Installing Microsoft Teams is easy. Getting Teams to silently install, auto login, and customized for your environment is a bit more work.
By using Group Policy or SCCM, you can have Teams auto starting, running in the background, and visible in the notification areas for all users. Let’s start with deployment.
Deploying Microsoft Teams Silently
Download the x64 machine-wide installers from here: https://teams.microsoft.com/downloads/desktopurl?env=production&plat=windows&arch=x64&managedInstaller=true&download=true
Using Group Policy Software Installation or SCCM, deploy the MSI. The only MSI parameter that I use is ALLUSERS=1 . This installer is a little weird. It will copy a couple of files into ProgramFiles(x86)\Teams Installer.
Out of the box, Teams will try to auto start for every user that logs in to a computer by running the \Teams Installer\Teams.exe file. There are a few ways to stop this.
You can use the installation parameter OPTIONS=”noAutoStart=true” . If you did this, your installation command might look like: msiexec /i Teams_windows_x64.msi OPTIONS=”noAutoStart=true” ALLUSERS=1 .
You can also use Group Policy. The Group Policy method provides an easy on/off switch in case you change your mind about autostarting in the future. Download and import the latest Office365 ADMX files into your Group Policy Central Store. And then enable the Prevent Microsoft Teams from starting automatically after installation under Administrative Templates\Microsoft Teams.
I went with a slightly modified Group Policy method because I do not let programs start automatically from the default Run list. Instead, I use a Group Policy Registry Preference Item. This item adds a run once key that starts the Teams Installer executable on logon.
Setting Teams to Auto Login and Open in the Background
Most user settings for Teams, including the Open Application in Background setting are stored in %APPDATA%\Microsoft\Teams\desktop-config.json.
Open your desktop-config.json file[note]I use Visual Studio Code, but any basic text editor will work[/note] and find the appPreferenceSettings section. Set openAsHidden, openAtLogin, registerAsIMProvider [note]This will set Teams as the default IM app for office and let users see presence information (like online, away, busy, etc.) in Outlook[/note], and runningOnClose as true.
Here is a snippet from my JSON showing those settings:
"appPreferenceSettings":{"disableGpu":false,"openAsHidden":true,"openAtLogin":true,"registerAsIMProvider":true,"runningOnClose":true}
Copy your edited JSON to a network location and deploy it to your user’s roaming appdata. I use Group Policy File Preferences to do this and I have the preference action set to Update.
While you are working in Group Policy Preferences, create an item to delete the Microsoft Teams shortcut that is created on the desktop. Without this, a new Microsoft Teams shortcut is created on every computer that you login on.
If you prevent programs from starting automatically on logon, add %APPDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Microsoft Teams.lnk to your Run these programs at user logon allow list.
Stop Teams Firewall Prompt and Add Notification Icon
There are two final customizations to make. First, let’s get rid of the firewall prompt that can appear when someone starts a Teams call or screen share.[note]Teams will still work if the user cancels the Firewall prompt but I still do not want them to worry about this prompt.[/note]
Copy the below PowerShell script and make it run as a logon/logon PowerShell script in Group Policy. Most of my staff will not jump into Teams on the first logon so I set it as a logoff script as it isn’t a big deal if it runs multiple times.
new-netfirewallRule -name ${UserName}-Teams.exe-tcp -Displayname ${UserName}-Teams.exe-tcp -enabled:true -Profile Any -Direction Inbound -Action Allow -program ${LocalAppData}\microsoft\teams\current\teams.exe -protocol TCP
new-netfirewallRule -name ${UserName}-Teams.exe-udp -Displayname ${UserName}-Teams.exe-udp -enabled:true -Profile Any -Direction Inbound -Action Allow -program ${LocalAppData}\microsoft\teams\current\teams.exe -protocol UDP
Because you set Teams to automatically start and run in the background, you may want it to always appear in the Notification Area (clock location in the bottom right). This gives users an easy way to see notifications and open Teams. To do so, use this PowerShell script:
<#
Set the $ProgramName to the program that needs to stay visible. Tea is the correct program name for Microsoft Teams
Source: https://4sysops.com/archives/forcing-notification-area-icons-to-always-show-in-windows-7-or-windows-8/
#>
$ProgramName = "Tea"
$Setting = 2
$encText = New-Object System.Text.UTF8Encoding
[byte[]] $bytRegKey = @()
$strRegKey = ""
$bytRegKey = $(Get-ItemProperty $(Get-Item 'HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify').PSPath).IconStreams
for($x=0; $x -le $bytRegKey.Count; $x++)
{
$tempString = [Convert]::ToString($bytRegKey[$x], 16)
switch($tempString.Length)
{
0 {$strRegKey += "00"}
1 {$strRegKey += "0" + $tempString}
2 {$strRegKey += $tempString}
}
}
[byte[]] $bytTempAppPath = @()
$bytTempAppPath = $encText.GetBytes($ProgramName)
[byte[]] $bytAppPath = @()
$strAppPath = ""
Function Rot13($byteToRot)
{
if($byteToRot -gt 64 -and $byteToRot -lt 91)
{
$bytRot = $($($byteToRot - 64 + 13) % 26 + 64)
return $bytRot
}
elseif($byteToRot -gt 96 -and $byteToRot -lt 123)
{
$bytRot = $($($byteToRot - 96 + 13) % 26 + 96)
return $bytRot
}
else
{
return $byteToRot
}
}
for($x = 0; $x -lt $bytTempAppPath.Count * 2; $x++)
{
If($x % 2 -eq 0)
{
$curbyte = $bytTempAppPath[$([Int]($x / 2))]
$bytAppPath += Rot13($curbyte)
}
Else
{
$bytAppPath += 0
}
}
for($x=0; $x -lt $bytAppPath.Count; $x++)
{
$tempString = [Convert]::ToString($bytAppPath[$x], 16)
switch($tempString.Length)
{
0 {$strAppPath += "00"}
1 {$strAppPath += "0" + $tempString}
2 {$strAppPath += $tempString}
}
}
if(-not $strRegKey.Contains($strAppPath))
{
Write-Host Program not found. Programs are case sensitive.
break
}
[byte[]] $header = @()
$items = @{}
for($x=0; $x -lt 20; $x++)
{
$header += $bytRegKey[$x]
}
for($x=0; $x -lt $(($bytRegKey.Count-20)/1640); $x++)
{
[byte[]] $item=@()
$startingByte = 20 + ($x*1640)
$item += $bytRegKey[$($startingByte)..$($startingByte+1639)]
$items.Add($startingByte.ToString(), $item)
}
foreach($key in $items.Keys)
{
$item = $items[$key]
$strItem = ""
$tempString = ""
for($x=0; $x -le $item.Count; $x++)
{
$tempString = [Convert]::ToString($item[$x], 16)
switch($tempString.Length)
{
0 {$strItem += "00"}
1 {$strItem += "0" + $tempString}
2 {$strItem += $tempString}
}
}
if($strItem.Contains($strAppPath))
{
Write-Host Item Found with $ProgramName in item starting with byte $key
$bytRegKey[$([Convert]::ToInt32($key)+528)] = $setting
Set-ItemProperty $($(Get-Item 'HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify').PSPath) -name IconStreams -value $bytRegKey
ps explorer | kill
}
}
The script, above, will refresh the Explorer process which makes the screen “flicker” once. I set the script to run through a Scheduled Task that waits for Idle. This allows me to deploy it through Group Policy Preferences and ensure it does not run when someone is using their computer.
That is a lot of work for a single app! Hopefully, this guide made it a bit easier for you. Depending on the route you took, you should now have a Teams setup that is automatically installs, auto starts, runs in the background, and is generally unobtrusive for your users.
the larger code block shows left bracket as a unicode decimal: ampersand hashtag nine one. Also the ‘greater than’ sign is replaced with the unicode decimal code.
I was told by MS Support that a script to modify or centrally set the desktop-config.json file was unsupported and strongly recommended against, as it controls all the user preferences, and forceably setting that with a pre-made file essentially makes it so users can’t customize Teams.
That is true – it does control most of the settings for Teams. You can get around this by setting the Group Policy File Preference’s option to Run Once and Do Not Reapply. Also, change the action from update to replace.
This will cause it to replace the default file that is created but to not change anything after that.
Thanks!!!
No problem at all! Thanks for commenting!