be very useful in a VDI/PVS environment where master image/vDisks need to be managed maintained on a regular basis.
This is great, but the one thing that may keep us from doing something similar is that although the owner is restored to Trusted Installer, the user that was granted F (full) permissions still has full permissions when the script completes. When trying to figure out a way to restore the user to their regular permissions, I ran into a chicken/egg scenario. The permissions can’t be restored without having ownership and ownership can’t be set to Trusted Installer without having full permissions. So, I can’t find a way to restore both ownership and permissions from CMD.
I am wanting to do this within an OSD SCCM task sequence so my user would need to be System. I don’t think that I want System to have full access to an executable file in c:\windows\syswow64 for all of our computers that get imaged.
Actually, I don’t know what I was doing wrong in my tests before and I think you can restore BOTH owner to be trusted installer and restore the user permissions back to what they were originally. I think it may be a good idea to use “icacls /save” and “icacls /restore” to save and restore user permissions.
I’m also intending to do this as part of an SCCM OS deployment task sequence so I’m granting to “System” below instead of the current user. I tested the below using PSExec to create a system command prompt (before trying out in an SCCM task sequence) and it seems to work (OneDriveSetup.exe gets copied over and looking at the properties of OneDriveSetup.exe after the script, the owner is back to TrustedInstaller and permissions for System are Read/Execute instead of Full).
Rem Save off Access Control Lists to a temporary file
%SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /save %SYSTEMROOT%\temp\SaveOneDriveSetupExeACL.txt
Rem Take ownership of OneDriveSetup.exe and grant rights to System
%SYSTEMROOT%\system32\takeown /f %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe
%SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /Grant System:(F)
Rem Copy OneDriveSetup.exe from current folder to SysWOW64 folder
copy OneDriveSetup.exe %SYSTEMROOT%\SysWOW64\ /y
Rem Revert ownership back to TrustedInstaller
%SYSTEMROOT%\system32\icacls.exe %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe /setowner “NT SERVICE\TrustedInstaller”
Rem Restore Access Control Lists
%SYSTEMROOT%\system32\icacls %SYSTEMROOT%\SysWOW64\ /restore c:\windows\temp\SaveOneDriveSetupExeACL.txt
Rem Delete temporary ACL file
del %SYSTEMROOT%\temp\SaveOneDriveSetupExeACL.txt /Q /F
Hi,
CMD.exe can be very limiting and i have seen this elsewhere such as registry permission etc. It may be working looking at other 3rdParty/Freeware alternatives such as SetACL to see if it can leave the permission in correct way.
Cheers,
David
Thanks, David. I think I figured out how to restore everything using cmd.exe, but I will look into SetACL if things don’t pan out.
Hi,
Let me know how it works out for you.
Cheers,
David