Jump to content
Sign in to follow this  
p_ern

Teams backgrounds script

Recommended Posts

I got presented with a request that a client of ours wanted to have the same background picture in Microsoft Teams. 

Problem was that this customers users are now working from home and use a VPN-connection , but not everyone is using that. 

So a logon script with GPO was out of the question for now.

I got a quick and dirty script that runs on current logged in user to copy the background to %userprofile%\AppData\Roaming\Microsoft\Teams\Backgrounds\Uploads\.

  1. IF File Check : File Path %userprofile%\AppData\Roaming\Microsoft\Teams\Backgrounds\Uploads\Background.jpg

Not Exists

Then

  1. Folder Create: C:\tmp\Customername
  2. File DOWNLOAD: /Labtech/transfer/Software/Customer/Background.jpg saved to C:\tmp\Customername\Background.jpg
  3. File Write Text :
    1. Text File. C:\tmp\customername\BackgroundTeams_Copy.bat
    2. Data: copy "C:\tmp\Customername\background.jpg" "%userprofile%\AppData\Roaming\Microsoft\Teams\Backgrounds\Uploads\"
  4. Console Execute
    1. Executable C:\tmp\customername\BackgroundTeams_Copy.bat
    2. Arguments: blank
    3. Console Number:  %consolenumber%
  5. Folder Delete as Admin : C:\tmp\Customername

 

What I am not sure of is if the File Check part is working as intended, since I think I missed something. Otherwise it works perfectly.

Are there any enhancements I could to to this script?

 

Share this post


Link to post
Share on other sites
Posted (edited)

%userprofile% is an environment variable that has a value relative to the security context under which the command is being executed. In layman's terms, if you execute the command under NT AUTHORITY\SYSTEM, then %userprofile% will evaluate to the correct value relative to the NT AUTHORITY\SYSTEM account.

You won't be able to accomplish what you are hoping to do just with that. One way or another you are going to have to loop through every profile that exists at the parent path "C:\Users" and use dynamic paths based on data on each loop pass. Furthermore, you won't even need to do the File Write Text, Console Execute, or Folder Delete as Admin.

for /f "tokens=*" %a in ('dir "C:\Users" /B ^| findstr /V "defaultuser0 Public"') do @(echo robocopy "C:\Windows\Temp" "C:\Users\%~a\AppData\Roaming\Microsoft\Teams\Backgrounds\Uploads" "background.jpg")

(Download background.jpg to "C:\Windows\Temp" or adjust the paths, and remove the 'echo ' part once ready to execute all of it for real. You can use the output from the echo to test one execution at a time. The above command excludes folders 'Public' and 'defaultuser0'. Execute the above command using a 'Shell' or 'Shell Enhanced' script functions.)

An additional note (in case you did not know): "xxxxx as Admin" does not mean running something with elevated privileges. It means executing a command under a different security context. That security context is whatever you set as the user account to use in the "Deployment & Defaults" tab > "Login to use for Administrator Access" for the location the Automate agent is in. Poorly worded? Yes, indeed! Does it use elevated privileges (i.e. right-click and Run as Administrator)? Nope! Even if the account being used is a Domain Admin or member of local Administrators group? Correct, even so! Using a script function without "as Admin" is elevated whereas using a script function "as Admin" is not elevated.

Using a script function without "as Admin" will use NT AUTHORITY\SYSTEM which is practically as god-level and elevated you can get (more so than a typical right-click and 'Run as administrator'). An example use case of a "xxxxx as Admin" script function is when you need to be able to copy some files off of a domain network resource file share to the local computer; a properly setup domain environment will not allow a non-domain account (like NT AUTHORITY\SYSTEM) to access domain resources. This is how Windows UAC works, and that is why. But why ConnectWise used wording like "as Admin" and "Administrator Access" without having a helpme '?' bubble to clarify all this? Beyond me.

Edited by BlueToast

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...