PowerShell: Create A Shortcut on Everyone’s Desktop

Following is an example of a ‘how to create a log-off button on Everyone’s desktop’. There are several methods: manual GUI, PowerShell, and Group Policy Objects. The manual GUI method is boring, so I’ll skip that. What’s better than Ctrl+C & Ctrl+V in this life?
window-logoff-button

Single Computer:

function createShortcutOnEveryoneDesktop{
  param(
    $targetExecutable="C:\Windows\system32\logoff.exe",
    $arguments,
    $startIn,
    $iconLocation="$env:windir\system32\shell32.dll,44"
  )
  $target=if($arguments){$targetExecutable+" $arguments"}else{$targetExecutable}
  $startIn=if($startIn){$startIn}else{split-path $targetExecutable -parent}
  $programName=[regex]::match((split-path $targetExecutable -leaf),'^(.*)\.{1}').groups[1].value
  $shortcutLink="$env:Public\Desktop\$programName.lnk"
  $shellObject=New-Object -ComObject WScript.Shell
  $shortcut=$shellObject.CreateShortcut($shortcutLink)
  $shortcut.TargetPath=$target
  $shortcut.WorkingDirectory=$startIn
  if($iconLocation){$shortcut.IconLocation=$iconLocation}
  $shortcut.Save()
}

createShortcutOnEveryoneDesktop

Multiple Computers:

# createShortcutOnEveryoneDesktop.ps1
$computerNames='server01','server02','server03','server04'
function createShortcutOnEveryoneDesktop{
  param(
    $targetExecutable="C:\Windows\system32\logoff.exe",
    $arguments,
    $startIn,
    $iconLocation="$env:windir\system32\shell32.dll,44"
  )
  $target=if($arguments){$targetExecutable+" $arguments"}else{$targetExecutable}
  $startIn=if($startIn){$startIn}else{split-path $targetExecutable -parent}
  $programName=[regex]::match((split-path $targetExecutable -leaf),'^(.*)\.{1}').groups[1].value
  $shortcutLink="$env:Public\Desktop\$programName.lnk"
  $shellObject=New-Object -ComObject WScript.Shell
  $shortcut=$shellObject.CreateShortcut($shortcutLink)
  $shortcut.TargetPath=$target
  $shortcut.WorkingDirectory=$startIn
  if($iconLocation){$shortcut.IconLocation=$iconLocation}
  $shortcut.Save()
}

foreach ($computer in $computerNames){
  invoke-command -computername $computer -scriptblock{
      param($createShortcutOnEveryoneDesktop)
      [scriptblock]::create($createShortcutOnEveryoneDesktop).invoke()
    } -Args ${function:createShortcutOnEveryoneDesktop}
}
How To Create a Shortcut via Group Policy Objects (GPO’s)
  1. On your domain controller, open up Group Policy (gpmc.msc)
  2. Create a new GP (best practice is to dedicate each GPO for intended purposes rather than a single GPO with multiple settings for ease of troubleshooting)
  3. Create a Test OU in Active Directory
  4. Make a Test User in Active Directory
  5. Make sure that your test user is within that Test OU (or it will not apply)
  6. Right-click on your GPO and select edit
  7. Expand User “Configuration” > “Preferences” > “Windows Settings” > “Shortcuts”
  8. Right-click in the empty space and select “New” > “Shortcut”
  9. For “Action” select “Replace” (so that if you want to delete it later it will remove it from everyone’s desktop)
  10. In the “Name” Field put an appropriate display name for the Web Application shortcut
  11. For “Target type” select “File System Object”
  12. For “Location” select “Desktop”
  13. In the “Target Path” text box put C:\Windows\system32\logoff.exe
  14. In the “Arguments” input nothing in this case
  15. If you want a dedicated Icon for the shortcut, in the “Icon file path” type the file path of the icon or use the browse button to navigate to the location of the icon (make sure the users have rights to that folder/icon)
  16. Click on the Common tab and check “remove this item when it is no longer needed”)
  17. Click OK and Close all open windows
  18. Now go to a computer and login as your test user and you should see the Shortcut with the icon and correct URL

Leave a Reply

Your email address will not be published. Required fields are marked *