When we as IT People deploy Windows 10 AutoPilot we often get the feedback from users that they miss their shortcuts for SharePoint and such. For that reason I have created a manual which you can use to deploy this using a Win32App.

Preparation

Create a folder where you store the files that you need to deploy. For example:

I am deploying a shortcut for my SharePoint Online environment. To deploy this shortcut I need to following files:

The install.cmd cointains the following code:

if not exist "C:\ProgramData\AutoPilotConfig" md "C:\ProgramData\AutoPilotConfig"
if not exist "C:\ProgramData\AutoPilotConfig\Icons" md "C:\ProgramData\AutoPilotConfig\Icons"
xcopy "SharePointShortCut.ps1" "C:\ProgramData\AutoPilotConfig" /Y
xcopy "SharePointicon.ico" "C:\ProgramData\AutoPilotConfig\Icons" /Y
Powershell.exe -Executionpolicy bypass -File "C:\ProgramData\AutoPilotConfig\SharePointShortCut.ps1"

First we create 2 folders:
– C:\ProgramData\AutoPilotConfig
– C:\ProgramData\AutoPilotConfig\Icons

I always create these folders to run and store installation/removal scripts. For example, when you have a custom application which requires a custom removal script this is where I store these scripts.

After that we copy the 2 files to these folders and last but not least we run the Powershell script. This script contains this code:

if (-not (Test-Path "C:\Users\Public\Desktop\SharePointOnline.url"))
{
$null = $WshShell = New-Object -comObject WScript.Shell
$path = "C:\Users\Public\Desktop\SharePointOnline.url"
$targetpath = "https://tenantname.sharepoint.com"
$iconlocation = "C:\ProgramData\AutoPilotConfig\Icons\SharePointicon.ico"
$iconfile = "IconFile=" + $iconlocation
$Shortcut = $WshShell.CreateShortcut($path)
$Shortcut.TargetPath = $targetpath
$Shortcut.Save()

Add-Content $path "HotKey=0"
Add-Content $path "$iconfile"
Add-Content $path "IconIndex=0"
}

If you want to deploy another Internet Shortcut then SharePoint Online please edit these values:

$path, is the value where the SharePoint is being stored.
$targetpath, is the URL where you want to lead the Shortcut too.
$iconlocation, is the value where the icon is stored.

Change these values and put another iconfile in the folder that you are going to package.

Packaging

We are going to use WinAppUtil. This application is needed to package applications in Microsoft Intune. You can download it here: Link

Open Powershell, run the WinAppUtil.exe and use the following values:

Deployment

Log on to the Intune Portal at https://devicemanagement.microsoft.com/

Go to Apps:

After that go to Windows and add an App:

Add a Win32App:

Select app package file and browse to the SharePointShortCut.intunewin file.

Specify the package information:

Specify the installation instructions:

Install command: “Install.cmd”
Uninstall command: del /f “C:\Users\Public\Desktop\SharePointOnline.url”
Device restart behavior: “no specific action”

Specify the requirements:

Use the following detection rule:

No depencies and no scope tags are assigned.

Assign the groups that need the application:

And we are done!

If you have any questions don’t hesitate to ask.

Regards,

Niels

49 thoughts on “Deploy Internet Shortcut with custom icon via Intune using Win32App”
  1. Hello Niels, thank you for this well-explained tutorial! I would like to know: is it possible to use this script to make a shortcut to a local folder? We use OneDrive Automount and I would like to automaticly place shortcuts to those folders. Thank you in advance!

    1. Hi Martijn,

      Thanks, I like to see that you used my post.

      You could use this script to create a shortcut to a folder:

      $create_shortcut = (New-Object -ComObject WScript.Shell).CreateShortcut
      $s = $create_shortcut.invoke(“c:\test.lnk”) # Must end in .lnk
      $s.TargetPath = “C:\temp”
      $s.IconLocation = “imageres.dll,3” # This is a reference to a folder icon
      $s.Description = “My Folder”
      $s.Save()

      If you have any questions don’t hesitate to ask!

      Niels

      1. Hi Niels,

        Is it possible to put the icon file to a sharepoint folder or site? will there be permission access issue?

        1. Hi,

          I think you have answered you own question. There will be a permission issue and the site is not directly available when deploying the machine for the first time.

          Kind Regards,

          Niels

  2. Hi Niels,
    Thank you very much for the post.
    The only thing i would like to say is that the deletion did not work for me. For some reason it fails all the time.

    1. For the uninstall. Create an uninstall.cmd and put the del command in that file.
      Then create your .winintune file and upload it.
      In MEM, for the uninstall command, just put “uninstall.cmd”.
      It will then run the uninstall.cmd file for systems you have specified to run the uninstall.
      Not sure why it does not work by just adding the DEL command to the uninstall commands.

      1. Hi Rick,

        That is an option. It is more about creating a default uninstall command by always creating a bat that does the job. It is easier to deploy it to multiple tenants for multiple packages since uninstall.cmd is always the uninstall cmd.

        THanks,
        Niels

  3. Great post. I have added the THis PC shortcut and the network shortcut but the icons are not correct. I have googled and I can not find the correct icons. Any ideas?

  4. Hi Neils,

    Is there a way to put the icon in a centralized location so that the shortcut icon will appear regardless the pc in on the network or not?

      1. Hi Neisl,

        we just use the “install.cmd” command as a paramenter but we do not upload this script anywhere in the win32 process.

        1. Hi Max,

          You need to package this file within your Win32App creation process. Make sure to package the folder with all the files in it.

          Kind Regards,

          Niels

  5. I tweaked the icon part as it was not updating to the icon itself.

    $null = $WshShell = New-Object -comObject WScript.Shell
    $path = “C:\Users\Public\Desktop\My Link.lnk”
    $targetpath = “Link to some exe or url”
    $Shortcut = $WshShell.CreateShortcut($path)
    $Shortcut.TargetPath = $targetpath
    $Shortcut.IconLocation = “C:\ProgramData\AutoPilotConfig\Icons\Mylinkicon.ico,0”
    $Shortcut.Save()

  6. Hi Niels,

    I’m continuously getting the error code
    0x80070000
    After attempting this install. Have you encountered this error while testing? I can’t find much about it online!

    Thanks

    1. Hi Jonah,

      Could you please elaborate on your Shortcut which you are deploying? Does the deployment fail all together or are the files copied onto the machine?

      Thanks,

      Niels

    2. For anyone else that finds this – I had this same problem and my fix for it was to add

      Set-Executionpolicy bypass -Force

      at the start of the script, as scripts had been disabled on the machine

      1. Where did you add the line? I have tried adding it int eh Powershell script itself and in the install cmd file to no avail.

  7. The IntuneWinAppUtil.exe does not work on Windows 11

    How do we package up applications when running on Windows 11?

  8. Hi Niels,
    is there a repository that contain ico of popular application icons and a url that can be used to import application icons without necessarily storing them somewhere else

    1. Hi,

      You could do that but when the managed intune device has no internet or connectivity to the specified icon file the icon of the shortcut is white. That is why I add them to the package itself.

      Thanks,
      Niels

  9. Hi Niels
    Thank you for this guide. I am wondering if you can help me. I have been using Intune and Endpoint for a long time now. But deploying desktop icons appears to be very hit and miss. I’ve tried to use your method but the autopilot deployment always hangs at deploying apps. If I skip the screen, I can see that the reason it’s hung is that there is a toast notification informing me that “Unauthorised changed blocked – Controlled folder access blocked powershell.exe from making changes”

    I am guessing specifically, it’s stopping powershell from making changes to the ProgramData folder? Unsure, I’ve never have issues relating to deploying scripts before, but yours is the first time I’ve used xcopy to move the files from the .intune directory

    I am going to strip out the file move and test just creating the shortcut, with no icon and see how it behaves

    I had issues with another method, where it was unable to detect the icon after and failed and also hung on the apps deployment part of autopilot. Any tips welcome, thanks 🙂

    1. Hello Ben,

      Do you have the Security Baselines deployed with folder protection enabled? You could make an exclusion on that and redeploy the files.

      Thanks,

      Niels

  10. Hi Niels,

    Thanks for this post it works great. I have deployed two shortcuts and it worked perfectly with the icons displaying. I’m now trying to deploy a 3rd shortcut but the icon image will not display. Have you seen this before? The shortcut will create fine but no icon. This is the first time I tried to create this on a Windows 11 laptop.

    Any help please let me know.

    Many thanks,
    David

    1. Hi David,

      Thanks and good to hear that you are using my blog to create shortcuts.

      Furthermore, it sounds like the third icon maybe has a typo in the path or the file is not an icon file. Could you please double check this?

      Thanks,
      Niels

  11. Ni Niels,
    What if I wanted to deploy 4 icons at once using this method is that possible? instead of doing them one by one. I’m looking to deploy, Outlook, Word, Excel, and Powerpoint icons. Could you help with this process? Thanks

    1. Hi Sam,

      When you have office installed you don’t need to publish the icons. If you just create a shortcut to the application itself it will show the icon for the office application by default.

      Thanks,
      Niels

  12. Hi Niels,
    .
    The shortcut on the desktop works perfectly but can’t seem to load the icon itself. Any suggestions?

    Thanks,
    Mike

    1. Hi Mike,

      Do you copy the icon to the device itself and refer to the location? Can you check whether the icon exists on the machine?

      Thanks,
      Niels

  13. Hi, i am pushing out M365 Office Apps to users and find that blank white shortcuts are left behind and users are confused and don’t know how to add Office shortcuts to their desktop.
    Can this be used to add all the Office Apps shortcuts to desktops?
    I see its used in ‘User’ mode, does that mean that when pushing out it should have Users in the assigned list and not Devices?
    Cheers and great work!

    1. Hi Robin,

      It does mean that works best when assigned to users.

      Furthermore, you can use this solution to deploy Office shortcuts also. I do it as well. You don’t need to deploy an icon though. When you refer to the Office application the icon will show automatically.

      Thanks,
      Niels

      1. I have followed every step to the letter (creating CMD shortcut) and it doesn’t execute.
        Nothing in the Device Install or User Install Status’s. No errors either.
        Device exceeds Requirements
        Assignments point to a AAD Group in which i added myself as the only user. I tried adding my device to the group and still the same result
        Sync’d device with no change

          1. Hi, no, i am testing using your steps and following them too the letter to create a CMD shortcut but it never triggers

          2. Allright, do you see any content on the machine where you deploy the app? If not, you have probably made a typo of some sort in your deployment.

  14. Hi Niels
    Thanks for your blog, really helpful!
    Have been playing around with it to get the *new* Quick Assist (Microsoft Store edition) as a shortcut on our users desktop.
    The script works mostly as expected (just had to put the Set-ExecutionPolicy on top) and the shortcut appears on my test device desktop, but when clicking it I get a permissions error.
    (I expected this to happen because of this thread: https://answers.microsoft.com/en-us/windows/forum/all/microsoft-store-executable-file-location/d363ef2e-3466-42ab-b549-4c15fef6e0b0)
    Now my question is how to get around that permissions issue? Any suggestions? (without messing with the actual permissions)
    Why does Microsoft make these basic things so annoying?
    ——————
    Set-Executionpolicy bypass -Force
    if (-not (Test-Path “C:\Users\Public\Desktop\QuickAssist.lnk”))
    {
    $null = $WshShell = New-Object -comObject WScript.Shell
    $path = “C:\Users\Public\Desktop\QuickAssist.lnk”
    $targetpath = “C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe\QuickAssist.exe”
    $iconlocation = “C:\ProgramData\AutoPilotConfig\Icons\QuickAssist.ico”
    $iconfile = “IconFile=” + $iconlocation
    $Shortcut = $WshShell.CreateShortcut($path)
    $Shortcut.TargetPath = $targetpath
    $Shortcut.Save()
    Add-Content $path “HotKey=0”
    Add-Content $path “$iconfile”
    Add-Content $path “IconIndex=0”
    }
    —————————–
    Strangely enough the desktop icon created uses the real Quick Assist icon, instead of the custom I put in the package. That’s an unexpected but positive side effect.

Leave a Reply

Your email address will not be published.