How to create Desktop Shortcuts on Domain Computers via GPO

How to create Desktop Shortcuts on Domain Computers via GPO


Organizations sometimes may want to add certain shortcuts to all or some of the computers in their domain. For example, there might be a set of applications that all employees in an organization would need to use. The organization may have guidelines as to how their desktops should look like, and one of them may be that all computers should have a list of application shortcuts on their desktop screen. In such cases, administrators can create desktop shortcuts on a domain computer using group policy objects (GPO).
Note: The mentioned functionality is available starting from Windows Server 2008 R2, and hence the following process is applicable only on Windows Server 2008 R2, or higher. 

How to create desktop shortcuts on domain computers via GPO

This process of creating desktop shortcuts involves the following steps:
  1. Creating a new GPO and link it to the domain
  2. Editing the GPO to add shortcuts to domain computers
Creating a GPO is don't through the Group Policy Management Console. Here's how you can do it:
  1. Go to Start -> Administrative Tools, and click on Group Policy Management. The Group Policy Management Console window will open.
  2. In the left pane, navigate to the domain on which you want the policy to be applied. Right-click on the domain container, and click Create a GPO in this domain, and Link it here.
  3. Enter a name for the GPO, and click OK.
A new GPO will be created in the selected domain.

Editing the GPO to add shortcuts to domain computers

Now that the GPO has been created, it is time to edit the policy to add shortcuts to the domain computers. Here's how you can do it:
  1. Right-click on the GPO that was created, and click Edit.
  2. In the left pane of the window that pops up, navigate to User configuration -> Preferences -> Windows Settings -> Shortcuts.
  3. In the right pane, right-click on the blank area, and click New, and then Shortcut.
  4. In the windows that pops up, under the Action section, choose Update.
  5. Under the Name section, enter the name that will be displayed for the shortcut that will appear on the desktop screen.
  6. Choose the Target type, whether it is an application (File System Object), or a URL, or a Shell Object.
  7. Choose the location where you want the shortcut to be created. In this case, it will be a Desktop.
  8. Mention the Target path, which is the location where the application is installed.
  9. Mention the Icon file path, which is the location of the icon image which will be the shortcut's icon.
  10. In the Common tab, check the Run in logged-on user’s security context (user policy option) option.
  11. Click OK to confirm the action.
Now the shortcut should apply to all the computers in the domain after the group policy is updated. To apply the policy immediately, you can force the GPO update. To do that, in the left pane of the Group Policy Management Console window, navigate to the domain container where the GPO was created and linked, right-click on it, and click Group Policy Update. The policy will then be updated to all the computers in the domain one by one.

Creating desktop shortcuts only on selected users or computers via GPO

If you want to create the shortcut only for a specific set of users or computers in the domain, firstly you will have to add the users or computers in a separate group if they are not part of a separate group already. Once that is done, follow the process mentioned above until step j. Then, perform the following additional steps before proceeding to step k:
  1. In the Common tab, check the Item-level targeting option.
  2. Click the Targeting button, In the window that pops up, click New Item, and then Security Group.
  3. Add the group to which you want the GPO to apply.
  4. You can choose whether you want the GPO to apply to only the users or only the computers in the group.
  5. Click OK to confirm the action.
These additional steps will ensure that the GPO applies only to the particular users or computers that are part of the selected group.
    • Related Articles

    • LAPS - Manage Local Administrator Passwords on Domain Computers

      What is Local Administrator Password Solution (LAPS)? The Local Administrator Password Solution, generally abbreviated as LAPS, is a tool developed by Microsoft to manage local administrator passwords on Windows computers. Since the local ...
    • How to copy files or folders to all computers using GPO

      Introduction There are several scenarios for when you would need to copy one or multiple files to select computers or all computers in a domain of an Active Directory (AD) network. For example, there might be a shared folder that everyone in the ...
    • Using GPO to prevent access to desktop application

      Introduction Security breaches via unauthorized application access are a growing concern for system administrators. The challenge of mitigating such vulnerabilities, while ensuring that essential applications remain accessible, is intensified by the ...
    • How to configure GPO in Active Directory at Site, Domain and OU levels

      Introduction Active Directory network multiplies over time and it may become incommodious to manage. There is a myriad of things that need to be controlled such as security permissions, software installation, desktop settings for users and computers, ...
    • How to Deploy Printers to Users/Groups/Computers with GPO

      Introduction Employees in an organization would be required to use the printer for various purposes. Unless the employees have a printer installed locally on their system, they will be using one of the shared printers in the organization's Active ...