How to deploy OneDrive next generation sync client with SCCM

Hello everyone!

I've seen people having trouble while deploying the OneDrive next generation sync client with SCCM,

So i've decided to create a new blog post to share same ideas of how i'm usually deploying it on our clients.


On the Onedrive documentation we have the following:

I just want to install the OneDrive.exe client on user’s machines

Maybe all you’re interested in is getting the new OneDrive for Business sync client onto your users’ machines. If all you want to do is install OneDrive.exe on a machine you can use either SCCM or a Group Policy script to execute the following:

Execute <pathToSomeAccessibleNetworkShare>\OneDriveSetup.exe /silent

Result: OneDrive.exe is installed transparently on your users’ machines, but it is not automatically launched. Users can launch OneDrive.exe by opening their OneDrive folder in File Explorer, or by launching OneDrive from the start menu. Or IT administrators at any time later can run %localappdata%\Microsoft\OneDrive\OneDrive.exe through SCCM or Group Policy script to automatically open OneDrive.exe on the users machine.


This new Onedrive client has some specific requirements to be created as an SCCM application as it's based on an EXE file that is installed on a user Profile. This means that we need to create an Application based on a script instead of an MSI and that we need to run it only we have an user logged on so that we can get it on the proper users profile



On this post I will discuss only the installation part, you will need to run Onedrive.exe afterwards either by asking the users to do so or you can also automate the Onedrive execution with SCCM. Start by creating a simple application based on a script

  • Start by creating an application based on a script1
  • Then fill out the application information 2


  • On the deployment types, add a new type of deployment of Script Installer type






  • This is one of the most important part of this deployment, the detection method, for this specific detection as the application is always installed on the user profile, we need to scan on the current user profile for the OneDrive.exe to see if it's installed or not. We need to use the option to "use a custom script to detect the presence of this deployment type" and then use the following script:


I need to give a huge thanks to my colleague Herbert Fuchs who's an amazing SCCM PFE based in Austria and a Powershell Guru that entirely developed this detection script.

Just copy & Paste the bellow into the SCCM console:

# OneDriveSetup Detection in ConfigMgr

# This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.



# We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object

# code form of the Sample Code, provided that You agree: (i) to not use Our name, logo, or trademarks to market Your software

# product in which the Sample Code is embedded; (ii) to include a valid copyright notice on Your software product in which the

# Sample Code is embedded; and (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims

# or lawsuits, including attorneys’ fees, that arise or result from the use or distribution of the Sample Code.inst

[String]$LogfileName = "OneDriveDetection"

[String]$Logfile = "$env:SystemRoot\logs\$LogfileName.log"

Function Write-Log


Param ([string]$logstring)

If (Test-Path $Logfile)


If ((Get-Item $Logfile).Length -gt 2MB)


Rename-Item $Logfile $Logfile".bak" -Force



$WriteLine = (Get-Date).ToString() + " " + $logstring

Add-content $Logfile -value $WriteLine


$User = gwmi win32_computersystem -Property Username

$UserName = $User.UserName

$UserSplit = $User.UserName.Split("\")

$OneDrive = "$env:SystemDrive\users\" + $UserSplit[1] +"\appdata\local\microsoft\onedrive\onedrive.exe"

# Parameter to Log

Write-Log "Start Script Execution"

Write-Log "Logged on User: $UserName"

Write-Log "Detection-String: $OneDrive"

If(Test-Path $OneDrive)


Write-Log "Found DetectionFile"

$OneDriveFile = Get-Item $OneDrive

Write-Log "Get File Details"

Write-Log "Version found:$OneDriveFile.VersionInfo.FileVersion"

Write-Log "Script Exectuion End!"

Write-Log ""

Return $true




Write-Log "Warning: OneDrive.exe not found - need to install App!"






  • Also, it's very important to set User experience like this, to make sure that the application gets installed on the user profile


  • Now  just deploy it into a computer collection!

Be advised that you have to sign this script or use Client settings and set the Powershell execution policy to bypass (use with caution!)

Hope this helps !


PS : This blog will be removed in the future, for future reference use the article

On that article you can also find an example that you can quickly download and import to your environment to avoid copy & paste errors and to speed up the app creation


Comments (45)
  1. Joey says:

    Two questions:
    1. How do you force the install to default to OneDrive Business?
    2. How do you populate the user’s Office 365 UPN so the install process is completely transparent to the user?

    1. Hello Joey, In this case the objective was to only deploy the client, which is the step 1 in the Onedrive deployment documentation. Please check Onedrive’s remaining documentation to do all the remaining configuration. If in the future I do that in an unattended way i’ll be sure to update this blog! thanks for your comment

    2. TN says:

      Just set the option to use default the onedrive next gen client in office365

  2. Jeremy Esposito says:

    Great blog post! When installing via SCCM, there are two important scenarios to consider.
    1. Installing OD for users that do not have local admin privileges (most common)
    2. Installing OD for users that do have local admin privileges (covered in this blog and OD Enterprise Deployment article )

    For the first scenario, here is the high-level process of deploying OD via SCCM for users that do not have local admin privileges:
    1. Have SCCM run onedrivesetup.exe /silent as SYSTEM on all client machines
    2. This will put the OD install bits in C:/Program Files (x86)/Microsoft OneDrive allowing a non-admin to run the install)
    a. This installer can now be run with any non-admin user on the computer
    b. Each user will have to perform this step. It is not automatic
    c. All they have to do is click on ‘OneDrive’ in the start menu and the OD setup will walk them through the install and configuration process
    i. On client machine, login with a user without local admin privileges.
    ii. This user can now click on C:/Program Files (x86)/Microsoft OneDrive/Onedrivesetup.exe
    iii. Microsoft OneDrive installer link should even be added to the Start Menu. If not, navigate to C:/Program Files (x86)/Microsoft OneDrive

    1. Thanks Jeremy for your feedback! There’s lot of different scenarios for each customer specific needs, thanks for your valuable input !

    2. Hi Jeremy,

      see also my post later to get things done with user log-ins.

  3. Tiago Martins says:

    I made a shorter powershell. But you need more than this one you have posted from a guy based in Austria.
    At first, this app does not install with Admin privileges, so it must be in user context. Then, it must identify the user logged, and with System context, (I didn’t test the code above but) I doubt if it can get the user logged instead of System account. Then, since this App has different builds, you must guarantee that the one you are deploying is the one you are getting “Installed” message from Software Center. At the end, if you simply run onedrivesetup.exe /silent alone from your server, probably the only thing you will get is, that onedrivesetup.exe file, copied to your ProgramFiles path. So, you must force running that setup from that path after running onedrivesetup.exe /silent alone from your server.

    1. Hello Tiago! thanks for the feedback! there are lots of different approaches to this kind of deployment (check Steve Rachui’s blog for a different one!) for several of my customers this is working in production. And yes, version control is a great idea! and you do have to run OneDrive afterwards for the setup as mentioned! thanks! cheers

  4. Luc says:

    Thank you for this post and it worked for me but was wondering what to do when a different user logs on afterward. Even the same user after logging off and back on I lose the ability to uninstall OneDrive. A new user would also show as “Installed”.

    1. Thanks for the feedback Luc! I didn’t test that scenario, but have you tried sending the deployment to a user collection ?

  5. NickD says:

    In your post you mentioned “you will need to run Onedrive.exe afterwards either by asking the users to do so or you can also automate the Onedrive execution with SCCM”. Can you provide any suggested where to get such an option in SCCM as anything SCCM executes returns “OneDrive can’t be run using fill administrator rights”?

    If I use “Installation behaviour: Install for system”, OneDrive installs to “%ProgramData%\Microsoft OneDrive”, I must choose “Installation behaviour: Install for user” to have the install go to “%LocalAppData%\Microsoft\OneDrive”.

    Finally, the script doesn’t work as it detects multiple account as it does the check using the System account. Here is a script I had to create…
    # Get Logged-in user profile path
    $Accounts = get-wmiobject win32_loggedonuser | select Antecedent -Unique
    ForEach ($Account in $Accounts.Antecedent) {
    $AccountDomain = $Account.Split(‘”‘)[1]
    $AccountLogin = $Account.Split(‘”‘)[3]
    $AccountSID = Get-wmiobject win32_useraccount -Filter “Name = ‘$AccountLogin’ and Domain = ‘$AccountDomain'”
    IF (($AccountSID)) {
    $UserSID = ($AccountSID).SID
    $UserProfile = (Get-WMIObject win32_userprofile -Filter “SID = ‘$UserSID'”).LocalPath

    # File Location
    $FilePath = $UserProfile + “\AppData\Local\Microsoft\OneDrive\OneDrive.exe”

    Try {
    $FileVersion = (Get-Item $FilePath -ErrorAction Stop).VersionInfo.FileVersion
    If ($FileVersion -gt ‘17.3’) {
    Return $FileVersion
    } Catch {
    #Reg key doesn’t exist

    # SCCM Detection…
    # No output = Not Installed
    # Any output w/o error = Installed
    # Any Error = Unknown

    1. Hello Nick! thanks for sharing your script. I didn’t run into multiple logged on results in my customers. Check Steve Rachui’s blog for another approach! cheers

  6. Juan says:

    Good post,
    What about uninstall? Standard users can install the user portion after SYSTEM has run OneDriveSetup.exe /silent… but what if I want to remove (i.e. customers testing and finally not buying).

    1. hello Juan, working on that! I hope to have an update on that in some weeks. cheers

      1. Vishnu suddar says:

        Hi Paulo,

        I am facing problem with uninstall of onedrive. If one user uninstall the onedrive then there is no option for other user uninstall the onedrive .

        1. hello Vishnu! you can try to deploy this to users instead of machines, but I haven’t tested it! thanks

  7. Ross Baker says:

    Hello I have managed to setup this for ODFB. Thanks for the help but I have a problem. If push this software out it shows Past – due will be installed in software console. The problem is the software never installs it just sits there. If I manually click install button it works fine so the detection\ software is all ok just this pause and manual intervention which is a problem. I need to push it out to 1600 PC’s silently.


    1. Hello Ross! thanks for the feedback. Did you get anything in the Appenforce log? cheers

  8. MGJ says:

    Did someone receive this error message?

    +++ Application not discovered with script detection.
    Error code: 0x87D00324 (-2016410844)
    The application was not detected after installation completed.

    1. hello MGj, check the appdiscovery log to try to understand where the detection part is failing. cheers

  9. Don Peruski says:

    I found that the detection script runs when nobody is logged in, in my environment. This causes errors to show up for the deployment, even when the app is installed properly. To correct this, I added to the detection script below this line:

    $User = gwmi win32_computersystem -Property Username

    #make sure someone is logged in
    if ($user.UserName -eq $null) {
    Write-Log “Start Script Execution – Stopped – No User Logged In”
    return $true

    Thank you for sharing.

    1. hello Don, awesome! thanks for sharing that. just want to add the information that the wmi query usually doesn’t run as expected inside virtual machine and the current logged on user is not returned. cheers!

  10. TT says:

    Anyone have trouble with this line:
    $UserSplit = $User.UserName.Split(“\”)
    I get an error that it returns a null value in appdiscovery.log

    1. are you using virtual machines?

  11. Hi Paulo,

    we installed OneDrive on 100.000 machines with this trick:

    In the package we
    first run \OneDriveSetup.exe /silent
    the we use Active Setup and add
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\OneDriveSetup
    the REG_SZ
    Stubpath = “C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe”

    Then when a user logs in the ActiveSetup is started once in user Context and shows the user the Install Experience.
    At BASF the user has to put in his E-Mail and authenticate with Smartcard (Multi Factor Authentication against O365).

    So every user which logs in will get OneDrive setup in his/her account automatically.

    1. Hello Juergen, that’s great! thanks for the feedback !

  12. Dusky Hall says:

    I want to achive the following:

    1. Install OneDrive Business for all my users in my organization at all machines with sccm. do I follow your process above?
    2. want to it to be silent with no interaction with the user. I want the program to launch and do all the steps where a user doesn’t have to do anything as I have school kids that are small and cant do any part of this.

    1. hello Dusky! 1. Yes 2. Following this instructions still will have you to configure the accounts per user. Cheers!

  13. Allen says:

    I’ve been trying to deploy the client for the past month or so using this detection method. We have group policy setting the powershell execution policy to AllSigned. Unfortunately, configuring the SCCM client settings to bypass that is not working and copying and pasting the signed script is not working. I’m getting the following error in AppDiscovery log:

    The file C:\WINDOWS\CCM\SystemTemp\529968de-ff32-4673-8b3a-90c37b8d3
    a8f.ps1 is not digitally signed

    Anyone have a way to get around this? SCCM support has not been very helpful.

    1. Hello Allen, having a group policy usually as a higher priority than everything else in SCCM, so I’m afraid that with that gpo you won’t be able to run the powershell. You could however have a different detection method. thanks!

  14. Roger Truss says:

    issues with this line item working..

    Write-Log “Version found:$OneDriveFile.VersionInfo.FileVersion”

    it does not actually seem to add the version number in the log file.

    1. Hello Roger, can you get the file version in file explorer? thanks

  15. TN says:

    We really want to install onedrive next gen client for every user on the same pc, but If I read correctly this script just works once per pc?
    does someone has a workaround for that? The only one I have read is the active setup key, but we would like to use sccm.

    I really do not understand that the developers don’t know what a system base installation is, so frustrating.

  16. Ian Broadbent says:

    Thanks for the detection script. I found a more efficient and reliable way is to use the %LOCALAPPDATA% variable to check for the presence of OneDrive.exe (which caters for the case where a user has another profile directory e.g. “C:\Users\JSmith.domain” – the initial profile may have become corrupted)

    $User = gwmi win32_computersystem -Property Username
    $UserName = $User.UserName
    $UserSplit = $User.UserName.Split(“\”)
    $OneDrive = “$env:SystemDrive\users\” + $UserSplit[1] +“\appdata\local\microsoft\onedrive\onedrive.exe”

    $OneDrive = “$env:LOCALAPPDATA\Microsoft\OneDrive\OneDrive.exe”

    1. Ian Broadbent says:

      Actually – my previous suggestion works OK if you run it standalone (as I tested it) – but does not work in SCCM (it gets the system account’s profile).

  17. Pascal Verbruggen says:

    It’s a very nice procedure.
    I’ve got 2 questions:
    – How do you deal with situations where the user profile is not located in “C:\users\USERID”?
    – How do you deal with roaming profiles? (I can’t get “OneDriveSetup.exe” to install because my roaming profile has a registry for a newer version of OneDrive. I get error “80040692” until I delete the OneDrive key in my registry.)

    1. hey Pascal! you need to adapt the script for that. thanks!

      1. Pascal Verbruggen says:

        Hello Paulo,
        Any idea on how to adjust the script?

        1. sorry Pascal, haven’t used this with Roamingprofiles! cheers

          1. John says:

            Roaming profiles aren’t supported:
            Roaming, Mandatory and Temporary Windows profiles aren’t supported. The OneDrive for Business sync app only supports users who can write to OneDrive for Business application directories.


  18. Matt says:

    here’s a much shorter detection script which also works for VDI sessions

    $Path = “$env:LOCALAPPDATA\Microsoft\OneDrive\OneDrive.exe”
    If (Test-Path $Path){Write-Host “$Path Exists”}

    1. nice Matt! thanks! cheers

  19. Kyle says:

    I get a old error
    Error Code: 0xFFFFFFFF (-1) I look in Appenforce log and it doesn’t even show as trying to install.
    Andy ideas.

  20. Daimus says:

    Tested using OneDrive, SCCM installing as system only when user is logged on.
    Script below updated with the following changes:
    – Log to the user’s Temp directory
    – Get the currently logged on username from the environment variable. Using WMI returns null for users logged in via RDP (so this results in a detection failure)
    – Fixed in issue with the file version not being returned.
    – A few minor simplifications and making the script more general purpose.

    [String]$LogfileName = “OneDriveDetection”
    [String]$Logfile = “$env:Temp\$LogfileName.log”
    [String]$DetectionFile = “$env:LocalAppData” +”\microsoft\onedrive\onedrive.exe”
    [String]$UserName = “$env:UserName”

    Function Write-Log
    Param ([string]$logstring)
    If (Test-Path $Logfile)
    If ((Get-Item $Logfile).Length -gt 2MB)
    Rename-Item $Logfile $Logfile”.bak” -Force
    $WriteLine = (Get-Date).ToString() + ” ” + $logstring
    Add-content $Logfile -value $WriteLine

    # Parameter to Log
    Write-Log “Start Script Execution”
    Write-Log “Logged on User: $UserName”
    Write-Log “Detection-String: $DetectionFile”
    If(Test-Path $DetectionFile)
    Write-Log “Found Detection File”
    $FileVersion = (Get-Item $DetectionFile | select -expandproperty VersionInfo).FileVersion
    Write-Log “Get File Details”
    Write-Log “Version found:$FileVersion”
    Write-Log “Script Execution End!”
    Write-Log “”
    Return $true
    Write-Log “Warning: Detection file not found – need to install App!”

    1. nicely done! thanks for sharing

Comments are closed.

Skip to main content