OneDrive sync client installs per user by default means OneDrive.exe installed for each user account in system under the folder %localappdata%. By introduction of the New feature Per-machine install of sync client, you can install OneDrive under the “Program Files (x86)” directory, means all profiles on the machine will use the same OneDrive.exe binary. There will be a single version of OneDrive on the machine and a single update to download. Other than where the sync client is installed, everything else stays the same.
New per-machine sync client provides:
Automatic transitioning from the previous OneDrive sync client (Groove.exe)
Automatic conversion from per-user to per-machine
Automatic updates when a new version is available
It supports syncing OneDrive and SharePoint files in Microsoft 365 and SharePoint Server 2019
32-bit or 64-bit version of Windows 10, Windows 8/8.1, or Windows 7
Windows Server 2016, Windows Server 2012 (including R2), Windows Server 2008 R2, or Windows Server 2008 with Service Pack 2 and the Platform Update for Windows Server 2008
Mac OS X 10.12 or later
1.6 GHz or higher, or Intel-based Mac computer
1 GB of RAM or higher
1024 × 576 minimum
High-speed Internet access is recommended
NTFS or HFS+ (case insensitive) or APFS (case insensitive)
OneDrive mobile app
A phone or tablet with Android 5.0 or later
An iPhone, iPad, or iPod touch with iOS 11.3 or later
A phone running Windows Phone 7.5 or later
Install OneDrive Sync Client
Run “OneDriveSetup.exe /allusers” from a command prompt window (will result in a UAC prompt) or by using SCCM. This will install the sync client under “Program Files (x86)\Microsoft OneDrive” directory. Once setup completes, OneDrive will start. If accounts were added on the computer, they’ll be migrated automatically.
Its helpful especially for multi-user computers and when you don’t want .exe files running from the user profile. Over time, Microsoft recommend customers switch to per-machine installation.
Although a single version of OneDrive.exe is installed, a new process is created for every OneDrive account syncing on the computer.
Per-machine sync client will auto-update on the same cadence as the per-user sync client and the same rings are supported. The release notes are the same. More info about the sync client update process.
User intervention is not required for the per-machine sync client to update itself. Elevation is required when you first set it up. During setup, it installs a scheduled task and a Windows service, which are used to perform the updates silently without user intervention since they run in elevated mode.
I remembered once faced an error where user having Contribute permission to folder in the library but getting access denied. This issue in entire site collection. User with unique permission to list, folders are not able to view the page. The issue resolved by changing ViewFormPagesLockDown feature to Disable. Below article describes all about the information about ViewFormPagesLockDown feature Unable to setup uniquely secured permission.
Configure anonymous access
For content to be available for anonymous access, the following must be configured: 1. The site or site collection must be configured to allow anonymous access. 2. At least one zone in the Web application must be configured to allow anonymous access. Enable anonymous access only for Web applications that require unauthenticated access. If you want to use authentication for personalization, implement forms authentication by using a simple database authentication provider
ViewFormPagesLockDown SharePoint Feature:
Allows anonymous users to only view the Publishing pages, not any of the form or view pages (DispForm.aspx, AllItems.aspx). if your portal wasn’t born as a publishing portal, all anonymous users will have access to AllItems.aspx, DispForm.aspx and other pages that you don’t want outside users to see.
Disallows anonymous access to pages in the “_layouts” directory that inherit from LayoutsPageBase.
By default, all publishing sites have the feature called “ViewFormPagesLockDown” activated, but not on the Collaboration Portal site or Team sites’ definition. Without this Feature active on anonymous public sites, any users – including search engines like Google will be able to view (and crawl) SharePoint out-of-box pages which are tied to lists and webs that allow viewing by anonymous users.
Yes, these users might not have the ability to do anything, but you may not want anonymous users to view the form pages.
So this lockdown feature is useful if a site collection that is configured for Anonymous access on a Publishing site and you want to lock it down so Anonymous users don’t have access to the Forms page (e.g. http://ServerName/Pages/Forms/AllItems.aspx)
If a library or subsite that has broken permission inheritance, and permission is given to user or group to only that library or site. In this case to view the contents, user/group must have some access to root web else user/group cannot access although they have permission.
One more scenario where Publishing Portal configured for Anonymous access where users are unable to post comments (which are stored in a List) on a blog site then the lockdown feature can be disabled, which will result in allowing Anonymous users to post comments. Normally, people won’t have problem posting comments on a blog site unless it is a Publishing site, in which case they will get a prompt to enter user credentials. In such a scenario you can disable the lockdown feature.
If you want to place your custom application pages inside the _layouts directory, which anonymous users must hit, there’s the UnsecuredLayoutsPageBase class you can use as the base class of your page, and there’s always just the Page class as in a standard ASP.Net application page.
When enabled permissions for users with limited access permissions, such as anonymous users, are reduced, preventing access to application pages including item properties or list views.
If a document, folder, or library has unique permission, those users will not able to 1. Use the drag and drop feature to upload documents 2. Brows to the affected folder 3. Use the shared with feature 4. Open document in the office client 5. Some call out features on documents and folders will not render as expected.
How to check site has ViewFormPagesLockDown feature Enabled or Disabled
Run the below commands to get the status of ViewFormPagesLockDown feature
Get-SPFeature -site http://Site Collection URL
How to turn lockdown mode to off
$lockdown = Get-SPFeature viewformpageslockdown
Disable-SPFeature $lockdown -url http://Site Collection URL