Anavem
EnglishFrancais
Anavem
Languagefr
How to Create Desktop Shortcuts Using Microsoft Intune with PowerShell

How to Create Desktop Shortcuts Using Microsoft Intune with PowerShell

Deploy desktop shortcuts for applications and web URLs across Windows devices using Microsoft Intune PowerShell scripts. Learn three deployment methods with verification and troubleshooting.

April 22, 2026 15 min
mediumintune 7 steps 15 min

Why Deploy Desktop Shortcuts Through Microsoft Intune?

Managing desktop shortcuts across hundreds or thousands of Windows devices manually is impractical and error-prone. Microsoft Intune provides enterprise-grade deployment capabilities that let you standardize desktop shortcuts for applications and web URLs across your entire device fleet. Whether you need to ensure users have quick access to line-of-business applications, internal portals, or frequently used tools, Intune's PowerShell script deployment makes this process scalable and maintainable.

What Are the Different Deployment Methods Available?

Intune offers three primary methods for deploying desktop shortcuts via PowerShell. The Scripts method provides the simplest approach for basic shortcut deployment, running PowerShell scripts directly on target devices. Win32 app packaging offers advanced features like custom detection rules, dependencies, and uninstall capabilities. Intune Remediations provides ongoing monitoring and automatic repair of shortcuts, ensuring they remain available even if users accidentally delete them.

How Do PowerShell Scripts Work in the Intune Environment?

When you deploy PowerShell scripts through Intune, they execute in the SYSTEM context on target devices. This means scripts have elevated privileges but don't have access to individual user profiles. That's why we target the public desktop location ($env:Public\Desktop) rather than user-specific desktop folders. Scripts run during device check-ins with Intune, typically every 8 hours, though you can force immediate execution for testing purposes. Understanding this execution context is crucial for creating scripts that work reliably across your environment.

Implementation Guide

Full Procedure

01

Access Microsoft Intune and Prepare PowerShell Environment

Start by accessing the Microsoft Endpoint Manager portal and setting up your PowerShell environment for script creation.

Open your web browser and navigate to endpoint.microsoft.com. Sign in with your admin credentials and ensure you have the necessary permissions to deploy scripts.

On your local machine, open PowerShell ISE as Administrator. This will be your script development environment.

# Test PowerShell version
$PSVersionTable.PSVersion

# Verify execution policy (should allow script creation)
Get-ExecutionPolicy

Create a working directory for your scripts:

# Create working directory
New-Item -Path "C:\IntuneScripts" -ItemType Directory -Force
Set-Location "C:\IntuneScripts"
Pro tip: Always test your PowerShell scripts locally before uploading to Intune. Use a test VM that mirrors your target environment.

Verification: Confirm you can access the Intune portal and PowerShell ISE opens without errors. The working directory should exist at C:\IntuneScripts.

02

Create PowerShell Script for Application Shortcuts

Create a PowerShell script that generates desktop shortcuts for installed applications. This script targets the public desktop to ensure all users see the shortcuts.

In PowerShell ISE, create a new script for application shortcuts:

# Application Shortcut Creation Script
# Targets public desktop for all users

# Start logging
Start-Transcript -Path "C:\Temp\ShortcutLog.txt" -Append

try {
    # Create Calculator shortcut
    $TargetFile = "$env:SystemRoot\System32\calc.exe"
    $ShortcutFile = "$env:Public\Desktop\Calculator.lnk"
    $WScriptShell = New-Object -ComObject WScript.Shell
    $Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
    $Shortcut.TargetPath = $TargetFile
    $Shortcut.WorkingDirectory = "$env:SystemRoot\System32"
    $Shortcut.Description = "Windows Calculator"
    $Shortcut.Save()
    
    Write-Output "Calculator shortcut created successfully"
    
    # Create Notepad shortcut with custom icon
    $TargetFile2 = "$env:SystemRoot\System32\notepad.exe"
    $ShortcutFile2 = "$env:Public\Desktop\Notepad.lnk"
    $Shortcut2 = $WScriptShell.CreateShortcut($ShortcutFile2)
    $Shortcut2.TargetPath = $TargetFile2
    $Shortcut2.IconLocation = "$env:SystemRoot\System32\shell32.dll,70"
    $Shortcut2.Description = "Text Editor"
    $Shortcut2.Save()
    
    Write-Output "Notepad shortcut created successfully"
    
} catch {
    Write-Error "Failed to create shortcuts: $($_.Exception.Message)"
    exit 1
}

Stop-Transcript
exit 0

Save this script as Create-AppShortcuts.ps1 in your working directory.

Warning: Always use $env:Public\Desktop instead of $env:USERPROFILE\Desktop when deploying via Intune. Scripts run as SYSTEM account and won't have access to individual user desktops.

Verification: Test the script locally by running .\Create-AppShortcuts.ps1. Check that shortcuts appear in C:\Users\Public\Desktop.

03

Create PowerShell Script for Web URL Shortcuts

Develop a script that creates desktop shortcuts for web URLs, useful for internal company sites or frequently accessed web applications.

Create a new script for web shortcuts:

# Web URL Shortcut Creation Script

# Start logging
Start-Transcript -Path "C:\Temp\WebShortcutLog.txt" -Append

try {
    # Create company intranet shortcut
    $shortcutName = "Company Intranet.lnk"
    $shortcutURL = "https://intranet.company.com"
    $iconPath = "$env:SystemRoot\System32\shell32.dll,103"  # Globe icon
    
    $shell = New-Object -ComObject WScript.Shell
    $shortcut = $shell.CreateShortcut("$env:PUBLIC\Desktop\$shortcutName")
    $shortcut.TargetPath = $shortcutURL
    $shortcut.IconLocation = $iconPath
    $shortcut.Description = "Company Internal Portal"
    $shortcut.Save()
    
    Write-Output "Intranet shortcut created successfully"
    
    # Create Office 365 shortcut
    $shortcutName2 = "Office 365.lnk"
    $shortcutURL2 = "https://portal.office.com"
    $iconPath2 = "$env:SystemRoot\System32\shell32.dll,14"  # Document icon
    
    $shortcut2 = $shell.CreateShortcut("$env:PUBLIC\Desktop\$shortcutName2")
    $shortcut2.TargetPath = $shortcutURL2
    $shortcut2.IconLocation = $iconPath2
    $shortcut2.Description = "Microsoft Office 365 Portal"
    $shortcut2.Save()
    
    Write-Output "Office 365 shortcut created successfully"
    
    # Create custom web app shortcut with arguments
    $shortcutName3 = "Help Desk.lnk"
    $shortcutURL3 = "https://helpdesk.company.com/tickets"
    $iconPath3 = "$env:SystemRoot\System32\shell32.dll,23"  # Question mark icon
    
    $shortcut3 = $shell.CreateShortcut("$env:PUBLIC\Desktop\$shortcutName3")
    $shortcut3.TargetPath = $shortcutURL3
    $shortcut3.IconLocation = $iconPath3
    $shortcut3.Description = "IT Help Desk Portal"
    $shortcut3.Save()
    
    Write-Output "Help Desk shortcut created successfully"
    
} catch {
    Write-Error "Failed to create web shortcuts: $($_.Exception.Message)"
    exit 1
}

Stop-Transcript
exit 0

Save this script as Create-WebShortcuts.ps1.

Pro tip: Use shell32.dll icons for consistency. Common useful icons: 103 (globe), 14 (document), 23 (question mark), 70 (notepad), 137 (folder). You can also extract icons from installed applications.

Verification: Run the script locally and verify web shortcuts open in the default browser when double-clicked.

04

Deploy Scripts via Intune Scripts Method

Upload and deploy your PowerShell scripts using the Intune Scripts feature, which is the simplest method for straightforward shortcut deployment.

In the Microsoft Endpoint Manager portal, navigate to Devices > Scripts and click Add > Windows 10 and later.

Configure the script settings:

  • Name: Desktop Shortcuts - Applications
  • Description: Deploys calculator and notepad shortcuts to all users
  • Script file: Upload your Create-AppShortcuts.ps1

Configure execution settings:

Run this script using the logged on credentials: No
Enforce script signature check: No
Run script in 64-bit PowerShell Host: Yes
Warning: Setting "Run using logged on credentials" to "Yes" can cause failures because user accounts may not have sufficient permissions to write to system locations.

Click Next and assign the script to your target groups. For testing, create a pilot group with a few devices first.

Configure scope tags if your organization uses them, then click Next and Create.

Repeat the process for your web shortcuts script with the name "Desktop Shortcuts - Web URLs".

Verification: Monitor deployment status in Devices > Scripts > [Script Name] > Device status. Successful deployments show "Success" status. Check target devices for shortcuts in C:\Users\Public\Desktop.

05

Create Win32 App Package for Advanced Deployment

Package your PowerShell script as a Win32 app for more advanced deployment options, including custom detection rules and dependencies.

First, download the Microsoft Win32 Content Prep Tool from the official Microsoft repository. Create a source folder structure:

# Create Win32 app structure
New-Item -Path "C:\IntuneScripts\Win32Source" -ItemType Directory -Force
New-Item -Path "C:\IntuneScripts\Win32Output" -ItemType Directory -Force

# Copy script to source folder
Copy-Item "Create-AppShortcuts.ps1" "C:\IntuneScripts\Win32Source\"

Create an installation wrapper script in the Win32Source folder:

# Install-Shortcuts.ps1 (wrapper script)
$scriptPath = Join-Path $PSScriptRoot "Create-AppShortcuts.ps1"

if (Test-Path $scriptPath) {
    try {
        & $scriptPath
        Write-Output "Shortcuts installed successfully"
        exit 0
    } catch {
        Write-Error "Installation failed: $($_.Exception.Message)"
        exit 1
    }
} else {
    Write-Error "Script file not found: $scriptPath"
    exit 1
}

Package the app using IntuneWinAppUtil:

IntuneWinAppUtil.exe -c "C:\IntuneScripts\Win32Source" -s "Install-Shortcuts.ps1" -o "C:\IntuneScripts\Win32Output"

In Intune, go to Apps > Windows > Add > Win32 app and upload the generated .intunewin file.

Configure the app settings:

Install command: powershell.exe -ExecutionPolicy Bypass -File "Install-Shortcuts.ps1"
Uninstall command: powershell.exe -Command "Remove-Item '$env:Public\Desktop\Calculator.lnk' -Force; Remove-Item '$env:Public\Desktop\Notepad.lnk' -Force"
Install behavior: System
Device restart behavior: No specific action

Create a detection rule using file existence:

Rule type: File
Path: C:\Users\Public\Desktop
File or folder: Calculator.lnk
Detection method: File or folder exists

Verification: Deploy to a test group and monitor installation status in Apps > Monitor > App install status.

06

Implement Intune Remediations for Persistent Shortcuts

Set up Intune Remediations to continuously monitor and maintain desktop shortcuts, automatically recreating them if users delete them.

Create a detection script that checks for shortcut existence:

# Detection-Shortcuts.ps1
$shortcuts = @(
    "$env:Public\Desktop\Calculator.lnk",
    "$env:Public\Desktop\Notepad.lnk"
)

$missingShortcuts = @()

foreach ($shortcut in $shortcuts) {
    if (-not (Test-Path $shortcut)) {
        $missingShortcuts += $shortcut
    }
}

if ($missingShortcuts.Count -eq 0) {
    Write-Output "All shortcuts present"
    exit 0
} else {
    Write-Output "Missing shortcuts: $($missingShortcuts -join ', ')"
    exit 1
}

Create a remediation script that recreates missing shortcuts:

# Remediation-Shortcuts.ps1
Start-Transcript -Path "C:\Temp\RemediationLog.txt" -Append

try {
    $WScriptShell = New-Object -ComObject WScript.Shell
    
    # Recreate Calculator shortcut if missing
    $calcShortcut = "$env:Public\Desktop\Calculator.lnk"
    if (-not (Test-Path $calcShortcut)) {
        $Shortcut = $WScriptShell.CreateShortcut($calcShortcut)
        $Shortcut.TargetPath = "$env:SystemRoot\System32\calc.exe"
        $Shortcut.Description = "Windows Calculator"
        $Shortcut.Save()
        Write-Output "Calculator shortcut recreated"
    }
    
    # Recreate Notepad shortcut if missing
    $notepadShortcut = "$env:Public\Desktop\Notepad.lnk"
    if (-not (Test-Path $notepadShortcut)) {
        $Shortcut2 = $WScriptShell.CreateShortcut($notepadShortcut)
        $Shortcut2.TargetPath = "$env:SystemRoot\System32\notepad.exe"
        $Shortcut2.IconLocation = "$env:SystemRoot\System32\shell32.dll,70"
        $Shortcut2.Description = "Text Editor"
        $Shortcut2.Save()
        Write-Output "Notepad shortcut recreated"
    }
    
    Write-Output "Remediation completed successfully"
    exit 0
    
} catch {
    Write-Error "Remediation failed: $($_.Exception.Message)"
    exit 1
} finally {
    Stop-Transcript
}

In Intune, navigate to Reports > Endpoint analytics > Remediations and click Create script package.

Configure the remediation:

  • Name: Desktop Shortcuts Maintenance
  • Description: Ensures required desktop shortcuts are always present
  • Detection script: Upload Detection-Shortcuts.ps1
  • Remediation script: Upload Remediation-Shortcuts.ps1
  • Run using logged on credentials: No
  • Enforce script signature check: No
  • Run script in 64-bit PowerShell: Yes
Pro tip: Set remediation to run daily during business hours. This ensures shortcuts are restored quickly if users accidentally delete them, without impacting system performance during off-hours.

Verification: Assign to a test group, then manually delete a shortcut from a test device. The remediation should recreate it within the scheduled interval (typically 24 hours or on next check-in).

07

Monitor Deployment and Troubleshoot Common Issues

Monitor your shortcut deployments and resolve common issues that may prevent successful deployment across your device fleet.

Check deployment status in multiple locations:

  • Scripts: Devices > Scripts > [Script Name] > Device status
  • Win32 Apps: Apps > Monitor > App install status
  • Remediations: Reports > Endpoint analytics > Remediations > [Package Name]

Common troubleshooting steps for failed deployments:

# Check Intune Management Extension logs on target device
Get-WinEvent -LogName "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin" | Where-Object {$_.TimeCreated -gt (Get-Date).AddHours(-2)}

# Verify PowerShell execution policy
Get-ExecutionPolicy -List

# Check if shortcuts exist in public desktop
Get-ChildItem "$env:Public\Desktop\*.lnk" | Select-Object Name, CreationTime

# Force Intune sync on device
Get-ScheduledTask | Where-Object {$_.TaskName -eq "PushLaunch"} | Start-ScheduledTask

Address common issues:

Warning: If shortcuts don't appear for users, they may need to log off and log back on. The public desktop shortcuts aren't immediately visible to already logged-in users.

Issue 1 - Scripts fail with execution policy errors:

# Add to beginning of scripts to bypass execution policy
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

Issue 2 - Shortcuts created but icons missing:

# Verify icon path exists before setting
$iconPath = "$env:SystemRoot\System32\shell32.dll,103"
if (Test-Path ($iconPath -split ',')[0]) {
    $Shortcut.IconLocation = $iconPath
}

Issue 3 - Detection rules failing for Win32 apps: Use file hash instead of existence for more reliable detection:

Rule type: File
Path: C:\Users\Public\Desktop
File or folder: Calculator.lnk
Detection method: File or folder exists
Associated with a 32-bit app on 64-bit clients: No

Verification: Run gpupdate /force on test devices and check Event Viewer for Intune-related errors. Successful deployments should show shortcuts visible to all users after logoff/logon.

Frequently Asked Questions

Why don't desktop shortcuts appear immediately after Intune deployment?+
Shortcuts deployed via Intune are created in the public desktop folder ($env:Public\Desktop) and may not be immediately visible to currently logged-in users. Users typically need to log off and log back on to see the new shortcuts. Additionally, Intune scripts run during device check-ins, which occur every 8 hours by default, though you can force a sync using the Company Portal app or PowerShell commands.
What's the difference between Intune Scripts and Win32 app deployment for shortcuts?+
Intune Scripts provide a simpler deployment method that's perfect for basic shortcut creation without complex requirements. Win32 apps offer advanced features like custom detection rules, dependencies, uninstall commands, and more granular control over deployment conditions. Win32 apps also provide better reporting and can handle more complex scenarios like conditional installations based on device specifications.
Can I deploy user-specific shortcuts instead of system-wide shortcuts?+
While technically possible by setting scripts to run in user context, it's not recommended for reliability reasons. User-context scripts may fail due to permission issues or timing problems during login. The best practice is to deploy shortcuts to the public desktop ($env:Public\Desktop) which makes them available to all users on the device while maintaining consistent deployment success rates.
How do I troubleshoot failed PowerShell script deployments in Intune?+
Check the device status in the Intune portal under Devices > Scripts > [Script Name] > Device status for initial error information. On the target device, examine the Intune Management Extension logs in Event Viewer under Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider. Common issues include execution policy restrictions, incorrect file paths, or permission problems. Enable transcript logging in your scripts to capture detailed execution information.
What happens if users delete the deployed desktop shortcuts?+
If users delete shortcuts deployed via basic Intune Scripts or Win32 apps, the shortcuts won't be automatically recreated. This is where Intune Remediations become valuable - they can detect missing shortcuts and automatically recreate them on a scheduled basis. Remediations run detection scripts regularly (typically daily) and execute remediation scripts when issues are found, ensuring critical shortcuts remain available even if accidentally deleted.
Tags
#intune#powershell#mdm

Further Intelligence

Deepen your knowledge with related resources

How to Get Windows 11 26H1: What It Is, Who It's For, and How to Install It
tutorial
Windows

How to Get Windows 11 26H1: What It Is, Who It's For, and How to Install It

Deep Dive
How to Create Desktop Shortcuts Using Microsoft Intune with PowerShell
tutorial
Cloud Computing

How to Create Desktop Shortcuts Using Microsoft Intune with PowerShell

Deep Dive
How to Protect AI Apps from Prompt Injection with Microsoft Entra
tutorial
Cybersecurity

How to Protect AI Apps from Prompt Injection with Microsoft Entra

Deep Dive

Discussion

Share your thoughts and insights

Sign in to join the discussion

Sign inCreate account