Summary

 

Below are a host of registry settings that can be used to further enhance your usage of Cloud Drive Mapper ( CDM )


All keys are Reg_SZ and should be place in one of the following locations dependant on the key

  • HKCU\Software\IAM Cloud\CloudDriveMapper
  • HKLM\Software\IAM Cloud\CloudDriveMapper


  •  ADAttribute = mail / UserPrincipalName 
    • Used in cases where the user logon isn’t the same as the O365 UPN which CDM uses to auth.

       ( Used in conjunction with CredentialCacheOverride = true )
    • Location ( HKCU )
  • CredentialCacheOverride = true
    • ( Used in conjunction with ADAtrribute )
    • Location ( HKCU )
  • Domainoverride = emaildomain.com
    • Used when the O365 email domain is different to what the user logs in with. Also allows user to enter only the pre-fix (mail alias) and will auto append the value of the key
    • Location ( HKCU )
  • UserAgentOverride = Mozilla/5.0 (Windows NT 6.2; Trident/7.0)
    • Symptom - SSO not working even tho working from browser - default user agent strings could have been modified ( check if Windows integrated also )

    • By default CDM thinks it's using IE11

    • Only required if suffering symptoms above

    • Location ( HKCU )

  • Verbose = true
    • Used for advanced event logging, best used in conjunction with WriteLogToFile
    • Location ( HKCU )
  • WriteLogToFile = <your-path>\cdmlog.txt
    • Outputs a logfile to the path above, best used with Verbose ( NB: whilst enabled CDM will continue to log )
    • Location ( HKCU )
  • WritePerformanceLogs = true
    • This can be used to write to a text file many more logs to isolate and find performance areas of improvement. 
    • This should not be used in production but must be used in conjunction with WriteLogToFile and the verbose key to true. 
    • It is recommended to have WriteLogToEventLog set to false too
    • Location ( HKCU )
  • WriteLogToEventLog = false

    • True by default. Setting as false stops CDM from producing large numbers of event logs.
    • Location ( HKCU )
  • MultipleInstanceOverride = true
    • Used to allow multiple instances of CDM app to run, used primarily on RDP servers
    • Location ( HKLM )
  • AdfsHRD  ( V1.7.2.0 onwards )

    • Please note though:

      If you are wanting to automatically sign into the default AD Authority, you must run the following powershell:

      (get-adfsproperties).Identifier.OriginalString and configure the AdfsHRD key in the registry to that


      If you would like to use a different Claim Provider that is not the default AD Authority then you must use the identifier for that claim provider.


      Eg:-    http://adfs.yourname.org/adfs/services/trust

    • Location ( HKCU )

  • UseADAL = true ( Retired v2.2.3.18 onwards )
    • Can be used in either HKCU or HKLM

      Allows client to choose ADAL, required for alternative IDP / MFA / AAD

      Although can still read the username from cred manager it will NOT use the pwd stored.
  • DisableSSO = true
    • If set to true (V2.1.8.3 onwards) will NOT store creds in cred manager or pwd file. Stops CDM from trying to auth via SSO when ADFS is present but SSO has been disabled.
    • Location ( HKCU )
  • SilentAuthTimeout  = integer ( eg 20 ) - default value = 12secs
    • Increases time before CDM shows logon ( web window ) , increase this time depending on how long SSO auth takes.
    • Environments without SSO set this as 1
    • Location ( HKCU )
  • AzureEnvironment - ( Default = 0 )
    • Production = 0
    • PPE = 1
    • China = 2
    • Germany = 3
    • USGovernment = 4
    • Not normally used except the following :- 2/3/4 ( if no key exists CDM will default to "0" )
    • Changes logon endpoint within CDM app to suit the environments below, it also changes the graph api call.
    • Location ( HKCU )
  • DisableCustomIcons - Not yet in use 05/03/2019
    • TBA
  • DisableCredentialSave = true
    • Stops anything going to cred manager ( even username ) in a NON SSO env this will prompt for full creds when token expires
    • Location ( HKCU )




Below are some further explanations for the keys above


Domainoverride 


If the user’s email is not what they enter when logging into office 365 or samaccountname is used when logging into the client use this scenario. 


Cloud Drive Mapper uses Microsoft’s HRD to determine where to authenticate the user. This process does not support samaccountname so with this key populated it will append ‘@‘ to the end of what the user enters during login. If the user does enter an ‘@’ symbol then it will replace everything after the @ with the value from this key. For example - if the key is populated with “mytestdomain.com” and the user enters “testuser” during login then it will automatically make it “testuser@mytestdomain.com”. If the user enters “testuser@myseconddomain.com” the it will make it “testuser@mytestdomain.com”.

A registry key has been made available which will allow you to always overwrite or append a domain name to what the user enters. This scenario is applicable when the user’s email is not what they enter when logging into office 365 or when using samaccountname only when logging into the client.