I keep seeing the requirement that the desktop (or other folders) synchronized with OneDrive must always be available offline. Making all OneDrive folders available offline often leads to more problems because local storage may not be enough. Each user could theoretically click on the folder once and select the option. But we can solve this much better with a PowerShell script and a proactive remediation package. This way, we make sure that new jobs, or when the user deselects them, remain available offline.
Table of Contents
Keep specific folder offline
As soon as you select "Always available offline" on a folder in OneDrive, an attribute in this and all underlying data changes. We can also track this change with PowerShell and "attrib.exe" and of course carry it out. (attribute | Microsoft Learn)
You can read out what the attributes are like and what changes in the various statuses:attrib.exe "C:\..\Desktop"
Between the two queries, I manually activated the option. This means that we have to remove the "U" attribute and replace it with a "P".
Now make the OneDrive desktop available offline with the following command:attrib.exe "C:\..\Desktop" -U +P /s /d
However, we are still missing the availability of the content. We can also use an example to find out what the attributes of these must be like:attrib.exe "C:\..\Desktop\Demo.docx"
Die Attribute hier passen wir so an: Get-ChildItem "C:\..\Desktop" -Recurse | Select-Object Fullname | ForEach-Object { attrib.exe $_.FullName -U +P }
The whole thing as a simple script looks like this:
$CompanyName = "scloud"
$Folder = "Desktop"
# OneDrive Path
$OneDrive_path = "$($home)\OneDrive - $CompanyName\$Folder"
# Process main folder
attrib.exe $OneDrive_path -U +P /s /d
# Process child items
Get-ChildItem $OneDrive_path -Recurse | Select-Object Fullname | ForEach-Object { attrib.exe $_.FullName -U +P }
Code language: PHP (php)
Proactive Remediation
In order to also counteract user actions (if a user "desynchronizes" the desktop), I have created a proactive remediations package for the process described above. As usual, I put this on GitHub for you.
If you do not use an Enterprise Windows version in your company, you cannot use the Proactive Remediations feature in Intune. But I have this for you: "Proactive Remediation for Business" | scloud
Detection
In the detection, I first check whether the folder is in the right state.
To do this, I compare the output of attrib.exe with the desired target state. If this is not as desired, the detection is ended with the exit code "1" and thus triggers the remediation:
# Retrieve the attributes of the OneDrive_path using attrib.exe command
$MainStatus_current = $(attrib.exe $OneDrive_path) -replace(" ","")
# Create MainStatus_target variable by concatenating "RP" and OneDrive_path, then remove any whitespace characters
$MainStatus_target = "RP"+$($OneDrive_path) -replace(" ","")
# Compare MainStatus_current and MainStatus_target. If they are not equal, print a warning message and exit with status code 1.
if($MainStatus_current -ne $MainStatus_target){
Write-Warning "Not offline aviable: $OneDrive_path"
exit 1
}
Code language: PowerShell (powershell)
If the folder is already available offline, all content will be checked. As soon as one appears unavailable, the detection is terminated and, as with the folder with the exit code "1", triggers remediation.
# Get all Child Items
$ChildItems = Get-ChildItem -Path $OneDrive_path -Recurse
# Loop through each child item
Foreach($child in $ChildItems){
# Retrieve the attributes of the item using attrib.exe command
$ChildStatus_current = $(attrib.exe $child.FullName) -replace(" ","")
# Define the desired status of the child item by prepending "AP" to its full name
$ChildStatus_target = "AP"+$($child.FullName) -replace(" ","")
# If current status of the child does not match the desired status, exit with 1
if($ChildStatus_current -ne $ChildStatus_target){
Write-Warning "Not all files are offline aviable."
exit 1
}
}
Code language: PowerShell (powershell)
If neither the folder nor a file in it is affected, the detection is ended with the exit code "0" and nothing else is triggered.
If an error occurs, the detection is also ended with "1".
Remediation
The remediation is actually the script above that sets the folder and the files it contains to "available offline". With the difference that a small error handling is also built around it.
$CompanyName = "scloud"
$Folder = "Desktop"
try{
# OneDrive Path
$OneDrive_path = "$($home)\OneDrive - $CompanyName\$Folder"
# Process main folder
attrib.exe $OneDrive_path -U +P /s /d
# Process child items
Get-ChildItem $OneDrive_path -Recurse | Select-Object Fullname | ForEach-Object { attrib.exe $_.FullName -U +P }
}catch{
Write-Error $_
}
Code language: PowerShell (powershell)
Configuration in Intune
You create the Proactive Remediations package in Intune under:
Reports > Endpoint analytics > Proactive remediations > Create script package
In the settings you upload the two scripts as follows:
You only need scope tags if you use them in your organization.
Finally, you assign the package and define a schedule:
That's it, now the check is carried out daily and, if necessary, the necessary attribute is set.