How to Standardize OneDrive Sync Settings Across Department PCs
🔍 WiseChecker

How to Standardize OneDrive Sync Settings Across Department PCs

by

When managing a department of Windows PCs, inconsistent OneDrive sync settings lead to data loss, storage waste, and support tickets. Some users turn off Files On-Demand, others sync too many folders, and a few disable Known Folder Move. These variations create backup gaps and confuse users when files appear missing.

OneDrive for Business lets IT administrators control sync behavior through Group Policy, registry keys, and the Microsoft 365 admin center. These tools enforce a uniform experience across all department machines without touching each PC individually.

This article explains how to configure and deploy standardized OneDrive sync settings using Group Policy Objects and the admin center. You will learn the specific policies to set, how to apply them to a department scope, and how to verify compliance across your managed devices.

Key Takeaways: Enforcing Uniform OneDrive Sync Settings

  • Group Policy Administrative Templates > OneDrive > Sync Settings: Enables or disables Files On-Demand, Known Folder Move, and automatic upload of photos and videos.
  • Microsoft 365 admin center > Org settings > OneDrive > Device policy: Controls tenant-wide sync restrictions and default sync behavior for all new users.
  • OneDrive ADMX files (OneDrive.admx and OneDrive.adml): Required to see OneDrive-specific policies in the Group Policy Management Console.

ADVERTISEMENT

How OneDrive Sync Settings Are Controlled

OneDrive for Business on Windows reads its configuration from a combination of local registry keys and cloud-based policies. When a user signs into OneDrive, the client downloads the tenant-level device policy from Microsoft 365. Group Policy settings applied locally override the cloud defaults for the specific machine.

The most important settings to standardize include:

  • Files On-Demand: Controls whether files appear as placeholders or are downloaded immediately. Keeping this enabled saves disk space and reduces sync traffic.
  • Known Folder Move: Redirects Desktop, Documents, and Pictures to OneDrive. Enforcing this ensures department data is backed up.
  • Sync folder exclusions: Prevents users from syncing entire SharePoint libraries or large folders that slow down the client.
  • Upload bandwidth limits: Prevents OneDrive from saturating the network during large file uploads.

Before you begin, confirm that the OneDrive sync app version 19.002 or later is installed on all department PCs. You also need administrative access to the domain controller or a local Group Policy editor on a domain-joined machine. Download the latest OneDrive ADMX files from Microsoft if they are not already in your Central Store.

Steps to Deploy Standardized OneDrive Sync Settings via Group Policy

The following procedure assumes your department PCs are joined to an Active Directory domain. If you use Azure AD joined devices without on-premises Group Policy, skip to the Microsoft 365 admin center method described later.

Step 1: Import OneDrive Administrative Templates

  1. Download the OneDrive ADMX files
    Go to Microsoft Download Center and search for OneDrive Group Policy Objects. Download the latest ADMX package. Extract the contents to a folder on your domain controller.
  2. Copy the ADMX and ADML files to the Central Store
    Open %SystemRoot%\sysvol\domain\Policies\PolicyDefinitions on your domain controller. Copy OneDrive.admx to this folder. Copy OneDrive.adml to the en-US subfolder. If no PolicyDefinitions folder exists, create it.
  3. Verify the templates appear in Group Policy Management Editor
    Open Group Policy Management Console. Create a new GPO or edit an existing one. Navigate to Computer Configuration > Administrative Templates > OneDrive. If the OneDrive node appears, the templates are correctly installed.

Step 2: Configure the Core Sync Policies

  1. Enable Files On-Demand
    In the same GPO, go to Computer Configuration > Administrative Templates > OneDrive. Double-click Use OneDrive Files On-Demand. Set it to Enabled. Click OK. This forces all department PCs to show online-only placeholders by default.
  2. Configure Known Folder Move
    Double-click Silently move Windows known folders to OneDrive. Set it to Enabled. In the options, select Desktop, Documents, and Pictures. Click OK. This redirects the folders without prompting the user.
  3. Set upload bandwidth limit
    Double-click Set the maximum upload throughput rate for OneDrive. Set it to Enabled. Enter a value in kilobytes per second, for example 1024 to limit uploads to 1 MBps. Click OK.
  4. Block syncing specific file types
    Double-click Block syncing specific file types. Set it to Enabled. Under Options, enter file extensions separated by semicolons, for example .exe;.msi;.bat. Click OK.

Step 3: Link the GPO to the Department OU

  1. Identify the department organizational unit
    Open Active Directory Users and Computers. Locate the OU that contains the department PCs, for example OU=Sales Computers,OU=Sales,DC=contoso,DC=com.
  2. Link the GPO
    Right-click the department OU and select Link an Existing GPO. Choose the GPO you just configured. Click OK.
  3. Force a Group Policy refresh on a test PC
    On a department computer, open Command Prompt as administrator. Run gpupdate /force. Restart the OneDrive sync app by right-clicking the OneDrive icon in the system tray and selecting Close OneDrive, then relaunch it from the Start menu.

Step 4: Verify the Settings Are Applied

  1. Check OneDrive settings on the test PC
    Right-click the OneDrive cloud icon in the system tray. Select Settings. Go to Sync and backup. Confirm that Files On-Demand is enabled and that Known Folder Move shows the three folders as protected.
  2. Run the Group Policy Results Wizard
    On the domain controller, open Group Policy Management Console. Right-click the department OU and select Group Policy Results. Run the wizard for the test PC. Verify that the OneDrive policies show as Enabled.

ADVERTISEMENT

Using the Microsoft 365 Admin Center for Azure AD Joined Devices

If your department PCs are Azure AD joined and not managed by on-premises Group Policy, use the device policy in the Microsoft 365 admin center. This method applies settings at the tenant level and affects all users in the organization unless scoped with a security group.

  1. Sign in to the Microsoft 365 admin center
    Go to admin.microsoft.com. Navigate to Org settings and then OneDrive.
  2. Configure device policy
    Select Device policy. Toggle Use OneDrive Files On-Demand to On. Toggle Automatically move Desktop, Documents, and Pictures to OneDrive to On. Optionally, set the Delay in seconds before the Windows known folders are silently moved to a value like 300 to give users a brief notice.
  3. Scope the policy to a security group
    Click Edit next to Assign to. Select Specific security group. Enter the name of the department security group. Click Save and then Close.
  4. Wait for policy propagation
    The device policy refreshes on client PCs within 24 hours. To force an update, users can restart the OneDrive sync app or sign out and sign back in.

Common Issues After Deploying Standardized Settings

OneDrive Does Not Apply the Group Policy Settings

The most common cause is missing or outdated OneDrive ADMX files. Verify that the OneDrive.admx file is present in the Central Store and that the GPO is linked to the correct OU. Run gpresult /h report.html on a department PC to see which policies are applied. If the OneDrive policies are missing, re-import the ADMX files and run gpupdate /force.

Known Folder Move Fails With Error Code 0x80070005

This error indicates a permissions issue. The user must be a local administrator on the PC for the silent move to succeed. If your department users are standard users, deploy a startup script that grants temporary local admin rights during the move, or use the Prompt user to move Windows known folders policy instead of the silent option.

Files On-Demand Shows a Red X and Cannot Be Enabled

This occurs when the Windows feature Files On-Demand is disabled or when the NTFS file system does not support placeholders. Ensure the department PCs run Windows 10 version 1709 or later, or Windows 11. Also verify that the disk is formatted with NTFS and that the fsutil command fsutil 8dot3name query C: returns Disable 8dot3 name creation.

Files On-Demand vs Always Keep on This Device: Key Differences

Item Files On-Demand (Online-Only) Always Keep on This Device
Disk space usage Minimal — only metadata stored locally Full file size — entire content downloaded
File availability Requires internet to open file content Available offline at all times
Sync traffic on first setup Almost zero — only syncs folder structure High — downloads all files immediately
Best use case Department PCs with limited SSD space Laptops used in areas with poor connectivity

Standardizing to Files On-Demand saves storage and reduces network congestion. Only switch to Always Keep on This Device for specific users who work offline frequently.

You now have a repeatable process to enforce uniform OneDrive sync settings across department PCs using Group Policy or the Microsoft 365 admin center. Start by deploying to a small test group of five machines, then expand to the full department after verifying that Known Folder Move and Files On-Demand behave as expected. For ongoing compliance, schedule a monthly review of the GPO and the admin center device policy to catch any drift caused by local user changes.

ADVERTISEMENT

← Back to WiseChecker HomeMore in OneDrive

🔍 Recommended for You