More than I would like, I encounter programs that write shortcuts to the public and/or user desktop. This applies to installations as well as (partly) updates. To remove unwanted desktop shortcuts as soon as they appear, I used a Proactive Remediation feature in Endpoint Manager. This allows me to proactively remove desktop shortcuts.

Table of Contents

Proactive Remediation Package at GitHub

Requirements - Licenses

  • Enterprise: Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
  • Academic: Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
  • Windows 10/11 Virtual Desktop Access (VDA) per user

More information in the Microsoft Docs: Proactive remediations - Microsoft Endpoint Manager


The detection script is relatively simple. The first line lists the shortcuts to monitor/remove. These in turn are then searched for on the public desktop or on all desktops. If a link is detected, the script ends with the exit code "1". This tells the endpoint manager to run the remediation script and delete the shortcuts.

$Shortcuts2Remove = "Google Chrome.lnk", "VLC media player.lnk"
$DesktopPath = "C:\Users\Public\Desktop" # Public and User Desktop: "C:\Users\*\Desktop\*", for Public Desktop shortcuts only: "C:\Users\Public\Desktop" 
$ShortcutsOnClient = Get-ChildItem $DesktopPath
$ShortcutsUnwanted = $ShortcutsOnClient | Where-Object -FilterScript {$_.Name -in $Shortcuts2Remove }

if (!$ShortcutsUnwanted) {
	Write-Host "All good, no shortcuts found. "
	exit 0
	Write-Host "Unwanted shortcut detected."
	Exit 1
Code language: PowerShell (powershell)


In the remediation script, I use the same logic for detection. The unwanted desktop shortcuts on the public or all desktops are also read out, then all files that were recognized on the local desktop and are in the "Shortcuts2Remove" array are deleted.

$Shortcuts2Remove = "Google Chrome.lnk", "VLC media player.lnk"
$DesktopPath = "C:\Users\Public\Desktop" # Public and User Desktop: "C:\Users\*\Desktop\*", for Public Desktop shortcuts only: "C:\Users\Public\Desktop" 
$ShortcutsOnClient = Get-ChildItem $DesktopPath

    $($ShortcutsOnClient | Where-Object -FilterScript {$_.Name -in $Shortcuts2Remove }) | Remove-Item -Force
    Write-Host "Unwanted shortcut(s) removed."
    Write-Error "Error removing shortcut(s)"
Code language: PowerShell (powershell)

With the detection shown above, we remove unwanted desktop shortcuts proactively and easily.


If your tenant meets the license requirements, you can go to "Reports > Endpoint analytics > Proactive remediations" create a script package:

create Proactive remediations

You give this a meaningful name and optionally a description.

Proactive remediations Name and description

In the settings you upload the detection.ps1 on the one hand and the remediation.ps1 on the other. Both files can and should be adjusted as needed.

Proactive remediations Settings

You only have to set the scope tag if this feature is actively used in your environment.
Otherwise you can continue with the assignment and also define in it how often the detection should be made. I chose hourly here to intercept changes as quickly as possible.

Proactive remediations Schedule

Apart from the unwanted shortcuts, do you want to distribute some? Then I have an article for you here: Manage desktop shortcut(s) / icon with Intune