Forum Discussion
Solved
Office 365 deployment teams issue
I have Microsoft 365 deployment in Intune setup (under windows/apps) and it is deploying everything fine but teams. Teams only gets installed and accessible by admin users (azure AD admins with local...
- One... if you are a regular user, you normally don't have write access to those folders (program files and windows) above... all other folders except those mentioned above are restricted from executable execution
So when a exe is placed inside the %appdata% you cant execute it...
As moe already mentioned... the teams setup itself will be executed under each user when they first login by launching the teams installer from the program files... that setup would trigger the user based installation
So for example when using applocker..... that setup would be blocked...
So my first question would be... do you notice the first setup file being located in the program files folder C:\Program Files (x86)\Teams Installer ?
https://call4cloud.nl/2021/04/exodus-teams-and-applocker/
So for example when using applocker..... that setup would be blocked...
So my first question would be... do you notice the first setup file being located in the program files folder C:\Program Files (x86)\Teams Installer ?
https://call4cloud.nl/2021/04/exodus-teams-and-applocker/
Rudy_Ooms_MVP would this setting in app locker not allow the standard users install? Or is the installer a MSI? Thank you for you feedback!
<RuleCollection Type="Exe" EnforcementMode="Enabled"> <FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"> <Conditions> <FilePathCondition Path="*" /> </Conditions> </FilePathRule> <FilePathRule Id="16473f44-7331-43fc-b337-8933ceb90370" Name="All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"> <Conditions> <FilePathCondition Path="%PROGRAMFILES%\*" /> </Conditions> </FilePathRule> <FilePathRule Id="671367db-4cfb-4ee0-aa14-4397ca9b36d2" Name="All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"> <Conditions> <FilePathCondition Path="%WINDIR%\*" /> </Conditions>- One... if you are a regular user, you normally don't have write access to those folders (program files and windows) above... all other folders except those mentioned above are restricted from executable execution
So when a exe is placed inside the %appdata% you cant execute it...- Thank you that makes sense. After your comment on app locker i started digging and found this
https://docs.microsoft.com/en-us/microsoftteams/applocker-in-teams
Adding these publisher exceptions fixed the issue. Thank you for the direction. I had no idea before researching teams installed different then other office apps and couldn't figure out why it wasn't working. For anyone else having this issue great resource here
https://call4cloud.nl/2021/04/exodus-teams-and-applocker/
