Remove desktop shortcuts for the current user and public profile using PowerShell and Proactive Remediations

Introduction

I think most IT-professionals who’s working with software delivery in some sort, has dealt with software and software installers in general, that puts a shortcut on the desktop by default. Annoying indeed.

Typically you’re in for a treat, when trying to figure out how to customize the installer, to prevent the shortcut on the desktop from being created. It’s not rare either, that the installer simply doesn’t support that.

And finally, we are all aware of the desktop-shortcut-mess, when using OneDrive PC folder backup (formerly known as ‘Known Folder Move’), where shortcuts are duplicated and synced between devices. Yikes.

Long story short, I was tired of spending time on desktop shortcuts, so I figured it was time to create my own solution to the problem.

PowerShell

This solution consists of 2 PowerShell scripts, intended to be used with Endpoint Analytics Proactive Remediations in Microsoft Endpoint Manager.

  • NOTE: The scripts are designed to run as SYSTEM. Removing/adding files to public desktop requires local administrative rights.

Detection-DeleteShortcuts.ps1

Find the Detection-DeleteShortcuts.ps1 script on my GitHub page: Powershell/Detection-DeleteShortcuts.ps1 at master · imabdk/Powershell (github.com)

This script will detect if any of the configured shortcut names is found, on either the current user’s desktop or the public desktop, and will exit with exit code 1 (shortcuts found, remediation needed) or exit code 0 (no shortcuts found, remediation not needed).

  • NOTE: Edit the $shortcutNames array to match the shortcuts you want detected and removed:

  • NOTE: The script queries the current user’s registry, to get the location of the desktop. This means, if the desktop has been redirected to OneDrive, the script dynamically picks up the path.

Remediation-DeleteShortcuts.ps1

Find the Remediation-DeleteShortcuts.ps1 script on my GitHub page: Powershell/Remediation-DeleteShortcuts.ps1 at master · imabdk/Powershell (github.com)

This script will remove the configured shortcuts.

  • NOTE: Again, edit the $shortcutNames array to match the shortcuts you want removed:

Microsoft Endpoint Manager

Head into the Microsoft Endpoint Manager admin centerhttps://endpoint.microsoft.com and locate the Proactive Remediations feature within the Reports -> Endpoint Analytics blade:

Settings

Use the 2 scripts explained above as illustrated below.

  • NOTE: Remember to run this as SYSTEM. Hence select No to ‘Run this script using the logged-on credentials’. We need to have local SYSTEM rights in order to be able to delete anything from the public desktop.

Assignments

Assign the scripts to run on a group consisting of devices or users. In this scenario, I’m running the scripts Hourly on a group containing my own devices.

In Action

Taking a closer look on IntuneManagementExtension.log (C:\ProgramData\Microsoft\IntuneManagementExtension\Logs) you will see if the detection script finds any unwanted shortcuts:

If so, the remediation script will kick off and remove the shortcuts:

ENJOY 🙂

8 thoughts on “Remove desktop shortcuts for the current user and public profile using PowerShell and Proactive Remediations”

  1. I see a detect and configure teams app script in your screenshot. I presume its used for changing auto start etc. Care to share that script 🙂 !!

    Reply
  2. Hi, thank you for you work.
    I have an issue on devices in Azure AD Full join. Not hybrid. I have an issue to get SID of username. If I test with this command(Get-WmiObject -Class win32_userAccount -Filter “name=’test_user’), m’y username doesn’t exist. Only defaultaccount, defaultuser0, administrator, guest, wdgautilityaccount. Can you help me?

    Reply
  3. Getting following error on Remediation-DeleteShortcuts.ps1
    Something went wrong during running of the script. Variable values are:first.last,Failed to get current user SID.,C:\Users\Public\Desktop,

    Note: First.Last is dummy details
    System is joined directly to Azure AD not on ON-Prem AD.

    Reply
    • I have the same problem! AAD only, not on prem, or hybrid.

      All I can get is “Variable values are:first.last,Failed to get current user SID.,C:\Users\Public\Desktop,”

      Did you ever figure out a way to make it work?

      Reply
  4. Did you resolve this?

    I have put the script into intune and it doesn’t work, if I run it without works fine? Running windows 11. Not sure what is wrong ?

    Reply

Leave a Reply to Rkast Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.