Home

Client installs in Appdata\Local!?!

%3CLINGO-SUB%20id%3D%22lingo-sub-31804%22%20slang%3D%22en-US%22%3EClient%20installs%20in%20Appdata%5CLocal!%3F!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-31804%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20installed%20the%20Teams%20client%20on%20my%20computer%20(as%20a%20local%20admin)%20and%20the%20client%20installs%20in%20the%20%3CEM%3E'Appdata%2Flocal'%3C%2FEM%3E%20part%20of%20my%20profile%3F%20is%20this%20correct%3F%20It%20doesn't%20install%20into%20into%20Program%20Files%20or%20someone%20else%20in%20the%20OS%3F%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EGary%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-31804%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-323442%22%20slang%3D%22en-US%22%3ERe%3A%20Client%20installs%20in%20Appdata%5CLocal!%3F!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-323442%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20mate%20know%20this%20is%20an%20old%20thread%20but%20I'm%20using%20Applocker%20myself%20and%20it%20is%20blocking%20the%20team%20setup%20for%20new%20users%20when%20they%20log%20in%2C%20as%20a%20workaround%20I%20have%20to%20copy%20the%20Teams%20folder%20in%20AppData%26nbsp%3Bmanually.%20I'm%20trying%20to%20figure%20out%20what%20permissions%20it%20needs%20to%20do%20this%20automatically.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20wondering%20if%20you%20came%20across%20a%20fix%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-111936%22%20slang%3D%22en-US%22%3ERe%3A%20Client%20installs%20in%20Appdata%5CLocal!%3F!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-111936%22%20slang%3D%22en-US%22%3E%3CP%3EI%20totally%20agree%20with%20you%20here.%20In%20a%20controlled%20enterprise%20environment%2C%20one%20of%20the%20strongest%20safety%20controls%20for%20avoiding%20malware%20is%20whitelisting%20executables%20that%20are%20allowed%20to%20run.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20such%2C%20allowing%20local%20user%20software%20%3CSTRONG%3Eupdates%3C%2FSTRONG%3E%20is%20totally%20against%20useful%20policy%20and%20%3CSTRONG%3Ewill%20fail.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20addition%2C%20this%20%3CSTRONG%3Eadds%20significant%20complexity%20and%20size%20to%20user%20data%20backups%3C%2FSTRONG%3E%20as%20we%20wouldn't%20be%20expecting%20executables%20to%20exist%20in%20this%20%22data%22%20area%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20need%20to%20tell%20us%20how%20we%20will%20manage%20their%20%22new%22%20EU%20tools%20such%20as%20Teams%20and%20Yammer%20desktop%20apps%20using%20enterprise%20deployment%20and%20management%20tools.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20really%20don't%20need%20a%20different%20and%20poorly%20managed%20new%20installation%20type%2C%20the%20ones%20we%20have%20are%20bad%20enough%20and%20this%20just%20makes%20things%20worse%20not%20better.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-111555%22%20slang%3D%22en-US%22%3ERe%3A%20Client%20installs%20in%20Appdata%5CLocal!%3F!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-111555%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20is%20correct.%20The%20installer%20of%20the%20client%20uses%20Squirrel%20as%20the%20installation%20framework%20which%20by%20default%20installs%20to%20AppData%5CLocal.%20It's%20the%20root%20concept%20of%20Squirrel%20to%20allow%20regular%20users%20to%20install%20applications%20and%20automatically%20keep%20them%20up%20to%20date.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20like%20this%20concept%20at%20all%20and%20would%20prefer%20the%20app%20to%20install%20to%20Program%20Files%20and%20require%20admin%20privileges%20to%20install%20and%20update.%20In%20my%20opinion%20AppData%20is%20meant%20to%20store%20data%20and%20no%20executables.%20I%20usually%20use%20software%20restriction%20policies%20to%20block%20all%20executable%20in%20user%20writable%20folders.%20Most%20modern%20malicious%20software%20especially%20ransomware%20does%20not%20need%20administrator%20privileges%20to%20harm%20your%20data%20and%20as%20the%20malicious%20application%20is%20just%20written%20to%20a%20user%20writeable%20folder%20they%20should%20not%20be%20executable%20from%20this%20folder.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Gary Naseby
New Contributor

I've installed the Teams client on my computer (as a local admin) and the client installs in the 'Appdata/local' part of my profile? is this correct? It doesn't install into into Program Files or someone else in the OS?

Thanks,

Gary

3 Replies

That is correct. The installer of the client uses Squirrel as the installation framework which by default installs to AppData\Local. It's the root concept of Squirrel to allow regular users to install applications and automatically keep them up to date.

 

I don't like this concept at all and would prefer the app to install to Program Files and require admin privileges to install and update. In my opinion AppData is meant to store data and no executables. I usually use software restriction policies to block all executable in user writable folders. Most modern malicious software especially ransomware does not need administrator privileges to harm your data and as the malicious application is just written to a user writeable folder they should not be executable from this folder.

Highlighted

I totally agree with you here. In a controlled enterprise environment, one of the strongest safety controls for avoiding malware is whitelisting executables that are allowed to run.

 

As such, allowing local user software updates is totally against useful policy and will fail.

 

In addition, this adds significant complexity and size to user data backups as we wouldn't be expecting executables to exist in this "data" area

 

Microsoft need to tell us how we will manage their "new" EU tools such as Teams and Yammer desktop apps using enterprise deployment and management tools.

 

We really don't need a different and poorly managed new installation type, the ones we have are bad enough and this just makes things worse not better.

Hey mate know this is an old thread but I'm using Applocker myself and it is blocking the team setup for new users when they log in, as a workaround I have to copy the Teams folder in AppData manually. I'm trying to figure out what permissions it needs to do this automatically. 

 

Just wondering if you came across a fix?

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies