Create Desktop Shortcuts using Group Policy (GPO)

Photo of author
Jatin Makhija
0

In this post, I’ll show you how to create desktop shortcuts using Group Policy (GPO). We’ll target Windows 11, Active Directory domain-joined devices and deploy shortcuts via a GPO. You can either deploy an application shortcut or a website shortcut that opens your organization’s intranet, a specific website or a web application.

Group Policy Preferences (GPP), which are part of Group Policy, let you deploy desktop shortcuts to specific users or computers without using scripts. You can point a shortcut to an executable, a document, a folder, or a URL, and scope it to security groups, OUs, operating systems, and you can even use Item-level Targeting. The same GPO can create different shortcuts for different users, and you can choose whether the shortcut is created once or kept up to date at every policy refresh.

Before creating a desktop shortcut using Group Policy, decide whether the shortcut will be deployed in the User context or Computer context. If you deploy a shortcut in the User context, it will be created under the user’s profile. For users with roaming profiles, the shortcut will follow them when they sign in to another device. This approach works well for web shortcuts, but it is not ideal for application shortcuts because if the application is not installed on another machine, launching the shortcut will result in an error.

If you decide to go with Computer context approach, the shortcut will be deployed to the Public Desktop and will be visible to all users who sign in to the device. However, if a user switches to a different device, the shortcut will not appear there. This setup is suitable for shared or kiosk devices, where you want every user on the device to see the same shortcuts.

In short, if you want the shortcut to appear for anyone who signs in to the device, use the Computer context (Computer Configuration node) to create the shortcut and assign the GPO to the computers rather than users.

Prerequisites

  • Domain joined Windows clients.
  • A management workstation or server with Group Policy Management Console (GPMC).
  • Appropriate rights to create and link GPOs.
  • Target paths verified and accessible to clients.
  • All Users desktop: C:\Users\Public\Desktop (To deploy the shortcut at this location, use “All Users Desktop” location with Computer configuration node of the GPO).
  • Current user desktop: %UserProfile%\Desktop (To deploy the shortcut at this location, use “Desktop” location with User configuration node of the GPO).

Common paths

Create a Desktop Shortcut on User’s Desktop

Now that we understand a desktop shortcut can be deployed either to the user’s desktop or the public desktop, let’s begin by creating one for the user’s desktop. In the next section, I will show you how to create desktop shortcuts on the public desktop. For demonstration purposes, we will use PowerShell.exe as an example and create a desktop shortcut for it on the user’s desktop.

  • Sign in to a domain controller and open the Group Policy Management Console (gpmc.msc). You can also manage Group Policies remotely by installing the GPMC console on a Windows 11 computer. For steps, see the post How to Install RSAT on Windows 11.
  • Right-click on Group Policy Objects > New and provide a name of the GPO. For example: Create Desktop Shortcut (User).
Create Desktop Shortcut (User)
  • Right-click on the newly created GPO and select Edit.
Edit Create desktop shortcut GPO
  • Navigate to User Configuration > Preferences > Windows Settings > Shortcuts. Right click Shortcuts > New > and click on Shortcut.
Select Shortcut
  • In the New Shortcut window, provide the details of the shortcut you want to create and specify its placement. The screenshot below shows the configuration for creating a PowerShell shortcut on the user’s desktop.
    • Name: Provide the display name of the shortcut.
    • Target type: File system object (select this option for .exe, .bat, folders or files).
    • Location: Use the drop-down to select the placement of the shortcut. I will be selecting Desktop location as I want to create a desktop in users desktop location.
    • Target Path: Provide the exact location of the application exe along with the executable name you want to launch. For example: %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe.
    • Start in (optional): Provide the folder path to start the application from.
    • Shortcut key: None
    • Run: Do you want to launch the application normally, maximized or minimized?
    • Comment: Any comments or notes you want to add?
    • Icon file path: Provide the path of the .ico file which will be used for the shortcut Icon. Leaving it blank may create a shortcut with a generic icon.
New shortcut window GPO
  • Go to the Common tab and select below options:
    • Run in logged-on user’s security context (user policy option).
    • Remote this item when it is no longer applied.
Run in logged-on user's security context (user policy option)
  • Link the GPO: Once the GPO is created, it will only take effect after you link it to an OU. Because this GPO contains settings under User Configuration node, it’s best to apply it to an OU that contains users. I have a Users OU where all my users reside, so I’ll link the GPO to it.
Link Create Desktop Shortcut (User) GPO
  • This is the Users OU where GPO is linked. As you can see, there are a few users in this OU. To test and confirm that the policy works as expected, I will sign in with one of these users and verify whether the shortcut is created successfully.
Users OU

End User Experience

By default, Group Policy refreshes every 90 minutes, with a random offset of up to 30 minutes. This interval applies to both computer and user configuration settings. To speed this up, open Command Prompt or PowerShell as an administrator and run gpupdate /force. This forces the device to retrieve and apply any new or updated GPOs immediately.

The screenshot below shows that the desktop shortcut has been successfully created on the user’s desktop through the GPO.

Application desktop shortcut created under user profile via GPO

Create a Desktop Shortcut on All Users/Public Desktop

Now that we have seen how to create desktop shortcuts under the user’s profile, in this section, I will show you how to create desktop shortcuts on the All Users/Public Desktop location. When you create a shortcut in this location, it becomes visible to anyone who signs in to the device, allowing them to launch the application or web URL. To create a shortcut on the public desktop, we will use the Computer Configuration node in the GPO.

  • Sign in to a domain controller and open the Group Policy Management Console (gpmc.msc). You can also manage Group Policies remotely by installing the GPMC console on a Windows 11 computer. For steps, see the post How to Install RSAT on Windows 11.
  • Right-click on Group Policy Objects > New and provide a name of the GPO. For example: Create Desktop Shortcut (Computer). Right-click on the GPO and select Edit.
  • Go to Computer Configuration > Preferences > Windows Settings > Shortcuts.
  • Previously, I showed you how to create an application shortcut. This time, let’s create a web shortcut that opens a specified URL.
    • Name: Provide the display name of the shortcut.
    • Target type: URL
    • Location: All Users Desktop
    • Target URL: https://cloudinfra.net
    • Shortcut key: None
    • Icon file path: Provide the path to the .ico file that will be used as the shortcut icon. If you leave this field blank, the shortcut will automatically use the default browser icon, such as Chrome or Edge.
Configure GPO for web shortcut creation
  • Link the GPO: Once the GPO is created, it will only take effect after you link it to an OU. Because this GPO contains settings under Computer Configuration node, it’s best to apply it to an OU that contains computers. I have a Workstations OU where all my computers reside, so I’ll link the GPO to it.

I recommend to start by linking it to an OU that contains test computers. Once testing is successful, and you’re satisfied with the results, expand the policy to other users by linking it to an OU that contains the remaining workstations in your organization.

link Create desktop shortcut GPO

End User Experience

By default, Group Policy refreshes every 90 minutes, with a random offset of up to 30 minutes. This interval applies to both computer and user configuration settings. To speed this up, open Command Prompt or PowerShell as an administrator and run gpupdate /force. This forces the device to retrieve and apply any new or updated GPOs immediately.

You can easily modify group policy default refresh interval by using a setting called Set Group Policy refresh interval for computers. Similarly, for user configuration settings, utilize the Set Group Policy refresh interval for users setting. For more Information on modifying GPO refresh interval, refer to the link: How to Modify Group Policy Refresh Interval.

Below screenshot shows that the web shortcut is now successfully added to the public desktop location via the GPO.

Created web shortcut on public desktop via Group policy

Leave a Comment

Step-by-Step Guides: Setup /Troubleshooting/Configuring Solutions for Intune, Microsoft 365, Windows 365, PowerShell, Windows, Azure, and other Cloud Technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Let's Connect!