Configure Drive File Stream

You can specify custom options for Drive File Stream, including the default letter drive on Windows, the mount point on macOS, the cache location, bandwidth limits, and proxy settings. These configurations can be set at the user or host level, and persist when Drive File Stream restarts.

Where to update settings

To set the Drive File Stream options, you update registry keys (Windows) or use the defaults command (macOS). If you’re not familiar with making these updates, contact your administrator or check your operating system documentation.

Windows

Host-wide  HKEY_LOCAL_MACHINE\Software\Google\DriveFS
User only HKEY_CURRENT_USER\Software\Google\DriveFS

macOS

Host-wide  /Library/Preferences/com.google.drivefs.settings
User only ~/Library/Preferences/com.google.drivefs.settings
 

macOS examples

Host-wide mount point:
sudo defaults write /Library/Preferences/com.google.drivefs.settings DefaultMountPoint '/Google Drive'

Host-wide trusted certificates file:
sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootCertsFile /Library/MyCompany/DriveFileStream/MyProxyCert.pem

User maximum download bandwidth:
defaults write com.google.drivefs.settings BandwidthRxKBPS -int 100

User-enabled browser authentication:
defaults write com.google.drivefs.settings ForceBrowserAuth -bool true

Settings

Set these name/value pairs using the registry keys or defaults command, as described above. On Windows, create the registry keys if they don't already exist. On macOS, the defaults command maintains a plist file for settings. You should not modify the plist file directly, as some changes might not be applied.

Setting name Value type Value description

BandwidthRxKBPS

DWORD (Windows)
Number (macOS)

Maximum downstream kilobytes per second.

BandwidthTxKBPS

DWORD (Windows)
Number (macOS)

Maximum upstream kilobytes per second.

ContentCachePath

String

This sets the path to the content cache location on a connected APFS, HFS+, or NTFS file system.

When Drive File Stream restarts, local data in the old content cache will move to the new content cache location. If you delete your custom setting, data will move back to the default location.

The default cache location is:

Windows: %LOCALAPPDATA%\Google\DriveFS
Mac: ~/Library/Application Support/Google/DriveFS

DefaultMountPoint

String

Windows: Set the mounted drive letter.
You can use an environment variable to specify the drive letter.

macOS: Set the mounted drive path. You can include tilde (~) or environment variables in the path.

ForceBrowserAuth*

DWORD (Windows)
Bool (macOS)

Use browser authentication. 

If your organization uses security keys or SSO, this setting may resolve sign-in problems.

Proxy settings:

DisableSSLValidation*

DWORD (Windows)
Bool (macOS)

This disables validating SSL traffic. Traffic will still be encrypted, but we will not validate that the SSL certificates of the upstream servers are all valid.

This is inherently insecure. It would allow a man-in-the-middle attack against traffic to Google Drive.

Only settable host-wide.

TrustedRootCertsFile

String

This is the full path to an alternate file to use for validating host SSL certificates. It must be in Privacy Enhanced Mail (PEM) format. Set this if your users are on networks with decrypting proxies.

The file should contain the contents of the roots.pem file shipped with Drive File Stream, plus the certificates used to authenticate your proxy. These additions should correspond to the proxy-signing certificates you added to the certificate stores in your fleet of machines.

You can find roots.pem in:

\Program Files\Google\DriveFS\<version>\config\roots.pem
(Windows)

or

/Applications/Google\ Drive\ File\ Stream.app/Contents/Resources/roots.pem
(macOS)

Only settable host-wide.

DisableCRLCheck*

DWORD (Windows)
Bool (macOS)

This disables checking Certificate Revocation Lists (CRLs) provided by certificate authorities.

If not explicitly set, this defaults to true if TrustedRootCertsFile is provided, otherwise false. Sites that use self-signed certificates for their content inspection proxies typically don’t provide a CRL.

Enterprises that specify a CRL in their proxy certificate can explicitly set DisableCRLCheck to 0 for the added check.

* For boolean values, use 1 for true and 0 for false (Windows), or use true and false (macOS).

Related topics

Was this article helpful?
How can we improve it?