We have been using the per-machine installer version of Teams and DEM to capture the settings. However we have never successfully been able to capture the user logins so the user has to log in each time they open a new non-persistent session.
For Teams we use Duo MFA push to log in.
If we capture the whole profile the settings persist so somewhere we are missing a setting to capture in DEM.
Any suggestions would be welcome here as I am at my wits end with this program.
Current DEM settings are as follows ( we do not use DirectFlex):
[IncludeFolderTrees]
<LocalAppData>\Microsoft\IdentityCache
<LocalAppData>\Microsoft\Teams
<LocalAppData>\Microsoft\TeamsMeetingAddin
<LocalAppData>\Microsoft\TeamsPresenceAddin
<LocalAppData>\SquirrelTemp
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
<AppData>\Microsoft\Teams
<AppData>\Microsoft Teams
<AppData>\Teams
[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\Teams
[ExcludeFolderTrees]
<AppData>\Teams\logs
<AppData>\Microsoft Teams\logs
<AppData>\Microsoft\Teams\media-stack
<AppData>\Microsoft\Teams\Service Worker
<AppData>\Microsoft\Teams\Application Cache
<AppData>\Microsoft\Teams\Cache
<AppData>\Microsoft\Teams\tmp
<AppData>\Microsoft\Teams\meeting-addin\Cache
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp
[ExcludeFiles]
<AppData>\Microsoft\Teams\*.txt
<AppData>\Microsoft\Teams\lockfile
<LocalAppData>\SquirrelTemp\SquirrelSetup.log
HI @GTO455 ,
Well, that is what I found as well; Teams profile in DEM doesn't work that great. However, I do not have a large profile, it just consistently asks me to enter my password when I grab a new desktop. FSLogix worked beautifully however my FSLogix files are 30+ GB for each person. How large are yours? Is there a way to shrink that and minimize the amount of "stuff" being saved?
Sorry i should of included more detail, I hadn't had much time to follow up.
The configuration i posted was the contents of the actual Teams.ini File in the DEM configuration share.
That is different than what you put in the import/ export script. The ini file includes details from all the configuration tabs in the manager.
Do you have the directflex enable or or are you processing the requests on logon?
We would probably need more info on your DEM manager settings and the GPO's your are using. It's also possible you have conflicting Applications.
Are you using shared computer activation for 0365?
My profile for about 2k users typically sit around 10mb-30mb as the largest for teams profile. Which is still kinda larger than i would like but i assume it could get a little glitchy cleaning up any more of the profile.
Hi @RachelW ,
We use O365 Containers in our FSLogix profile, and our mail files can get pretty large, so sizes can range anywhere from 30 MB to 15 GB per user.
I am by no means a Teams "expert" so I'm not sure how one would shrink stuff.
You could see what is taking up space by creating a couple of FSLogix profiles and then mounting the file in Windows. Its a VHD file that can be mounted in disk manager on a Windows system.
HI @GTO455 ,
So do you have a Profile and Office VHD file for each user? I found that in order to NOT be prompted for my Teams password I had to have both.
Nope, just one VHD for O365 Containers. The rest of the users profile is saved in DEM.
I do not currently have directflex enabled for Teams. Should I?
I setup my Teams.ini file like you outlined above and so far Teams is logging in automatically. Hopefully it will stay that way.
I wouldn't personally, it depends on the application. If it integrates with the OS or starts at login then you usually don't.
that's good to hear that its working!
I only use DEM for everything. we use OST files on a high speed File Share. It's not recommended but we have users with 50gb plus OST files and nearly impossible to manage otherwise. That only caching 1 month of email!
Hello @Automatt1c ,
So Teams WAS auto-logging in when I logged into a new virtual/Horizon desktop. About 2 weeks it started prompting me again to enter my password and nothing changed (that I know of). UGH....
You are not the only one. I started having a bunch of issues around March as well. I had to add these registry keys to Disable WAM and have it fall back to ADAL. Since our external domain is different from internal. We cannot do SSO.
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableADALatopWAMOverride"=dword:00000001
"DisableADALatopWAM"=dword:00000001
"DisableAADWAM"=dword:00000001
THe only benefit i see to using WAM is if you have all the SSO options properly configured and enabled. otherwise you will just run into more issues.
Did you ever get this to work? I'm blown away how hard it is to get a VDI solution for teams where user settings are retained, it auto-logs in, and doesn't cache much else to keep them small in size. this thread looks like it required a tech cert to understand. DEM, UEM, Flex, DirectFlex, XML, GPOs, etc.
Technology was supposed to make life easier. Back in the day you just needed a registry key to tell something to auto-logon and what folders & files to save or cache.
I haven't read the whole thread but there are some things to consider when running teams in a non-persistant environment.
1. Pre-Installation step for Teams. Set a special Reg-Key that Teams knows to get installed in VDI:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams]
"IsWVDEnvironment"=dword:00000001
2. Install Teams (folders are just an example but the options are important):
msiexec /i C:\Users\Administrator\Desktop\Teams_windows_x64.msi /l*v C:\Users\Administrator\Desktop\Teamslog.txt OPTIONS="noAutoStart=true" ALLUSER=1 ALLUSERS=1
3. Delete Cache Folder %appdata%\Microsoft\Teams after Installation with PowerShell:
Get-ChildItem "C:\Users\*\AppData\Roaming\Microsoft\Teams\*" -Directory|Where name -in ('application cache','blob_storage','databases','GPUcache','IndexedDB','Local Storage','tmp') | ForEach{Remove-Item $_.FullName -Recurse -Force -WhatIf}
Get-ChildItem -Path "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Teams" -Directory|Where{$_ -in ('application cache','blob_storage','databases','GPUcache','IndexedDB','Local Storage','tmp','Cache','')}|ForEach{Remove-Item $_.FullName -Recurse -Force}
And last but not least my DEM-Config. With this Config I get a small Teams Archive without the need to re-login every time.
[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\Teams
[IncludeFolderTrees]
<LocalAppData>\Microsoft\IdentityCache
<LocalAppData>\Microsoft\Teams
<LocalAppData>\Microsoft\TeamsMeetingAddin
<LocalAppData>\Microsoft\TeamsPresenceAddin
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
<LocalAppData>\SquirrelTemp
<AppData>\Microsoft\Teams
[ExcludeFolderTrees]
<AppData>\Teams\logs
<AppData>\Microsoft Teams\logs
<AppData>\Microsoft\Teams\media-stack
<AppData>\Microsoft\Teams\Service Worker
<AppData>\Microsoft\Teams\Application Cache
<AppData>\Microsoft\Teams\Cache
<AppData>\Microsoft\Teams\tmp
<AppData>\Microsoft\Teams\meeting-addin\Cache
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp
[ExcludeFiles]
<AppData>\Microsoft\Teams\lockfile
<AppData>\Microsoft\Teams\storage.json
<AppData>\Microsoft\Teams\*.txt
I hope that helps!?
Ahhhh Teams... Good times... The language it is written in is Electron, and it is garbage. Supposedly it is being rewritten. We will see.
Yes, we got it to work, but with every new version released, it's always fun to see what works, and what used to work is now broken.
We use FSLogix instead of writables so there is no need to create profile for it in UEM, (and if you do, it will create huge profiles that aren't necessary).
Here are the notes I have for my installation on my master image. We have a different tenancy than most, so take the following with a grain of salt.
Download the latest .msi installer from Microsoft. https://docs.microsoft.com/en-us/microsoftteams/msi-deployment
Install it using the following switches: msiexec /i <path-to-teams-msi> OPTIONS="noAutoStart=True" ALLUSER=1 ALLUSERS=1
This is for a non-persistent (instant clone) setup, the Teams desktop app must be installed "per-machine" on the golden image.
Note 1:
When installing on Windows 10 using ALLUSER=1 property, MSI will return error:
Installation has failed. “Cannot install for all users when a VDI environment is not detected.”
To resolve this, the Teams installer needs ”HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA” registry key to be created on a target and then the install will complete successfully. Remove it after installation or Teams will not be optimized for VMware Horizon
Note 2:
Add the following keys to block the reoccurring MDM enrollment.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\autoWorkplaceJoin=dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\BlockAADWorkplaceJoin=dword:00000001
Note 3:
When troubleshooting Teams, close Teams and delete everything under "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Teams" and have the user restart Teams
Note 4:
If Teams fails to start, verify this key is not in the master image. If it is, remove it. This was a suggested setting from Microsoft, but it does not work and causes connection failures.
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Teams]
"CloudType"=dword:3
Note 5:
Disable HWA in Teams
User settings for Teams are saved in a JSON file desktop-config.json:
%APPDATA%\Microsoft\Teams\desktop-config.json
Search for DisableGPU in the file, and change the setting from “disableGpu”:false to “disableGpu”:true.
Thanks for the reply. Some follow-up:
Sounds like DEM just shouldn't be used? The comment above seems to have a solution. If I can just use DEM and avoid yet another tool to manage like FSLogix that'd be preferred, but don't want huge directories for Teams.
@GTO455 wrote:Ahhhh Teams... Good times... The language it is written in is Electron, and it is garbage. Supposedly it is being rewritten. We will see.
Yes, we got it to work, but with every new version released, it's always fun to see what works, and what used to work is now broken.
We use FSLogix instead of writables so there is no need to create profile for it in UEM, (and if you do, it will create huge profiles that aren't necessary).
Here are the notes I have for my installation on my master image. We have a different tenancy than most, so take the following with a grain of salt.
Download the latest .msi installer from Microsoft. https://docs.microsoft.com/en-us/microsoftteams/msi-deployment
Install it using the following switches: msiexec /i <path-to-teams-msi> OPTIONS="noAutoStart=True" ALLUSER=1 ALLUSERS=1
This is for a non-persistent (instant clone) setup, the Teams desktop app must be installed "per-machine" on the golden image.
Note 1:When installing on Windows 10 using ALLUSER=1 property, MSI will return error:
Installation has failed. “Cannot install for all users when a VDI environment is not detected.”To resolve this, the Teams installer needs ”HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA” registry key to be created on a target and then the install will complete successfully. Remove it after installation or Teams will not be optimized for VMware Horizon
Note 2:Add the following keys to block the reoccurring MDM enrollment.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\autoWorkplaceJoin=dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\BlockAADWorkplaceJoin=dword:00000001
Note 3:When troubleshooting Teams, close Teams and delete everything under "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Teams" and have the user restart Teams
Note 4:
If Teams fails to start, verify this key is not in the master image. If it is, remove it. This was a suggested setting from Microsoft, but it does not work and causes connection failures.
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Teams]
"CloudType"=dword:3
Note 5:Disable HWA in Teams
User settings for Teams are saved in a JSON file desktop-config.json:
%APPDATA%\Microsoft\Teams\desktop-config.jsonSearch for DisableGPU in the file, and change the setting from “disableGpu”:false to “disableGpu”:true.
Thanks as well.
@TomH201110141 wrote:I haven't read the whole thread but there are some things to consider when running teams in a non-persistant environment.
1. Pre-Installation step for Teams. Set a special Reg-Key that Teams knows to get installed in VDI:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams]
"IsWVDEnvironment"=dword:00000001
2. Install Teams (folders are just an example but the options are important):
msiexec /i C:\Users\Administrator\Desktop\Teams_windows_x64.msi /l*v C:\Users\Administrator\Desktop\Teamslog.txt OPTIONS="noAutoStart=true" ALLUSER=1 ALLUSERS=1
3. Delete Cache Folder %appdata%\Microsoft\Teams after Installation with PowerShell:
Get-ChildItem "C:\Users\*\AppData\Roaming\Microsoft\Teams\*" -Directory|Where name -in ('application cache','blob_storage','databases','GPUcache','IndexedDB','Local Storage','tmp') | ForEach{Remove-Item $_.FullName -Recurse -Force -WhatIf}
Get-ChildItem -Path "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Teams" -Directory|Where{$_ -in ('application cache','blob_storage','databases','GPUcache','IndexedDB','Local Storage','tmp','Cache','')}|ForEach{Remove-Item $_.FullName -Recurse -Force}
And last but not least my DEM-Config. With this Config I get a small Teams Archive without the need to re-login every time.
[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\Teams[IncludeFolderTrees]
<LocalAppData>\Microsoft\IdentityCache
<LocalAppData>\Microsoft\Teams
<LocalAppData>\Microsoft\TeamsMeetingAddin
<LocalAppData>\Microsoft\TeamsPresenceAddin
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
<LocalAppData>\SquirrelTemp
<AppData>\Microsoft\Teams
[ExcludeFolderTrees]
<AppData>\Teams\logs
<AppData>\Microsoft Teams\logs
<AppData>\Microsoft\Teams\media-stack
<AppData>\Microsoft\Teams\Service Worker
<AppData>\Microsoft\Teams\Application Cache
<AppData>\Microsoft\Teams\Cache
<AppData>\Microsoft\Teams\tmp
<AppData>\Microsoft\Teams\meeting-addin\Cache
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp[ExcludeFiles]
<AppData>\Microsoft\Teams\lockfile
<AppData>\Microsoft\Teams\storage.json
<AppData>\Microsoft\Teams\*.txt
I hope that helps!?
Yes, we are just using DEM and it works very good.
You can optimize Teams to bypass the load from the VDI machine to the client machine. Since Horizon 8.3 (2106) it works also with Linux and Mac. Look here: https://techzone.vmware.com/resource/microsoft-teams-optimization-vmware-horizon
But look at the limitations for optimizations: https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#known-issues-and-limitations
Note 5:Disable HWA in Teams
User settings for Teams are saved in a JSON file desktop-config.json:
%APPDATA%\Microsoft\Teams\desktop-config.jsonSearch for DisableGPU in the file, and change the setting from “disableGpu”:false to “disableGpu”:true.
You do not necessarily have to deactivate it if you are using a GPU. You should test this.
Note 2:Add the following keys to block the reoccurring MDM enrollment.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\autoWorkplaceJoin=dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\BlockAADWorkplaceJoin=dword:00000001
It can fix login-issues. I always add this keys but not only for MS Teams, for the complete Office 365 stuff.
Thank you. I wonder if disabling GPU HWA can be done via gpo or DEM instead of editing inside everyone's json file.
@TomH201110141 wrote:Yes, we are just using DEM and it works very good.
You can optimize Teams to bypass the load from the VDI machine to the client machine. Since Horizon 8.3 (2106) it works also with Linux and Mac. Look here: https://techzone.vmware.com/resource/microsoft-teams-optimization-vmware-horizon
But look at the limitations for optimizations: https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#known-issues-and-limitations
Note 5:Disable HWA in Teams
User settings for Teams are saved in a JSON file desktop-config.json:
%APPDATA%\Microsoft\Teams\desktop-config.jsonSearch for DisableGPU in the file, and change the setting from “disableGpu”:false to “disableGpu”:true.
You do not necessarily have to deactivate it if you are using a GPU. You should test this.
Note 2:Add the following keys to block the reoccurring MDM enrollment.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\autoWorkplaceJoin=dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin\BlockAADWorkplaceJoin=dword:00000001
It can fix login-issues. I always add this keys but not only for MS Teams, for the complete Office 365 stuff.
- the noAutoStart=true switch, does that get blown away after clearing out users' Teams settings? We don't want Teams running the first time a user logs in unless they start Teams intentionally.
To disable the autostart I delete on the master the following key:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"Teams"=-
AND I use a ADMX based setting in DEM (User Environment):
I'll give your DEM settings a try (conditions = my account only first), but I'm surprised at this one being excluded: <AppData>\Microsoft\Teams\Cache. I've seen other posts say there are critical files in there for the auto-login feature. Any thoughts on it? that folder also is the largest of all of them so I'd love it if we don't need it.
I don't need that folder. I works for us and we don't have login issues.
Do you have DirectFlex checked for your Teams config in DEM? Mine is checked and Export Moment set to use global settings. Then executables are:
C:\Program Files (x86)\Microsoft\Teams\update.exe
C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe
@Hoodsie2018 wrote:Do you have DirectFlex checked for your Teams config in DEM? Mine is checked and Export Moment set to use global settings. Then executables are:
C:\Program Files (x86)\Microsoft\Teams\update.exe
C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe
Yes, DirectFlex is enabled with global settings.