I am currently doing a Auto Pilot / Intune deployment and was asked how we could deploy web link shortcuts to the users desktop as well as the start menu. Currently when you do a web link app deployment in Intune it will only install it in the users Start menu and not the users desktop. By leveraging PowerShell and Intune Configuration policies we can have it deploy to the start menu and the desktop.
During my initial search I came across this blog which was exactly what I was looking for but since I have OneDrive folder redirection it seemed to be having issues finding the desktop path, and I wanted to use any icons instead of the default chrome or edge icons.
Azure Blob and Custom Icons
For the shortcut you need to specify a url to a ICO file. To do this I set up cold Azure Blob storage to host the icon files that I would be using with Intune.
Azure Blob
Navigate to the Azure Portal and go to Storage Accounts and then clickAdd
In the next blade select your Subscription, the Resource Group you want the SA to reside in, provide a Name, Location, select BlobStorage for the Account Kind and then for Access tier select Cool.If you need to configure networking, tags, etc then proceed to the next step. Otherwise clickReview + Create.
Next, download and install the Azure Storage Explorer from Microsoft. We will use the storage explorer to upload our icon files as well as get the access URL.
Once you have installed the Azure Storage Explorer, log in using your Azure account. Find your newly create Storage Account and right click and selectCreate Blob Container.I will name mine Icons
Convert PNG, JPG or BMP to ICO
The next step is to create our icon files from existing PNG, JPG or BMP files. I like to use the website ICOConvert to convert existing images to ICO icon files. In my example I will make a SharePoint Icon file. I have already download the SharePoint PNG file and saved it to my Desktop.
On the webpage it selectChoose File and navigated to my saved SharePoint file and then pressUpload
Finally at the bottom of the page I selectConvertICO which will download my newly converted ICO file.
Upload to Blob and Get Access URL
Once we have the Storage Account set up in Azure and our Icon, we have to upload it to our Azure Blob Storage and get the access URL.
In the Azure Storage Explorer application, navigate to your blob storage you created earlier and selectUploadand thenUpload Files
Navigate to your ICO file and pressUpload
Right click our newly imported file and selectGet Shared Access Signature
For Expiry time I like to set it to a date way out in the future. It doesnt really matter because I will only need it to deploy the shortcut and then its not needed. For permissions I just need Read
Copy the URL and save it for later, we will need this for our PowerShell script
PowerShell Script
Lets say you already deployed your shortcuts to machines, but you wanted to update the link, icon, or something else. Since this was deployed with PowerShell it wont auto-update like a MSI would. To ensure my shortcuts update I added a scriptblock to see if the shortcut is already on the users desktop. If it is it will quickly delete it prior to deploying the new updated one.
#Test if icon is currently present $IconPresent = Get-ChildItem -Path $Desktop | Where-Object {$_.Name -eq "$ShortcutName.lnk"} If ($null -ne $IconPresent) { Remove-Item $IconPresent.VersionInfo.FileName -Force -Confirm:$False }Below is the entire PowerShell script, save it locally to you and below I will comment on several items you need to change and how it works.
param ( [system.string]$ShortcutName = "SharePoint", [system.string]$ShortcutUrl = "//bwya77.sharepoint.com/", [system.string]$IconURL = "//lazyadminsa01.blob.core.windows.net/icons/SharepointNew.png?st=2019-11-14T18%3A44%3A36Z&se=2195-11-15T18%3A44%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=FbcYTS0ogA2XCGFpp9iJhOFEybXzt0CIPl1hsj%2B1A5g%3D", [system.string]$Desktop = [Environment]::GetFolderPath("Desktop"), [system.string]$IntuneProgramDir = "$env:APPDATA\Intune", [System.String]$TempIcon = "$IntuneProgramDir\sharepoint.ico", [bool]$ShortcutOnDesktop = $True, [bool]$ShortcutInStartMenu = $True ) #Test if icon is currently present, if so delete it so we can update it $IconPresent = Get-ChildItem -Path $Desktop | Where-Object {$_.Name -eq "$ShortcutName.lnk"} If ($null -ne $IconPresent) { Remove-Item $IconPresent.VersionInfo.FileName -Force -Confirm:$False } $WScriptShell = New-Object -ComObject WScript.Shell If ((Test-Path -Path $IntuneProgramDir) -eq $False) { New-Item -ItemType Directory $IntuneProgramDir -Force -Confirm:$False } #Start download of the icon in blob storage Start-BitsTransfer -Source $IconURL -Destination $TempIcon if ($ShortcutOnDesktop) { $Shortcut = $WScriptShell.CreateShortcut("$Desktop\$ShortcutName.lnk") $Shortcut.TargetPath = $ShortcutUrl $Shortcut.IconLocation = $TempIcon $Shortcut.Save() } if ($ShortCutInStartMenu) { $Shortcut = $WScriptShell.CreateShortcut("$env:APPDATA\Microsoft\Windows\Start Menu\Programs\$ShortcutName.lnk") $Shortcut.TargetPath = $ShortcutUrl $Shortcut.IconLocation = $TempIcon $Shortcut.Save() }Parameters
ShortcutName: This will be the name of the shortcut you will have on the desktop. In my case it will be named SharePoint
ShortcutURL: This will be the URL the user will be brought to in their default web browser when they double click the icon
IconURL: This will be the URL to our icon in blob storage that I had you save for later
Desktop: No need to modify this value, its getting the folder path to your Desktop
IntuneProgramDir: This will be the location of your icons locally. I have set it to the users %APPDATA% in a folder I create called Intune as I know users will have access to %APPDATA%
TempIcon: This will be the location to the icon file that is downloaded from Azure Blob storage. The only thing you need to change is the name.ico entry. If you have every script in intune using sharepoint.ico it will keep overwriting this file and all your shortcuts will have the same icons.
ShortcutOnDesktop: True or False. Specifies if you want a shortcut on the desktop or not
ShortcutInStartMenu: True or False. Specifies if you want a shortcut in the start menu or not
Bit Transfer
To save the icons locally I have using Start-BitsTransfer which will download the ICO file from Azure Blob Storage. Youcould reference a URL that ends in .ico but if that URL ever gets changed, removed, etc you may find your desktop is full of icons that are broken. This is why I took the approach to save them locally on each machine in %APPDATA%
Intune Configuration Policy
In the Intune blade selectDevice Configuration to set up a new Device Configuration Policy
In theDevice Configuration blade selectPowerShell Scripts
In the next pane selectAdd to add a new PowerShell configuration script
Give your policy a name and description and then click Next
In the next step upload your script and make sure to selectYES forRun this script using the logged on credentials.This is mandatory because we are looking for the users Desktop and the users %APPDATA%. Press Next when completed.
In theAssignmentstab I selected my Intune Company Devices security group. This group contains all my Company Devices enrolled into Intune. This policy can be applied to users or devices.
In the Review + Add tab look over your policy and make sure its correct to you and your organization. When complete clickAdd.
Deployment
To quickly test your policy on a end user machine you could restart the Microsoft Intune Management Extension service
In my %APPDATA% folder I now see the icon
And finally on the Desktop and start menu I see my newly created shortcut
My name is Bradley Wyatt; I am a Microsoft Most Valuable Professional and I am currently a Manager DevOps Cloud Automation at BDO Digital in the Chicagoland area.