Restore the Shared with Everyone folder in OneDrive for Business

For a long time now, the default behaviour in OneDrive for Business has been to provide a folder (called “Shared with Everyone”) which is an easy way to share files with everyone in the organisation. By default, the permissions on this allow editing of files in the folder by “Everyone except external users” (and guest links can be provided for others – either on a view-only or an edit basis).

From 1 August 2015, Microsoft changed the default setting for OneDrive for Business so that the Shared with Everyone folder is no longer provisioned.  It can be created manually by a user, or the tenant settings for the entire organisation can be set to provision the folder by default:

Set-SPOTenant –SharingCapability Disabled –ProvisionSharedWithEveryoneFolder $true

It’s also possible to remove users’ ability to use the “Everyone,” “All Users” and “Everyone except external users” groups from the people picker in OneDrive for Business and SharePoint Online with the following commands:

Set-SPOTenant -ShowEveryoneClaim $false
Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $false
Set-SPOTenant -ShowAllUsersClaim $false

Enabling them is achieved with the equivalent commands but set to $true.

Problems setting storage quotas in OneDrive for Business? Check that site collection storage management is set to manual!

A few weeks ago, I wrote a blog post about controlling OneDrive for Business syncing to prevent data copies on non-domain-joined PCs. Since then, I’ve had to add a post script to highlight a known issue with domain joined PCs failing to sync OneDrive for Business, even when added to a safe list, which is fixed by the 12 May 2015 update for OneDrive for Business (see Microsoft knowledge base article 2986244).

I also wrote in that post about problems setting storage quotas in OneDrive for Business using Set-SPOSite -Identity -StorageQuota 2048

Set-SPOSite : Cannot get site
At line:1 char:1
+ Set-SPOSite -Identity …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], ServerException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.SetSite

After raising a service request with Microsoft (which took over a week to be escalated after a few days of the initial team failing to resolve it) and then engaging the Microsoft Onboarding Center instead, I finally got to the bottom of the issue. The problem was that Site Collection Storage Management in SharePoint Online was set to Automatic. Once this was changed to Manual, I could successfully apply the quotas to users’ OneDrive for Business sites.

Office 365 (SharePoint Online) Site Collection Storage Management settings

As well as using PowerShell (Get-SPOSite -Identity, you can check the current storage quota in the browser, under Site settings, Storage Metrics:

One Drive for Business storage quota reduced to 2GB

Unfortunately this setting has to be applied on a per-user basis, after the user has already logged on to OneDrive for Business (which provisions the storage).

Default site collections in SharePoint Online

When an Office 365 tenant is created with SharePoint Online, several site collections are created.  It can be confusing to work out what each is for, so here’s a quick reference, based on the SharePoint 2013 sites – I guess this may change as SharePoint 2016 is rolled out.

  • – team site for the company – you can always create more, but this is the “top of the tree”.
  • – not sure about the purpose of this one, although I suspect it’s a SharePoint 2013 community forum.
  • – Office 365 Video.
  • – the search site for the tenant
  • – the site collection for all of the users’ OneDrive for Business sites, each one named (with the .s replaced by _s).

Note that the SharePoint URL is one of the few places where the Office 365 tenant name is exposed to users.

Control OneDrive for Business syncing to prevent data copies on non-domain-joined PCs

One of the recently announced changes to Office 365 is the ability to better control OneDrive for Business. Specifically, it’s now possible to control OneDrive for Business syncing to prevent data from being copied to non-domain-joined PCs, based on a list of approved domains, as well as to change the storage limit for users (perhaps 1TB is just too much data and something more restrained might reduce the impact on your network). There are also some changes around the “Shared with Everyone” folder, which used to be created by default but isn’t anymore.

The full details are in an Office Mechanics video, linked from a Microsoft blog post but I recently had the chance to try them out for real.

Step 1 was to determine the ObjectGuid for each of the domains in my customer’s Active Directory Forest, using Active Directory PowerShell:

$domains = (Get-ADForest).Domains; foreach($d in $domains) {Get-ADDomain -identity $d | Select ObjectGuid}

Step 2 is to connect to Office 365 using PowerShell:

connect-sposervice –url –credential $cred

Step 3 is to take the ObjectGuid from step 1 and use the Set-SPOTenantSyncClientRestriction cmdlet to restrict synchronisation:

Set-SPOTenantSyncClientRestriction -enable -DomainGuids "a0083dbb-e136-4f48-a048-2ec3a4c40cab"

It’s worth noting that, initially, this failed for me – SetSPOTenantSyncClientRestriction wasn’t a valid command in the version of the SharePoint Online Management Shell I had installed. I checked the version with Get-Module -ListAvailable | Format-List version, name and found I had version 15.0.4569.0 of Microsoft.Online.SharePoint.PowerShell. After updating to the latest version, I was at version 16.0.4316.0, which worked a treat:

TenantRestrictionEnabled AllowedDomainList

———————— —————–

True {a0083dbb-e136-4f48-a048-2ec3a4c40cab}

It’s important to understand how the restrictions are enforced though:

  • Not only will OneDrive for Business Sync client requests originating from a domain that is not on the safe recipients list be blocked but all OneDrive for Business Mac Sync client requests will be blocked. This also means that a sync relationship will not be established unless they are joined to an allowed domain.
  • However:
    • Mobile clients are not blocked (there are separate MDM controls for this) and any files that have been previously been synced to the computer will not be deleted.
    • New or existing files added to the client will still be uploaded to the server and will not be blocked.
    • OneDrive for Business sync client prior to version 15.0.4693.1000 will stop syncing existing libraries.

Controlling the storage quota was a little more tricky. I found that I could use Get-SPOSite -Identity to view the properties of a users’ OneDrive for Business site, but attempting to set the quota on the same site presented an error:

Set-SPOSite -Identity -StorageQuota 2048

Set-SPOSite : Cannot get site
At line:1 char:1
+ Set-SPOSite -Identity …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], ServerException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.SetSite

I haven’t fixed that yet, so I’ll be returning to the topic again soon, no-doubt…

Post Script

There is a known issue with domain joined PCs failing to sync OneDrive for Business, even when added to a safe list, which is fixed by the 12 May 2015 update for OneDrive for Business (see Microsoft knowledge base article 2986244).

The OneDrive that’s really two drives…

Jamie Thomson and I have long since lamented the challenges of Microsoft’s two directories for cloud services and it doesn’t stop there. Take a look at cloud storage:

  • OneDrive is Microsoft’s cloud-based storage offering, accessed with a Microsoft Account (formerly a Windows Live ID, or a Passport if you go back far enough…)
  • OneDrive for Business is Microsoft’s cloud-based storage offering, accessed with an Organizational Account (which lives in Microsoft Azure AD)

Similar names, similar purpose, totally different implementation – as the OneDrive for Business product is still Groove (which later became SharePoint Workspace) under the covers (have a look at the filename when you download the client).

And look what happens when you have both products with the same email address used to access them:

Still, at least the site detects that this has happened and gives you the choice. And there is some hope for future convergence as Jamie highlights in this blog post from earlier in the year.

Earlier this week, I was helping a customer to get ready for an Office 365 pilot and they were having challenges with the OneDrive client. The version available for download from the Office 365 portal is a click-to-run installation and it didn’t want to play nicely with their .MSI-based Office 2013 installation (which should already include the client anyway). Actually, that didn’t really matter because the OneDrive client is also included in Windows 8.1, which was the operating system being used.

The confusion came with setting up the connected services inside Office:

  • To set up a OneDrive account, click on OneDrive – but that will only accept Microsoft Account credentials and, after configuration it will show as something like “OneDrive – Personal”.
  • To set up OneDrive for Business, don’t click OneDrive but select SharePoint instead. After logging on with your Organizational Account credentials, that will be displayed as “OneDrive – organisation name” (with SharePoint sites appearing as “Sites – organisation name”).

Some illustration might help so, below is a shot of my connected services. Because I’m connected to multiple Office 365 tenants, you can see that I have multiple OneDrive [for Business] and Sites entries:

If you’re trying to get hold of the OneDrive for Business sync client for SharePoint 2013 and SharePoint Online, Microsoft knowledge base article 2903984 has the links for the click-to-run install.  If you want an MSI version, then you’re out of luck – but you can create a customised Office 2013 installation instead as OneDrive for Business (formerly SkyDrive Pro) was originally released as part of several Office 2013 suites (as described in Microsoft knowledge base article 2904296.

Finally, if you’re trying to work out how to get a OneDrive for Business app on Windows Phone, the OneDrive app can connect to both OneDrive and OneDrive for Business.


Short takes: Symbols in Office applications and converting numbers to text in Excel

A few snippets I found on scraps of paper whilst sorting out my office this week…

Shortcuts to symbols in Office applications

Many people will be familiar with typing (c) to generate a © symbol in Microsoft Office applications but you can also use (R) or (TM) for trademark symbols ® and ™. One more that’s useful to know is (e) for the European currency symbol € (at least, it’s useful if your keyboard doesn’t recognise the Euro!).

Another useful code to know is the shortcut to create the symbol used to denote “therefore”, which is ? (and doesn’t appear in any dialogs I’ve seen to insert a symbol/special character). In Office applications running on a Windows PC, it’s possible to type ALT+8756 to generate the symbol.

I’ve tried these in Word and OneNote but see no reason why it shouldn’t work in other Office applications.  Unfortunately the functionality is limited to Office rather than part of the operating system – it doesn’t seem to work in a browser, or in NotePad for example.

Converting numerical data to text in Excel, or SharePoint, or something like that…

A few months ago I was creating a SharePoint list and wanted to display a unique ID for each entry but couldn’t use calculated values in the title column to base it on the actual ID for the list item (at least not when provisioning via the GUI). I can’t remember the exact circumstances but, looking back at my notes it appears I used the following formula in Excel to create a text version of a numerical cell:


I probably then uploaded that to SharePoint as a list and messed around with the columns displayed in a particular view… although it’s all a bit vague now. I no longer have access to the list I was working on, but it might jog my memory if I have to do something similar again…

Authentication issues with SharePoint in Windows Explorer mode resolved with browser proxy settings

Every now and again I get infuriated by our Microsoft Office SharePoint Server (2007) platform as it prompts for credentials (before failing to authenticate and repeating the process) when I go to open a document library in Windows Explorer mode.  Today I found the cause of that issue.

I’d been working at Microsoft’s offices yesterday and had disabled the proxy server settings in my browser.  After returning home and VPNing to our network, I was able to access both Internet and intranet resources as normal and I forgot about the proxy server change. Only when trying to work out why I was being asked for authentication as I tried to use SharePoint in Windows Explorer mode did I remember to turn it back on again – after which everything worked as it should.

It may be peculiar to our infrastructure, or it may be a wider issue that’s worth mentioning so, if you experience authentication issues when trying to open a SharePoint library in Windows Explorer mode, double-check your browser’s proxy server settings!

Some SharePoint tips/tricks for editing list forms and hiding standard page elements

Over the last couple of years, I’ve written a few SharePoint-based blog posts as I’ve hacked my way around the company’s infrastructure, trying to get it working the way I’d like it to (creating dashboards, adding the odd bit of workflow and custom columns to pre-populate list data, embedding video, etc.).  There’s a rumour that we might get SharePoint 2013 soon but, for now, all of my hacks/tweaks have been based on 2007.

In the last few weeks, one of the projects I’ve been involved in has taken a major step forward, engaging a real designer and a real web developer, instead of li’l ol’ me.  From my perspective, this has been great news, although there have been some times when I’ve questioned the maintainability of custom code used in situations that have caused problems in the past (e.g. to edit the default forms used for displaying list items).

As you might expect, I’ve also picked up a couple of tips, working alongside some experts – and I thought I’d make a quick note of them here, for future reference.

Editing list forms without using SharePoint Designer

First up, a handy little trick to edit list forms (like DispForm.aspx) without having to resort to using SharePoint Destroyer Designer, which is little more than Microsoft FrontPage (just about OK in it’s day but long past its sell-by date now). Just add ToolPaneView=2 into the query string, for example

Unfortunately, this doesn’t seem to work on my Office 365 SharePoint site, so it might be 2007-only but useful nevertheless. In our case, this was used to add a (hidden) Content Editor Web Part with some jQuery and CSS to style up the form.

Hiding page elements

Sometimes, there are standard elements of a page that you don’t want to display and, without access to the templates used on a corporate site, that might be difficult. As it happens, all that’s required is a little in-line CSS, included in a (hidden) Content Editor Web Part:

<style type="text/css">.ms-webpartpagedescription {display:none}</style>

Just use the Developer Tools in Internet Exploder (or similar in your choice of browser – although, if you’re using SharePoint 2007, it probably will be IE) to find the class of the element to be hidden. In this case, I removed some standard text that was inserted below the breadcrumb trail at the top of the page but I’ve also seen it used to hide the page title and it could be applied to other elements too.

Credits: Thanks to Steve Haxell for sharing these methods with me.

Embedding Windows Media in a SharePoint website

A few weeks ago, I found myself standing in front of a green screen in a meeting room that had been “converted” into a temporary film studio, recording a video for internal communication on the technology standardisation initiatives I’ve been running for the last few months.  After all the edits and final approvals, the videos are now coming online and, as “Chief SharePoint Officer” for our team (I jest), it was up to me to hack our portal and get them online.

I figured that the guys in our internal studio must have done this before and, sure enough, the advice I received was to use JWPlayer for Flash content or to embed a media player for Windows Media files. We went with Windows Media (I can play the WMVs offline too), so I used a method described on Stack Overflow to embed an object inside a SharePoint Content Editor Web Part.

I’m sure that there are alternatives that provide better cross-browser support but as this is a SharePoint 2007 website, the only browser that will be used is some variant of Internet Exploder (and our corporate browser is Internet Explorer 8) so not too much to worry about.

I needed just one slight variation.  The videos I used were 480×270 pixels so, with the controls, I needed the player to be slightly taller. Playing around until I had no black bars around the video got me to the following code:

<object id="mediaplayer" classid="clsid:22d6f312-b0f6-11d0-94ab-0080c74c7e95" codebase=",1,52,701" standby="loading microsoft windows media player components..." type="application/x-oleobject" width="480" height="315">
<param name="filename" value="http://mystreamingvideoserver/myfile_480.wmv">
     <param name="animationatstart" value="true">
     <param name="transparentatstart" value="true">
     <param name="autostart" value="true">
     <param name="showcontrols" value="true">
     <param name="ShowStatusBar" value="false">
     <param name="windowlessvideo" value="true">
     <embed src="http://mystreamingvideoserver/myfile_480.wmv" autostart="true" showcontrols="true" showstatusbar="1" bgcolor="white" width="480" height="270">
<p><a href="http://mystreamingvideoserver/myfile.wmv">A full-quality download of this video</a> is also available.</p>

Internet Explorer crashes when editing lists in SharePoint datasheet view

Recently, I found I was experiencing issues when editing lists in SharePoint.  After switching to datasheet view, Internet Explorer displayed a message which said:

Internet Explorer has stopped working

Windows is checking for a solution to the problem…


A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

IE then attempts to reload before presenting a page that gives more information:

It seems that Windows Data Execution Prevention (DEP) detected an add-on trying to use system memory incorrectly, so I took a look at the DEP settings but everything seemed in order.

Eventually I tracked the problem down to cells that contained HTML code (for a dashboard that I created in SharePoint), being mis-interpreted as a malicious exploit.  I created a new view, minus the columns containing HTML and was able to edit without any browser crashes.  It’s a bit of a nuisance but it seems to work…

Given the choice, I wouldn’t be using Internet Exploder anyway but, as this is SharePoint 2007, I don’t have a lot of choice (I understand that cross-browser support is a lot better in later SharePoint releases).