For my environment, the OneDrive Next gen sync agent is installed by Office 2016 Click-to-Run as it still Windows 7 for the majority. For the Windows 10 systems however its included in the OS and even with 1607 is now out of date. Instead of letting it update after deployment and presenting dialogs to the user, I thought I would update it via the deployment Task Sequence so its current right out of the box.
I chose to handle this via a simple BAT file thats really just 3 lines thats needed. Windows 10 keeps the OneDriveSetup.EXE in %WINDIR%\SysWOW64 folder on 64-Bit systems and %WINDIR%\SYSTEM32 on 32-Bit. It is a 32-bit application so the File System Redirector handles how its presented. So first we need to find the file. Note that the Office install puts it under Program Files(x86)\OneDrive.
IF EXIST %SYSTEMROOT%\System32\OneDriveSetup.exe SET ONEDRIVEPATH=%SYSTMEROOT%\System32\OneDriveSetup.exe
IF EXIST %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe SET ONEDRIVEPATH=%SYSTEMROOT%\SysWow64\OneDriveSetup.exe
Since the file is owned by BUILTIN\TrustedInstaller we have to take ownership so SCCM is able to replace it.
%SYSTEMROOT%\system32\takeown.exe /f %ONEDRIVEPATH%
Now that we own it, we can modify permissions. Since its ran during the TS we are running as BUILTIN\System so lets give that account Full rights to the file. This allows us to delete and replace it.
%SYSTEMROOT%\system32\icacls.exe %ONEDRIVEPATH% /Grant System:(F)
Then simply copy the newer one. If your doing manually outside of a TS step you should use '%~dp0' variable.
Copy OneDriveSetup.exe %ONEDRIVEPATH%
The entire script is below if you want to just use it as is.
@ECHO OFF
:: from https://kevinisms.fason.org
:: written by Kevin Fason
:: This will take ownership of OneDriveSetup.exe for Windows 10 so we can update it
:: Version 1.0
:: Initial Release
:: February 6, 2017
::
:: Locate it due to system32/Syswow64 switching per what bitlevel this scrip runs in
IF EXIST %SYSTEMROOT%\System32\OneDriveSetup.exe SET ONEDRIVEPATH=%SYSTMEROOT%\System32\OneDriveSetup.exe
IF EXIST %SYSTEMROOT%\SysWOW64\OneDriveSetup.exe SET ONEDRIVEPATH=%SYSTEMROOT%\SysWow64\OneDriveSetup.exe
:: Make changes
:: Take Ownership
%SYSTEMROOT%\system32\takeown.exe /f %ONEDRIVEPATH%
:: Give BUILTIN\System Full rights
%SYSTEMROOT%\system32\icacls.exe %ONEDRIVEPATH% /Grant System:(F)
:: Replace the old one
Copy OneDriveSetup.exe %ONEDRIVEPATH%
There are many other ways to handle something like this. Since this BAT is called from a wrapper there is zero checks and balances as the wrapper and ConfigMgr application handle that. I chose an if then but you can use a goto statement as well for each bitlevel location. Doing it via Powershell is possible also however a BAT is alot simpler IMO. My co-worker Jason provided this as an example while still using built in executibles for the ownership and ACL work.
$Path32 = $ENV:SYSTEMROOT + '\system32\OneDriveSetup.exe'
$Path64 = $ENV:SYSTEMROOT + '\syswow64\OneDriveSetup.exe'
if([System.IO.File]::Exists($path32))
{
[Environment]::SetEnvironmentVariable("ONEDRIVEPATH", $Path32, "Machine")
& c:/Windows/system32/takeown.exe /f $Path32
& c:/Windows/system32/icacls.exe $Path32 /Grant ("System" + ':F')
Copy-item ./OneDriveSetup.exe $Path32 -force
Write '32'
}
if([System.IO.File]::Exists($path64))
{
[Environment]::SetEnvironmentVariable("ONEDRIVEPATH", $Path64, "Machine")
& c:/Windows/system32/takeown.exe /f $Path64
& c:/Windows/system32/icacls.exe $Path64 /Grant ("System" + ':F')
Copy-item ./OneDriveSetup.exe $Path64 -force
Write '64'
}
No comments:
Post a Comment