Disabling Teams AutoStart

5/5 - (5 votes)

Here’s a fun one … Disabling Teams auto-startup.  Imagine this scenario:

  • You haven’t trained your service desk on how to answer/troubleshoot/manage Teams help desk calls
  • You’ve configured restrictions on who can create Teams
  • You’ve deployed the new Office ProPlus update with Teams integrated.
  • You haven’t applied licenses to everyone

You push out your new Office ProPlus and the entire world goes sideways when Teams auto-launches and no one can log in, or the ones that can log in can’t create Teams (if you’ve gone through the this process to limit Office 365 Group Creation).

No problem, you think … There’s probably a GPO for that.  And, there is. Except for this little note in the deployment guidelines:

Yes, you right that read.  The only way to prevent Teams from starting up using the GPO template is to deploy the template before you know you have a problem.  Talk about the value of planning ahead.

Fortunately, you can sort nick this after the fact, though it may take two reboot/login cycles for your users.

Background

Teams autorun functionality has two pieces: a registry startup value and some data in-app that will configure the startup registry value.

Teams is built on the Electron platform, and as such, doesn’t exactly work the same way a lot of our other products do.  A lot of data is stored in %APPDATA%, which means that simply uninstalling the application won’t clean up the settings.  So, if you uninstall and attempt to reinstall (and apply the GPO settings), you may not get the desired result.  Plus, if you’ve already got the app deployed but just want to phase it in, uninstalling it is literally the opposite direction of phasing it in.

The settings we’re talking about managing live in two places:

Registry

First stop is in the Registry, under the HKCU\Software\Microsoft\Windows\CurrentVersion\Run key.

Teams Client

And then there’s the Teams client setting, which will put the registry value back every time it opens.

The Teams setting data is stored in %APPDATA%\Microsoft\Teams\desktop-config.json, so while it’s not an INI file, it’s challenging because it means the desktop has to be touched somehow.

Here’s what you can do.

PowerShell to the Rescue

You can use a PowerShell logon script to clear the HCKU entry as well as update the JSON configuration for the user’s installation.  Fortunately, JSON is relatively easy to manipulate, so we can just run the values through PowerShell and ta-da!

# If Teams autorun entry exists, remove it
$TeamsAutoRun = (Get-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -ea SilentlyContinue)."com.squirrel.Teams.Teams"
if ($TeamsAutoRun)
{
 Remove-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -Name "com.squirrel.Teams.Teams"
}

# Stop Teams before modifying config
Stop-Process -Name Teams -EA SilentlyContinue
# Teams Config Data
$TeamsConfig = "$env:APPDATA\Microsoft\Teams\desktop-config.json"
$TeamsConfigData = Get-Content $TeamsConfig -Raw -ea SilentlyContinue | ConvertFrom-Json

# If Teams already doesn't have the autorun config, exit
If ($TeamsConfigData)
{
 If ($TeamsConfigData.appPreferenceSettings.openAtLogin -eq $false)
 {
  # It's already configured to not startup
  exit
 }
 else
 {
  # If Teams hasn't run, then it's not going to have the openAtLogin:true value
  # Otherwise, replace openAtLogin:true with openAtLogin:false
  If ($TeamsConfigData.appPreferenceSettings.openAtLogin -eq $true)
  {
   $TeamsConfigData.appPreferenceSettings.openAtLogin = $false
  }
  else
  # If Teams has been intalled but hasn't been run yet, it won't have an autorun setting
  {
   $Values = ($TeamsConfigData.appPreferenceSettings | GM -MemberType NoteProperty).Name
   If ($Values -match "openAtLogin")
   {
    $TeamsConfigData.appPreferenceSettings.openAtLogin = $false
   }
   else
   {
    $TeamsConfigData.appPreferenceSettings | Add-Member -Name "openAtLogin" -Value $false -MemberType NoteProperty
   }
  }
  # Save
  $TeamsConfigData | ConvertTo-Json -Depth 100 | Out-File -Encoding UTF8 -FilePath $TeamsConfig -Force
 }
}
Once you save it (or, you can go here and download it as well: https://gallery.technet.microsoft.com/Disable-Teams-Autorun-9ab90823), you can add it to a GPO and use Group Policy Security Filtering to apply it selectively to your users until you’re ready for them to start.
Of course, just remember that since Teams is updated out-of-band from Office ProPlus updates, if your users aren’t launching and using it periodically, it will become out of date and may cause problems

Additional Resources

Since we’re managing an application that starts automatically, you may find that you need to manage the login script processing behavior (such as setting it to synchronous) to ensure this config happens before Teams starts and resets the config. It may also make sense to make it a logoff script as well. Your mileage may vary, so you may find some help in these links in configuring synchronous processing.

https://blogs.technet.microsoft.com/askds/2010/03/23/group-policy-script-processing-behavior/ 

https://superuser.com/questions/1430596/windows-10-v1809-ignores-configure-logon-script-delay-gpo-2

You can also configure with Intune, if you’re so inclined: https://osddeployment.dk/2019/08/10/use-admx-policy-to-prevent-microsoft-teams-from-starting-automatically-after-installation-with-intune/

author avatar
Aaron Guilmette
Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

3 Replies to “Disabling Teams AutoStart”

  1. Last line in the script saves the JSON file in an incorrect format (UTF-16 LE) which the application does not recognize (in my case Windows 10 1903 build 18362.295 and Microsoft Teams 1.2.00.22654)

    Don’t forget that the application must be closed in order to execute this script so add the line

    Stop-Process -name Teams

    And in order to save the file using UTF-8 replace the last line:

    $TeamsConfigData | ConvertTo-Json -Depth 100 | Out-File $TeamsConfig -Force

    with:

    $TeamsConfigData | ConvertTo-Json -Depth 100 | Out-File -Encoding default $TeamsConfig -Force

    1. Interesting–of course, “it worked in the lab” on my machine. 🙂 I’ve updated it to force it to UTF8 in the output and to stop the teams process. Thanks for the suggestions!

Comments are closed.