Microsoft Active Directory – Desktop Shortcuts with Group Policy

Microsoft Active Directory – Desktop Shortcuts with Group Policy

A really cool feature in Microsoft Active Directory is the  Group Policy (or Group Policies in general). With Group Policies you can install (small) software packages, set the Internet Explorer start page, set wallpapers, execute scripts on user or computer security context and many things more. You can also deploy specific desktop icons for a user or a user group. Hence this blog post will show you how you deploy simple desktop shortcuts to a users desktop.

The group policy

If you have some specific applications in your company (for example a simple timesheet application) which your users should use, then you can create a group policy or a group policy preference respectively to deploy this desktop shortcut.

  1. In Group Policy Management, create a new group policy object (GPO) in the “Group Policy Objects” folder.
  2. Right click this newly created GPO and select “Edit…”.
  3. Navigate to “User Configuration => Preferences => Windows Settings => Desktop”
  4. Right click the “Desktop” object and select “New => Shortcut”
    Group Policy - Shortcuts

  5. Now set all the configuration details of your application shortcut in the next dialog box.
    Group Policy - Shortcut Target Type

    Note: Please be aware of the “Target type” setting. If the shortcut has to be an application shortcut, you have to choose “File System Object”. As default it’s set to “URL” and thus creates only a shortcut for a website. Therefore if your user wants to open this shortcut, Internet Explorer (or the default browser) opens with a “cannot display this website” message instead of the application.

  6. On the “Common” tab check if this group policy preference should run in logged-on user’s security context or not.
    Group Policy - Shortcuts Security Context

    Note: If you set the „Location“ to „Desktop“ then you should make sure on the „Common“ tab the check box „run in logged-on user’s security context“ is set, because the shortcut will be published on the users own desktop. If you whish to deploy a shortcut to the „All Users“ profile then you have to set the target to „All Users Desktop“ and also uncheck the box to run this group policy preference in logged-on user’s security context. Usually a normal user doesn’t have access to all users profile, but the system account, which runs this group policy preference, has access to it.

  7. Now click Apply / OK and close this dialog box.

As the last step, back in GPO Management, link the created GPO with the Organizational Unit in which your users reside.

Now your users have only to restart the computer or do a single log-off log-on. So they will receive the newly created desktop shortcut.