In this post we will explore how to create desktop shortcuts using Intune Remediations and PowerShell.
As organizations continue to embrace the benefits of modern workplace solutions, the ability to efficiently manage and configure user environments has become increasingly important. One such task that often arises is the need to create and deploy desktop shortcuts across multiple Windows devices. This can be especially challenging in environments where Intune is the primary management platform.
In this blog post, we will explore several methods for creating desktop shortcuts using Intune. By the end of this article, you’ll have a comprehensive understanding of the various techniques available, allowing you to choose the one that best fits your organization’s needs and preferences. From automating the process to ensuring consistency across your user base, these methods will empower you to streamline your desktop management tasks and provide a more tailored user experience.
The code of this post is also available in my GitHub page here.
We are going to use Intune Remediations scripts, but you could also utilize Platform scripts to create the desktop icons.
Let’s dive in and discover the power of creating desktop shortcuts using Intune.
Table of Contents
Desktop Shortcut for existing application
In this first approach, we will explore the deployment of a single desktop shortcut using Intune. This method leverages both a detection script to check if the shortcut already exists on the device’s public desktop, as well as a remediation script to create the shortcut if it is not found.
The detection script plays a crucial role in ensuring that the desktop shortcut is only deployed to devices that do not already have it. This helps maintain a clean and organized user environment, avoiding the duplication of similar shortcuts across multiple devices. The remediation script, on the other hand, takes action to create the desired shortcut when it is not present, ensuring a consistent user experience for all devices managed through Intune.
This approach is particularly useful when you need to deploy a specific, high-priority desktop shortcut to your users. By focusing on a single, well-defined shortcut, you can streamline the deployment process and minimize the potential for conflicts or unintended consequences that could arise from a more complex or comprehensive shortcut deployment strategy.
It’s important to note that while this method is effective for deploying a single shortcut, it may not be the most efficient solution if you need to manage multiple shortcuts or regularly update the desktop configurations across your organization. In such cases, you may want to explore the scripts in the following chapters of this blog.
Let’s suppose that we want to deploy a shortcut for the OneDrive application.
Detection Script
# Start transcript for logging
$LogPath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\ShortcutDetection.log"
Start-Transcript -Path $LogPath -Append
try {
Write-Host "Starting shortcut detection script"
# Define parameters
$ShortcutName = "OneDrive"
$TargetPath = "C:\Program Files\Microsoft OneDrive\OneDrive.exe"
$ShortcutPath = [System.IO.Path]::Combine([Environment]::GetFolderPath("CommonDesktopDirectory"), "$ShortcutName.lnk")
Write-Host "Checking if shortcut exists at: $ShortcutPath"
# Check if the shortcut already exists
if (Test-Path $ShortcutPath) {
Write-Host "Shortcut already exists. No remediation needed."
exit 0 # Exit with success code, no remediation needed
} else {
Write-Host "Shortcut does not exist. Remediation needed."
exit 1 # Exit with error code, remediation needed
}
} catch {
Write-Error "An error occurred during detection: $_"
exit 1 # Exit with error code
} finally {
Stop-Transcript
}
Remediation Script
# Start transcript for logging
$LogPath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\ShortcutRemediation.log"
Start-Transcript -Path $LogPath -Append
# Function to create shortcut
function CreateShortcut {
param (
[string]$ShortcutPath,
[string]$TargetPath
)
Write-Host "Creating shortcut..."
$WShell = New-Object -ComObject WScript.Shell
$Shortcut = $WShell.CreateShortcut($ShortcutPath)
$Shortcut.TargetPath = $TargetPath
$Shortcut.IconLocation = "$TargetPath,0"
$Shortcut.Save()
Write-Host "Shortcut created successfully"
}
try {
Write-Host "Starting shortcut remediation script"
# Define parameters
$ShortcutName = "OneDrive"
$TargetPath = "C:\Program Files\Microsoft OneDrive\OneDrive.exe"
$ShortcutPath = [System.IO.Path]::Combine([Environment]::GetFolderPath("CommonDesktopDirectory"), "$ShortcutName.lnk")
Write-Host "Checking if shortcut already exists at: $ShortcutPath"
# Check if the shortcut already exists
if (Test-Path $ShortcutPath) {
Write-Host "Shortcut already exists. No action taken."
exit 0 # Exit with success code
}
Write-Host "Checking if target path exists: $TargetPath"
# Check if the target path exists
if (-not (Test-Path $TargetPath)) {
Write-Error "Target path does not exist: $TargetPath"
exit 1 # Exit with error code
}
# Create the shortcut by calling the Create-Shortcut function
CreateShortcut -ShortcutPath $ShortcutPath -TargetPath $TargetPath
# Output success message
Write-Host "Shortcut created successfully at: $ShortcutPath"
exit 0 # Exit with success code
} catch {
# Catch any unexpected errors and output them
Write-Error "An error occurred during remediation: $_"
exit 1 # Exit with error code
} finally {
Stop-Transcript
}
Desktop Shortcuts for multiple applications
Building upon the previous approach where we deployed a single desktop shortcut, we will now explore a script that allows you to deploy multiple shortcuts to the desktop using Intune. This more comprehensive solution is designed to address scenarios where your organization requires the distribution of several desktop shortcuts across your managed devices.
The key advantage of this multi-shortcut deployment script is its flexibility and scalability. Rather than having to create and manage individual detection and remediation scripts for each shortcut, this script can handle the deployment of multiple shortcuts through a single, unified process. This streamlines the management of desktop shortcuts and ensures a consistent user experience, regardless of the number of shortcuts required.
The script utilizes an array-based approach, allowing you to easily add, remove, or modify the list of shortcuts to be deployed. This level of configurability empowers you to adapt the script to your organization’s evolving needs, ensuring that your desktop environment remains tailored to the requirements of your users.
By leveraging this multi-shortcut deployment script, you can efficiently manage the distribution of commonly used applications, frequently accessed resources, or any other desktop shortcuts that are crucial to your users’ productivity and workflow. This approach not only saves time and effort in the initial deployment but also simplifies the ongoing maintenance and updates of your desktop configurations.
As with the previous method, it’s essential to carefully review the script and test it in a controlled environment before rolling it out to your production devices. This will help you identify any potential conflicts or issues that may arise and make any necessary adjustments to ensure a seamless deployment experience.
Detection Script
# Start transcript for logging
$LogPath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\MultipleShortcutsDetection.log"
Start-Transcript -Path $LogPath -Append
try {
Write-Output "Starting shortcuts detection script"
# Define shortcuts
$Shortcuts = @(
@{
Name = "OneDrive"
TargetPath = "C:\Program Files\Microsoft OneDrive\OneDrive.exe"
},
@{
Name = "Edge"
TargetPath = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
}
)
$RemediationNeeded = $false
foreach ($Shortcut in $Shortcuts) {
$ShortcutPath = [System.IO.Path]::Combine([Environment]::GetFolderPath("CommonDesktopDirectory"), "$($Shortcut.Name).lnk")
Write-Output "Checking if shortcut exists at: $ShortcutPath"
if (-not (Test-Path $ShortcutPath)) {
Write-Output "Shortcut does not exist: $($Shortcut.Name)"
$RemediationNeeded = $true
} else {
Write-Output "Shortcut exists: $($Shortcut.Name)"
}
}
if ($RemediationNeeded) {
Write-Output "At least one shortcut is missing. Remediation needed."
exit 1 # Exit with error code, remediation needed
} else {
Write-Output "All shortcuts exist. No remediation needed."
exit 0 # Exit with success code, no remediation needed
}
} catch {
Write-Error "An error occurred during detection: $_"
exit 1 # Exit with error code
} finally {
Stop-Transcript
}
Remediation Script
# Start transcript for logging
$LogPath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\MultipleShortcutsRemediation.log"
Start-Transcript -Path $LogPath -Append
# Function to create shortcut
function Create-Shortcut {
param (
[string]$ShortcutPath,
[string]$TargetPath
)
Write-Output "Creating shortcut: $ShortcutPath"
$WShell = New-Object -ComObject WScript.Shell
$Shortcut = $WShell.CreateShortcut($ShortcutPath)
$Shortcut.TargetPath = $TargetPath
$Shortcut.IconLocation = "$TargetPath,0"
$Shortcut.Save()
Write-Output "Shortcut created successfully"
}
try {
Write-Output "Starting shortcuts remediation script"
# Define shortcuts
$Shortcuts = @(
@{
Name = "OneDrive"
TargetPath = "C:\Program Files\Microsoft OneDrive\OneDrive.exe"
},
@{
Name = "Edge"
TargetPath = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
}
)
$RemediationPerformed = $false
foreach ($Shortcut in $Shortcuts) {
$ShortcutPath = [System.IO.Path]::Combine([Environment]::GetFolderPath("CommonDesktopDirectory"), "$($Shortcut.Name).lnk")
Write-Output "Checking shortcut: $($Shortcut.Name)"
if (-not (Test-Path $ShortcutPath)) {
Write-Output "Shortcut does not exist. Attempting to create."
if (Test-Path $Shortcut.TargetPath) {
Create-Shortcut -ShortcutPath $ShortcutPath -TargetPath $Shortcut.TargetPath
$RemediationPerformed = $true
} else {
Write-Warning "Target path does not exist: $($Shortcut.TargetPath). Skipping shortcut creation."
}
} else {
Write-Output "Shortcut already exists: $($Shortcut.Name)"
}
}
if ($RemediationPerformed) {
Write-Output "Remediation actions performed."
exit 0 # Exit with success code
} else {
Write-Output "No remediation actions were necessary."
exit 0 # Exit with success code
}
} catch {
Write-Error "An error occurred during remediation: $_"
exit 1 # Exit with error code
} finally {
Stop-Transcript
}
Desktop Shortcuts with custom ico file
Expanding upon the methods covered in the previous chapters, we now explore a more advanced approach to creating desktop shortcuts – leveraging custom icon files. This technique allows you to deploy shortcuts with personalized icons, elevating the visual appeal and branding of your users’ desktop environments.
The key to this approach lies in the ability to embed the desired icon file directly into the remediation script. By converting the icon file into a base64 format, we can seamlessly incorporate it into the script, eliminating the need for a separate application deployment process.
This streamlined approach offers several benefits. Firstly, it simplifies the overall deployment workflow, as you no longer need to manage the distribution of the icon file as a separate entity. The integration of the icon data directly into the script ensures a more cohesive and efficient deployment experience.
Furthermore, this method provides greater flexibility in customizing the desktop shortcuts. Instead of relying on default or pre-existing icons, you can leverage your organization’s branding, logos, or any other custom imagery to create a visually harmonious and professional-looking desktop experience for your users.
By adopting this custom icon shortcut deployment strategy, you can elevate the overall aesthetics of your managed desktop environments, fostering a greater sense of brand identity and user engagement. This attention to detail can have a positive impact on user satisfaction and productivity, as they interact with familiar and visually appealing shortcuts on a daily basis.
As with the previous approaches, it is crucial to thoroughly test the remediation script in a controlled environment before rolling it out to your production devices. This will help you identify any potential compatibility issues or challenges that may arise during the deployment process, enabling you to make any necessary adjustments beforehand.
We could use an online tool to convert the desired .ico file to base 64 format, but why to use an online tool, when we can do it with PowerShell. The below scripts, using a user-friendly approach converts a .ico file to a base 64 format and saved it to a file.
# Start transcript for logging
$LogPath = "$env:TEMP\ImageToBase64Conversion.log"
Start-Transcript -Path $LogPath -Append
function Convert-ImageToBase64 {
param (
[Parameter(Mandatory=$true)]
[string]$ImagePath
)
Write-Host "Converting image to Base64: $ImagePath"
if (-not (Test-Path $ImagePath)) {
throw "File not found: $ImagePath"
}
$imageBytes = [System.IO.File]::ReadAllBytes($ImagePath)
$base64String = [System.Convert]::ToBase64String($imageBytes)
Write-Host "Conversion completed. Base64 string length: $($base64String.Length)"
return $base64String
}
try {
# Prompt for image path
$imagePath = Read-Host "Enter the full path to your image file (e.g., C:\Path\To\Your\Image.ico)"
# Convert image to Base64
$base64String = Convert-ImageToBase64 -ImagePath $imagePath
# Prompt for output option
$outputChoice = Read-Host "Do you want to (1) Display the Base64 string or (2) Save it to a file? Enter 1 or 2"
switch ($outputChoice) {
"1" {
Write-Host "`nBase64 string:"
Write-Host $base64String
}
"2" {
$outputPath = Read-Host "Enter the full path where you want to save the Base64 string (e.g., C:\Path\To\Output\base64output.txt)"
$base64String | Out-File -FilePath $outputPath
Write-Host "Base64 string saved to: $outputPath"
}
default {
Write-Host "Invalid choice. The Base64 string will be displayed:"
Write-Host $base64String
}
}
Write-Host "`nScript execution completed. Log file location: $LogPath"
} catch {
Write-Error "An error occurred: $_"
} finally {
Stop-Transcript
}
Read-Host "Press Enter to exit"
After running this script we have successfully created a .txt file that contains the base 64 format of the .ico file. Now we could use the code to deploy the custom shortcut to the public desktop. Just to mention here that in the below example, we are deploying a custom weblink shortcut to the desktop.
You can modify this script to deploy whatever application or weblink you want. And don’t forget with a custom .ico!
Detection script
# Start transcript for logging
$LogPath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\WebLinkDetection.log"
Start-Transcript -Path $LogPath -Append
try {
Write-Output "Starting web link detection script"
# Define the shortcut details
$ShortcutName = "Google Search"
$TargetURL = "https://www.google.com"
$ShortcutPath = [System.IO.Path]::Combine([Environment]::GetFolderPath("CommonDesktopDirectory"), "$ShortcutName.lnk")
Write-Output "Checking if web link shortcut exists at: $ShortcutPath"
# Check if the shortcut already exists
if (Test-Path $ShortcutPath) {
Write-Output "Web link shortcut already exists. No remediation needed."
exit 0 # Exit with success code, no remediation needed
} else {
Write-Output "Web link shortcut does not exist. Remediation needed."
exit 1 # Exit with error code, remediation needed
}
} catch {
Write-Error "An error occurred during detection: $_"
exit 1 # Exit with error code
} finally {
Stop-Transcript
}
Remediation script
# Start transcript for logging
$LogPath = "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\WebLinkRemediation.log"
Start-Transcript -Path $LogPath -Append
function Create-TempDirectory {
# Check if the directory exists
if (!(Test-Path -Path "C:\Temp" -PathType Container)) {
# Create the directory
New-Item -Path "C:\Temp" -ItemType Directory | Out-Null
Write-Host "Directory 'C:\Temp' created."
} else {
Write-Host "Directory 'C:\Temp' already exists."
}
}
function Create-WebLinkShortcut {
param (
[string]$ShortcutPath,
[string]$TargetURL,
[string]$IconBase64
)
Write-Output "Creating web link shortcut..."
# Create temporary icon file
$iconPath = "C:\Temp\temp_icon.ico"
[byte[]]$iconBytes = [Convert]::FromBase64String($IconBase64)
[System.IO.File]::WriteAllBytes($iconPath, $iconBytes)
# Start-BitsTransfer -Source $iconPath -Description $iconPath
# Create shortcut
$WShell = New-Object -ComObject WScript.Shell
$Shortcut = $WShell.CreateShortcut($ShortcutPath)
$Shortcut.TargetPath = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
$Shortcut.Arguments = $TargetURL
$Shortcut.IconLocation = $iconPath
$Shortcut.Save()
Write-Output "Web link shortcut created successfully"
}
try {
Write-Output "Starting web link remediation script"
Create-TempDirectory
# Define shortcut details
$ShortcutName = "Google Search"
$TargetURL = "https://www.google.com"
$ShortcutPath = [System.IO.Path]::Combine([Environment]::GetFolderPath("CommonDesktopDirectory"), "$ShortcutName.lnk")
# Base64 encoded icon (replace this with your actual Base64 string)
$IconBase64 = "YOUR_BASE_64_STRING_HERE"
Write-Output "Checking if web link shortcut already exists at: $ShortcutPath"
# Check if the shortcut already exists
if (Test-Path $ShortcutPath) {
Write-Output "Web link shortcut already exists. No action taken."
exit 0 # Exit with success code
}
# Create the web link shortcut
Create-WebLinkShortcut -ShortcutPath $ShortcutPath -TargetURL $TargetURL -IconBase64 $IconBase64
# Output success message
Write-Output "Web link shortcut created successfully at: $ShortcutPath"
exit 0 # Exit with success code
} catch {
# Catch any unexpected errors and output them
Write-Error "An error occurred during remediation: $_"
exit 1 # Exit with error code
} finally {
Stop-Transcript
}
Conclusion
In this comprehensive blog post, we have explored various methods for creating and deploying desktop shortcuts using Microsoft Intune and Remediations.
We started by examining a straightforward approach where a single desktop shortcut is deployed using a detection and remediation script. This technique ensures that the shortcut is only created on devices that do not already have it, maintaining a clean and organized user environment.
Building upon this foundation, we then delved into a more versatile script that allows for the deployment of multiple desktop shortcuts. This scalable solution empowers you to manage a diverse array of shortcuts, catering to the evolving needs of your organization and users.
Finally, we explored an advanced technique that enables the creation of desktop shortcuts with custom icon files. By embedding the icon data directly into the remediation script, this approach eliminates the need for a separate application deployment, streamlining the overall management process. This custom icon integration can enhance the visual appeal and branding of your users’ desktop environments, fostering a more cohesive and professional user experience.
Regardless of your specific requirements, these methods provide you with a toolkit to effectively manage and deploy desktop shortcuts across your Intune-managed devices. By leveraging the power of Intune and PowerShell scripting, you can ensure a consistent, efficient, and visually appealing desktop experience for your users, ultimately contributing to their productivity and satisfaction.
As you implement these techniques, remember to thoroughly test and validate the scripts in a controlled environment to address any potential challenges or compatibility issues. With a solid understanding of these approaches, you can confidently enhance your desktop management capabilities and empower your users to work more effectively.
You could also check the below interesting posts:
References and documentation: