Posted on 04-27-2017 12:28 AM
Hello,
I want deploy "Microsoft Teams" app to our mac clients. But i could not success.. Could someone help to me about this ?
the app can deploy if i request from self service. But otherwise i could not deploy remotely to client mac computers.
I added 3 picture.
3rd picture about = I installed from self service. 62 computers just holding on "pending"... How can i deploy to them ( not using self service )
Thank you.
Solved! Go to Solution.
Posted on 04-27-2017 05:03 AM
Hello Celiker,
you policy configuration is not accurate for push your package. you can create a Computer Smart group where this application is not installed and scope on it. (Specific computer) You must to put a trigger for start application installation. It's can be recurrent check-in. If you want to enforce deployment. Don't forget to add inventory after installation, like this computer will be remove from computer smart group.
Posted on 04-27-2017 12:29 AM
Posted on 04-27-2017 05:03 AM
Hello Celiker,
you policy configuration is not accurate for push your package. you can create a Computer Smart group where this application is not installed and scope on it. (Specific computer) You must to put a trigger for start application installation. It's can be recurrent check-in. If you want to enforce deployment. Don't forget to add inventory after installation, like this computer will be remove from computer smart group.
Posted on 04-27-2017 07:35 AM
Since you're deploying the app to every managed computer that you have, you could probably not bother making the smart computer group -- just set a trigger ("Recurring Check-in" is probably easiest, that way they pull the app when they talk to your JSS) and change your execution frequency to "Once per computer." You could make a smart group and it wouldn't harm anything, I just don't think it'd be necessary.
Posted on 04-28-2017 04:11 AM
Hi m.kindelberger,
I changed as you sad and it worked for me. Thank you.
Posted on 05-01-2017 10:58 AM
We just had a user report that when Microsoft Teams.app is owned by root, only the root user can update it.
We're now testing the following postinstall script:
#!/bin/sh
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
####################################################################################################
# Import logging functions
source /path/to/client-side/functions.sh
####################################################################################################
ScriptLog "Installed."
ScriptLog "Apply odd-ball permissions ..." # Thanks, Randy T.
loggedInUser=$( /usr/bin/stat -f%Su /dev/console )
/usr/sbin/chown -Rv ${loggedInUser}:admin /Applications/Microsoft Teams.app/
ScriptLog "Reveal app ..."
revealMe "/Applications/Microsoft Teams.app"
exit 0 ## Success
exit 1 ## Failure
Posted on 12-20-2017 07:18 AM
Hi Dan, any luck with the post install script.
Posted on 12-20-2017 07:59 AM
@MDM The following seems to be working for us:
The important bits from two of the scripts are below; please let me know if your mileage varies too greatly.
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# Removes user-specific files prior to upgrading Microsoft Teams
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 12-Dec-2017, Dan K. Snelson
#
####################################################################################################
# Variables
loggedInUser=$(stat -f%Su /dev/console)
applicationPath="Microsoft Teams.app"
# Check if the specified application is installed ...
testDirectory="/Applications/${applicationPath}"
if [ -d "${testDirectory}" ] ; then
echo "/Applications/${applicationPath} located; proceeding ..."
echo "Removing ${loggedInUser}-specific files for ${applicationPath} ..."
/bin/rm -Rf /Users/${loggedInUser}/Library/Caches/com.microsoft.teams*
/bin/rm -Rf /Users/${loggedInUser}/Library/Application Support/Microsoft/Teams
/bin/rm -Rf /Users/${loggedInUser}/Library/Application Support/com.microsoft.teams
echo "Removed ${loggedInUser}-specific files for ${applicationPath}."
exit 0
else
echo "/Applications/${applicationPath} NOT found; nothing to do."
exit 0
fi
exit 0
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# Sets permissions on the application passed as Parameters 4 & 5.
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 12-Dec-2017, Dan K. Snelson
#
####################################################################################################
# Variables
loggedInUser=$(stat -f%Su /dev/console)
applicationPath="$5"
# If Parameter 5 is blank, exit ...
if [ -z "${applicationPath}" ]; then
echo "Application Path not specified; exiting."
exit 1
fi
# Check for a specified owner (Parameter 4)
# Defaults to currently logged-in user
if [ "$4" != "" ] && [ "$owner" == "" ]; then
owner="${4}"
else
echo "Parameter 4 is blank; using "${loggedInUser}" as the owner."
owner="${loggedInUser}"
fi
# Check if the specified application is installed ...
testDirectory="/Applications/${applicationPath}"
if [ -d "${testDirectory}" ] ; then
echo "/Applications/${applicationPath} located; proceeding ..."
echo "Setting permissions on /Applications/${applicationPath} ..."
/usr/sbin/chown ${owner} "/Applications/${applicationPath}"
echo "Set owner of "/Applications/${applicationPath}" to ${owner}."
exit 0
else
echo "/Applications/${applicationPath} NOT found; nothing to do."
exit 0
fi
exit 0
Posted on 12-20-2017 09:23 AM
Hey @dan.snelson any chance you'd be willing to share two scripts I see in that image: Close Applications Gracefully and Update Inventory? The second one I'm just more curious than anything as to what you are doing in it.
I am looking at changing the way we do inventory updates due to the load on the servers, and I'm always curious how other folks do things.
Thanks!
Posted on 12-20-2017 12:30 PM
Hi, @stevewood. Hopefully these are worth the wait:
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# Quits apps gracefully as specified in JSS script parameters
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 29-Jun-2015, Dan K. Snelson
# Original
# Version 2.0, 10-Nov-2016, Dan K. Snelson
# Added check for app's existence
#
####################################################################################################
### Variables
appName1="$4" # App Name (i.e., "Microsoft Excel")
appName2="$5" # App Name (i.e., "Microsoft OneNote")
appName3="$6" # App Name (i.e., "Microsoft Outlook")
appName4="$7" # App Name (i.e., "Microsoft PowerPoint")
appName5="$8" # App Name (i.e., "Microsoft Word")
appName6="$9" # App Name (i.e., "Microsoft Lync")
### Gracefully quit apps
echo "### Gracefully Quitting Apps ###"
### Functions
quitAppGracefully() {
echo " " # Blank line for readability
echo "* App to quit: ${1}"
echo "* Verify ${1} is installed ..."
testDirectory="/Applications/${1}.app"
if [ -d "${testDirectory}" ]; then
echo "* ${1} is installed; quit if running ..."
/usr/bin/osascript -e 'quit app "'"${1}"'"'
echo "* Quit ${1}."
else
echo "* ${1} is NOT installed; nothing to quit."
fi
}
### Call the Functions
# App Name 1 to quit
if [ ! -z "${appName1}" ]; then
quitAppGracefully "${appName1}"
fi
# App Name 2 to quit
if [ ! -z "${appName2}" ]; then
quitAppGracefully "${appName2}"
fi
# App Name 3 to quit
if [ ! -z "${appName3}" ]; then
quitAppGracefully "${appName3}"
fi
# App Name 4 to quit
if [ ! -z "${appName4}" ]; then
quitAppGracefully "${appName4}"
fi
# App Name 5 to quit
if [ ! -z "${appName5}" ]; then
quitAppGracefully "${appName5}"
fi
# App Name 6 to quit
if [ ! -z "${appName6}" ]; then
quitAppGracefully "${appName6}"
fi
exit 0 ## Success
exit 1 ## Failure
#!/bin/sh
echo "*** Updating inventory ***"
# Get the logged in users username
loggedInUser=$(/usr/bin/stat -f %Su "/dev/console")
# Identify location of the logged-in user's home directory
user_home_location=$( /usr/bin/dscl . -read /Users/"${loggedInUser}" NFSHomeDirectory 2>/dev/null | /usr/bin/sed 's/^[^/]*//g' )
if [ ${loggedInUser} == "root" ] || [ ${loggedInUser} == "adobeinstall" ] || [ ${loggedInUser} == "_mbsetupuser" ] ; then
echo "${loggedInUser} is currently the logged-in user; starting normal inventory update ..."
/usr/local/jamf/bin/jamf recon
echo "Finished running inventory update"
else
if [ -d "/Applications/Enterprise Connect.app" ] ; then # https://derflounder.wordpress.com/2017/04/12/identifying-which-active-directory-account-is-logged-into-enterprise-connect/
/usr/bin/security find-generic-password -l "Enterprise Connect" "${user_home_location}"/Library/Keychains/login.keychain > /dev/null 2>&1
if [[ $? -eq 0 ]]; then # Enterprise Connect installed AND configured
ec_user=$( /usr/bin/security find-generic-password -l "Enterprise Connect" "${user_home_location}"/Library/Keychains/login.keychain | awk -F "=" '/acct/ {print $2}' | tr -d """ )
echo "Starting inventory update for Enterprise Connect user ${ec_user} ..."
/usr/local/jamf/bin/jamf recon -endUsername ${ec_user}
echo "Finished running inventory update for Enterprise Connect user ${ec_user}."
else # Enterprise Connect installed, but NOT configured
echo "Starting inventory update for user ${loggedInUser} ..."
# Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/jamf/bin/jamf recon -endUsername ${loggedInUser}
echo "Finished running inventory update for ${loggedInUser}."
fi
else
echo "Starting inventory update for user ${loggedInUser} ..."
# Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/jamf/bin/jamf recon -endUsername ${loggedInUser}
echo "Finished running inventory update for ${loggedInUser}."
fi
fi
exit 0
Posted on 01-17-2018 10:27 AM
@dan.snelson Thanks for posting your impressive Teams update flow. Can you confirm that your method still works with the latest release of Teams (which is now a DMG)? 1.00.1253 as of this writing.
Also, has anyone tried a hybrid of Dan's method. Something like removing all the $user caches/containers, and then deploying a custom packaged Microsoft Teams.app with permissions changed?
Posted on 01-17-2018 12:08 PM
@mtward We're using @mm2270's App Packager to create the .PKG we're deploying.
(Our testers have until Monday, 22-Jan-2018, to confirm the test policy works, but it's looking good so far.)
Posted on 06-01-2018 03:08 AM
@dan.snelson
What variable we should set for parameters $4 in script "Application Permission"?
Should it be empty?
When you creating the app do you change the permissions on MS Teams.app?
Currently the standard user is not able to update this application.
Posted on 06-01-2018 09:18 AM
@maziboss Thanks for the questions. Hopefully the following will clarify using this script:
In Settings > Computer Management > Scripts > {Script Name} > Options, set:
PARAMETER 4 to: Owner (defaults to current user)
PARAMETER 5 to: Application (i.e., Microsoft Teams.app)
So, leave Parameter 4 blank in your policy.
No, I don't change any permissions when creating the .PKG. (We use a customized version of @mm2270's App Packager to create the .PKG we're deploying.
Posted on 06-06-2018 01:55 AM
@dan.snelson
First, thank you for your answer. As I though there is something wrong with MS Teams.
I have vendor old version MS Teams 1.00.026952. I installed it, used your script, checked updates and application was updated to version 1.00.29954.
Then I did the same procedure: check for new updates. In temp folder (User's Library/Application Support/Microsoft/Teams/temp) file Teams_osx.zip is downloading (build 1.00.111551). Then the app shows popup to refresh and ask to relaunch. After relaunch Ms Teams is the same version as was - 1.00.026952.
Any idea why? Maybe the issue is related to json file and difference version (in json file the build has a number 1.1.00.111551)?
Posted on 06-06-2018 05:00 AM
@maziboss As of this writing, I'm seeing version 1.00.111551 on the Microsoft Teams download page, but the app itself reports that "You've got the latest updates" with version 1.1.00.14353.
Posted on 06-06-2018 05:37 AM
@dan.snelson the issue is that i'm not able update applications from version 1.00.29954 to 1.1.00.14353. New version of app is downloading to temp folder, then relaunch and after all Teams has the same build (1.00.29954). Any idea why?
Posted on 06-06-2018 06:42 AM
@maziboss Sorry, no, I don't have any idea why.
Is deleting the installed version and deploying 1.00.111551 an option for you?
Posted on 03-20-2019 03:18 PM
Dan, I have a question regarding the current working of permissions on Microsoft Teams. On Tuesday of this week (3/19/19), I noticed the application not updating on its own. It is asking users to download and then admin username/password are required to install. I can see that the owner of the app is the current standard login user. I have also flush the policy to make the current login user owner of app. I believe that Microsoft Teams has changed the way it process updates.
Can you let me know if you are experiencing the same challenge? If yes, can you let me know if you have found a fix.
thank you for all the help on this!
Posted on 06-08-2020 01:12 PM
If you enable a custom trigger (IE: installTeams) using the scenario at the top - you have to script it to copy to the local system and run the installer - or if you enable custom - does it know to mount the distribution point and using Installer?