Active DirectoryGroup Policies

Create Desktop Shortcuts on Domain Computers via GPO

By January 25, 2021No Comments

Using Group Policies, you can create a shortcut to a specific app on the desktops of all (or certain) domain users. GPO allows you to create a shortcut for a locally installed app, a URL, an executable file on a shared network folder or a domain controller (the NETLOGON folder).

In this post we will show you how to create multiple shortcuts on a user’s desktop using Group Policy Preferences (available starting with Windows Server 2008 R2). In the same way you can create shortcuts in Windows 10 Start Menu or Quick Access Toolbar.

  1. Open the Group Policy Management Console (gpmc.msc), right-click an AD container (Organizational Unit) you want to apply a shortcut creation policy to and create a new policy (a GPO object) named CreateShortcutcreate and link a new shortcut gpo
  2. Right-click on the created policy and select Edit;
  3. Go to the Group Policy Preferences section: User Configuration –> Preferences -> Windows Settings -> Shortcuts. Click it and select New -> ShortcutGroup Policy Preferences - create new shortcut
  4. Create a new shortcut item with the following settings:
    ActionUpdate
    NameTCPViewShortcut (shortcut)
    Target TypeFile System Object (you can select a URL or a Shell object here)
    LocationDesktop
    In this example, we will put a shortcut only on the desktop of the current user. Here you can choose where to place your shortcut: Start Menu, Startup or All User Desktops.
    Target Path: C:\Install\TCPView\Tcpview.exe (a path to the file you want to create a shortcut for)
    Icon file path: C:\Install\TCPView\Tcpview.exe (a path to the shortcut icon) gpo: shortcut settings
  5. If you have selected to place the shortcut on the Desktop of the current user (Location = Desktop), check the Run in logged-on user’s security context (user policy option) on the Common tab;Run in logged-on user’s security context (user policy option)
  6. If you want to create a shortcut for specific users only, add their accounts to a separate AD domain group. Then you can use Group Policy Targeting to deploy a shortcut to members of that security group. Enable the Item-level targeting and click the Targeting button. Select New Item -> Security Group and choose the domain group. As a result, the application shortcut will appear only for users added to the specified Active Directory security group; 
  7. If you want to create an app shortcut in the Public profile (for all computer users), select Location = All User Desktop (disable the “Run in logged-on user’s security context” option since non-admin users do not have the permissions to modify the Public profile);
  8. Save the changes. Note that Desktop (%DesktopDir%) and All User Desktop (%CommonDesktopDir%) environment variables are displayed in the GPO console;create several shortcuts with environment variables using gpo
  9. Update the policies on your clients (gpupdate /force or by logoff/logon). If you have linked a GPO to an Organizational Unit containing computer objects (instead of users), you must also enable the GPO loopback option. Set Configure user Group Policy loopback processing mode = Merge in Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy. enable Group Policy loopback processing mode
  10. After the policies have been updated, a user will see a new shortcut on the desktop;
    new shortcut appeared on the user's desctop

You can add multiple rules to creating app shortcuts for different groups of users, computers or OUs in a single GPO (you can set different criteria of applying a shortcut policy using GPP Item Level Targeting).

Let’s add the Logoff shortcut (with the shutdown.exe command) to the desktops of all users to let them quickly end their session.

Create a new policy item with the following settings:

  1. Name = “Log Off
  2. Location = “All Users Desktop
  3. Target Path = C:\Windows\System32\logoff.exe or C:\Windows\System32\shutdown.exe /l
  4. Icon File Path = %SystemRoot%\System32\SHELL32.dll
    (Use the standard library with the commonly used Windows icons. Select the icon you want in the DLL file. Its index will appear in the Icon Index field.) assign shortcut icon file

Using Group Policies, you can also configure the same Start Menu and Taskbar layout for all users in the way you want.

Leave a Reply