So this tweak removes the "Move to OneDrive" context menu. When I apply the reg tweak, it removes that key and I do not see the Move to OneDrive context menu but upon reboot, it comes back. Is there a better way of doing this? like maybe leaving the key but revoking all permissions from all users so OneDrive is not able to recreate it again but still have it not being active/working so I don't get that context menu? Here is the key: Code: Windows Registry Editor Version 5.00 [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ FileSyncEx]
You could create a task in task scheduler. I use it to get rid of Access file in new right-click. It would pop-up all the time. You could also give yourself ownership over ContextMenuHandlers and set permissions to read only. I am not sure how it would affect other programs you install.
Ok this worked, the guide was updated to include the permissions part: https://www.tenforums.com/tutorials/127208-add-remove-move-onedrive-context-menu-windows-10-a.html Now can someone help me create a batch file to do add the Everyone group to the following reg keys and give them a DENY permission? Code: Windows Registry Editor Version 5.00 [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ FileSyncEx] [-HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx] [-HKEY_CLASSES_ROOT\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx] [-HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx]
It is a MS file which edits reg permissions. I am trying it out. I have used it before, but not in your context. If I find a solution I will let you know. Meanwhile just do it manually.
I've been using the following for batch processing permissions on registry entries; https://helgeklein.com/setacl/ Works on both files and registry entries, kind of one stop shop.
Can someone not create a script for me .BAT to do this I have 0 knowledge about scripting I want to make these keys owned by the EVERYONE Group, then give them a DENY access to read/write [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ FileSyncEx] [HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx] [HKEY_CLASSES_ROOT\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx] [HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx]
I surely can, but I have a set of tweaks that I shared here with the community and would like to add that to make it easier for everyone. see: https://forums.mydigitallife.net/threads/msmg-toolkit.50572/page-485#post-1503317 Ultra Male System Prerequisites
To "automate" the process you would need to have SetACL in windows directory...(and Nsudo to restore key in case) then would be something like this: OneDriveBlock.bat Code: @echo off %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && ( goto :START ) || ( NSudoG -U:T -P:E "%~dpnx0"& exit /b >NUL 2>&1 ) :START SetACL -on "HKCR\*\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:p_nc" -actn clear -clr "dacl" -actn setowner -ownr "n:Everyone" >NUL 2>&1 SetACL -on "HKCR\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:p_nc" -actn clear -clr "dacl" -actn setowner -ownr "n:Everyone" >NUL 2>&1 SetACL -on "HKCR\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:p_nc" -actn clear -clr "dacl" -actn setowner -ownr "n:Everyone" >NUL 2>&1 SetACL -on "HKCR\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:p_nc" -actn clear -clr "dacl" -actn setowner -ownr "n:Everyone" >NUL 2>&1 exit /b OneDriveRestore.bat Code: @echo off %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && ( goto :START ) || ( NSudoG -U:T -P:E "%~dpnx0"& exit /b >NUL 2>&1 ) :START SetACL -on "HKCR\*\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:np" -actn clear -clr "dacl" -actn rstchldrn -rst "dacl" >NUL 2>&1 SetACL -on "HKCR\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:np" -actn clear -clr "dacl" -actn rstchldrn -rst "dacl" >NUL 2>&1 SetACL -on "HKCR\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:np" -actn clear -clr "dacl" -actn rstchldrn -rst "dacl" >NUL 2>&1 SetACL -on "HKCR\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx" -ot reg -actn setprot -op "dacl:np" -actn clear -clr "dacl" -actn rstchldrn -rst "dacl" >NUL 2>&1 exit /b Note for everyone and for info: As shown in the SetACL command, it will 1st disable inheritence to then be able to clear authorizations and set ownership. Quite logical...but people often forget that part and claim SetACL doesn't work, so I just added this note as a reminder. SetACL syntax : https://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/ Ps: you might like to have a look at my "personalization project" for windows, contains also lots of reg tweaks (and more) you might find some useful...
Thanks a lot man! About your note at the end about disabling inheritance, you mean I need to disable inheritance from those 4 folders before I run the batch file?
No, no sorry if wasn't clear, it's all good like this. It was just an added info about the syntax I used...because I see often people claiming setacl doesn't work, and it's just because they forget the "disable inheritence part" in their setacl command.
On mine I only strip DACL permissions and enable inheritance. That's always the problem with stubborn registry entries, they've disabled inheritance, parent always allows admin write access. Here's an an example; Code: SetACL -on "HKCR\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}" -ot reg -actn setowner -ownr "n:Administrators" -rec yes >nul SetACL -on "HKCR\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}" -ot reg -actn setprot -op "dacl:np" -actn clear -clr "dacl" -actn rstchldrn -rst "dacl" >nul One note, there is a -silent switch you can use on the end to make the commands completely quiet. I use >nul because I still want to see the stderr, just not the stdout.