In the past months, I have had to deploy Microsoft Teams and OneDrive from the Office365 portfolio in Citrix environments, in addition to the standard office applications in numerous projects.

Microsoft Teams

The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).

Installation

In order for Teams to function in server operating systems (multi-user capable), the Machine Based Installer must be used. In this case, part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft\Teams. However, Teams can no longer be updated automatically as soon as a new version is available. This mode is recommended for non-persistent environments.

• First we download the MSI package

Newest Teams MSI Version (at the moment 1.3.0.28779)

32 bit

64 bit

• If there is still a Teams installation on the system, it must be uninstalled first
• Start an Administrative CMD
• The installation is performed with the following command (here with the FirstStart function disabled)

Example:

The Parameter ALLUSER=1 install Teams (Machine-Based) to the Program Files (x86) folder on a 64-bit operating system and to the Program Files folder on a 32-bit operating system. With this parameter, the Teams MSI still does not use a Windows Installer to install all files. Instead, Microsoft created additional custom actions in the MSI, that extract all files from Teams.exe to the Program Files folder.

When you set the parameter ALLUSERS=1, Teams Machine-Wide Installer appears in Programs and Features in Control Panel and in Apps & features in Windows Settings for all users of the computer. All users can then uninstall Teams if they have admin credentials.

You can disable auto launch for the MSI installer by using the OPTIONS=”noAutoStart=true” parameter as follows. Teams won’t start until the user manually starts Teams. After the user manually starts Teams, Teams automatically starts whenever the user logs in.

Example:

Installation with AppLayering

If Citrix App Layering is used, provide a new key named PortICA under the following registry path before installing Teams with the machine based parameter ALLUSER = 1

Or

If this key is missing, this error message is displayed.

This should also be considered if you need to package Teams machine-based.

Uninstallation

To update to the latest Teams version, first uninstall the current version so that the new one can be installed again.

There are two possibilities for this:

• Via the installer
  • Right click on the installer and click Uninstall

• Command line
  • This command uninstalls Teams from the Program Files (x86) folder or from the Program Files folder

Example:

For the different installation methods I have also created CleanUp Scripts.

UserBased CleanUp

MachineBased CleanUp

Directory inclusion for profile solution

The Teams directory must be included in the existing profile solution.

• Roaming/Microsoft/Teams

Directory exclusion for profile solution

The following directory and file typ should be excluded from the profile. Excluding these elements helps to reduce the size of the user profile.

• Roaming/Microsoft/Teams/*.txt
• Roaming/Microsoft/Teams/media-stack
• Roaming/Microsoft/Teams/Service Worker/CacheStorage
• Roaming/Microsoft/Teams/Application Cache
• Roaming/Microsoft/Teams/Cache
• Roaming/Microsoft/ Teams/GPUCache
• Roaming/Microsoft Teams/Logs

Configuration

The default behavior of the Teams installation is to automatically start teams as soon as a user logs in. If this is not desired, it must be defined using group policies.

• Download the ADMX files for Office365

• Copy the extracted files to your Policy Central Store and create a GPO to edit the autostart behavior of teams (Prevent Microsoft Teams from starting automatically after installation under User Configuration\Policies\Administrative Templates\Microsoft Teams)

If GPO cannot be used for this, the PreventFirstLaunchAfterInstall key must be defined under HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Teams. The key type for PreventFirstLaunchAfterInstall is REG_DWORD and the value should be set to 1, which means that teams are not automatically started after installation.

If teams have already been rolled out and the above policy is activated afterwards, 2 scripts must be run, to reset the autostart flag in the user and machine context.

Script for machine context – This must be done once per machine (or Golden Master) with an Administrative PowerShell.

Script for user context – This only needs to be done once for the user after the machine context script has been executed.

Installation of Office365 without Teams (User-Based)

To not also install Teams (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:

The Configuration.xml should then look like this

OneDrive for Business

The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).

Installation

In order for OneDrive to work in server operating systems (multi-user capable), the Machine Based Installer must be used. A part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft OneDrive. This mode is recommended for non-persistent environments.

• Als erstes laden wir uns den Installer herunter

• Start an Administrative CMD
• The installation is performed with the following command

Example:

Directory inclusion for profile solution

The OneDrive directory must be included in the existing profiles solution.

• Local/Microsoft/OneDrive

Configuration

The default behavior of the OneDrive installation, is to allow the user to sync the entire OneDrive account to the local machine (up to 1TB). Since this may not be desired (Set the maximum size of a user’s OneDrive that can download automatically), this must be limited using Group Policy.

Connect to a worker who now has the OneDrive for Busniess Client installed
In the directory %localappdata%\Microsoft\OneDrive\<BuildNumber>\adm, go to the subdirectory of the language you need (the BuildNumber can be found in the About tab of the client)
Copy the ADML file and the ADMX file from the adm folder to your GPO Central Store

• Create a GPO to edit the OneDrive configuration (Computer Configuration\Policies\Administrative Templates\OneDrive)

• Set the maximum size of a user’s OneDrive that can download automatically

This setting define how to handle with OneDrive accounts that are larger than the specified value (in MB). These accounts will prompt the user to select the folders to be synchronized, before the sync client downloads the files. In the GPO setting, the Tenant ID and the Maximum size in MB must be defined.

• Silently sign in users to the OneDrive sync app with their Windows credentials

When this setting is enabled, users logged on to a worker connected to Azure AD, can set up the client without entering their credentials. Users will still see OneDrive Setup, allowing them to select the folders to be synchronized and the location of the OneDrive folder.

• Specify SharePoint Server URL and organization name
• Specify the OneDrive location in a hybrid environment

The settings “Specify SharePoint Server URL and organization name” and “Specify the OneDrive location in a hybrid environment” are for customers with SharePoint Server 2019 instances.

• Allow syncing OneDrive accounts for only specific organizations

The setting “Allow syncing OneDrive accounts for only specific organizations” prevents a proliferation of connections to non-company OneDrive instances (private or from other companies) by specifying a list of allowed Tenant IDs. If users now try to log in to a non-permitted Tenant ID, they will receive an error message. If users are already logged on to other Tenant IDs, they will not be synchronized further.

This setting has a higher priority than the “Block syncing OneDrive accounts for specific organizations” setting, which can be used to block specific tenant IDs.

• Block file downloads when users are low on disk space

The setting “Block file downloads when users are low on disk space” can be used to prevent users from crippling the system with OneDrive Sync. It defines the minimum disk size at which the OneDrive Client will stop the synchronization. The user is then presented with a window with options to free up memory.

• Limit the sync app upload rate to a percentage of throughput

The “Limit the sync app upload rate to a percentage of throughput” define the maximum bandwidth of the synchronization (upload). Therefore a maximum percentage, of the total bandwidth of the computer, is defined for this purpose. The lower the percentage, the slower files are uploaded. Microsoft recommends a value of 50% or higher. Even though the bandwidth is limited by this setting, the app will periodically synchronize files without limitation for 1 minute. This ensures that small files are uploaded quickly, despite the limitation. This setting should be defined for low bandwidths.

If this setting is “Disable” or “Not Configure”, the user can control the limit directly from the OneDrive Client (in KB/second) or configure it to “Adjust automatically” (defines upload to 70% of bandwidth)

• Prompt users to move Windows known folders to OneDrive

The setting “Prompt users to move Windows known folders to OneDrive” can be used to define whether the following window appears.

This defines that the folders Documents, Pictures and Desktop are synchronized to OneDrive. This option is only available from client version 18.111.0603.0004.

Installation of Office365 without OneDrive (User-Based)

To not also install OneDrive (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:

The Configuration.xml should then look like this

OneDrive for Business as Published App

When OneDrive for Business is opened during a Citrix Published App session, it ensures that there is no logout. Adding the binary name of the OneDrive EXE-file to the LogoffCheckSysModules registry key does not help.

---

Solution

Perform the following steps:

• Start Regedit
• Go to the following Registry directory and create a new entry

Save Important Folder in OneDrive

If you want to use the OneDrive for Business feature “Important Folder Backup”, when Folder Redirection is enabled, you cannot enable it because it cannot synchronize the data.

Solution

Perform the following steps:

• Activate the feature manually or via GPO
• Start the script below and copy the Desktop and Documents folders to your OneDrive

Script to copy the data