Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Group Policies / Creating Desktop Shortcuts using Group Policy (GPO)

January 16, 2025

Creating Desktop Shortcuts using Group Policy (GPO)

Using Group Policies, you can create a shortcut to a specific application and deploy it to the desktops of all users in the domain (or to specific users only). This article shows how to use Group Policy Preferences (GPP) to create shortcuts on users’ desktops.

Group Policy Preferences can be used to create a shortcut to a locally installed app, an executable on a shared folder (via UNC path), a URL, or a Control Panel item.

Contents:
  • Create a Desktop Shortcut for All Users Using GPO
  • Use Group Policy to Add a Desktop Shortcut for Target Users Only

Create a Desktop Shortcut for All Users Using GPO

Suppose your task is to create a shortcut on all domain users’ desktops pointing to an application executable stored in a shared network folder (a portable app that doesn’t require installation).

In our example, the UNC path to the executable looks like this \\fs01\TCPView\tcpview.exe. Check that the NTFS permissions on the folder allow at least Read+Execute for Authenticated Users or Users.

chech target executable ntfs permissions

  1. Open the Group Policy Management console (gpmc.msc), right-click an AD container (Organizational Unit) you want to apply a shortcut creation policy to and create a new policy (a GPO object) named CreateShortcut; create and link a new shortcut gpo
  2. Right-click on the created policy and select Edit;
  3. Go to the Group Policy Preferences section: User Configuration –> Preferences -> Windows Settings -> Shortcuts. Right-click and select New -> Shortcut; Group Policy Preferences - create new shortcut
  4. Create a new shortcut item with the following settings:new shortcut settings in gpo
    Name: TCPView (shortcut display name)
    Target Type: File System Object (this can also be a URL or a Shell object item.)
    Location: Desktop (create a shortcut on the current user’s desktop)
    Here you can specify one of the 15 built-in shortcut locations. For example, Start Menu, Startup, All Users Desktops, etc.
    Target Path: \\fs01\TCPView\tcpview.exe (the full path to the file (object) to which you want to create a shortcut)
    Arguments: if required, you can specify additional arguments to run the app.
    Icon file path: a path to the shortcut icon. Use your custom ICO file or a standard library of common Windows icons. (%SystemRoot%\System32\SHELL32.dll). The icon number must be specified in the Icon Index field if multiple icons are in the file. assign shortcut icon file
  5. Various environment variables can be used in the target object path. For example, %WindowsDir%\cmd.exe, %ProgramFilesDir%\myapp\woshub.exe, %ProgramFiles(x86)%\woshub.exe. Press F3 in the shortcut configuration dialogue in GPP to display a full list of available environment variables. Available sytem defined variables in group policy preferences
  6. If you want to create the shortcut on the current user’s desktop (Location = Desktop), check the Run in logged-on user’s security context (user policy option) on the Common tab;Run in logged-on user’s security context (user policy option)
  7. If you want to create an app shortcut in the Public user profile (for all computer users), set Location = All User Desktop (uncheck the “Run in logged-on user’s security context” option since non-admin users do not have the permissions to make changes to the Public profile);
  8. Save the changes. Note that the Desktop (%DesktopDir%) and All User Desktop (%CommonDesktopDir%) environment variables are displayed in the shortcut paths in the GPO console (the %CommonDesktopDir% variable is deprecated and it is recommended to use the %Public%\Desktop instead)deploy several shortcuts with environment variables using gpo
  9. If you specify a network UNC path to a shortcut icon file (*.ico) in the policy settings, be sure to enable the GPO option Allow the use of remote paths in file shortcut icons in Computer Configuration -> Administrative Templates -> Windows Components -> File Explorer. Without this option, the shortcut icon will not be displayed (instead of an image, you will see a blank white icon). Enable GPO option: Allow the use of remote paths in file shortcut icons
  10. Update policy settings on client computers (gpupdate /force or by logoff/logon).
    If you have linked a GPO to an Organizational Unit that contains computer objects (instead of users), enable the GPO loopback option. Set Configure user Group Policy loopback processing mode =  Merge in Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy. enable Group Policy loopback processing mode
  11. Once the policies have been updated, a new shortcut should appear on the user’s desktop. Group policy creates desktop shortcut

If the desktop shortcut does not appear on a client, check the Group Policy logs in the Event Viewer snap-in (eventvwr.msc). Go to the Applications log and filter events by the Group Policy Shortcuts source.

In my case, the error indicates that the shortcut could not be created because the path to the source file is incorrect:

The user 'TCPView' preference item in the 'CreateAppShortcuts' Group Policy Object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

Group Policy Shortcuts processing events in Event Viewer

If the shortcut does not appear, read these articles describing client-side GPO diagnostics:

  • Slow GPO processing
  • Using Group Policy Result tool (GPResult.exe)
  • Why is a Group Policy not being applied to the client?

Use Group Policy to Add a Desktop Shortcut for Target Users Only

If you want to create a Group Policy that only creates shortcuts on the desktops of specific users, use the item-level targeting in GPP.

  1. Create a security group in the AD domain and add all the users to whom you want the shortcut creation policy to apply.
  2. Open the shortcut properties in the Group Policy editor, go to the Common tab, enable the Item-level targeting option, and click the Targeting button
  3. Select New Item -> Security Group and specify the domain group name. This policy will only create the app shortcut for users added to the specified Active Directory security groupgpo: target shortcut to domain security group

A single GPO can contain multiple shortcut creation rules for different users, groups, computers, or OUs (see screenshot). For example:

  • Shortcut to a shared network folder (Can be used instead of a network drive mapped via GPO)
  • Shortcut to RDP file containing RDS farm connection settings
  • LogOut shortcut used to quickly end a user’s session (with  logoff.exe or shutdown.exe /l command)

multiple shortcut creation rules in single gpo

Using Group Policies, you can also configure the same Start Menu and Taskbar layout for all users.
0 comment
5
Facebook Twitter Google + Pinterest
Active DirectoryGroup PoliciesWindows 11Windows Server 2022
previous post
Restoring Active Directory Domain Controller from a Backup
next post
Match Windows Disks to VMWare VMDK Files

Related Reading

How to Refresh (Update) Group Policy Settings on...

August 13, 2024

Updating Group Policy Administrative Templates (ADMX)

January 24, 2025

How to Disable NetBIOS, LLMNR, mDNS Protocols in...

March 20, 2025

Configuring Password Policy in Active Directory Domain

March 12, 2024

Caching Domain Logon Credentials on Windows

March 12, 2024

Configuring Proxy Settings on Windows Using Group Policy...

February 27, 2023

Zerologon (CVE-2020-1472): Critical Active Directory Vulnerability

March 15, 2024

Check User Login History in Active Directory with...

April 8, 2025

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Using WMI Filters to Target Group Policies in Active Directory
  • Using Managed Service Accounts (MSA and gMSA) in Active Directory
  • How to Set a User Thumbnail Photo in Active Directory
  • Set Desktop Wallpaper and Logon Screen Background via Group Policy
  • Restoring Active Directory Domain Controller from a Backup
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top