Forum Discussion
Office 365 deployment teams issue
I have Microsoft 365 deployment in Intune setup (under windows/apps) and it is deploying everything fine but teams. Teams only gets installed and accessible by admin users (azure AD admins with local...
- One... if you are a regular user, you normally don't have write access to those folders (program files and windows) above... all other folders except those mentioned above are restricted from executable execution
So when a exe is placed inside the %appdata% you cant execute it...
Rudy_Ooms_MVP would this setting in app locker not allow the standard users install? Or is the installer a MSI? Thank you for you feedback!
<RuleCollection Type="Exe" EnforcementMode="Enabled">
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="16473f44-7331-43fc-b337-8933ceb90370" Name="All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%PROGRAMFILES%\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="671367db-4cfb-4ee0-aa14-4397ca9b36d2" Name="All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%WINDIR%\*" />
</Conditions>
One... if you are a regular user, you normally don't have write access to those folders (program files and windows) above... all other folders except those mentioned above are restricted from executable execution
So when a exe is placed inside the %appdata% you cant execute it...
So when a exe is placed inside the %appdata% you cant execute it...
- Thank you that makes sense. After your comment on app locker i started digging and found this
https://docs.microsoft.com/en-us/microsoftteams/applocker-in-teams
Adding these publisher exceptions fixed the issue. Thank you for the direction. I had no idea before researching teams installed different then other office apps and couldn't figure out why it wasn't working. For anyone else having this issue great resource here
https://call4cloud.nl/2021/04/exodus-teams-and-applocker/
