Today I'll show you how to immediately deploy Microsoft Teams to all of your domain users.
This method will require users to either log out or lock their computer, then log back in for the installation to start in the background.
For this, we will not use the Teams Machine Wide installer. The Teams Machine Wide installer only automatically installs Teams on new user profiles. This means that users who have already logged into their computer once before will not receive teams.
We want to deploy Teams immediately to our users, and to do this, we will use the regular executable a user would download via Microsoft's website.
Here is the installation process we are going for:
- A user logs into a domain computer
- A logon batch script detects if teams is already installed
- If teams is not installed, execute the installer silently
- Once the installer finishes, a shortcut is automatically created on their desktop
- Download the Microsoft Teams executable [Link to Download]
- Setup your file share
- Ceate the Logon batch script
- Create the Group Policy
- Testing Logging In
1. Download Microsoft Teams
Download the standard Microsoft Teams executable from Microsoft.
Then, rename it to
teams_windows_x86.exe if using the 32-bit installer).
This is only for simplicity sake, but feel free to name it whatever you like.
2. Setup your file share
Now that we have the Microsoft Teams installer, we need to be able to place it in a file share that all of our domain users have access to.
In this example, we have created a new folder named
Share on our Domain Controller
C:\ drive, and have assigned "Authenticated Users" to have
Read & Execute,
List folder contents and
Then, right click the folder, click "Properties", click the "Sharing" tab, click "Advanced Sharing", check box "Share this folder":
Then, click "Permissions" and assign "Everyone" to have
Read access and click "OK":
3. Ceate the Logon batch script
Create a new
teams_deploy.bat file, and paste in the following contents:
SERVERwith your server name of course.
IF NOT EXIST "%localappdata%\Microsoft\Teams\Update.exe" ( "\\SERVER\Share\teams_windows_x64.exe" -s )
The above script first checks if the
Update.exe executable already exists in the users
directory prior to executing the installer silently for the following reasons:
- If the user already has teams installed on their computer, the
Update.exefile will exist, so we will not attempt the installation again
- If the user has uninstalled teams on their computer via the control panel, the
Update.exefile will remain (until it is manually deleted)
This ensures that we don't keep reinstalling teams for users who have chose to uninstall it.
Now that we have created the
teams_deploy.bat file and have the
file, transfer both files into your
C:\Share folder on your domain controller / file server.
4. Create the Group Policy
To execute our
teams_deploy.bat script, we will create a new User Configuration Group Policy.
Open up the Group Policy Management app on your domain controller, and link a new group policy to an Organizational Unit where your users are contained in.
- On the left hand tree menu, expand User Configuraton
- Expand Policies
- Expand Windows Settings
- Click Scripts (Logon/Logoff)
- In the right pane, double click Logon
- In the Logon Properties window, click Add
- In the
Script Namefield, type
- Click OK and then OK again on the Logon Properties window
Your group policy should look like this:
5. Test Logging In
On a domain joined computer, log in, open a new command prompt (not as administrator), and run:
Then, log out, and log back in. After about 3-4 minutes, you should see the Microsoft Teams desktop icon automatically be created.
- After logging into a computer that has received your new group policy, you can open up the task
manager and see the installation taking place in the background.
- To test this GPO before deploying it to all users, you can simply drop your own domain test user account into it's own organization unit and link the GPO there.
- If your users are connecting remotely to your domain using a VPN like Cisco AnyConnect, this GPO can still be executed if the user locks their computer and then logs back in with the VPN connection still active. The presumes that the user has recieved the new GPO however, which may take a couple hours of them being connected to the VPN prior.