Security Baseline Script Assistant
OneDrive / groove.exe surface
Local, in-browser helper

Generate a OneDrive hardening script in a few clicks.

Choose STIG-aligned Internet Explorer FeatureControl protections for groove.exe and this assistant will build a PowerShell script you can review, test, then run on Windows devices you manage. No data leaves your browser. Nothing is stored or uploaded.

Step 1 · Choose your OneDrive controls

Pick the protections you want in your script.

These controls tighten how OneDrive and Office launch web content through the legacy browser surface that still sits behind groove.exe.

Profiles

Relaxed applies core protections that are unlikely to break everyday OneDrive usage. Strict adds more aggressive download restrictions. Custom lets you toggle individual controls by hand.

Tip: Most users can start with Relaxed. If a niche workflow breaks under Strict, generate a Custom script and only keep the controls that fit your environment.

Step 2 · Review, test, then run

Generated OneDrive baseline script

Review every line, test on a non-critical machine, then run in an elevated PowerShell session.

How to use: Save the script, open PowerShell as Administrator, and run Invoke-OneDriveBaseline to apply these settings. To reverse them, run Invoke-OneDriveBaselineRollback.

Rollback scope: The rollback function only removes the registry values for the controls you generated in this script. It does not restore older domain Group Policy settings or other IE FeatureControl entries.

How to use this assistant safely

Before you run the script

  • Use this only on Windows devices that you manage yourself.
  • Back up at least one test system or create a restore point.
  • Generate the script and read the comments above each command.
  • Remove anything that does not fit your environment or policies.
  • Run on a non-critical device first, from an elevated PowerShell window.

Good next steps

  • Save your adjusted script in a safe folder or version control.
  • Document which controls you applied and to which systems.
  • Revisit your baseline as your OneDrive usage and risk profile evolve.
  • For domain-joined or regulated environments, work with your IT or security team.
Important notice
This assistant runs entirely in your browser. Your selections and the generated script are not sent to CyberLife Coach, to any server, or to any third party. The output is a generic starting point and is provided for educational and informational use only. It is not a substitute for professional advice, does not guarantee compliance with any standard, and is used at your own risk. Always test in a safe environment, verify every line, and ensure you have reliable backups before making changes. Do not apply these settings to employer or school managed devices without explicit approval.
No warranty or guarantees Local only, no data leaves this device