Table of Contents
In the past months, I have had to deploy Microsoft Teams and OneDrive from the Office365 portfolio in Citrix environments, in addition to the standard office applications in numerous projects.
Microsoft Teams
The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).
A user-based installation can be detected very quickly in the User Profile, since data is then located under AppData\Local\Microsoft\Teams.
This type of installation in a worker with server operating system has many disadvantages:
- No control over the installed version
- Several different versions possible on the same worker
- Complete data (~1 GB) is stored in the user profile
To correct this and clean up the User Profile the following script can be used.
The script must be executed in user context. Either by GPO logon script or WEM External Task.
To prevent such an installation, the path AppData\Local\Microsoft\Teams can be blocked by FSLogix AppMasking or another tool.
Installation Machine Based
In order for Teams to function in server operating systems (multi-user capable), the Machine Based Installer must be used. The part of the data that is stored in the AppData\Local\Microsoft\Teams path in the User Based Installer is stored in the C:\%PROGRAMFILES%\Microsoft\Teams folder. However, teams can no longer be updated automatically once a new version is available. This mode is recommended for non-persistent environments.
- First we download the MSI package
- If there is still a Teams installation on the system, it must be uninstalled first
- Start an Administrative CMD
- The installation is performed with the following command
1 |
msiexec /i <Path_to_msi> /l*v <install_logfile> ALLUSER=1 ALLUSERS=1 |
Example:
1 |
msiexec /i Teams_windows_x64.msi /l*v Install.Log ALLUSER=1 ALLUSERS=1 |
The Parameter ALLUSER=1 install Teams (Machine-Based) to the Program Files (x86) folder on a 64-bit operating system and to the Program Files folder on a 32-bit operating system. With this parameter, the Teams MSI still does not use a Windows Installer to install all files. Instead, Microsoft created additional custom actions in the MSI, that extract all files from Teams.exe to the Program Files folder.
When you set the parameter ALLUSERS=1, Teams Machine-Wide Installer appears in Programs and Features in Control Panel and in Apps & features in Windows Settings for all users of the computer. All users can then uninstall Teams if they have admin credentials.
We can perform the complete installation (with the correct parameters) script controlled.
With my following Evergreen Script, it can check at every opening of the Golden Master, if there is a new version and install it thereupon.
Installation with AppLayering
If Citrix App Layering is used or the Citrix VDA Agent is not yet installed on the worker, the following error message is displayed
To solve this, a new key named PortICA must be provided under the following path of the registry before teams with the machine based parameter ALLUSER = 1 can be installed.
1 |
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA |
Or
1 |
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\PortICA |
This should also be considered if you need to package Teams machine-based.
Uninstallation
To update to the latest Teams version, first uninstall the current version so that the new one can be installed again.
There are two possibilities for this:
- Via the installer
- Right click on the installer and click Uninstall
- Command line
- This command uninstalls Teams from the Program Files (x86) folder or from the Program Files folder
1 |
msiexec /passive /x <path_to_msi> /l*v <uninstall_logfile> |
Example:
1 |
msiexec /passive /x Teams_windows_x64.msi /l*v Uninstall.Log |
For the different installation methods I have also created CleanUp Scripts.
Directory inclusion for profile solution
The Teams directory must be included in the existing profile solution.
- Roaming/Microsoft/Teams
Directory exclusion for profile solution
The following directory and file typ should be excluded from the profile. Excluding these elements helps to reduce the size of the user profile.
- Roaming/Microsoft/Teams/*.txt
- Roaming/Microsoft/Teams/media-stack
- Roaming/Microsoft/Teams/Service Worker/CacheStorage
- Roaming/Microsoft/Teams/Application Cache
- Roaming/Microsoft/Teams/Cache
- Roaming/Microsoft/ Teams/GPUCache
- Roaming/Microsoft Teams/Logs
Configuration
GPOs
The default behavior of the Teams installation is to automatically start teams as soon as a user logs in. If this is not desired, it must be defined using group policies.
Important: With the current version of Teams, this intervention via GPO no longer works.
- Download the ADMX files for Office365
- Copy the extracted files to your Policy Central Store and create a GPO to edit the autostart behavior of teams (Prevent Microsoft Teams from starting automatically after installation under User Configuration\Policies\Administrative Templates\Microsoft Teams)
If GPO cannot be used for this, the PreventFirstLaunchAfterInstall key must be defined under HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Teams. The key type for PreventFirstLaunchAfterInstall is REG_DWORD and the value should be set to 1, which means that teams are not automatically started after installation.
If teams have already been rolled out and the above policy is activated afterwards, 2 scripts must be run, to reset the autostart flag in the user and machine context.
Script for machine context – This must be done once per machine (or Golden Master) with an Administrative PowerShell.
Script for user context – This only needs to be done once for the user after the machine context script has been executed.
desktop-config.json
The following script can be used to define the settings from the desktop-config.json file per user if they have already opened Teams.
The following settings can be defined using this script:
- Auto-start application (openAtLogin)
- Open application in background (openAsHidden)
- On close, keep the application running (runningOnClose)
- Disable GPU hardware acceleration (disableGpu)
- Register Teams as the chat app for Office (registerAsIMProvider)
Important is here that you can edit this only with the Script, if teams was started initially once. Only then the desktop-config.json file is available in its final version in the profile.
If the settings should be stored before the first start, a pre-configured file must be created and stored in the default profile (c:\users\default\AppData\Roaming\Microsoft\Teams) or created via GPP Rule during profile creation.
For this purpose, a desktop-config.json file should be created with the required settings.
1 2 3 4 5 6 7 8 |
{ "appPreferenceSettings": { "runningOnClose": true, "disableGpu": true, "callingMWEnabledPreferenceKey": false, "registerAsIMProvider": false } } |
Storage in the default path on the worker.
Or configuration via Group Policy Preferences.
The following settings should be configured for better performance.
Disable GPU hardware acceleration should be activated if no vGPU solution (nvidia etc.) is used on the worker, because teams need less resources then.
Register teams as the chat app for Office should be disabled for the same reason.
If you are fast enough, you can see in the fresh new profile, the file we created.
And when Teams starts up for the first time, the desired settings are also set directly.
Registry
To make sure that Teams initial always starts the invitation links directly without a prompt, you can set the following registry entries via GPP or WEM Registry Entry.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ProtocolExecute\msteams] "WarnOnOpen"=dword:00000000 [HKEY_CURRENT_USER\Software\Classes\msteams] "URL Protocol"="" @="URL:msteams" [HKEY_CURRENT_USER\Software\Classes\msteams\shell\open\command] @="\"C:\\Program Files (x86)\\Microsoft\\Teams\\current\\Teams.exe\" \"%1\"" [HKEY_CURRENT_USER\Software\Classes\TeamsURL\shell\open\command] @="\"C:\\Program Files (x86)\\Microsoft\\Teams\\current\\Teams.exe\" \"%1\"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts] "msteams_msteams"=dword:00000000 |
Enable optimization of Microsoft Teams
- Microsoft Teams Version 1.2.00.31357 or higher
- CVAD Delivery Controller & VDA Version 1906.2 or higher
- Windows 10 64-bit Version 1607 or higher / Windows Server 2019 / Windows Server 2016 / Windows Server 2012 R2
- Browser Content Redirection installed (BCR_x64.msi)
- Citrix Workspace app for Windows 1909 or newer / Citrix Workspace app for MAC 2009 or newer / Citrix Workspace app for Linux 2010 or newer
- Citrix Policy Setting
- Microsoft Teams redirection Allowed
- Key: HKEY_CURRENT_USER\Software\Citrix\HDXMediaStream
- Name: MSTeamsRedirSupport
- Value: DWORD (1 – on, 0 – off)
- Microsoft Teams redirection Allowed
Installation of Office365 without Teams (User-Based)
To not also install Teams (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:
1 |
<ExcludeApp ID="Teams" /> |
The Configuration.xml should then look like this
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<Configuration> <Add OfficeClientEdition="64" Channel="Monthly"> <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> <ExcludeApp ID="Teams" /> </Product> <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> <Product ID="ProjectProRetail"> <Language ID="en-us" /> </Product> <Product ID="LanguagePack"> <Language ID="de-de" /> </Product> </Add> </Configuration> |
OneDrive for Business
The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).
If the User-Based Install is used, it loads the profile with ~500MB of data.
Installation
In order for OneDrive to work in server operating systems (multi-user capable), the Machine Based Installer must be used. A part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft OneDrive. This mode is recommended for non-persistent environments.
- First download the installer
- Start an Administrative CMD
- The installation is performed with the following command
1 |
<Path_to_exe> /allusers |
Example:
1 |
OneDriveSetup.exe /allusers |
Directory inclusion for profile solution
The OneDrive directory must be included in the existing profiles solution.
- Local/Microsoft/OneDrive
Configuration
The default behavior of the OneDrive installation, is to allow the user to sync the entire OneDrive account to the local machine (up to 1TB). Since this may not be desired (Set the maximum size of a user’s OneDrive that can download automatically), this must be limited using Group Policy.
These and other settings are only possible under Windows Server 2019 and Windows 10 (Version 1709 or newer), because only then Files On Demand is available. With older operating systems, the complete OneDrive data is downloaded.
- Connect to a worker who now has the OneDrive for Business Client installed
- In the directory C:\Program Files (x86)\Microsoft OneDrive\<BuildNumber>\adm, go to the subdirectory of the language you need (the BuildNumber can be found in the About tab of the client)
- Copy the ADML file and the ADMX file from the adm folder to your GPO Central Store
- Create a GPO to edit the OneDrive configuration (Computer Configuration\Policies\Administrative Templates\OneDrive)
- Set the maximum size of a user’s OneDrive that can download automatically
This setting define how to handle with OneDrive accounts that are larger than the specified value (in MB). These accounts will prompt the user to select the folders to be synchronized, before the sync client downloads the files. In the GPO setting, the Tenant ID and the Maximum size in MB must be defined.
- Silently sign in users to the OneDrive sync app with their Windows credentials
When this setting is enabled, users logged on to a worker connected to Azure AD, can set up the client without entering their credentials. Users will still see OneDrive Setup, allowing them to select the folders to be synchronized and the location of the OneDrive folder.
- Specify SharePoint Server URL and organization name
- Specify the OneDrive location in a hybrid environment
The settings “Specify SharePoint Server URL and organization name” and “Specify the OneDrive location in a hybrid environment” are for customers with SharePoint Server 2019 instances.
- Allow syncing OneDrive accounts for only specific organizations
The setting “Allow syncing OneDrive accounts for only specific organizations” prevents a proliferation of connections to non-company OneDrive instances (private or from other companies) by specifying a list of allowed Tenant IDs. If users now try to log in to a non-permitted Tenant ID, they will receive an error message. If users are already logged on to other Tenant IDs, they will not be synchronized further.
This setting has a higher priority than the “Block syncing OneDrive accounts for specific organizations” setting, which can be used to block specific tenant IDs.
- Block file downloads when users are low on disk space
The setting “Block file downloads when users are low on disk space” can be used to prevent users from crippling the system with OneDrive Sync. It defines the minimum disk size at which the OneDrive Client will stop the synchronization. The user is then presented with a window with options to free up memory.
- Limit the sync app upload rate to a percentage of throughput
The “Limit the sync app upload rate to a percentage of throughput” define the maximum bandwidth of the synchronization (upload). Therefore a maximum percentage, of the total bandwidth of the computer, is defined for this purpose. The lower the percentage, the slower files are uploaded. Microsoft recommends a value of 50% or higher. Even though the bandwidth is limited by this setting, the app will periodically synchronize files without limitation for 1 minute. This ensures that small files are uploaded quickly, despite the limitation. This setting should be defined for low bandwidths.
If this setting is “Disable” or “Not Configure”, the user can control the limit directly from the OneDrive Client (in KB/second) or configure it to “Adjust automatically” (defines upload to 70% of bandwidth)
- Prompt users to move Windows known folders to OneDrive
The setting “Prompt users to move Windows known folders to OneDrive” can be used to define whether the following window appears.
This defines that the folders Documents, Pictures and Desktop are synchronized to OneDrive. This option is only available from client version 18.111.0603.0004.
Installation of Office365 without OneDrive (User-Based)
To not also install OneDrive (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:
1 |
<ExcludeApp ID="OneDrive" /> |
The Configuration.xml should then look like this
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<Configuration> <Add OfficeClientEdition="64" Channel="Monthly"> <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> <ExcludeApp ID="OneDrive" /> </Product> <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> <Product ID="ProjectProRetail"> <Language ID="en-us" /> </Product> <Product ID="LanguagePack"> <Language ID="de-de" /> </Product> </Add> </Configuration> |
OneDrive for Business as Published App
When OneDrive for Business is opened during a Citrix Published App session, it ensures that there is no logout. Adding the binary name of the OneDrive EXE-file to the LogoffCheckSysModules registry key does not help.
Solution
Perform the following steps:
- Start Regedit
- Go to the following Registry directory and create a new entry
1 2 3 4 5 |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI Value Name: LogoffCheckSysModules Type: REG_SZ String: cmd.exe |
Save Important Folder in OneDrive
If you want to use the OneDrive for Business feature “Important Folder Backup”, when Folder Redirection is enabled, you cannot enable it because it cannot synchronize the data.
Solution
Perform the following steps:
- Activate the feature manually or via GPO
- Start the script below and copy the Desktop and Documents folders to your OneDrive
thanks looks very well done .
Just wanted to know if you perhaps have some for FSlogix .
Our environment works on Citrix users only use the apps via website.
We are in the progress of doing a poc on that system office 365 2019 Server 2019 Latest VDI
In my environments I also only use FSLogix. The adjustments concerning the profile solution inclusion are directly included in FSLogix.
Just make sure to exclude certain directories by redirection.xml.
If you have any further questions, please feel free to contact me via Messenger (Twitter, LinkedIn and so on).
I assume the exclusions are teams related? Didnt see anything for one related. I have never did one drive before in fslogix so i curious if there is anything else?
Yes that’s true.
With OneDrive Macine Based install you don’t have to exclude anything more.
You just have to make sure to include the sync data if that is desired.
Nice job.
Good work. Do you know where Teams credentials are saved? Even after I roam %appdata%\microsoft\Teams, if I logoff (clear the local profile) and login again, Teams prompt for password as if it’s running for the first time…
The end goal is to have the users logged in to Teams only once, then if they close it and logoff, login again to a different machine/server, personlization should bring everything needed back so when they run Teams it goes straight to chats without prompting again for the password…
Unfortunately, I don’t know that.
I use FSLogix for that.
https://www.deyda.net/index.php/en/2019/11/05/fslogix-container-office-profile-in-citrix-environments/
With PHS enabled, the user doesn’t even have to log in for the first time (SSO)
https://www.deyda.net/index.php/en/2019/07/18/activation-of-azure-ad-seamless-single-sign-on/
Thanks I will look at those too.
When installing the the 64 bit version of Team Machine installer on a Windows 2019 server Citrix server, it installs in C:\Program Files (x86) instead of C:\%PROGRAMFILES%\Microsoft\Teams. Why is that?
MSI (c) (84:44) [22:51:54:843]: PROPERTY CHANGE: Adding APPLICATIONROOTDIRECTORY property. Its value is ‘C:\Program Files (x86)\Teams Installer\’.
Which version do u use ?
Teams_windows_x64.msi – v1.3.0.3564
I’m testing this this week and give you feedback.
Thank you.
Can it be Office 365 ProPlus 32 version (with Teams and OneDrive excluded in the xml) which needs also a Teams 32 bit Machine Installer version?
No I see the same in my environment.
Teams x64 and Office 365 x64, but Teams is installed in x86 folder
Thank you.
So “In this case, part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft\Teams.” is not correct and must be %programfiles(x86)% 🙂
In the wording, you mention “OneDrive for Business” but the install is just “OneDrive”… are they now the same?
You install OneDrive (Machine Based) and it then becomes a OneDrive for Business through the deposited account.
Left OneDrive for Business and right OneDrive Personal.
Seeing the same here. 64-bit MSI installing into C:\Program Files (x86)\Teams Installer folder, but RUN key expecting to find it in %ProgramFiles%\Teams Installer\Teams.exe.
I logged a ticket (19331537) on Friday, but nothing back and it’s now COB Monday.
Hi Glenn,
this is a normal behaviour for the machine-based installer.
ALLUSER=1
This installs Teams to the Program Files (x86) folder on a 64-bit operating system and to the Program Files folder on a 32-bit operating system.
At this point, the golden image setup is complete. Installing Teams per-machine is required for non-persistent setups.
If I run msiexec /i Teams_windows_x64.msi ALLUSERS=1 ALLUSER=1, I get:
Teams.exe
Installation has failed
Cannot install for all users when a VDI environment is not detected.
[Close]
Hi Glenn,
If no VDA is installed and you want to install Teams Machine Wide, provide a new key named PortICA under the following registry path before installing Teams with the machine based parameter ALLUSER = 1.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\PortICA
Just wondering how to exclude those directories for the teams profile?
Which profile management tool do u use ?
We currently only use local profiles with UEV. We got rid of roaming profiles and really don’t use any profile management tools.
You can also edit this but that was ages ago and it is no longer supported. In this case I would recommend fslogix Office Container. This is a solution that Microsoft bought.
Here my HowTo to this topic:
https://www.deyda.net/index.php/en/2019/11/05/fslogix-container-office-profile-in-citrix-environments/
On the excluded folders you list: –
Roaming/Microsoft Teams/GPUCache
Should this not be: –
Roaming/Microsoft/Teams/GPUCache
This is the location for my install anyway.
Thx. I correct the typo 🙂
On Teams you note minimum version of 1.3.00.4461 – can today’s version be used?
Is this a good link? >> http://aka.ms/teams64bitmsi — If I use this link, I get version 1.3.0.13565.
If I try to replace your link above with the version number it does not work…
Bad link > https://statics.teams.cdn.office.net/production-windows-x64/1.3.0.13565/Teams_windows_x64.msi
But this link > http://aka.ms/teams64bitmsi gives me version 1.3.0.13565 for download on 06.02.2020.
Thanks!
At the moment it is still the version 1.3.00.4461 recommended by Microsoft for Citrix environments. I’m testing the latest one for bugs and let you know what my opinion is.
The Link to the newest 64-Bit Teams Version is:
https://teams.microsoft.com/downloads/desktopurl?env=production&plat=windows&arch=x64&managedInstaller=true&download=true
Or your link http://aka.ms/teams64bitmsi 🙂
desktop-config.json is not working when i install machine based (msiexec /i Teams_windows_x64.msi ALLUSER=1 ALLUSERS=1).
How can i autostart Teams but hidden?