Microsoft Teams deploy.

Celiker
New Contributor

Hello,
I want deploy "Microsoft Teams" app to our mac clients. But i could not success.. Could someone help to me about this ?
the app can deploy if i request from self service. But otherwise i could not deploy remotely to client mac computers.
I added 3 picture.
3rd picture about = I installed from self service. 62 computers just holding on "pending"... How can i deploy to them ( not using self service )

Thank you.

1 ACCEPTED SOLUTION

m_kindelberger
New Contributor II

Hello Celiker,

you policy configuration is not accurate for push your package. you can create a Computer Smart group where this application is not installed and scope on it. (Specific computer) You must to put a trigger for start application installation. It's can be recurrent check-in. If you want to enforce deployment. Don't forget to add inventory after installation, like this computer will be remove from computer smart group.

View solution in original post

19 REPLIES 19

Celiker
New Contributor

b0d6bb1b04204286897d61eb07e8d953
265fcb22025b4a90ac8923392a931d72
0ca217f27c264812aaceab233f460957

m_kindelberger
New Contributor II

Hello Celiker,

you policy configuration is not accurate for push your package. you can create a Computer Smart group where this application is not installed and scope on it. (Specific computer) You must to put a trigger for start application installation. It's can be recurrent check-in. If you want to enforce deployment. Don't forget to add inventory after installation, like this computer will be remove from computer smart group.

kunkelb
New Contributor II

Since you're deploying the app to every managed computer that you have, you could probably not bother making the smart computer group -- just set a trigger ("Recurring Check-in" is probably easiest, that way they pull the app when they talk to your JSS) and change your execution frequency to "Once per computer." You could make a smart group and it wouldn't harm anything, I just don't think it'd be necessary.

Celiker
New Contributor

Hi m.kindelberger, I changed as you sad and it worked for me. Thank you.
ae4c11c3d703429f92503da4db2806c2

dan-snelson
Valued Contributor II

We just had a user report that when Microsoft Teams.app is owned by root, only the root user can update it.

We're now testing the following postinstall script:

#!/bin/sh
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

####################################################################################################
# Import logging functions
source /path/to/client-side/functions.sh
####################################################################################################

ScriptLog "Installed."

ScriptLog "Apply odd-ball permissions ..." # Thanks, Randy T.
loggedInUser=$( /usr/bin/stat -f%Su /dev/console )
/usr/sbin/chown -Rv ${loggedInUser}:admin /Applications/Microsoft Teams.app/

ScriptLog "Reveal app ..."
revealMe "/Applications/Microsoft Teams.app"

exit 0      ## Success
exit 1      ## Failure

--
Dan

MDM
New Contributor

Hi Dan, any luck with the post install script.

dan-snelson
Valued Contributor II

@MDM The following seems to be working for us:

f425b822290046f3aa57c6889af54070

The important bits from two of the scripts are below; please let me know if your mileage varies too greatly.


Microsoft Teams Clean-up

#!/bin/sh
####################################################################################################
#
# ABOUT
#
#   Removes user-specific files prior to upgrading Microsoft Teams
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 12-Dec-2017, Dan K. Snelson
#
####################################################################################################

# Variables
loggedInUser=$(stat -f%Su /dev/console)
applicationPath="Microsoft Teams.app"


# Check if the specified application is installed ...
testDirectory="/Applications/${applicationPath}"
if [ -d "${testDirectory}" ] ; then

    echo "/Applications/${applicationPath} located; proceeding ..."

    echo "Removing ${loggedInUser}-specific files for ${applicationPath} ..."

    /bin/rm -Rf /Users/${loggedInUser}/Library/Caches/com.microsoft.teams*

    /bin/rm -Rf /Users/${loggedInUser}/Library/Application Support/Microsoft/Teams

    /bin/rm -Rf /Users/${loggedInUser}/Library/Application Support/com.microsoft.teams

    echo "Removed ${loggedInUser}-specific files for ${applicationPath}."

    exit 0

else

    echo "/Applications/${applicationPath} NOT found; nothing to do."

    exit 0

fi

exit 0

Application Permission

#!/bin/sh
####################################################################################################
#
# ABOUT
#
#   Sets permissions on the application passed as Parameters 4 & 5. 
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 12-Dec-2017, Dan K. Snelson
#
####################################################################################################


# Variables
loggedInUser=$(stat -f%Su /dev/console)
applicationPath="$5"


# If Parameter 5 is blank, exit ...
if [ -z "${applicationPath}" ]; then

    echo "Application Path not specified; exiting."

    exit 1

fi



# Check for a specified owner (Parameter 4)
# Defaults to currently logged-in user
if [ "$4" != "" ] && [ "$owner" == "" ]; then
    owner="${4}"
else
    echo "Parameter 4 is blank; using "${loggedInUser}" as the owner."
    owner="${loggedInUser}"
fi



# Check if the specified application is installed ...
testDirectory="/Applications/${applicationPath}"
if [ -d "${testDirectory}" ] ; then

    echo "/Applications/${applicationPath} located; proceeding ..."

    echo "Setting permissions on /Applications/${applicationPath} ..."

    /usr/sbin/chown ${owner} "/Applications/${applicationPath}"

    echo "Set owner of "/Applications/${applicationPath}" to ${owner}."

    exit 0

else

    echo "/Applications/${applicationPath} NOT found; nothing to do."

    exit 0

fi

exit 0

--
Dan

stevewood
Honored Contributor II
Honored Contributor II

Hey @dan.snelson any chance you'd be willing to share two scripts I see in that image: Close Applications Gracefully and Update Inventory? The second one I'm just more curious than anything as to what you are doing in it.

I am looking at changing the way we do inventory updates due to the load on the servers, and I'm always curious how other folks do things.

Thanks!

dan-snelson
Valued Contributor II

Hi, @stevewood. Hopefully these are worth the wait:


Close Applications Gracefully

#!/bin/sh
####################################################################################################
#
# ABOUT
#
#   Quits apps gracefully as specified in JSS script parameters
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 29-Jun-2015, Dan K. Snelson
#       Original
#   Version 2.0, 10-Nov-2016, Dan K. Snelson
#       Added check for app's existence 
#
####################################################################################################


### Variables
appName1="$4"     # App Name (i.e., "Microsoft Excel")
appName2="$5"     # App Name (i.e., "Microsoft OneNote")
appName3="$6"     # App Name (i.e., "Microsoft Outlook")
appName4="$7"     # App Name (i.e., "Microsoft PowerPoint")
appName5="$8"     # App Name (i.e., "Microsoft Word")
appName6="$9"     # App Name (i.e., "Microsoft Lync")



### Gracefully quit apps
echo "### Gracefully Quitting Apps ###"

### Functions
quitAppGracefully() {

    echo " " # Blank line for readability

    echo "* App to quit: ${1}"

    echo "* Verify ${1} is installed ..."

    testDirectory="/Applications/${1}.app"

    if [ -d "${testDirectory}" ]; then

        echo "* ${1} is installed; quit if running ..."
        /usr/bin/osascript -e 'quit app "'"${1}"'"'
        echo "* Quit ${1}."

    else

        echo "* ${1} is NOT installed; nothing to quit."

    fi
}



### Call the Functions

# App Name 1 to quit
if [ ! -z "${appName1}" ]; then
    quitAppGracefully "${appName1}"
fi

# App Name 2 to quit
if [ ! -z "${appName2}" ]; then
    quitAppGracefully "${appName2}"
fi

# App Name 3 to quit
if [ ! -z "${appName3}" ]; then
    quitAppGracefully "${appName3}"
fi

# App Name 4 to quit
if [ ! -z "${appName4}" ]; then
    quitAppGracefully "${appName4}"
fi

# App Name 5 to quit
if [ ! -z "${appName5}" ]; then
    quitAppGracefully "${appName5}"
fi

# App Name 6 to quit
if [ ! -z "${appName6}" ]; then
    quitAppGracefully "${appName6}"
fi


exit 0      ## Success
exit 1      ## Failure

Update Inventory

#!/bin/sh

echo "*** Updating inventory ***"

# Get the logged in users username
loggedInUser=$(/usr/bin/stat -f %Su "/dev/console")

# Identify location of the logged-in user's home directory
user_home_location=$( /usr/bin/dscl . -read /Users/"${loggedInUser}" NFSHomeDirectory 2>/dev/null | /usr/bin/sed 's/^[^/]*//g' )

if [ ${loggedInUser} == "root" ] || [ ${loggedInUser} == "adobeinstall" ] || [ ${loggedInUser} == "_mbsetupuser" ] ; then

    echo "${loggedInUser} is currently the logged-in user; starting normal inventory update ..."

    /usr/local/jamf/bin/jamf recon

    echo "Finished running inventory update"

else

    if [ -d "/Applications/Enterprise Connect.app" ] ; then # https://derflounder.wordpress.com/2017/04/12/identifying-which-active-directory-account-is-logged-into-enterprise-connect/

        /usr/bin/security find-generic-password -l "Enterprise Connect" "${user_home_location}"/Library/Keychains/login.keychain > /dev/null 2>&1

        if [[ $? -eq 0 ]]; then # Enterprise Connect installed AND configured

            ec_user=$( /usr/bin/security find-generic-password -l "Enterprise Connect" "${user_home_location}"/Library/Keychains/login.keychain | awk -F "=" '/acct/ {print $2}' | tr -d """ )

            echo "Starting inventory update for Enterprise Connect user ${ec_user} ..."

            /usr/local/jamf/bin/jamf recon -endUsername ${ec_user}

            echo "Finished running inventory update for Enterprise Connect user ${ec_user}."

        else    # Enterprise Connect installed, but NOT configured

            echo "Starting inventory update for user ${loggedInUser} ..."

            # Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
            /usr/local/jamf/bin/jamf recon -endUsername ${loggedInUser}

            echo "Finished running inventory update for ${loggedInUser}."

        fi

    else

        echo "Starting inventory update for user ${loggedInUser} ..."

        # Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
        /usr/local/jamf/bin/jamf recon -endUsername ${loggedInUser}

        echo "Finished running inventory update for ${loggedInUser}."

    fi

fi


exit 0

--
Dan

mtward
New Contributor III

@dan.snelson Thanks for posting your impressive Teams update flow. Can you confirm that your method still works with the latest release of Teams (which is now a DMG)? 1.00.1253 as of this writing.

Also, has anyone tried a hybrid of Dan's method. Something like removing all the $user caches/containers, and then deploying a custom packaged Microsoft Teams.app with permissions changed?

dan-snelson
Valued Contributor II

@mtward We're using @mm2270's App Packager to create the .PKG we're deploying.

(Our testers have until Monday, 22-Jan-2018, to confirm the test policy works, but it's looking good so far.)


--
Dan

maziboss
New Contributor

@dan.snelson What variable we should set for parameters $4 in script "Application Permission"?
Should it be empty?
When you creating the app do you change the permissions on MS Teams.app? Currently the standard user is not able to update this application.

dan-snelson
Valued Contributor II

@maziboss Thanks for the questions. Hopefully the following will clarify using this script:

In Settings > Computer Management > Scripts > {Script Name} > Options, set:
PARAMETER 4 to: Owner (defaults to current user)
PARAMETER 5 to: Application (i.e., Microsoft Teams.app)

72db5424ff3a4d5e92850e4039f81a87

So, leave Parameter 4 blank in your policy.

fa1ffd436ec24fd5ba3a00454e727cbe

No, I don't change any permissions when creating the .PKG. (We use a customized version of @mm2270's App Packager to create the .PKG we're deploying.


--
Dan

maziboss
New Contributor

@dan.snelson First, thank you for your answer. As I though there is something wrong with MS Teams. I have vendor old version MS Teams 1.00.026952. I installed it, used your script, checked updates and application was updated to version 1.00.29954.
Then I did the same procedure: check for new updates. In temp folder (User's Library/Application Support/Microsoft/Teams/temp) file Teams_osx.zip is downloading (build 1.00.111551). Then the app shows popup to refresh and ask to relaunch. After relaunch Ms Teams is the same version as was - 1.00.026952.
Any idea why? Maybe the issue is related to json file and difference version (in json file the build has a number 1.1.00.111551)?

dan-snelson
Valued Contributor II

@maziboss As of this writing, I'm seeing version 1.00.111551 on the Microsoft Teams download page, but the app itself reports that "You've got the latest updates" with version 1.1.00.14353.


--
Dan

maziboss
New Contributor

@dan.snelson the issue is that i'm not able update applications from version 1.00.29954 to 1.1.00.14353. New version of app is downloading to temp folder, then relaunch and after all Teams has the same build (1.00.29954). Any idea why?

dan-snelson
Valued Contributor II

@maziboss Sorry, no, I don't have any idea why.

Is deleting the installed version and deploying 1.00.111551 an option for you?


--
Dan

kpotek
New Contributor

Dan, I have a question regarding the current working of permissions on Microsoft Teams. On Tuesday of this week (3/19/19), I noticed the application not updating on its own. It is asking users to download and then admin username/password are required to install. I can see that the owner of the app is the current standard login user. I have also flush the policy to make the current login user owner of app. I believe that Microsoft Teams has changed the way it process updates.

Can you let me know if you are experiencing the same challenge? If yes, can you let me know if you have found a fix.

thank you for all the help on this!

k3vmo
Contributor

If you enable a custom trigger (IE: installTeams) using the scenario at the top - you have to script it to copy to the local system and run the installer - or if you enable custom - does it know to mount the distribution point and using Installer?