Install Teams & OneDrive in Citrix (Machine-Based)

In the past months, I have had to deploy Microsoft Teams and OneDrive from the Office365 portfolio in Citrix environments, in addition to the standard office applications in numerous projects.

Microsoft Teams

The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).

Installation

In order for Teams to function in server operating systems (multi-user capable), the Machine Based Installer must be used. In this case, part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft\Teams. However, Teams can no longer be updated automatically as soon as a new version is available. This mode is recommended for non-persistent environments.

  • First we download the MSI package
Newest Teams MSI Version (at the moment 1.3.0.28779)32 bit64 bit
Minimum Version 1.3.00.4461
  • If there is still a Teams installation on the system, it must be uninstalled first
  • Start an Administrative CMD
  • The installation is performed with the following command (here with the FirstStart function disabled)

Example:

The Parameter ALLUSER=1 install Teams (Machine-Based) to the Program Files (x86) folder on a 64-bit operating system and to the Program Files folder on a 32-bit operating system. With this parameter, the Teams MSI still does not use a Windows Installer to install all files. Instead, Microsoft created additional custom actions in the MSI, that extract all files from Teams.exe to the Program Files folder.

When you set the parameter ALLUSERS=1, Teams Machine-Wide Installer appears in Programs and Features in Control Panel and in Apps & features in Windows Settings for all users of the computer. All users can then uninstall Teams if they have admin credentials.

You can disable auto launch for the MSI installer by using the OPTIONS=”noAutoStart=true” parameter as follows. Teams won’t start until the user manually starts Teams. After the user manually starts Teams, Teams automatically starts whenever the user logs in.

Example:

Teams Machine-Wide Installer
Teams Install

Installation with AppLayering

If Citrix App Layering is used, provide a new key named PortICA under the following registry path before installing Teams with the machine based parameter ALLUSER = 1

Citrix AppLayering Key PortICA

Or

If this key is missing, this error message is displayed.

Installation has failed. Cannot Install for all users when a VDI environment is not detected

This should also be considered if you need to package Teams machine-based.

Uninstallation

To update to the latest Teams version, first uninstall the current version so that the new one can be installed again.

There are two possibilities for this:

  • Via the installer
    • Right click on the installer and click Uninstall
  • Command line
    • This command uninstalls Teams from the Program Files (x86) folder or from the Program Files folder

Example:

uninstall teams

For the different installation methods I have also created CleanUp Scripts.

UserBased CleanUp

MachineBased CleanUp

Directory inclusion for profile solution

The Teams directory must be included in the existing profile solution.

  • Roaming/Microsoft/Teams
teams roaming data

Directory exclusion for profile solution

The following directory and file typ should be excluded from the profile. Excluding these elements helps to reduce the size of the user profile.

  • Roaming/Microsoft/Teams/*.txt
  • Roaming/Microsoft/Teams/media-stack
  • Roaming/Microsoft/Teams/Service Worker/CacheStorage
  • Roaming/Microsoft/Teams/Application Cache
  • Roaming/Microsoft/Teams/Cache
  • Roaming/Microsoft/ Teams/GPUCache
  • Roaming/Microsoft Teams/Logs
media-stack folder exclude

Configuration

The default behavior of the Teams installation is to automatically start teams as soon as a user logs in. If this is not desired, it must be defined using group policies.

  • Copy the extracted files to your Policy Central Store and create a GPO to edit the autostart behavior of teams (Prevent Microsoft Teams from starting automatically after installation under User Configuration\Policies\Administrative Templates\Microsoft Teams)

If GPO cannot be used for this, the PreventFirstLaunchAfterInstall key must be defined under HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Teams. The key type for PreventFirstLaunchAfterInstall is REG_DWORD and the value should be set to 1, which means that teams are not automatically started after installation.

If teams have already been rolled out and the above policy is activated afterwards, 2 scripts must be run, to reset the autostart flag in the user and machine context.

Script for machine context – This must be done once per machine (or Golden Master) with an Administrative PowerShell.

Script for user context – This only needs to be done once for the user after the machine context script has been executed.

Installation of Office365 without Teams (User-Based)

To not also install Teams (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:

The Configuration.xml should then look like this

OneDrive for Business

The standard installation, that the user can perform through the Office365 portal, is a user-based installation. In a Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).

Installation

In order for OneDrive to work in server operating systems (multi-user capable), the Machine Based Installer must be used. A part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft OneDrive. This mode is recommended for non-persistent environments.

  • Als erstes laden wir uns den Installer herunter
Curent and pre-release versions
  • Start an Administrative CMD
  • The installation is performed with the following command

Example:

OneDrive Installer Machine Based

Directory inclusion for profile solution

The OneDrive directory must be included in the existing profiles solution.

  • Local/Microsoft/OneDrive
OneDrive Folder Local

Configuration

The default behavior of the OneDrive installation, is to allow the user to sync the entire OneDrive account to the local machine (up to 1TB). Since this may not be desired (Set the maximum size of a user’s OneDrive that can download automatically), this must be limited using Group Policy.

Connect to a worker who now has the OneDrive for Busniess Client installed
In the directory %localappdata%\Microsoft\OneDrive\<BuildNumber>\adm, go to the subdirectory of the language you need (the BuildNumber can be found in the About tab of the client)
Copy the ADML file and the ADMX file from the adm folder to your GPO Central Store

OneDrive ADMX Datei
  • Create a GPO to edit the OneDrive configuration (Computer Configuration\Policies\Administrative Templates\OneDrive)
Computer Configuration policies in the Group Policy Management Editor
  • Set the maximum size of a user’s OneDrive that can download automatically

This setting define how to handle with OneDrive accounts that are larger than the specified value (in MB). These accounts will prompt the user to select the folders to be synchronized, before the sync client downloads the files. In the GPO setting, the Tenant ID and the Maximum size in MB must be defined.

  • Silently sign in users to the OneDrive sync app with their Windows credentials

When this setting is enabled, users logged on to a worker connected to Azure AD, can set up the client without entering their credentials. Users will still see OneDrive Setup, allowing them to select the folders to be synchronized and the location of the OneDrive folder.

  • Specify SharePoint Server URL and organization name
  • Specify the OneDrive location in a hybrid environment

The settings “Specify SharePoint Server URL and organization name” and “Specify the OneDrive location in a hybrid environment” are for customers with SharePoint Server 2019 instances.

  • Allow syncing OneDrive accounts for only specific organizations

The setting “Allow syncing OneDrive accounts for only specific organizations” prevents a proliferation of connections to non-company OneDrive instances (private or from other companies) by specifying a list of allowed Tenant IDs. If users now try to log in to a non-permitted Tenant ID, they will receive an error message. If users are already logged on to other Tenant IDs, they will not be synchronized further.

This setting has a higher priority than the “Block syncing OneDrive accounts for specific organizations” setting, which can be used to block specific tenant IDs.

  • Block file downloads when users are low on disk space

The setting “Block file downloads when users are low on disk space” can be used to prevent users from crippling the system with OneDrive Sync. It defines the minimum disk size at which the OneDrive Client will stop the synchronization. The user is then presented with a window with options to free up memory.

  • Limit the sync app upload rate to a percentage of throughput

The “Limit the sync app upload rate to a percentage of throughput” define the maximum bandwidth of the synchronization (upload). Therefore a maximum percentage, of the total bandwidth of the computer, is defined for this purpose. The lower the percentage, the slower files are uploaded. Microsoft recommends a value of 50% or higher. Even though the bandwidth is limited by this setting, the app will periodically synchronize files without limitation for 1 minute. This ensures that small files are uploaded quickly, despite the limitation. This setting should be defined for low bandwidths.

Limit throuhput in 1-minute interval

If this setting is “Disable” or “Not Configure”, the user can control the limit directly from the OneDrive Client (in KB/second) or configure it to “Adjust automatically” (defines upload to 70% of bandwidth)

  • Prompt users to move Windows known folders to OneDrive

The setting “Prompt users to move Windows known folders to OneDrive” can be used to define whether the following window appears.

Known Folders Redirection to OneDrive

This defines that the folders Documents, Pictures and Desktop are synchronized to OneDrive. This option is only available from client version 18.111.0603.0004.

Installation of Office365 without OneDrive (User-Based)

To not also install OneDrive (User-Based Install) with the Office365 installation, the existing Configuration.xml must be extended by the following:

The Configuration.xml should then look like this

OneDrive for Business as Published App

When OneDrive for Business is opened during a Citrix Published App session, it ensures that there is no logout. Adding the binary name of the OneDrive EXE-file to the LogoffCheckSysModules registry key does not help.

Parent Property CMD

Solution

Perform the following steps:

  • Start Regedit
  • Go to the following Registry directory and create a new entry

Save Important Folder in OneDrive

If you want to use the OneDrive for Business feature “Important Folder Backup”, when Folder Redirection is enabled, you cannot enable it because it cannot synchronize the data.

Solution

Perform the following steps:

  • Activate the feature manually or via GPO
  • Start the script below and copy the Desktop and Documents folders to your OneDrive

Script to copy the data

30 thoughts on “Install Teams & OneDrive in Citrix (Machine-Based)”

  1. thanks looks very well done .
    Just wanted to know if you perhaps have some for FSlogix .
    Our environment works on Citrix users only use the apps via website.
    We are in the progress of doing a poc on that system office 365 2019 Server 2019 Latest VDI

    1. In my environments I also only use FSLogix. The adjustments concerning the profile solution inclusion are directly included in FSLogix.
      Just make sure to exclude certain directories by redirection.xml.
      If you have any further questions, please feel free to contact me via Messenger (Twitter, LinkedIn and so on).

      1. I assume the exclusions are teams related? Didnt see anything for one related. I have never did one drive before in fslogix so i curious if there is anything else?

        1. Yes that’s true.

          With OneDrive Macine Based install you don’t have to exclude anything more.

          You just have to make sure to include the sync data if that is desired.

  2. Good work. Do you know where Teams credentials are saved? Even after I roam %appdata%\microsoft\Teams, if I logoff (clear the local profile) and login again, Teams prompt for password as if it’s running for the first time…

    The end goal is to have the users logged in to Teams only once, then if they close it and logoff, login again to a different machine/server, personlization should bring everything needed back so when they run Teams it goes straight to chats without prompting again for the password…

  3. When installing the the 64 bit version of Team Machine installer on a Windows 2019 server Citrix server, it installs in C:\Program Files (x86) instead of C:\%PROGRAMFILES%\Microsoft\Teams. Why is that?

    MSI (c) (84:44) [22:51:54:843]: PROPERTY CHANGE: Adding APPLICATIONROOTDIRECTORY property. Its value is ‘C:\Program Files (x86)\Teams Installer\’.

          1. Thank you.

            Can it be Office 365 ProPlus 32 version (with Teams and OneDrive excluded in the xml) which needs also a Teams 32 bit Machine Installer version?

          2. Thank you.

            So “In this case, part of the data is stored in the folder C:\%PROGRAMFILES%\Microsoft\Teams.” is not correct and must be %programfiles(x86)% 🙂

  4. In the wording, you mention “OneDrive for Business” but the install is just “OneDrive”… are they now the same?

    1. You install OneDrive (Machine Based) and it then becomes a OneDrive for Business through the deposited account.
      Left OneDrive for Business and right OneDrive Personal.

  5. Seeing the same here. 64-bit MSI installing into C:\Program Files (x86)\Teams Installer folder, but RUN key expecting to find it in %ProgramFiles%\Teams Installer\Teams.exe.

    I logged a ticket (19331537) on Friday, but nothing back and it’s now COB Monday.

    1. Hi Glenn,

      this is a normal behaviour for the machine-based installer.

      ALLUSER=1
      This installs Teams to the Program Files (x86) folder on a 64-bit operating system and to the Program Files folder on a 32-bit operating system.
      At this point, the golden image setup is complete. Installing Teams per-machine is required for non-persistent setups.

      1. If I run msiexec /i Teams_windows_x64.msi ALLUSERS=1 ALLUSER=1, I get:

        Teams.exe
        Installation has failed
        Cannot install for all users when a VDI environment is not detected.
        [Close]

        1. Hi Glenn,
          If no VDA is installed and you want to install Teams Machine Wide, provide a new key named PortICA under the following registry path before installing Teams with the machine based parameter ALLUSER = 1.

          HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\PortICA

      1. We currently only use local profiles with UEV. We got rid of roaming profiles and really don’t use any profile management tools.

  6. On the excluded folders you list: –
    Roaming/Microsoft Teams/GPUCache

    Should this not be: –
    Roaming/Microsoft/Teams/GPUCache

    This is the location for my install anyway.

  7. On Teams you note minimum version of 1.3.00.4461 – can today’s version be used?

    Is this a good link? >> http://aka.ms/teams64bitmsi — If I use this link, I get version 1.3.0.13565.

    If I try to replace your link above with the version number it does not work…

    Bad link > https://statics.teams.cdn.office.net/production-windows-x64/1.3.0.13565/Teams_windows_x64.msi

    But this link > http://aka.ms/teams64bitmsi gives me version 1.3.0.13565 for download on 06.02.2020.

    Thanks!

    1. At the moment it is still the version 1.3.00.4461 recommended by Microsoft for Citrix environments. I’m testing the latest one for bugs and let you know what my opinion is.

Leave a Reply

Your email address will not be published. Required fields are marked *

*