From 83fa904a4e05e2e6a6b3b92bfa7e80cc1de3ac0e Mon Sep 17 00:00:00 2001 From: Olivier Date: Sun, 24 May 2026 09:44:13 +0200 Subject: [PATCH] Block OneDrive for new users --- README.fr.md | 6 +-- README.md | 6 +-- powershell/Remove-BuiltInApps.ps1 | 79 ++++++++++++++++++++++++++++++- 3 files changed, 83 insertions(+), 8 deletions(-) diff --git a/README.fr.md b/README.fr.md index b78664d..0fd1139 100644 --- a/README.fr.md +++ b/README.fr.md @@ -95,9 +95,9 @@ Utilise le script de nettoyage Appx pour supprimer certaines applications intég powershell -ExecutionPolicy Bypass -File .\powershell\Remove-BuiltInApps.ps1 ``` -Le script supprime les packages Appx installés et provisionnés, désactive les expériences consommateur Microsoft, met à jour les paramètres `ContentDeliveryManager` du profil utilisateur par défaut et écrit des marqueurs registre de déprovisionnement Appx. +Le script supprime les packages Appx installés et provisionnés, désactive les expériences consommateur Microsoft, bloque le démarrage OneDrive pour les futurs utilisateurs, met à jour les paramètres `ContentDeliveryManager` du profil utilisateur par défaut et écrit des marqueurs registre de déprovisionnement Appx. -OneDrive n'est généralement pas un package Appx. Pour appeler aussi le programme de désinstallation intégré de OneDrive, ajoute `-IncludeOneDrive` : +OneDrive est bloqué par défaut pour les futurs utilisateurs. Ce n'est généralement pas un package Appx, donc ajoute `-IncludeOneDrive` seulement si tu veux aussi appeler le programme de désinstallation intégré de OneDrive sur la machine courante : ```powershell powershell -ExecutionPolicy Bypass -File .\powershell\Remove-BuiltInApps.ps1 -IncludeOneDrive @@ -109,7 +109,7 @@ L'ancien script basé sur winget reste disponible, mais il ne cible que l'utilis powershell -ExecutionPolicy Bypass -File .\powershell\Winget-Remove-BuiltInApps.ps1 ``` -Lance ce script avant de créer le nouveau profil Windows, puis redémarre Windows. Les applications visées incluent des composants Xbox, Outlook for Windows, Hub de commentaires, Power Automate, Sticky Notes, Météo, Teams, Microsoft To Do, des applications Bing, Clipchamp, Windows Web Experience Pack et des packages intégrés associés. +Lance ce script avant de créer le nouveau profil Windows, puis redémarre Windows. Les applications visées incluent des composants Xbox, Outlook for Windows, Hub de commentaires, Power Automate, Sticky Notes, Météo, Teams, Microsoft To Do, des applications Bing, Clipchamp, Windows Web Experience Pack, le démarrage OneDrive et des packages intégrés associés. ## 🔁 Note de Maintenance diff --git a/README.md b/README.md index 7df675b..c9101ae 100644 --- a/README.md +++ b/README.md @@ -95,9 +95,9 @@ Use the Appx cleanup script when you want to remove selected built-in applicatio powershell -ExecutionPolicy Bypass -File .\powershell\Remove-BuiltInApps.ps1 ``` -The script removes installed and provisioned Appx packages, disables Microsoft consumer experiences, updates the default user profile `ContentDeliveryManager` settings and writes Appx deprovisioning registry markers. +The script removes installed and provisioned Appx packages, disables Microsoft consumer experiences, blocks OneDrive startup for future users, updates the default user profile `ContentDeliveryManager` settings and writes Appx deprovisioning registry markers. -OneDrive is not an Appx package on most Windows installations. To also call the built-in OneDrive uninstaller, pass `-IncludeOneDrive`: +OneDrive is blocked for future users by default. It is not an Appx package on most Windows installations, so pass `-IncludeOneDrive` only when you also want to call the built-in OneDrive uninstaller on the current machine: ```powershell powershell -ExecutionPolicy Bypass -File .\powershell\Remove-BuiltInApps.ps1 -IncludeOneDrive @@ -109,7 +109,7 @@ The older winget-based cleanup script is still available, but it only targets th powershell -ExecutionPolicy Bypass -File .\powershell\Winget-Remove-BuiltInApps.ps1 ``` -Run this script before creating the new Windows user profile, then restart Windows. Targeted applications include Xbox components, Outlook for Windows, Feedback Hub, Power Automate, Sticky Notes, Weather, Teams, Microsoft To Do, Bing apps, Clipchamp, Windows Web Experience Pack and related built-in packages. +Run this script before creating the new Windows user profile, then restart Windows. Targeted applications include Xbox components, Outlook for Windows, Feedback Hub, Power Automate, Sticky Notes, Weather, Teams, Microsoft To Do, Bing apps, Clipchamp, Windows Web Experience Pack, OneDrive startup and related built-in packages. ## 🔁 Maintenance Note diff --git a/powershell/Remove-BuiltInApps.ps1 b/powershell/Remove-BuiltInApps.ps1 index d55466a..5c04e06 100644 --- a/powershell/Remove-BuiltInApps.ps1 +++ b/powershell/Remove-BuiltInApps.ps1 @@ -174,6 +174,25 @@ function Set-DWordValue { New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType DWord -Force | Out-Null } +function Remove-RegistryValue { + param( + [string]$Path, + [string]$Name + ) + + if (-not (Test-Path $Path)) { + return + } + + $Property = Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue + + if ($null -eq $Property) { + return + } + + Remove-ItemProperty -Path $Path -Name $Name -Force -ErrorAction SilentlyContinue +} + function Set-ConsumerExperiencePolicies { $CloudContentPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" @@ -186,6 +205,19 @@ function Set-ConsumerExperiencePolicies { } } +function Set-OneDrivePolicies { + $WindowsOneDrivePolicyPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" + $OneDrivePolicyPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive" + + Write-Host "Disabling OneDrive for all users..." -ForegroundColor Cyan + + if ($PSCmdlet.ShouldProcess($WindowsOneDrivePolicyPath, "Set OneDrive disable policy")) { + Set-DWordValue -Path $WindowsOneDrivePolicyPath -Name "DisableFileSyncNGSC" -Value 1 + Set-DWordValue -Path $OneDrivePolicyPath -Name "PreventNetworkTrafficPreUserSignIn" -Value 1 + Write-Host "OneDrive policies configured." -ForegroundColor Green + } +} + function Set-ContentDeliveryManagerDefaults { param( [string]$RegistryRoot @@ -219,7 +251,45 @@ function Set-ContentDeliveryManagerDefaults { } } -function Set-DefaultUserContentDeliveryManagerDefaults { +function Remove-OneDriveStartupFromRegistryRoot { + param( + [string]$RegistryRoot + ) + + $RunPath = Join-Path $RegistryRoot "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" + $RunOncePath = Join-Path $RegistryRoot "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" + + Write-Host "Removing OneDrive startup entries in: $RegistryRoot" -ForegroundColor Cyan + + if ($PSCmdlet.ShouldProcess($RegistryRoot, "Remove OneDrive startup registry entries")) { + Remove-RegistryValue -Path $RunPath -Name "OneDrive" + Remove-RegistryValue -Path $RunPath -Name "OneDriveSetup" + Remove-RegistryValue -Path $RunOncePath -Name "OneDrive" + Remove-RegistryValue -Path $RunOncePath -Name "OneDriveSetup" + Write-Host "OneDrive startup entries removed where present." -ForegroundColor Green + } +} + +function Remove-OneDriveShortcutsFromDefaultProfile { + $ShortcutPaths = @( + (Join-Path $env:SystemDrive "Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"), + (Join-Path $env:ProgramData "Microsoft\Windows\Start Menu\Programs\OneDrive.lnk") + ) + + foreach ($ShortcutPath in $ShortcutPaths) { + if (-not (Test-Path $ShortcutPath)) { + continue + } + + Write-Host "Removing OneDrive shortcut: $ShortcutPath" -ForegroundColor Cyan + + if ($PSCmdlet.ShouldProcess($ShortcutPath, "Remove OneDrive shortcut")) { + Remove-Item -Path $ShortcutPath -Force -ErrorAction SilentlyContinue + } + } +} + +function Set-DefaultUserProfileDefaults { $DefaultUserHive = "Registry::HKEY_USERS\DefaultUser" $DefaultUserDat = Join-Path $env:SystemDrive "Users\Default\NTUSER.DAT" $HiveWasLoaded = $false @@ -243,6 +313,7 @@ function Set-DefaultUserContentDeliveryManagerDefaults { try { Set-ContentDeliveryManagerDefaults -RegistryRoot $DefaultUserHive + Remove-OneDriveStartupFromRegistryRoot -RegistryRoot $DefaultUserHive } finally { if ($HiveWasLoaded) { @@ -254,6 +325,8 @@ function Set-DefaultUserContentDeliveryManagerDefaults { } } } + + Remove-OneDriveShortcutsFromDefaultProfile } function Set-AppxDeprovisionedRegistryMarkers { @@ -313,8 +386,10 @@ foreach ($PackageFamilyName in $KnownPackageFamilyNames) { } Set-ConsumerExperiencePolicies +Set-OneDrivePolicies Set-ContentDeliveryManagerDefaults -RegistryRoot "HKCU:" -Set-DefaultUserContentDeliveryManagerDefaults +Remove-OneDriveStartupFromRegistryRoot -RegistryRoot "HKCU:" +Set-DefaultUserProfileDefaults foreach ($Pattern in $PackageNamePatterns) { Invoke-InstalledAppxPackageRemoval -Pattern $Pattern