Saturday, February 20, 2021

KFM ( Known Folder Move) what you need to know when it fails.

 

KFM ( Known Folder Move) what you need to know when it fails.

 If you have deployed KFM (Known Folder Move) in your environment and user GPO to force it down to user computer , you did enabled at the least below reg keys via your GPO, or add them manually via SCCM or PS script.

 KFM , required and recommended GPO settings

Registry Hive

HKEY_LOCAL_MACHINE

Registry Path

SOFTWARE\Policies\Microsoft\OneDrive

Value Name

KFMBlockOptIn

Value Type

REG_DWORD

Enabled Value

1

Disabled Value

0

KFMSilentOptIn

Tenant ID:

 

Registry Hive

HKEY_LOCAL_MACHINE

Registry Path

SOFTWARE\Policies\Microsoft\OneDrive

Value Name

KFMSilentOptIn

Value Type

REG_SZ

Default Value

 

 

 

KFMSilentOptInWithNotification

 

Show notification to users after folders
have been redirected:

Enabled

Registry Value

HKEY_LOCAL_MACHINE

Registry Path

SOFTWARE\Policies\Microsoft\OneDrive

Value Name

KFMSilentOptInWithNotification

Value Type

REG_DWORD

Value

0

 

If you found out KFM did not worked one of the most common reason is, existing folder redirection, and OneDrive will add several keys in the registry to prevent KFM run next time, since it has already been failed. You need to fix existing folder redirection issue, whatever is causing it. Then clean up following registry keys to be ready to try again

 

 

 

STEPS

Registry Key Location

Registry Keys

STEP#1

Close OneDrive make sure it is not running

STEP#2

Check existing group policy
redirection -fdeploy key

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList\
(yoursid)\fdeploy 

 

 

PathEffective

 

 

 

STEP#3

Reset the state of KFM deployment, remove all KFM keys in the following registry location

HKCU\SOFTWARE\Microsoft\OneDrive\Accounts\Business1

 

Some examples are

 

 

 

Delete Keys:

 

 

KfmAcmAdminMessageState

 

 

KfmHasForceShownWindow

 

 

KfmIsDoneSilentOptIn

 

 

KfmSilentAttemptedFolders

 

 

 

STEP#4

 

 

 

Additionally you need to remove following key

HKCU\SOFTWARE\Microsoft\OneDrive\

 

Delete Key

KfmFolderNotSyncingMessageHandled

STEP#5

Close OneDrive and try. and make sure all keys for the deployment does exist

 

 

 

 

 

 

 

STEP#5

GPO Basic KFM reg keys

# KFMBlockOptIn

 

these keys later on)

# KFMSilentOptIn

 

$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\OneDrive"

# KFMSilentOptInWithNotification

 

 

# KFMOptInWithWizard ( recommended by MS )

 

 

 

 

 

Azure Solutions Architect
AWS Certified Cloud Practitioner
Azure Certified Security Engineer Associate
https://simplepowershell.blogspot.com
https://cloudsec365.blogspot.com
https://msazure365.blogspot.com
https://twitter.com/Message_Talk

 

 

 

Posted by at 2 comments:
Subscribe to: Posts (Atom)