This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 97%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELD%3C/text%3E%3C/svg%3E)
I have a Citrix Server environment where we hide and restrict the local drives on the servers. This has worked splendidly for many years. Recently, I started testing FSLogix to use for profile management. The goal with FSLogix is to address the limitations of a user OST file, Teams desktop client and OneDrive.
All was going pretty good (aside from the gigantic profile sizes) for Exchange Cached Mode and the Teams client. I hit a giant roadblock with OneDrive. OneDrive sets up a folder in C:\Users\NTID\OneDrive. These folders are restricted due to my GPO. The only way I found to get OneDrive working is to remove the drive restriction policy.
This leaves the C: drive wide open. By default the local Users group has read/write permissions all over the local drive. I dread the idea of manipulating the default OS ACLs all over the C: drive in order to get OneDrive working.
I have seen many references to some users simply removing the RUN option for users. However, there are many, many ways to still see and interact with the local files and folders outside of the RUN option. This is not an option for me.
Does anyone have a good solution for tight control of the local drives while still allowing access to OneDrive?
Hi @Lindstrom, Dexter ,
Welcome to Q&A forum!
According to your description, your issue is more related to Windows drive policy, I will remove the office-onedrive-client-itpro tag that focuses on general issues about OneDrive client.
Thanks for your understanding.
Well the issue is not specifically tied to any one of the 3 items: GPO drive restriction policy, OneDrive client and FSLogix. The issue is the intersection of the 3 items.
It would be great if OneDrive was more friendly with RDS, Citrix and other non-persistent environments. I imagine there are others trying to solve the same problem and allow OneDrive functionality while maintaining tight control of the local drives. Maybe most people just surrender the security of the C: drive to allow OneDrive functionality. I am hoping that some really thoughtful and creative individual has found a solution to maintain C: drive access while allowing OneDrive access.