Using File Screening with Teams Installer

At the school I am currently working at we use File Screening in the user data areas to prevent download and storage of executables and crypto files. Over the last week as staff and students have returned this has caused some issues when it comes to Teams and how it updates itself.

Our usual method of software deployment is via Group Policy software installation. As Teams installs in each user’s AppData we deploy the Teams machine wide MSI. Most of the time Teams then silently updates without issue however occasionally it prompts the user to download the full Teams installer .exe in order to update.

This creates issues as we block all .exe files in the screen template. However there is a simple solution, you are able to create an exception within the template.

Open up File Server Resource Manager -> File Screen Templates -> Edit Template Properties. Select Executable Files and then Edit. Under Files to exclude add

Teams_windows_*.exe

The asterisk means if the user ends up with multiple installers (Teams_windows_x64 (1).exe for example) due to switching machines etc. it won’t get blocked.

Related to this one of our team has written a great article for our help desk on how the end users can update Teams.

20H2 Network Rebuild

As you’ll know if you follow my work Twitter I spent last week over at Trinity Catholic School who have recently joined the MAC rebuilding their network from a legacy RM CC4 image to a new Lourdes IT 20H2 one.

This included some great work by Dan our project lead on creating new virtual machines and some interesting technical challenges running the two networks side by side when it came to DNS and DHCP. We needed to do this due to the fact that until we got to a point where all IT rooms were imaged the children that were in school still needed access to computers to be able to complete their online learning.

The image was deployed via MDT containing 20H2 and Office 365 and then other software is picked up using the software installation Group Policy. All machines are installed with senso remote monitoring software and this makes it really easy to test an entire IT suites functionality using the log on/log off tools that are in the senso console.

Once we got going it was pretty smooth sailing and there has been a good speed improvement on their machines. Unfortunately they are a little bit dated and ideally it would have been great to upgrade some with SSDs but perhaps that’s another job for another day.

Few pics of the rebuilt machines are below.