Required executables must be configured to be able to run OneDrive along with SecureRun.
Configure a PolicyPak Least Privilege Manager rule to “allow and log” the following executables. These can also be configured using the pre-configured advice for PPLPM. You can download those from the Customer Portal → Downloads → Production-Guidance link.
Once you have downloaded the Guidance you are looking for the PolicyPak Least Privilege Manager XMLs and then specifically the array of OneDrive files like what’s seen here.
Location: %localappdata%\Microsoft\OneDrive\
OneDrive Sync Client and responsible for application launch in Windows Explorer. It must be set to allow and log in the rule as shown below screenshot.
Location: %localappdata%\Microsoft\OneDrive\ [~version~] \
This executable needs to run once on the computer and prompts will go away.
Location: %localappdata%\Microsoft\OneDrive\Update
OneDrive Setup Package file. Used for first-time installation and uninstallation of the program.
Location: %localappdata%\Microsoft\OneDrive\ [~version~] \
This file doesn’t appear during OneDrive installation anymore. Configure the Allow and Log policy as shown below when you got a SecureRun block message.
Location: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
This will keep OneDrive updated using a Task entry in Windows Task Scheduler. Create this allow and log rule when you want to keep it automated.
OneDrive Command-line Arguments:
In some cases when OneDrive updates are pushed or for any other scenario, CMD command-lines are triggered for OneDrive application. Give a try to our pre-configured guidance named “Microsoft OneDrive Allow Rules needed for SecureRun.XML”.
We’ve combined known command-line args in that XML guidance, as shown in below screenshot.
But if you’re receiving a different command-line prompt then check the following KB for more help: