In the past months, I have had to deploy Microsoft Teams and OneDrive from the Office365 portfolio in Citrix environments, in addition to the standard office applications in numerous projects.
Microsoft Teams
The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).
Installation
In order for Teams to function in server operating systems (multi-user capable), the Machine Based Installer must be used. In this case, part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft\Teams. However, Teams can no longer be updated automatically as soon as a new version is available. This mode is recommended for non-persistent environments.
- First we download the MSI package
| Teams Installer MSI Version 1.3.00.461 According to Microsoft recommended version for VDI environments ( I suppose Microsoft has not yet adjusted their article) | 32 bit | 64 bit |
| Newest Teams MSI Version (at the moment 1.3.00.13565) | 32 bit | 64 bit |
- If there is still a Teams installation on the system, it must be uninstalled first
- Start an Administrative CMD
- The installation is performed with the following command (here with the FirstStart function disabled)
|
1 |
msiexec /i <Path_to_msi> /l*v <install_logfile> ALLUSER=1 ALLUSERS=1 |
Example:
|
1 |
msiexec /i Teams_windows_x64.msi /l*v Install.Log ALLUSER=1 ALLUSERS=1 |
The Parameter ALLUSER=1 install Teams (Machine-Based) to the Program Files (x86) folder on a 64-bit operating system and to the Program Files folder on a 32-bit operating system. With this parameter, the Teams MSI still does not use a Windows Installer to install all files. Instead, Microsoft created additional custom actions in the MSI, that extract all files from Teams.exe to the Program Files folder.
When you set the parameter ALLUSERS=1, Teams Machine-Wide Installer appears in Programs and Features in Control Panel and in Apps & features in Windows Settings for all users of the computer. All users can then uninstall Teams if they have admin credentials.
You can disable auto launch for the MSI installer by using the OPTIONS=”noAutoStart=true” parameter as follows. Teams won’t start until the user manually starts Teams. After the user manually starts Teams, Teams automatically starts whenever the user logs in.
|
1 |
msiexec /i <Path_to_msi> /l*v <install_logfile> OPTIONS="noAutoStart=true" ALLUSER=1 ALLUSERS=1 |
Example:
|
1 |
msiexec /i Teams_windows_x64.msi /l*v Install.Log OPTIONS="noAutoStart=true" ALLUSER=1 ALLUSERS=1 |
Installation with AppLayering
If Citrix App Layering is used, provide a new key named PortICA under the following registry path before installing Teams with the machine based parameter ALLUSER = 1
|
1 |
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA |
Or
|
1 |
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\PortICA |
If this key is missing, this error message is displayed.
This should also be considered if you need to package Teams machine-based.
Uninstallation
To update to the latest Teams version, first uninstall the current version so that the new one can be installed again.
There are two possibilities for this:
- Via the installer
- Right click on the installer and click Uninstall
- Command line
- This command uninstalls Teams from the Program Files (x86) folder or from the Program Files folder
|
1 |
msiexec /passive /x <path_to_msi> /l*v <uninstall_logfile> |
Example:
|
1 |
msiexec /passive /x Teams_windows_x64.msi /l*v Uninstall.Log |
For the different installation methods I have also created CleanUp Scripts.
Directory inclusion for profile solution
The Teams directory must be included in the existing profile solution.
- Roaming/Microsoft/Teams
Directory exclusion for profile solution
The following directory and file typ should be excluded from the profile. Excluding these elements helps to reduce the size of the user profile.
- Roaming/Microsoft/Teams/*.txt
- Roaming/Microsoft/Teams/media-stack
- Roaming/Microsoft/Teams/Service Worker/CacheStorage
- Roaming/Microsoft/Teams/Application Cache
- Roaming/Microsoft/Teams/Cache
- Roaming/Microsoft/ Teams/GPUCache
- Roaming/Microsoft Teams/Logs
Configuration
The default behavior of the Teams installation is to automatically start teams as soon as a user logs in. If this is not desired, it must be defined using group policies.
- Download the ADMX files for Office365
- Copy the extracted files to your Policy Central Store and create a GPO to edit the autostart behavior of teams (Prevent Microsoft Teams from starting automatically after installation under User Configuration\Policies\Administrative Templates\Microsoft Teams)
If GPO cannot be used for this, the PreventFirstLaunchAfterInstall key must be defined under HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Teams. The key type for PreventFirstLaunchAfterInstall is REG_DWORD and the value should be set to 1, which means that teams are not automatically started after installation.
If teams have already been rolled out and the above policy is activated afterwards, 2 scripts must be run, to reset the autostart flag in the user and machine context.
Script for machine context – This must be done once per machine (or Golden Master) with an Administrative PowerShell.
Script for user context – This only needs to be done once for the user after the machine context script has been executed.
Installation of Office365 without Teams (User-Based)
To not also install Teams (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:
|
1 |
<ExcludeApp ID="Teams" /> |
The Configuration.xml should then look like this
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<Configuration> <Add OfficeClientEdition="64" Channel="Monthly"> <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> <ExcludeApp ID="Teams" /> </Product> <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> <Product ID="ProjectProRetail"> <Language ID="en-us" /> </Product> <Product ID="LanguagePack"> <Language ID="de-de" /> </Product> </Add> </Configuration> |
OneDrive for Business
The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).
Installation
In order for OneDrive to work in server operating systems (multi-user capable), the Machine Based Installer must be used. A part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft OneDrive. This mode is recommended for non-persistent environments.
- Als erstes laden wir uns den Installer herunter
- Start an Administrative CMD
- The installation is performed with the following command
|
1 |
<Path_to_exe> /allusers</code> |
Example:
|
1 |
OneDriveSetup.exe /allusers |
Directory inclusion for profile solution
The OneDrive directory must be included in the existing profiles solution.
- Local/Microsoft/OneDrive
Configuration
The default behavior of the OneDrive installation, is to allow the user to sync the entire OneDrive account to the local machine (up to 1TB). Since this may not be desired (Set the maximum size of a user’s OneDrive that can download automatically), this must be limited using Group Policy.
Connect to a worker who now has the OneDrive for Busniess Client installed
In the directory %localappdata%\Microsoft\OneDrive\<BuildNumber>\adm, go to the subdirectory of the language you need (the BuildNumber can be found in the About tab of the client)
Copy the ADML file and the ADMX file from the adm folder to your GPO Central Store
- Create a GPO to edit the OneDrive configuration (Computer Configuration\Policies\Administrative Templates\OneDrive)
- Set the maximum size of a user’s OneDrive that can download automatically
This setting define how to handle with OneDrive accounts that are larger than the specified value (in MB). These accounts will prompt the user to select the folders to be synchronized, before the sync client downloads the files. In the GPO setting, the Tenant ID and the Maximum size in MB must be defined.
- Silently sign in users to the OneDrive sync app with their Windows credentials
When this setting is enabled, users logged on to a worker connected to Azure AD, can set up the client without entering their credentials. Users will still see OneDrive Setup, allowing them to select the folders to be synchronized and the location of the OneDrive folder.
- Specify SharePoint Server URL and organization name
- Specify the OneDrive location in a hybrid environment
The settings “Specify SharePoint Server URL and organization name” and “Specify the OneDrive location in a hybrid environment” are for customers with SharePoint Server 2019 instances.
- Allow syncing OneDrive accounts for only specific organizations
The setting “Allow syncing OneDrive accounts for only specific organizations” prevents a proliferation of connections to non-company OneDrive instances (private or from other companies) by specifying a list of allowed Tenant IDs. If users now try to log in to a non-permitted Tenant ID, they will receive an error message. If users are already logged on to other Tenant IDs, they will not be synchronized further.
This setting has a higher priority than the “Block syncing OneDrive accounts for specific organizations” setting, which can be used to block specific tenant IDs.
- Block file downloads when users are low on disk space
The setting “Block file downloads when users are low on disk space” can be used to prevent users from crippling the system with OneDrive Sync. It defines the minimum disk size at which the OneDrive Client will stop the synchronization. The user is then presented with a window with options to free up memory.
- Limit the sync app upload rate to a percentage of throughput
The “Limit the sync app upload rate to a percentage of throughput” define the maximum bandwidth of the synchronization (upload). Therefore a maximum percentage, of the total bandwidth of the computer, is defined for this purpose. The lower the percentage, the slower files are uploaded. Microsoft recommends a value of 50% or higher. Even though the bandwidth is limited by this setting, the app will periodically synchronize files without limitation for 1 minute. This ensures that small files are uploaded quickly, despite the limitation. This setting should be defined for low bandwidths.
If this setting is “Disable” or “Not Configure”, the user can control the limit directly from the OneDrive Client (in KB/second) or configure it to “Adjust automatically” (defines upload to 70% of bandwidth)
- Prompt users to move Windows known folders to OneDrive
The setting “Prompt users to move Windows known folders to OneDrive” can be used to define whether the following window appears.
This defines that the folders Documents, Pictures and Desktop are synchronized to OneDrive. This option is only available from client version 18.111.0603.0004.
Installation of Office365 without OneDrive (User-Based)
To not also install OneDrive (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:
|
1 |
<ExcludeApp ID="OneDrive" /> |
The Configuration.xml should then look like this
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<Configuration> <Add OfficeClientEdition="64" Channel="Monthly"> <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> <ExcludeApp ID="OneDrive" /> </Product> <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> <Product ID="ProjectProRetail"> <Language ID="en-us" /> </Product> <Product ID="LanguagePack"> <Language ID="de-de" /> </Product> </Add> </Configuration> |
OneDrive for Business as Published App
When OneDrive for Business is opened during a Citrix Published App session, it ensures that there is no logout. Adding the binary name of the OneDrive EXE-file to the LogoffCheckSysModules registry key does not help.
Solution
Perform the following steps:
- Start Regedit
- Go to the following Registry directory and create a new entry
|
1 2 3 4 5 |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI Value Name: LogoffCheckSysModules Type: REG_SZ String: cmd.exe |
Save Important Folder in OneDrive
If you want to use the OneDrive for Business feature “Important Folder Backup”, when Folder Redirection is enabled, you cannot enable it because it cannot synchronize the data.
Solution
Perform the following steps:
- Activate the feature manually or via GPO
- Start the script below and copy the Desktop and Documents folders to your OneDrive
thanks looks very well done .
Just wanted to know if you perhaps have some for FSlogix .
Our environment works on Citrix users only use the apps via website.
We are in the progress of doing a poc on that system office 365 2019 Server 2019 Latest VDI
In my environments I also only use FSLogix. The adjustments concerning the profile solution inclusion are directly included in FSLogix.
Just make sure to exclude certain directories by redirection.xml.
If you have any further questions, please feel free to contact me via Messenger (Twitter, LinkedIn and so on).
I assume the exclusions are teams related? Didnt see anything for one related. I have never did one drive before in fslogix so i curious if there is anything else?
Yes that’s true.
With OneDrive Macine Based install you don’t have to exclude anything more.
You just have to make sure to include the sync data if that is desired.
Nice job.
Good work. Do you know where Teams credentials are saved? Even after I roam %appdata%\microsoft\Teams, if I logoff (clear the local profile) and login again, Teams prompt for password as if it’s running for the first time…
The end goal is to have the users logged in to Teams only once, then if they close it and logoff, login again to a different machine/server, personlization should bring everything needed back so when they run Teams it goes straight to chats without prompting again for the password…
Unfortunately, I don’t know that.
I use FSLogix for that.
https://www.deyda.net/index.php/en/2019/11/05/fslogix-container-office-profile-in-citrix-environments/
With PHS enabled, the user doesn’t even have to log in for the first time (SSO)
https://www.deyda.net/index.php/en/2019/07/18/activation-of-azure-ad-seamless-single-sign-on/
Thanks I will look at those too.
When installing the the 64 bit version of Team Machine installer on a Windows 2019 server Citrix server, it installs in C:\Program Files (x86) instead of C:\%PROGRAMFILES%\Microsoft\Teams. Why is that?
MSI (c) (84:44) [22:51:54:843]: PROPERTY CHANGE: Adding APPLICATIONROOTDIRECTORY property. Its value is ‘C:\Program Files (x86)\Teams Installer\’.
Which version do u use ?
Teams_windows_x64.msi – v1.3.0.3564
I’m testing this this week and give you feedback.
Thank you.
Can it be Office 365 ProPlus 32 version (with Teams and OneDrive excluded in the xml) which needs also a Teams 32 bit Machine Installer version?
No I see the same in my environment.
Teams x64 and Office 365 x64, but Teams is installed in x86 folder
Thank you.
So “In this case, part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft\Teams.” is not correct and must be %programfiles(x86)% π
In the wording, you mention “OneDrive for Business” but the install is just “OneDrive”… are they now the same?
You install OneDrive (Machine Based) and it then becomes a OneDrive for Business through the deposited account.
Left OneDrive for Business and right OneDrive Personal.
Seeing the same here. 64-bit MSI installing into C:\Program Files (x86)\Teams Installer folder, but RUN key expecting to find it in %ProgramFiles%\Teams Installer\Teams.exe.
I logged a ticket (19331537) on Friday, but nothing back and it’s now COB Monday.
Hi Glenn,
this is a normal behaviour for the machine-based installer.
ALLUSER=1
This installs Teams to the Program Files (x86) folder on a 64-bit operating system and to the Program Files folder on a 32-bit operating system.
At this point, the golden image setup is complete. Installing Teams per-machine is required for non-persistent setups.
If I run msiexec /i Teams_windows_x64.msi ALLUSERS=1 ALLUSER=1, I get:
Teams.exe
Installation has failed
Cannot install for all users when a VDI environment is not detected.
[Close]
Hi Glenn,
If no VDA is installed and you want to install Teams Machine Wide, provide a new key named PortICA under the following registry path before installing Teams with the machine based parameter ALLUSER = 1.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\PortICA
Just wondering how to exclude those directories for the teams profile?
Which profile management tool do u use ?
We currently only use local profiles with UEV. We got rid of roaming profiles and really don’t use any profile management tools.
You can also edit this but that was ages ago and it is no longer supported. In this case I would recommend fslogix Office Container. This is a solution that Microsoft bought.
Here my HowTo to this topic:
https://www.deyda.net/index.php/en/2019/11/05/fslogix-container-office-profile-in-citrix-environments/
On the excluded folders you list: –
Roaming/Microsoft Teams/GPUCache
Should this not be: –
Roaming/Microsoft/Teams/GPUCache
This is the location for my install anyway.
Thx. I correct the typo π
On Teams you note minimum version of 1.3.00.4461 – can today’s version be used?
Is this a good link? >> http://aka.ms/teams64bitmsi — If I use this link, I get version 1.3.0.13565.
If I try to replace your link above with the version number it does not work…
Bad link > https://statics.teams.cdn.office.net/production-windows-x64/1.3.0.13565/Teams_windows_x64.msi
But this link > http://aka.ms/teams64bitmsi gives me version 1.3.0.13565 for download on 06.02.2020.
Thanks!
At the moment it is still the version 1.3.00.4461 recommended by Microsoft for Citrix environments. I’m testing the latest one for bugs and let you know what my opinion is.
The Link to the newest 64-Bit Teams Version is:
https://teams.microsoft.com/downloads/desktopurl?env=production&plat=windows&arch=x64&managedInstaller=true&download=true
Or your link http://aka.ms/teams64bitmsi π