Is a true silent install of the host possible?

GregH2O
GregH2O Posts: 7
edited May 2023 in General questions

Hello, 

I am deploying for the host (v13) and it installs fine, and there are no boxes asking the user to choose "next" etc. but when the install finishes, it pops up the "setup unattended access" wizard.

How do I stop that from happening, and get a completely silent install?

Comments

  • Can anyone from teamviwer comment on this? If it can't be done, fine, but I would like to know what options we have for deploying over several thousand desktops.

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi Greg,

    Thanks for your post.

    Could you check out this post and see if this helps you? Please let me know your feedback. 

    If it does not help you, I recommend sending a quick ticket to our Support team via our Support site to get the correct answer.

    Thanks and all the best, Esther

    Former Community Manager

  • Hi Esther, 

    Thanks for the reply, but no, it doesn't help unfortunately as I am getting a different dialogue box. This is the one that is coming up after install:

    oeHpNiN

    It is like the install is configuring a setting to do this when teamviewer starts, and then starting Teamviewer to display it..

    The command that I am using to do the install within SCCM is 

    "msiexec /i "TeamViewer_Host.msi" /qn"

    That should be a standard install string for a silent install of an MSI file.

    I have logged it as a support call though, and will update this if there is a solution! Thanks for your help.

  • Esther
    Esther Posts: 4,052 Former Community Manager

    Hi again,

    Thanks for your quick reply.

    Did you deploy the .reg-file (TeamViewer_Settings.reg) incl. a permanent password?

    Hint: You can use the Assignment tool via the Management Console to deploy Easy Access. This will also solve the issue.

    Looking forward to your update on this.

    Thanks again, Esther

    Former Community Manager

  • Hi, 

    No, I haven't deployed any specific registry settings as apparently we don't make any changes. As far as I am aware, we don't do any account assignment automatically. I really don't know much about how teamviewer works, I just know what it does, and know that it needs to be deployed.

    I can't see anything about the assignment tool  in the Management Console (maybe I don't have permissions), but as people generally just install the host manually at the moment, I don't want to start introducing additional tools and complexity if I don't have to. Also, setting up an assignment share that is visible to the entire estate just isn't going to happen I don't think.

    It would just be really good to roll out the vanilla client, as if someone ran the host .msi manually, but silently, with no user interaction (which seems to be what the teamviewer_host.msi does if you run it in interactive mode, it doesn't create the pop-up dialogue box that I see when I try and do it silently).

  • I'm wondering the same thing, that unattended setup box seems to be on restart for me. Any way to get rid of this?

  • Speaking to support, it doesn't look like it unfortunately. They recommend creating shares, putting passwords in .reg files, etc., none of which is going to fly with Security.

    So we will have to give up on a silent install, and just make it "available" with SCCM rather than "assigned", and the user will have to do the install themselves.

    A bit disappointing to be honest, (it is 2018, not 1998) but not the end of the world.

  • Aaron_Boshers
    Aaron_Boshers Posts: 47 Moderator

    Hello @GregH2O

    The information you received is for active directory domain deployments.

    Please see the following link for those using other deployment tools such as SCCM that need to be able to deploy outside of an AD environment. 

    Deploy TeamViewer with the Assignment Tool

    With this, the device gets assigned, gets easy access, and then can have a policy applied. 

    Best Regards,

     

     

    Aaron Boshers
    Senior Enterprise Solutions Engineer

    If my reply answered your question, help out other users and click the Accept as a Solution button below.
    You can also say thanks by clicking on the Thumbs Up button! Thanks for being an active member of our Community!
  • Thanks for the response. That still says:

    Note: The Assignment Tool must be accessible via a network share or be deployed together with the TeamViewer Host.

    I just want to deploy the host so that someone in our enterprise can connect to it. It also says:

    1. Run the Assignment Tool as administrator after deployment of the MSI package  on all devices that should be assigned.
      • This could for example be done by making the Assignment Tool available via a network share and running a script to call up the Assignment Tool on the devices after successful deployment of the MSI package.

    So do I need to deploy two packages? Where do I get the assignment tool package? Is this really going to stop my original message, or am I still doing to get that after deploying the MSI.

    What does the assignment tool actually do? I am trying to do this as a favour, the Operations guys apparently don't do any additional configuration after a manual install. This seems more complex than deploying Office 365. :)

     

  • Aaron_Boshers
    Aaron_Boshers Posts: 47 Moderator

    @GregH2O

    The assignment tool is an .exe that uses our Open API based on REST to assign the device to your account and grant easy asccess. With the assignment you can then depending on your settings have a TeamViewer policy applied to the device so that you can manage almost all TeamViewer settings remotely. 

    The assignment tool in SCCM can be a seperate package that is dependent on the host msi or custom exe.

    Or you can script it, in powershell, batch, or shell for Mac devices. 

    Here is a batchfile example. Credit to @W_deFazio for the batch file. 

    REM			INSTALLMSI
    start /wait msiexec.exe /i \\XXXXX\XXXXX\XXXXX\TeamViewer_Host-idcXXXXX.msi /qn

    REM CHECK FOR WIN BIT VERSION
    cd
    if not exist "C:\Program Files\TeamViewer\TeamViewer.exe" goto :loop
    REM 32BIT
    :loope
    reg query HKLM\Software\TeamViewer /v ClientID
    if "%ERRORLEVEL%" == "1" (GOTO loope) else (GOTO assign32)
    REM 64BIT
    :loop
    reg query HKLM\Software\WOW6432Node\TeamViewer /v ClientID
    if "%ERRORLEVEL%" == "1" (GOTO loop) else (GOTO assign64)
    REM INSTALLATION32
    :assign32
    TIMEOUT 10
    start /wait \\XXXXX\XXXXX\XXXXX\TeamViewer_Assignment.exe -apitoken XXXXXXXXXXXXXXXX -datafile "C:\Program Files\TeamViewer\AssignmentData.json" -allowEasyAccess=true
    exit
    REM INSTALLATION64
    :assign64
    TIMEOUT 10
    start /wait \\XXXXX\XXXXX\XXXXX\TeamViewer_Assignment.exe -apitoken XXXXXXXXXXXXXXXX -datafile "C:\Program Files (x86)\TeamViewer\AssignmentData.json" -allowEasyAccess=true
    exit

    Something to remember here is that remote access is a powerful thing and making the deployment process easier can sometimes have some dangerous consequences.  

    If you have further questions we recommend you contacting your local support to get further support as this is more advanced support.  

     

     

    Aaron Boshers
    Senior Enterprise Solutions Engineer

    If my reply answered your question, help out other users and click the Accept as a Solution button below.
    You can also say thanks by clicking on the Thumbs Up button! Thanks for being an active member of our Community!
  • I just pushed a 400-machine rollout, and let me tell you: you're in for an absolute nightmare. This process is so janky, with so many points of failure, that you will seriously daydream how to exact your revenge.

    First, you need a non-personal/dummy "master account" (aka a user-level workaround for TV's shoddy design) so that you have centralized endpoint management. Nobody tells you this in advance, because it's embarassing. Without this, you'll end up like me: the fleet assigned to your user account while the old ones clutter the other techs' personal contact lists (which is what it actually is). You'll have duplicates and confusion, failure to connect to endpoints, etc.

    You will use this master account to make your configs and policies, and to manage the endpoints themselves. Then you push the assignment tool after the install (good luck, hopefully the json file generates properly!) to assign them. You will then share the list with your techs (lol).

    If you plan to use SCCM, good luck. I ended up having a 200-line powershell wrapper to do the job, and only got about 50% success rate with assignment. I had to follow it up with a PDQ Deploy package for the assignment tool. After all of that struggle, now I have the fleet on my contact list, but the old installs are on everyone else's contact lists and you can't mass delete or mass update the entries. The whole thing is a complete farce. But hey, at least all of these hosts are the same settings/version/policy/owner, right? Who needs a centralized list of endpoints in an enterprise platform?

  • Thanks. I have a support call open.

    They just told me that deployment via SCCM isn't supported so I guess that answers that.

  • kaiholzer
    kaiholzer Posts: 2 ✭✭

    We also got some problems with the silent installation. Some of the clients also got the message to set up the unattended access, if there is currently no internet connection there is also a prompt and then there is an other prompt which tells the user that the TeamViewer is minimized in the taskbar.

    So for us it's not possible to install the client completly silent on every machine. In my opinion there shouldn't be any message if I use the msi deployment with the assignment tool.

  • KN_Admin
    KN_Admin Posts: 1

    We have the same problem.

    Some user get a pop up to set unattended access,
    which we don't want, very annoying.

    Silent should be silent!!!!!!

    Our deployment via SCCM works, except that bad behaviour.
    We don't want that the user is able to set unattended access.

    Regards
    KN

     

     

  • MCarter
    MCarter Posts: 9

    Annoying that you can create a custom host with policy but cant export it to a custom MSI that does everything.

    They way Ive handled it in SCCM is download the MSI, append the config ID to the file, manually install on a test machine, reboot, then open settings and check to make sure all policies are correct, add the unattended password, and export the registry settings.

    Next I add the appplication in SCCM, followed by a blank package that contains the source directory for the reg file. Then I create a Task Sequence to install the application, followed by a command line entry to run "regedit /S name-of-reg-file.reg" - Include the package here, and diasable 64 bit redirection. End the TS with a SMSTSPostAction variable that runs a batch file with "shutdown /r /t 0" in it. You'll get a cleaner exit on your TS this way. I've found that the MSI customizations such as logos and custom text wont show up until reboot.

  • jumarcil
    jumarcil Posts: 1

    This is how we did it : completely silent.  A bit of work but it went pretty smooth.

    e pushed it to 600+ pc silently in less than 2 days (different countries +  time zones).  Created the Host with a service account, pushed the msi with the id generated by the host through altiris, could have been pushed through gpo, sccm etc..  also created a global policy assigned to the computer groups so that you can make change whenever you want,  the most complicated part was the assignment since each of our sites has different proxys but if they are on the road they don't use proxy but vpn and no proxy but still in the same subnets....  So we created a script that detected the subnet, assigned the right proxy when using the assignment tool, then ran a little reg file at the end to put it back to auto-proxy settings plus locking the site.  If you wanna make sure that it doesn't fail, raise the timeout to 30 or even 60 seconds. Not the most user friendly but it works fine.   We even created another gpo with powershell and the Rest api to rename the computer in the console as they are bumped to other users (computers being renamed) .  

    @echo Off
    for /f %%a in ('echo.^|ipconfig^|findstr "192[.]168[.][.]"') do goto SiteA
    for /f %%a in ('echo.^|ipconfig^|findstr "192[.]168[.][.]"') do goto SiteB

    goto noProxy

    ______________________________________

    :SiteA

    msiexec.exe /i "\TeamViewer_Host-idXXXXXXXX.msi" /qn ALLUSERS=2

    "%~dp0TeamViewer_Assignment.exe" -apitoken XXXXXXX-XXXXXXXXXXXXXXX -datafile "${ProgramFiles(x86)}\TeamViewer\AssignmentData.json" -devicealias "${COMPUTERNAME}" -allowEasyAccess=true -wait=30 -proxyurl http://xxx.xxx.xxx.xxx:8080

    Windows\SysWOW64\reg.exe import "%~dp0TeamViewer_ProxyAutodetect.reg"

    TIMEOUT 2
    "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" --ReloadSettings
    Exit

     

  • MCarter
    MCarter Posts: 9

    Updating my SCCM deployment strategy here in case anyone else stumbles across this in search of answers.

    We have a mixed architecture environment. Most everything is 64 bit save a group of tablets that RDP to a server as a sort of kiosk application environment.

    We are upgrading TV11 to TV13. Some hosts have been assigned to various accounts over time, and we want to consolidate that to a master account, and have a couple variations of hosts depending on the situation. For example, the tablets mentioned above are mostly unattended, so I have a custom host with full access on a strong password. Normal users on the other hand, require a user prompt to grant control. I have a Task Sequence built for each variation, which reference collections based on AD group membership.

    First, I run the uninstall group. This is a package with a batch file program that queries the system architecture and calls the appropriate MSI wrapper to uninstall (Uninstalling is the TV recommended method of removing account assignment. If this is not an issue you should be okay to install over an existing version) 

    uninstall.bat:

    SET "FW32=C:\Program Files\TeamViewer"
    Set "FW64=C:\Program Files (x86)\TeamViewer"

    IF EXIST %FW32% (GOTO REMOVE32) ELSE (GOTO REMOVE64)

    :REMOVE32
    reg delete "HKLM\Software\TeamViewer" /f
    reg delete "HKCU\Software\TeamViewer" /f
    wmic product where vendor="TeamViewer" call uninstall
    exit

    :REMOVE64
    reg delete "HKLM\Software\Wow6432Node\TeamViewer" /f
    reg delete "HKCU\Software\TeamViewer" /f
    wmic product where vendor="TeamViewer" call uninstall
    exit

     Next, I install the new version with the host MSI using SCCM Application, and calling it with the Task Sequence Install Application step. Nothing special here, just if youre using a custom host make sure when building the application in SCCM, to point to the TeamViewer_Host-idcxxxxxx.msi where xxxxxx is your config ID

    I then load the registry file with unattended password (if needed) that was exported from the test machine. I use a batch file program within a Package to set source file location on the network, and the batch file runs reg.exe IMPORT TeamViewer_Settings.reg

     In the account assignment group, I again run a batch file program within a Package. The batch file determines system architecture, waits for a TV client ID, assigns to account, then reloads the settings:

    REM Check Windows Architecture
    IF NOT EXIST "C:\Program Files\TeamViewer\TeamViewer.exe" GOTO loop64

    REM Get 32 Bit Client ID
    :loop32
    reg query HKLM\Software\TeamViewer /v ClientID
    IF "%ERRORLEVEL%" == "0" (GOTO assign32) else (GOTO loop32)

    REM Get 64 Bit Client ID
    :loop64
    reg query HKLM\Software\WOW6432Node\TeamViewer /v ClientID
    IF "%ERRORLEVEL%" == "0" (GOTO assign64) else (GOTO loop64)

    REM 32 Bit Account Assignment
    :assign32
    start /wait TeamViewer_Assignment.exe -apitoken ************************************ -datafile "C:\Program Files\TeamViewer\AssignmentData.json" -allowEasyAccess=false
    GOTO reload32

    REM 64 Bit Account Assignment
    :assign64
    start /wait TeamViewer_Assignment.exe -apitoken ************************************* -datafile "C:\Program Files (x86)\TeamViewer\AssignmentData.json" -allowEasyAccess=false
    GOTO reload64

    REM Reload 32 bit
    :reload32
    start "" "C:\Program Files\TeamViewer\TeamViewer.exe" --ReloadSettings
    waitfor SomethingThatIsNeverHappening /t 10 2>NUL
    EXIT

    REM Reload 64 bit
    :reload64
    start "" "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" --ReloadSettings
    waitfor SomethingThatIsNeverHappening /t 10 2>NUL
    EXIT

    Although this code exits clean, I have tried several methods of calling the reload but it isnt reliable, particularly if youre needing to set an unattended password. I have however, found a workaround

    Last steps in the assign group. First, is Reload Settings x86, that is a Command Line step, that calls 

    cmd.exe /c "C:\Program Files\TeamViewer\TeamViewer.exe" --ReloadSettings

    In the options, check "Continue on error" then set a File Properties condition that checks if "C:\Program Files\TeamViewer\TeamViewer.exe" exists. 

    Lastly, Reload Settings x64, Command Line step:

    cmd.exe /c "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" --ReloadSettings

    In the options, check "Continue on error" then set a File Properties condition that checks if "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" exists.

     

    This is working flawlessly in SCCM 2012. Task Sequence is exiting successfully. There's a lot to it, but considering our challenges, this turned out to be the best method for it. Also, once this was set, it was only a matter of adding the application deployment security group in AD to the desired machines

  • AndyChips
    AndyChips Posts: 8 ✭✭

    We can't seem to get the /qn (silent) parameter to work so we use the /passive one.

    However, deployment is far simpler nowadays since the introduction of v13.2

    We now use one command line to install and assign TeamViewer Host:

    msiexec /i TeamViewer_Host.msi -passive APITOKEN=12345678abcdefghijklm12345 CUSTOMCONFIGID=abcdefg ASSIGNMENTOPTIONS="--grant-easy-access --alias %COMPUTERNAME% --reassign" IMPORTREGFILE=1
  • Nfoster
    Nfoster Posts: 53 ✭✭

    I agree with bferg317 I have been using TV since version 12 and now have version 14 with Tensor and though it is getting easier to deploy it is far from usable. TV has been so device and on-prem focused it is hard to use it in any cloud-based scenario. Even on-prem is a nightmare.
    The best I have been able to achieve in either cloud or on-prem is by using Advanced Installer to re-compile their MSI installer, include the TeamViewer_Settings.reg files (Need to keep stupid people from messing around with settings), and run the massive command-line, that will break easily if you do not have every in good order, at the end of the install. It is a complete mess. You end up with three references to TeamViewer in Program & Features and even then it does not always work.
    I have been working directly with their development team and they are trying to figure out the "Single MSI Installer". It is like the Surface Phone, some mythical beast that that is rumored to exist but no one has yet to see it.
    TV needs to be user-focused and dumb down the TV application. You should not care where it is installed, only what your users can do with it. Thus. "User-Based Policies". Granted, we still need to lock down the TV application but that should be baked into the installer when you create the module (We do not want user using TV to connect to non-company issued devices). The ideal solution here would be to bake in the assignment process into the MSI Installer and then lock down the TV app from the TV portal using policies.
    As of today, we have no effective solution to deploy TV to our environment either for on-prem or cloud. Their script works great when it is a local install, but not through automation.

  • wthreats
    wthreats Posts: 2 ✭✭

    So I set mine up like this: (This is for teamviewer 14)

    msiexec /i "\\path\TeamViewerMSI\TeamViewer_Host-idc1234567(Configuration ID).msi" /qn IMPORTREGFILE=1 CUSTOMCONFIGID=hcgsyb3 APITOKEN="whateveryoursis" ASSIGNMENTOPTIONS="--alias %COMPUTERNAME% --grant-easy-access --reassign"

    /qn is quiet

    /qb is passive. They will set it installing but it will go through the process automatically

     

  • The command that I am using to do the install within SCCM is 

    "msiexec /i "TeamViewer_Host.msi" /qn"

    That should be a standard install string for a silent install of an MSI file.

  • AndyChips
    AndyChips Posts: 8 ✭✭

    I could only get the silent install to work by downloading and using a later MSI. All fine now, but still very odd.