Enjoy your weekend!

If you want to read our latest blog post, click here.

Posted by

MSI and inherited policy

We have an MSI assigning the host to a group. Both the host MSI package and the group are set to a certain policy and/or to inherit the group's policy. Every time we push the MSI to a client however, the user goes to the group we specify with no policy assigned. This leaves the endpoint without our security whitelist from the policy it is supposed to be getting. We are forced to manually monitor the default "unassigned" folder and apply the policy every time our auto-deployment MSI hits a new endpoint. With hundreds of endpoints and a sensitive coporate environment, this is a real pain and security risk.

1 Reply
1 Reply
Posted by

Re: MSI and inherited policy

@CTAIT I have something similar.


The policy linked to a group is not automatically and systematically applied to the hosts of my organization group. I update regulary the version of Teamviewer Host on existing computers (when a new version is released), therefore some of them are already present in my organization group.

After an update (or a simple uninstall / reinstall), the host record shows sometimes "not removed (<policy name>)".  After a while the policy is suppressed from the host automatically but then do not re-apply the policy set on the group to the host.

I have to manually set the policy to the host, even he is set to inherit the policy of the group where he is linked, which is particulary annoying. It is as well a security issue as all the policy settings are not applied to the host (whitelist, etc...)


I have configured my custom host to inherit the policy from the organization group where he will be affected. I affect the host to the organization group with the MSI assignment command line parameters:

ASSIGNMENTOPTIONS="--alias %COMPUTERNAME% --group <groupname> --reassign"

The host register correctly to my teamviewer account as well (i can see it under account affectation).

Teamviewer Version 14.4 (as well 15.6)