I keep seeing the requirement that the desktop (or other folders) synchronized with OneDrive must always be available offline. Making all OneDrive folders available offline often leads to more problems because local storage may not be enough. Each user could theoretically click on the folder once and select the option. But we can solve this much better with a PowerShell script and a proactive remediation package. This way, we make sure that new jobs, or when the user deselects them, remain available offline.

Table of Contents

Keep specific folder offline

As soon as you select "Always available offline" on a folder in OneDrive, an attribute in this and all underlying data changes. We can also track this change with PowerShell and "attrib.exe" and of course carry it out. (attribute | Microsoft Learn)

You can read out what the attributes are like and what changes in the various statuses:
attrib.exe "C:\..\Desktop"

attrib.exe Folder

Between the two queries, I manually activated the option. This means that we have to remove the "U" attribute and replace it with a "P".

Now make the OneDrive desktop available offline with the following command:
attrib.exe "C:\..\Desktop" -U +P /s /d

However, we are still missing the availability of the content. We can also use an example to find out what the attributes of these must be like:
attrib.exe "C:\..\Desktop\Demo.docx"

attrib.exe File

Die Attribute hier passen wir so an:
Get-ChildItem "C:\..\Desktop" -Recurse | Select-Object Fullname | ForEach-Object { attrib.exe $_.FullName -U +P }

The whole thing as a simple script looks like this:

$CompanyName = "scloud"
$Folder = "Desktop"

# OneDrive Path
$OneDrive_path = "$($home)\OneDrive - $CompanyName\$Folder"

# Process main folder 
attrib.exe $OneDrive_path -U +P /s /d

# Process child items 
Get-ChildItem $OneDrive_path -Recurse | Select-Object Fullname | ForEach-Object { attrib.exe $_.FullName -U +P }Code language: PHP (php)

Proactive Remediation

In order to also counteract user actions (if a user "desynchronizes" the desktop), I have created a proactive remediations package for the process described above. As usual, I put this on GitHub for you.

PR - OneDrive Desktop offline @GitHub

If you do not use an Enterprise Windows version in your company, you cannot use the Proactive Remediations feature in Intune. But I have this for you: "Proactive Remediation for Business" | scloud

Detection

In the detection, I first check whether the folder is in the right state.
To do this, I compare the output of attrib.exe with the desired target state. If this is not as desired, the detection is ended with the exit code "1" and thus triggers the remediation:

# Retrieve the attributes of the OneDrive_path using attrib.exe command
$MainStatus_current = $(attrib.exe $OneDrive_path) -replace(" ","")

# Create MainStatus_target variable by concatenating "RP" and OneDrive_path, then remove any whitespace characters
$MainStatus_target = "RP"+$($OneDrive_path) -replace(" ","")

# Compare MainStatus_current and MainStatus_target. If they are not equal, print a warning message and exit with status code 1.
if($MainStatus_current -ne $MainStatus_target){
    Write-Warning "Not offline aviable: $OneDrive_path"
    exit 1
}
Code language: PowerShell (powershell)

If the folder is already available offline, all content will be checked. As soon as one appears unavailable, the detection is terminated and, as with the folder with the exit code "1", triggers remediation.

# Get all Child Items
$ChildItems = Get-ChildItem -Path $OneDrive_path -Recurse

# Loop through each child item
Foreach($child in $ChildItems){
    # Retrieve the attributes of the item using attrib.exe command
    $ChildStatus_current = $(attrib.exe $child.FullName) -replace(" ","")
    # Define the desired status of the child item by prepending "AP" to its full name
    $ChildStatus_target = "AP"+$($child.FullName) -replace(" ","")
    # If current status of the child does not match the desired status, exit with 1
    if($ChildStatus_current -ne $ChildStatus_target){
        Write-Warning "Not all files are offline aviable."
        exit 1
    }
}Code language: PowerShell (powershell)

If neither the folder nor a file in it is affected, the detection is ended with the exit code "0" and nothing else is triggered.

If an error occurs, the detection is also ended with "1".

Remediation

The remediation is actually the script above that sets the folder and the files it contains to "available offline". With the difference that a small error handling is also built around it.

$CompanyName = "scloud"
$Folder = "Desktop"

try{

    # OneDrive Path
    $OneDrive_path = "$($home)\OneDrive - $CompanyName\$Folder"

    # Process main folder 
    attrib.exe $OneDrive_path -U +P /s /d

    # Process child items 
    Get-ChildItem $OneDrive_path -Recurse | Select-Object Fullname | ForEach-Object { attrib.exe $_.FullName -U +P }

}catch{
    Write-Error $_
}
Code language: PowerShell (powershell)

Configuration in Intune

You create the Proactive Remediations package in Intune under:
Reports > Endpoint analytics > Proactive remediations > Create script package

New Proactive Remediations

In the settings you upload the two scripts as follows:

Proactive Remediations, detection and remediation

You only need scope tags if you use them in your organization.

Finally, you assign the package and define a schedule:

Proactive Remediations, assignment and schedule

That's it, now the check is carried out daily and, if necessary, the necessary attribute is set.

Leave a Reply

Your email address will not be published. Required fields are marked *

Florian Salzmann
Senior Workplace Consultant @UMB AG

Stay in the Loop with My Monthly Newsletter!