It is possible to disable SkyDrive, right?

Hi,

Office 2013 prominently gives users the option to save to SkyDrive - if they have a Microsoft (Hotmail, Live, XBox etc) account they just need to enter a username and password and they are away, nice and easy.

Unfortunately, and I'm sure I'm not alone here, company policy forbids the use of cloud services on information security grounds.

The only GPO setting I can find relating to this is User Configuration/Policies/Administrative Templates/Microsoft Office 2013/Miscellaneous/Show SkyDrive Sign in

Unfortunately, this doesn't fully remove access to SkyDrive. Am I missing something?

Thanks,

Tim

November 16th, 2012 5:50pm

There is a registry key to disable SkyDrive

Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet\UseOnlineContent

But this also seems to break SharePoint integration (loading and saving files direct to intranet SharePoint). So - any way to disable SkyDrive without breaking SharePoint?

Free Windows Admin Tool Kit Click here and download it now
November 16th, 2012 6:39pm

I don't think there is any way to disable it without breaking things. They built skydive in with no consideration as to any corporate policy requirements to remove it. This is the same thing they did with the music and video store content that you're forced to view. Same thing with UAC.

Basically, Microsoft blew it - and Windows 8 is NOT ready for the enterprise. Hopefully they will fix this in a hot fix or service pack now that Sinofsky is gone.

November 20th, 2012 5:53am

Found the same thing here.  Microsoft needs to address this with group policy.  Registry settings seem to work fine, and you have the option to save to intranet SharePoint as long as you have opened content from one of your SharePoint sites alre
Free Windows Admin Tool Kit Click here and download it now
December 5th, 2012 6:39pm

So let me get this right....

They release an Operating System that can't function in a corporate environment because it is not possible to control aspects of it via group policy, then they release a productivity suite which has elements that are outside the control of group policy as well.

Tell me, Is it at least possible to stop people walking out the door with corporate data? Corporate data I might add that doesn't belong to Microsoft and has absolutely no business at all residing on anything other than the corporate SAN. I mean do Microsoft really want to hand their business over to other office suite's many of which are at least free?

Thanks but I'll be sticking to office 2010 at the office.

January 30th, 2013 4:30am

In a corp environment use SkyDrive Pro.  his provides the org/corporation the ability to control it's use (w/ sharepoint).
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2013 5:45pm

So let me get this straight... What you are saying is the way in which to get rid of Skydrive is to in fact deploy Skydrive (albeit the Pro edition)?

Forgive me for pointing this out, but this still means that my corporate data is no longer resident on my corporate SAN irrespective of what joke of a suite of security controls your corporation puts in place. It still leaves behind the important point. If my data is not contained in my network I have no control over it. And having said that in no way does my data belong to Microsoft no matter how much this scumbag of an American corporation want it. My data contains financially sensitive information and is subject to the Official Secrets Act in the United Kingdom. Explain to me here and now how this 'solution' (deploy Skydrive Pro) is compliant with the safeguards that the aforementioned information is afforded under the act. Will Microsoft happily take and accept the repercussions of the fall out for its failure to provide appropriate security measures or at least an actual alternative to this stupid product?

The future may very well be connected, but it sure as hell isn't connected to a corporation that is subject to the whims of a tyrannical government that seems to think that the USAPATRIOT Act is compliant with a free and democratic society. Until then, provide us with a method to prevent our data from leaving our secured systems or we'll move to an OSS environment where we can at least effect a degree of control right down to the code, and beyond even what happens at our security layer. This isn't a damned joke , but what we are seeing is an arrogant  corporation forcing what it thinks we should do, on us instead of acknowledging the serious risks associated with its proposals.

I have watched people lose their jobs and wind up in a cell block at Her Majesty's pleasure over actions that are considered treasonous over this kind of functionality. I am in little mood to entertain half-assed answers. 

July 2nd, 2013 2:29pm

Yep, and now with the Snowden case and the Prism information release, one would think Microsoft would be backing away from SkyDrive rapidly.  What corporation, or Government, wants to end up with potentially compromising, or worse, information out on the Cloud.  Let's face it, Cloud security is pretty much still evolving and in its infancy, it has a long way to go to come close to the security available on a hardened SAN.  I don't want my personal data "in the cloud", much less sensitive Government data.  Microsoft doesn't seem to get that Windows 8 IS NOT Enterprise ready, or perhaps that's just part of their agreement with the NSA??  Who knows, MS has tried to force a lot of stupid decisions down people's throats over the years....

Most of my clients are flat refusing to migrate once they understand what SkyDrive is and where their data will reside.  For the life of me, I cannot fathom how all the intelligent people in Redmond always seem to think people will give in just because Microsoft says so.  Didn't work with ME, didn't work with Vista, and its beginning to look that way for Windows 8 as well.

BTW Agamemenon, Her Majesty's Government seems to be up to their neck in Prism as well.  ;)

Free Windows Admin Tool Kit Click here and download it now
July 12th, 2013 12:25pm

Yes, Skydrive appears completely compromised according to recent reports. This means That Windows 8 and Office are also compromised if true. Also, Skype, Outlook (and Office 365 in general) have also appeared to have just handed the NSA all the decryption keys they could eat and/or purposefully coded the applications to have security vulnerabilities.

Having Skydrive baked into Windows makes Windows 8 a complete no-go for HIPPA, SEC, foreign governments, multi-national companies, etc.

Regardless of whether the rumors are true, the FUD is going to be devastating and we need a way to remove Skydrive for our customers from ever appearing at all in the final deliverable product.

July 12th, 2013 1:19pm

If you really want to block skydrive it's easy, block it using firewalls/NAP just like you would dropbox or any other cloud storage software. These post really just make me SMH at the bickering over things that you guys obviously haven't thought out. 

While I agree there should be an on off switch for skydrive baked in, you can govern it just like you would any other external service.

Free Windows Admin Tool Kit Click here and download it now
July 21st, 2013 4:27pm

Here is a post I found that can essentially disable SkyDrive on Windows 8.

http://community.spiceworks.com/how_to/show/21544-block-skydrive-on-windows-8-using-group-policy-and-applocker

July 21st, 2013 4:33pm

Hi Turismon,

Thanks for that link - some of that is useful but from a quick skim that looks like it uses appocker to block the SkyDrive app. I'm assuming this isn't going to block SkyDrive within Office.

Yes, of course we can block things at the firewall - but this has it's own problems. Most firewalls work by IPs rather than by DNS names. What if MS change or add IPs for SkyDrive? What if some future Office/Windows update changes the addresses. We can set the network firewall to protect internal clients, then we also have to block things on the PC's firewall to cope with mobile devices off the network. In short yes we can block things with firewalls and may be confident that works today, but in six months time we might discover that our blocking no longer works - it's not a permanent robust solution.

My frustration is if Microsoft had thought about this for a moment they would have realised it was going to be a show-stopper for many regulated industries. They could have incorporated a simple off switch and made it easy for their customers. Instead we are left reliant on our own experimentation, forums and blogs to try and find a solution.

This combined with a general lack of compelling new features in Office 2013 or Win 8 for those of us with no plans to deploy tablets leaves sticking with Windows 7, Office 2010 as a very attractive option. Just maybe MS will listen their customers when they start to wonder why enterprise uptake of Win 8 is disastrously low and sort some of these issues out.

Tim

Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2013 3:50pm

Windows 8.1 Preview offers the function to disable SkyDrive in Group Policy:

http://news.softpedia.com/news/How-to-Disable-SkyDrive-Integration-in-Windows-8-1-Preview-365867.shtml
August 4th, 2013 4:59pm

Absolutely correct. I am a security contractor, and the security of my client data is dependent upon the security of the computing devices I use. To that end, all my machines run PGP Whole disk Encryption all data is contained in encrypted Virtual Drive's. But SkyDrive is simply a backdoor I cannot remove. I have no domain controller to enforce a security policy and yes I could devise a local policy to enforce a blockade on the functions of SkyDrive other posters have correctly indicated this breaks other functionality. But That is also missing the point, Why the hell should I have to go to this extent to enforce what should be a pretty obvious thing. The data I work with belongs to my clients whom I am obligated to protect under ITAR and the OSA. I am liable if this data falls into anyone's hands but those contractually permitted to observe it.

I have spent approximately 4 hours mapping out Microsoft's SkyDrive Live servers and have blocked multiple address ranges depending upon where my computer finds it's next entry-point. As another poster writes because most firewalls operate on an IP address not a domain name, this means that it is necessary to map out the servers Microsoft is using and we all know that since the address can be round-robined.

So far my efforts now result in the SkyDrive integrated services in Office 2013 timing out when they attempt a connection. I appear to have blocked access to SkyDrive without disrupting other online features of office 2013. However this will only function until d.docs.live.net is re-pointed on another one of Microsoft's numerous address ranges. I currently have 14 rules blocking access to various address ranges indicated by the rotation of d.docs.live.net.

Currently I am entertaining a switch to Linux I have been testing product and document compatibility and for my purposes Linux versions of applications I depend on are available (PGP, VMware, etc) hell even Linux can play FLAC files by default. Microsoft needs to resolve these issues because I am not prepared to live with their spyware on my computer.

Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2013 5:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics