More than I would like, I encounter programs that write shortcuts to the public and/or user desktop. This applies to installations as well as (partly) updates. To remove unwanted desktop shortcuts as soon as they appear, I used a Proactive Remediation feature in Endpoint Manager. This allows me to proactively remove desktop shortcuts.
Table of Contents
Proactive Remediation Package at GitHub
Requirements - Licenses
- Enterprise: Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Academic: Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows 10/11 Virtual Desktop Access (VDA) per user
More information in the Microsoft Docs: Proactive remediations - Microsoft Endpoint Manager
Detection
The detection script is relatively simple. The first line lists the shortcuts to monitor/remove. These in turn are then searched for on the public desktop or on all desktops. If a link is detected, the script ends with the exit code "1". This tells the endpoint manager to run the remediation script and delete the shortcuts.
$Shortcuts2Remove = "Google Chrome.lnk", "VLC media player.lnk"
$DesktopPath = "C:\Users\Public\Desktop" # Public and User Desktop: "C:\Users\*\Desktop\*", for Public Desktop shortcuts only: "C:\Users\Public\Desktop"
$ShortcutsOnClient = Get-ChildItem $DesktopPath
$ShortcutsUnwanted = $ShortcutsOnClient | Where-Object -FilterScript {$_.Name -in $Shortcuts2Remove }
if (!$ShortcutsUnwanted) {
Write-Host "All good, no shortcuts found. "
exit 0
}else{
Write-Host "Unwanted shortcut detected."
Exit 1
}
Code language: PowerShell (powershell)
Remediation
In the remediation script, I use the same logic for detection. The unwanted desktop shortcuts on the public or all desktops are also read out, then all files that were recognized on the local desktop and are in the "Shortcuts2Remove" array are deleted.
$Shortcuts2Remove = "Google Chrome.lnk", "VLC media player.lnk"
$DesktopPath = "C:\Users\Public\Desktop" # Public and User Desktop: "C:\Users\*\Desktop\*", for Public Desktop shortcuts only: "C:\Users\Public\Desktop"
$ShortcutsOnClient = Get-ChildItem $DesktopPath
try{
$($ShortcutsOnClient | Where-Object -FilterScript {$_.Name -in $Shortcuts2Remove }) | Remove-Item -Force
Write-Host "Unwanted shortcut(s) removed."
}catch{
Write-Error "Error removing shortcut(s)"
}
Code language: PowerShell (powershell)
With the detection shown above, we remove unwanted desktop shortcuts proactively and easily.
Setup
If your tenant meets the license requirements, you can go to "Reports > Endpoint analytics > Proactive remediations" create a script package:
You give this a meaningful name and optionally a description.
In the settings you upload the detection.ps1 on the one hand and the remediation.ps1 on the other. Both files can and should be adjusted as needed.
You only have to set the scope tag if this feature is actively used in your environment.
Otherwise you can continue with the assignment and also define in it how often the detection should be made. I chose hourly here to intercept changes as quickly as possible.
Apart from the unwanted shortcuts, do you want to distribute some? Then I have an article for you here: Manage desktop shortcut(s) / icon with Intune
Hi Florian,
i have followed the all the steps unfortunately doesn't work any advice base on below information
im trying to remove two RDP shortcut from users' desktops
"Azure RDS NonProd.rdp", "AZUR RDS.rdp"
note: one thing is different for us is our desktop users syncing with their one drive to backup everything there so the location for our user might be different
C:\Users\usernamexxx\OneDrive - companyname\Desktop
Detection-----------------------------
$Shortcuts2Remove = "Azure RDS NonProd.lnk", "AZUR RDS.lnk"
$DesktopPath = "C:\Users\Public\Desktop" # Public and User Desktop: "C:\Users\*\Desktop\*", for Public Desktop shortcuts only: "C:\Users\Public\Desktop"
$ShortcutsOnClient = Get-ChildItem $DesktopPath
$ShortcutsUnwanted = $ShortcutsOnClient | Where-Object -FilterScript {$_.Name -in $Shortcuts2Remove }
if (!$ShortcutsUnwanted) {
Write-Host "All good, no shortcuts found. "
exit 0
}else{
Write-Host "Unwanted shortcut detected."
Exit 1
}
Remediation---------------------------
$Shortcuts2Remove = "Azure RDS NonProd.lnk", "AZUR RDS.lnk.lnk"
$DesktopPath = "C:\Users\Public\Desktop" # Public and User Desktop: "C:\Users\*\Desktop\*", for Public Desktop shortcuts only: "C:\Users\Public\Desktop"
$ShortcutsOnClient = Get-ChildItem $DesktopPath
try{
$($ShortcutsOnClient | Where-Object -FilterScript {$_.Name -in $Shortcuts2Remove }) | Remove-Item -Force
Write-Host "Unwanted shortcut(s) removed."
}catch{
Write-Error "Error removing shortcut(s)"
}
Hi Alireza,
You have to use the following in booth the detection and remediation:
$DesktopPath = "C:\Users\*\*\Desktop\*"
With the twi wildchrds, you incluede the OneDrive location. as an alternativ you could also use:
$DesktopPath = "C:\Users\*\OneDrive - YourComapnyName\Desktop\*"
I'm impressed, nearly anytime I have an idea what I could do in Intune, then Google it, I find an Article of you!
Thank you for your work, I appreciate it! Even I have to rework most of your Scripts for my use case, it's still a great inspiration!
Thank you for your great feedback, always great to know that I could help 🙂