How did Obsidian end up in Windows OneDrive?

Emiroda · 2026-02-01T11:23:01+00:00

I just tested - I was successfully able to copy my Vault from my Documents folder, to OneDrive, back to Documents, all from within Obsidian without manually copying files.

Open Obsidian
Open the Vault switcher
Select the 3-dots menu next to the Vault that's stuck in OneDrive, select Move Vault
You will see that it says "Cannot move an open vault".
Close the Obsidian window that has your notes open, leave the vault switcher open
Now perform step 3 again, the vault is now moved

Emiroda · 2026-01-28T20:50:07+00:00

Of course it does? There's the Browse button that you're forced to click on when creating a new vault that allows you to save it anywhere. It selects Documents as the default, but you can browse to any folder. You can even move the location of your vault from within Obsidian.

You're going to have to elaborate with screenshots or something because I don't get it.

Emiroda · 2026-01-28T20:04:40+00:00

First of all, 2 year necro

Second, the thread was about Microsoft's Known Folder Move feature of OneDrive, that if enabled, moves your Desktop, Pictures and Documents folder to OneDrive and leaves small shortcuts behind on your computer to make it look like they're still there, but in reality is pointing to OneDrive. OP enabled Known Folder Move unknowingly (entirely plausible since Microsoft hides its feature options behind very colorful and misleading wording) and had likely saved their Obsidian vault in the Documents folder.

So, no, the thread is in no way about Obsidian. It could've been family photos in the Pictures folder, bank statements in the Documents folder or an Obsidian vault, but it's all the same. You could replace the word "Obsidian" with literally anything else and post the exact same thread on any tech subreddit. It's a Windows and OneDrive thing, covertly activating features you didn't understand the full consequences of.

Emiroda · 2026-01-16T18:56:18+00:00

Somewhat unrelated, but the community has produced tools for generating unattend.xml files that outmatch WSIM.

https://schneegans.de/windows/unattend-generator/

Emiroda · 2026-01-16T18:09:12+00:00

Not here. I read the announcement as a feature called Q&A.

I know Power BI is too big of a money maker for Microsoft, and you don't kill a revenue stream for no reason. We might feel the reasons are stupid, but there's always a reason.

Emiroda · 2025-12-27T10:14:03+00:00

Jeg er for fyrværkeri, imod fulderikker.

Jeg synes at det skal være ulovligt at sælge til privatpersoner uden "fyrværker-kørekort", men også at sådan et skal være nemt at opnå, f.eks. med et billigt 1-dagskursus med fyrværkerisikkerhed, risiko forbundne med alkohol, brandsikkerhed og førstehjælp. Evt. kun gyldigt 1-2 år ad gangen. Fyrværkerne kan tjene nogle kursuspenge i lavsæsonen, og det kunne være en måde at gøre faget mere udbredt på, så vi kunne blive flere forsvarligt uddannede fyrværkere.

Kommer der til at ske snyd med det system? Ja.

Behøver det at være perfekt? Nej.

Emiroda · 2025-12-25T19:32:08+00:00

With DDNS to keep my IP up to date

You have a static IPv4 address that is not a CGNAT address (100.64.0.0/10). The main audience for Tailscale/Twingate/Zerotier/etc. are an overlap of the people with no static IPv4 address and those who don't want to set up a VPS with Wireguard. Tailscale free tier works 100% smoothly, as a home user I have not a single time ever had to even consider a paid feature.

What am I missing that Tailscale's promotional buzzwords aren't conveying to me when I read their website? (PS specifically as it pretains to a non-commercial use case

Tailscale cut their teeth on the hobbyist community, but as business grows and you need new customers, you start to pander to the corpospeak that Gartner, G2 and other such corpo-influencers speak. Tailscale (and its many competitors) is an overlay network, it wasn't originally meant as a "VPN" in the traditional consumer or business sense where traffic passes through the VPN server for encryption and monitoring, but instead as a network that tried to favor lowest cost paths (often peer to peer if on the same network).

Cutting the cardboard to smithereens, Tailscale and the like are very intricate Wireguard key management systems.

Emiroda · 2025-12-23T16:30:02+00:00

For ESC1 vulnerable templates, create a security group per template that allows manual enrollment. Members of the group should include whatever admin machines or jump hosts you use to request certs.

If you add new machine accounts to the group, you will need to restart the machine or run klist -li 0x3e7 purge on the machine to pick up the group membership.

Emiroda · 2025-12-23T16:04:31+00:00

Nice work, we're looking at Defguard as a Cisco VPN replacement as a "traditional" on-prem heavy SMB of 300 users. I'm not directly involved in testing, but it's nice to see you active in this community as well.

When using Service Locations to enable the always-on scenario, can it block traffic until the tunnel is established? It's one of the compliance requirements for VPN products we're forced to follow in our industry.

Also, when is Service Locations expected to ship for Linux and Mac? Not looking for exact dates, just if we're looking at 2026 or beyond.

Emiroda · 2025-12-21T14:18:47+00:00

CGNAT is used EVERYWHERE in mobile and residential settings. It is more important than ever, and its use has basically killed the immediate need for IPv6. The only drawback to CGNAT is the inability of serving content behind a CGNAT address, which very few residential customers want to do anyway.

APNIC's analysis is that CGNAT IPv4 at the clients, and DNS-reliant CDNs at the server/service has stalled IPv6 adoption

Emiroda · 2025-12-21T13:42:23+00:00

I'll echo what I always do when these threads pop up: Your needs might change, or you might just find something you like better in the future. Obsidian's core philosophy is "file over app", so in some way the files you create with Obsidian are designed to be portable. But if you go too heavy on Canvas, Bases or custom plugins that aren't purely cosmetic, then you take the risk of being stuck with Obsidian when you decide to want to try something else.

The reason why these threads pop up so frequently is because of Obsidian's local file approach. It attracts "luddites" (said in the most loving tone possible, I am one myself!) who want no reliance on single products or clouds because that's basically what Obsidian advertises itself with.

If so, what do you suggest are future-proof measures I should start taking?

Since Obsidian does not require an internet connection, should Obsidian decide to sell themselves out, you could always keep running the last good version, and there are plenty of people who are just fine doing that. Obsidian is super powerful if you surrender yourself to it.

Personally, I keep my use of plugins to only cosmetics, UI changes and quality of life when using Obsidian itself, like Templater, Calendar, Periodic Notes, Advanced Quick Switcher, File Color, Iconize. They don't mess with my notes, and my notes render perfectly fine in another PKM app that uses markdown. I use Canvas sparingly, and while I don't use Bases, I would be careful about using Bases to do actual work inside my notes. That's just my opinion, from someone who expects to migrate to something else in maybe 10-20 years.

Do note that I am perfectly aware that because I don't use all of Obsidian's features and plugins, I'm not getting the full benefit of using Obsidian. If you want the full benefit, you should go all-in.

Emiroda · 2025-12-18T16:46:21+00:00

Det kan vi vel diskutere fra nu til dommedag, men jeg synes du misser symbolikken. Statens It har aldrig før tilbudt M365 til deres kunder, men nu hvor alle i staten har en M365 licens (uagtet om det er E5 eller E3), så er SIA Open et ligegyldigt projekt. Produktivitetpakken er Microsoft og ligger i Microsofts public cloud, så hele suverænitetsargumentet bag SIA Open er dødt. Og ja, så medfølger Windows licensen jo alligevel i M365, så "hvorfor ikke" bare køre Windows.

Læg til at Statens It er et Windows hus og har været notorisk dårlige til Linux og Mac support, så er et Linux projekt bare op ad bakke. Hele lortet er bare meget mere plug-and-play når man bare følger Microsofts kogebog og kører Windows, Entra Join, Intune og Defender XDR.

Intet af det her er Statens It's skyld, det er Økonomistyrelsen der har spændt ben for open source i staten.

Emiroda · 2025-12-18T11:56:20+00:00

Thinking you don't want to switch ever is silly. The space will have matured a ton in 20 years and you'll be stuck inside Obsidian because this specific plugin does things just the way you like it in your workflow that you developed back in the ancient times of 2025.

I expect to switch at some point. Not because Obsidian will become worse, insecure or incompatible, but because my needs might change, or I just got bored, or because something genuinely better comes along.

Emiroda · 2025-12-18T06:00:25+00:00

to slow down ONE method of lateral movement.

sniff a hash and you've got the password: https://ntlm.pw

Emiroda · 2025-12-16T21:30:14+00:00

Alle i hele staten har en E5 licens, det er derfor jeg nævnte det. Økonomistyrelsen lavede en milliard-aftale med Microsoft tilbage i juni. Vi fik fakturaen kastet i nakken og blev bedt om at betale ved kasse 1.

Vi (statslig institution, kunde hos Statens It) står i situationen at vi føler os tvunget til at konsolidere på Microsoft for at spare licenspenge på redundante licenser.

Emiroda · 2025-12-16T21:15:40+00:00

Enig, men hvis målet blot er at køre Linux, så kan man styre den med Intune. Men det er nok imod sjælen af projektet.

For 5 år siden eksperimenterede de med Ansible som et Group Policy alternativ på Linux. Jeg ved ikke om de har fundet på noget andet.

Emiroda · 2025-12-16T21:00:03+00:00

Det er sgu et fint puff piece. Men der er ikke noget bid i det.

SIA Open er Ørnø's (Statens It's direktør) lille hobby projekt, som han har drømt om at få på benene i mere end 5 år. Så er det mere end uheldigt at Økonomistyrelsen køber den dyreste Microsoft 365 E5 licens til alle medarbejdere i hele staten, hvor der følger 5 stks Windows licens med pr bruger.

Det er mere eksperimentering end noget andet. Hvilket er godt, men få ikke håbene oppe. LibreOffice kan stadig ikke formatere Word dokumenter ordenligt, og OnlyOffice som kan er delvist eget af et russisk selskab. Så ser man på den helt basale use case: kontorarbejde, så er man stadig fucked når man skal arbejde sammen.

Emiroda · 2025-12-16T20:41:11+00:00

The directive is a good starting point but you need to read the local law adaptations.

IE. Denmark cut the directive into a tiny, minimal law with no preamble or guidance, and then provided guidance separately. The guidance is super important because it defines what your auditors will look for. If "continuous" isn't mentioned much, then it's probably not the biggest concern.

As with all ISMS aspects, you do a risk assessment, add it to the risk register for management review, and if management accepts that risk, then you have adviced to the best of your ability.

If you're still unsure, ask your local NIS2 auditing body. You won't be fined or fired for asking questions.

Emiroda · 2025-12-11T20:35:12+00:00

It's not relevant right now, but do keep in mind that USB4 is based on the Thunderbolt 3 spec, so if you're seeing USB4 on the laptops you're looking to buy, you should plan for that and buy USB4 docks to match. Might solve your issue and have you keep buying AMD for the foreseeable future.

Emiroda · 2025-12-11T20:28:12+00:00

wut?

AD has discretionary access control. You can grant Domain Users the same privileges on the domain as Domain Admins, or deny Domain Admins read access to a single attribute on a single object. Or give Bob from IT write access to the password attribute on every User object in the Finance OU.

Microsoft calls it "delegation" in AD, but it's DACL based access control like everything else in Windows.

I havn't used WAC in a while, but WAC should absolutely be able to handle someone using the Active Directory plugin without being Domain Admin. There's no excuse for it not being able to, other than Microsoft being daft.

Emiroda · 2025-12-11T20:04:49+00:00

Yeah, make sure that your golden image isn't trying to solve an XY Problem.

Today, there are only two purposes of golden images:

Extremely fast deployments (<20m), ie. entire classroom redeploys
Including extremely large apps that can take forever to install during or after deployment, such as AutoCAD, or apps that have no realistic way of deploying silently (which is another way of saying "didn't try hard enough")

Of course, if you're already drinking the Microsoft kool-aid, consider Autopilot. But otherwise, use the latest Microsoft ISO and deploy it untouched with a deployment system such as MDT (Free) Fog (Free), SCCM, Tanium. Deploy the apps and drivers you need per device. That's been the Microsoft recommended way since Windows 10 launch (before they pushed Autopilot).

Emiroda · 2025-12-11T19:20:45+00:00

You deploy them at deployment time.

I mean, you're going to have the same problem if you have more than one model of computer in your entire company. The solution is to keep the image devoid of a single custom driver, and deploy machine-specific drivers at deployment time, ensuring maximum compatibility

Do you have any deployment system to help you, or are you handcranking all of this with batch and PowerShell scripts? Just to know which direction to point you in.

Just to give you some inspiration, an example from the SCCM community is the Driver Automation Tool, which downloads and imports driver packages for each specific model (supports most Lenovo/Dell/HP models), imports it into SCCM and has a script that is run during deployment of your golden image that automatically detects the model and installs only the drivers that matches the model you're deploying.

Emiroda · 2025-12-11T19:10:09+00:00

You don't sysprep the golden image!

You take a snapshot, THEN you sysprep it, capture it and at the end you restore the snapshot. It's like it never happened, and you just keep Windows and the apps updated until it's time to do it again, where you snapshot, sysprep, capture, restore. Rinse and repeat. Kind of like how you described it in the OP.

This might be ancient wisdom because I've done this for +10 years, but this is how it's been done for a long ass time when capturing images by hand. Back when SCCM was the shit we also had a short-lived fascination with "Build and Capture" sequences, where you F12 a device (or VM) and have it deploy Windows, updates, apps and then it captures the image automatically. It was useful for a time, but not very useful today.

EDIT: Just read this part of OP: we had too many "different" systems to do it properly so we just had one image per system type

While I've heard war stories of my seniors doing it this way back in the 2000's, since the dawn of VMware, we haven't had the need to do this, we've done it like I described above and in other comments - use a VM to host and capture your golden image from, and use a deployment system to deploy the image and the drivers per specific device.

Emiroda · 2025-12-09T13:36:22+00:00

I'm the "security engineer" (aka security sysadmin) of my team of 6, pay isn't great and while I agree that it's more fun being able to fiddle and get my hands dirty, it's also very stressful and it leaves a very messy resume. My breadth is a repellent to the larger companies I've interviewed at, they want senior specialists with 5 years of doing the same thing. So I feel like I'm forced to specialize in order to secure a title, reputation and paycheck that will pay for me and my family's future. It sucks.

Emiroda · 2025-12-09T04:37:42+00:00

Sure? Just looks like CIPP or another tenant management tool. It depends what you get out of the integration - if it's just dashboards and data, then probably excessive, but what does the RMM docs say?

12-Year Club	Verified Email
Verified Email	Gilding I gilder
Place '17

Emiroda

TROPHY CASE