Unleash Your Cyberwarrior Within: Master Cybersecurity 101 with Truesec
  • Insight
  • 3 min read


RemoteApp and the Missing OneDrive Client

When more organizations are shifting to OneDrive and remote work, things like Remote Desktop Services and RemoteApps offer a great way of publishing applications without the need for VPN.

There is however a common challenge with remote apps. How do we transfer files from the local device to the server without the user having to go through VPN or opening other non-secure ways? The common answer to this is “just let them save to one drive”. Said and done OneDrive is installed for all users on the session host. You log on and one drive never launches.

The reason behind this behavior is that OneDrive automatically starts from the Run keys in the registry. The Run keys are only processed when the Explorer shell is started. With RemoteApp, Explorer is not the shell but rather the Remote Desktop service provides a shell for the application.

The Solution

There is a simple yet very effective solution. The team behind Remote Desktop Services and Windows have implemented the following registrykey

HKLMSYSTEMCurrentControlSetControlTerminal ServerRailRunonce

This works the same way as the normal run key so if you create a String record named OneDrive with the Value of “C:Program Files (x86)Microsoft OneDriveOneDrive.exe” /background

OneDrive RailRunOnce


There is one important thing to note here. If you are running a multi-session host setup User Profile Disks does not support OneDrive redirection. For this to work please switch to FSLogix which in most cases are included in the preexisting Remote Desktop services licensing. You can read more about FSLogix here https://docs.microsoft.com/en-us/fslogix/overview