When we as IT People deploy Windows 10 AutoPilot we often get the feedback from users that they miss their shortcuts for SharePoint and such. For that reason I have created a manual which you can use to deploy this using a Win32App.


Create a folder where you store the files that you need to deploy. For example:

I am deploying a shortcut for my SharePoint Online environment. To deploy this shortcut I need to following files:

The install.cmd cointains the following code:

if not exist "C:\ProgramData\AutoPilotConfig" md "C:\ProgramData\AutoPilotConfig"
if not exist "C:\ProgramData\AutoPilotConfig\Icons" md "C:\ProgramData\AutoPilotConfig\Icons"
xcopy "SharePointShortCut.ps1" "C:\ProgramData\AutoPilotConfig" /Y
xcopy "SharePointicon.ico" "C:\ProgramData\AutoPilotConfig\Icons" /Y
Powershell.exe -Executionpolicy bypass -File "C:\ProgramData\AutoPilotConfig\SharePointShortCut.ps1"

First we create 2 folders:
– C:\ProgramData\AutoPilotConfig
– C:\ProgramData\AutoPilotConfig\Icons

I always create these folders to run and store installation/removal scripts. For example, when you have a custom application which requires a custom removal script this is where I store these scripts.

After that we copy the 2 files to these folders and last but not least we run the Powershell script. This script contains this code:

if (-not (Test-Path "C:\Users\Public\Desktop\SharePointOnline.url"))
$null = $WshShell = New-Object -comObject WScript.Shell
$path = "C:\Users\Public\Desktop\SharePointOnline.url"
$targetpath = "https://tenantname.sharepoint.com"
$iconlocation = "C:\ProgramData\AutoPilotConfig\Icons\SharePointicon.ico"
$iconfile = "IconFile=" + $iconlocation
$Shortcut = $WshShell.CreateShortcut($path)
$Shortcut.TargetPath = $targetpath

Add-Content $path "HotKey=0"
Add-Content $path "$iconfile"
Add-Content $path "IconIndex=0"

If you want to deploy another Internet Shortcut then SharePoint Online please edit these values:

$path, is the value where the SharePoint is being stored.
$targetpath, is the URL where you want to lead the Shortcut too.
$iconlocation, is the value where the icon is stored.

Change these values and put another iconfile in the folder that you are going to package.


We are going to use WinAppUtil. This application is needed to package applications in Microsoft Intune. You can download it here: Link

Open Powershell, run the WinAppUtil.exe and use the following values:


Log on to the Intune Portal at https://devicemanagement.microsoft.com/

Go to Apps:

After that go to Windows and add an App:

Add a Win32App:

Select app package file and browse to the SharePointShortCut.intunewin file.

Specify the package information:

Specify the installation instructions:

Install command: “Install.cmd”
Uninstall command: del /f “C:\Users\Public\Desktop\SharePointOnline.url”
Device restart behavior: “no specific action”

Specify the requirements:

Use the following detection rule:

No depencies and no scope tags are assigned.

Assign the groups that need the application:

And we are done!

If you have any questions don’t hesitate to ask.



75 thoughts on “Deploy Internet Shortcut with custom icon via Intune using Win32App”
  1. Hello Niels, thank you for this well-explained tutorial! I would like to know: is it possible to use this script to make a shortcut to a local folder? We use OneDrive Automount and I would like to automaticly place shortcuts to those folders. Thank you in advance!

    1. Hi Martijn,

      Thanks, I like to see that you used my post.

      You could use this script to create a shortcut to a folder:

      $create_shortcut = (New-Object -ComObject WScript.Shell).CreateShortcut
      $s = $create_shortcut.invoke(“c:\test.lnk”) # Must end in .lnk
      $s.TargetPath = “C:\temp”
      $s.IconLocation = “imageres.dll,3” # This is a reference to a folder icon
      $s.Description = “My Folder”

      If you have any questions don’t hesitate to ask!


      1. Hi Niels,

        Is it possible to put the icon file to a sharepoint folder or site? will there be permission access issue?

        1. Hi,

          I think you have answered you own question. There will be a permission issue and the site is not directly available when deploying the machine for the first time.

          Kind Regards,


  2. Hi Niels,
    Thank you very much for the post.
    The only thing i would like to say is that the deletion did not work for me. For some reason it fails all the time.

    1. For the uninstall. Create an uninstall.cmd and put the del command in that file.
      Then create your .winintune file and upload it.
      In MEM, for the uninstall command, just put “uninstall.cmd”.
      It will then run the uninstall.cmd file for systems you have specified to run the uninstall.
      Not sure why it does not work by just adding the DEL command to the uninstall commands.

      1. Hi Rick,

        That is an option. It is more about creating a default uninstall command by always creating a bat that does the job. It is easier to deploy it to multiple tenants for multiple packages since uninstall.cmd is always the uninstall cmd.


  3. Great post. I have added the THis PC shortcut and the network shortcut but the icons are not correct. I have googled and I can not find the correct icons. Any ideas?

  4. Hi Neils,

    Is there a way to put the icon in a centralized location so that the shortcut icon will appear regardless the pc in on the network or not?

      1. Hi Neisl,

        we just use the “install.cmd” command as a paramenter but we do not upload this script anywhere in the win32 process.

        1. Hi Max,

          You need to package this file within your Win32App creation process. Make sure to package the folder with all the files in it.

          Kind Regards,


  5. I tweaked the icon part as it was not updating to the icon itself.

    $null = $WshShell = New-Object -comObject WScript.Shell
    $path = “C:\Users\Public\Desktop\My Link.lnk”
    $targetpath = “Link to some exe or url”
    $Shortcut = $WshShell.CreateShortcut($path)
    $Shortcut.TargetPath = $targetpath
    $Shortcut.IconLocation = “C:\ProgramData\AutoPilotConfig\Icons\Mylinkicon.ico,0”

      1. I tweaked the icon part per the recommendation above from ‘Jimmy’ and it still didn’t work. The folder structure installs, but the .ico file didn’t come over. The icon on the desktop is still blank. Any help would be great!

        1. Hi Kim,

          On the target machine, are you able to assign the icon to the shortcut manually via the ico file? That would mean that there is a typo in the script for the icon file.


          1. Niels,
            Seemed that there was an extra space in my cmd that was the culprit. I’m not seeing the icon listed under the ‘Icons’ folder but it is working. Thank you Niels!

  6. Hi Niels,

    I’m continuously getting the error code
    After attempting this install. Have you encountered this error while testing? I can’t find much about it online!


    1. Hi Jonah,

      Could you please elaborate on your Shortcut which you are deploying? Does the deployment fail all together or are the files copied onto the machine?



      1. I’m receiving the same error code 0x80070000, when trying to create a Salesforce icon to all desktop users.
        The script run as expected locally only when I run the .cmd as Adminstrator. I was able to add the elevated command to the install, but I’m still getting the same error. The deployment fails all together.

          1. I’ve wrapped this into my Win32App:
            PS1 = Set-ExecutionPolicy bypass -Force
            if (-not (Test-Path “C:\Users\Public\Desktop\Salesforce.url”))
            $null = $WshShell = New-Object -comObject WScript.Shell
            $path = “C:\Users\Public\Desktop\Salesforce.url”
            $targetpath = “https://zoskinhealth.my.salesforce.com”
            $iconlocation = “C:\ProgramData\AutoPilotConfig\Icons\Salesforce.ico”
            $iconfile = “IconFile=” + $iconlocation
            $Shortcut = $WshShell.CreateShortcut($path)
            $Shortcut.TargetPath = $targetpath

            Add-Content $path “HotKey=0”
            Add-Content $path “$iconfile”
            Add-Content $path “IconIndex=0”
            My Install.cmd =
            if not exist “C:\ProgramData\AutoPilotConfig” md “C:\ProgramData\AutoPilotConfig”
            if not exist “C:\ProgramData\AutoPilotConfig\Icons” md “C:\ProgramData\AutoPilotConfig\Icons”
            xcopy “Salesforce.ps1” “C:\ProgramData\AutoPilotConfig” /Y
            xcopy “Salesforce.ico” “C:\ProgramData\AutoPilotConfig\Icons” /Y
            Powershell.exe -Executionpolicy bypass -File “C:\ProgramData\AutoPilotConfig\Salesforce.ps1”
            Its running as the system, so it should have elevated rights. When I run the .cmd or PS1 locally to test prior to packaging on my computer, it installs perfectly. Any help would be much appreciated.

          2. Niels,

            I am getting the same error in Intune. My script is the exact same and my install command is “install.cmd”

            Install command install.cmd
            Uninstall command del /f “c:\Users\Public\Desktop\Everlearn.url”
            Install behavior System

          3. Do you have any policies configured where powershell is blocked?

            What if you run the command locally, does it work then?


    2. For anyone else that finds this – I had this same problem and my fix for it was to add

      Set-Executionpolicy bypass -Force

      at the start of the script, as scripts had been disabled on the machine

      1. Where did you add the line? I have tried adding it int eh Powershell script itself and in the install cmd file to no avail.

  7. The IntuneWinAppUtil.exe does not work on Windows 11

    How do we package up applications when running on Windows 11?

  8. Hi Niels,
    is there a repository that contain ico of popular application icons and a url that can be used to import application icons without necessarily storing them somewhere else

    1. Hi,

      You could do that but when the managed intune device has no internet or connectivity to the specified icon file the icon of the shortcut is white. That is why I add them to the package itself.


  9. Hi Niels
    Thank you for this guide. I am wondering if you can help me. I have been using Intune and Endpoint for a long time now. But deploying desktop icons appears to be very hit and miss. I’ve tried to use your method but the autopilot deployment always hangs at deploying apps. If I skip the screen, I can see that the reason it’s hung is that there is a toast notification informing me that “Unauthorised changed blocked – Controlled folder access blocked powershell.exe from making changes”

    I am guessing specifically, it’s stopping powershell from making changes to the ProgramData folder? Unsure, I’ve never have issues relating to deploying scripts before, but yours is the first time I’ve used xcopy to move the files from the .intune directory

    I am going to strip out the file move and test just creating the shortcut, with no icon and see how it behaves

    I had issues with another method, where it was unable to detect the icon after and failed and also hung on the apps deployment part of autopilot. Any tips welcome, thanks 🙂

    1. Hello Ben,

      Do you have the Security Baselines deployed with folder protection enabled? You could make an exclusion on that and redeploy the files.



  10. Hi Niels,

    Thanks for this post it works great. I have deployed two shortcuts and it worked perfectly with the icons displaying. I’m now trying to deploy a 3rd shortcut but the icon image will not display. Have you seen this before? The shortcut will create fine but no icon. This is the first time I tried to create this on a Windows 11 laptop.

    Any help please let me know.

    Many thanks,

    1. Hi David,

      Thanks and good to hear that you are using my blog to create shortcuts.

      Furthermore, it sounds like the third icon maybe has a typo in the path or the file is not an icon file. Could you please double check this?


  11. Ni Niels,
    What if I wanted to deploy 4 icons at once using this method is that possible? instead of doing them one by one. I’m looking to deploy, Outlook, Word, Excel, and Powerpoint icons. Could you help with this process? Thanks

    1. Hi Sam,

      When you have office installed you don’t need to publish the icons. If you just create a shortcut to the application itself it will show the icon for the office application by default.


  12. Hi Niels,
    The shortcut on the desktop works perfectly but can’t seem to load the icon itself. Any suggestions?


    1. Hi Mike,

      Do you copy the icon to the device itself and refer to the location? Can you check whether the icon exists on the machine?


  13. Hi, i am pushing out M365 Office Apps to users and find that blank white shortcuts are left behind and users are confused and don’t know how to add Office shortcuts to their desktop.
    Can this be used to add all the Office Apps shortcuts to desktops?
    I see its used in ‘User’ mode, does that mean that when pushing out it should have Users in the assigned list and not Devices?
    Cheers and great work!

    1. Hi Robin,

      It does mean that works best when assigned to users.

      Furthermore, you can use this solution to deploy Office shortcuts also. I do it as well. You don’t need to deploy an icon though. When you refer to the Office application the icon will show automatically.


      1. I have followed every step to the letter (creating CMD shortcut) and it doesn’t execute.
        Nothing in the Device Install or User Install Status’s. No errors either.
        Device exceeds Requirements
        Assignments point to a AAD Group in which i added myself as the only user. I tried adding my device to the group and still the same result
        Sync’d device with no change

          1. Hi, no, i am testing using your steps and following them too the letter to create a CMD shortcut but it never triggers

          2. Allright, do you see any content on the machine where you deploy the app? If not, you have probably made a typo of some sort in your deployment.

  14. Hi Niels
    Thanks for your blog, really helpful!
    Have been playing around with it to get the *new* Quick Assist (Microsoft Store edition) as a shortcut on our users desktop.
    The script works mostly as expected (just had to put the Set-ExecutionPolicy on top) and the shortcut appears on my test device desktop, but when clicking it I get a permissions error.
    (I expected this to happen because of this thread: https://answers.microsoft.com/en-us/windows/forum/all/microsoft-store-executable-file-location/d363ef2e-3466-42ab-b549-4c15fef6e0b0)
    Now my question is how to get around that permissions issue? Any suggestions? (without messing with the actual permissions)
    Why does Microsoft make these basic things so annoying?
    Set-Executionpolicy bypass -Force
    if (-not (Test-Path “C:\Users\Public\Desktop\QuickAssist.lnk”))
    $null = $WshShell = New-Object -comObject WScript.Shell
    $path = “C:\Users\Public\Desktop\QuickAssist.lnk”
    $targetpath = “C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe\QuickAssist.exe”
    $iconlocation = “C:\ProgramData\AutoPilotConfig\Icons\QuickAssist.ico”
    $iconfile = “IconFile=” + $iconlocation
    $Shortcut = $WshShell.CreateShortcut($path)
    $Shortcut.TargetPath = $targetpath
    Add-Content $path “HotKey=0”
    Add-Content $path “$iconfile”
    Add-Content $path “IconIndex=0”
    Strangely enough the desktop icon created uses the real Quick Assist icon, instead of the custom I put in the package. That’s an unexpected but positive side effect.

  15. Wow! Thank you for that.
    I have one Question: The Uninstall doesnt work.
    Is there a Solution? (I created a uninstall.cmd file with del /f “C:\Users\Public\Desktop\XXXXX.url” in it.
    But it is always a fail. (Without Intune/Endpoint the uninstall.cmd works perfekt)
    Is there any Bypass/Excecution command needed? (Can you wirte me short script for the Uninstall.cmd file please 🙂 )
    Thank you so much!

    1. Hi Thomas,

      Create this as uninstall.ps1:

      $URLLocation = “C:\Users\Public\Desktop\XXXXX.url”

      #Delete URL
      If (Test-Path $URLLocation) {
      Remove-Item -Path $URLLocation -Recurse

      Use this as your uninstall command in Intune:
      powershell.exe -ExecutionPolicy Bypass -File .\UnInstall.ps1


  16. Hi Niels
    Thank you for this information as i have learned alot from this!
    I do have one problem.
    The install.cmd works but does not seem to run the powershell script. i have tested this on many devices and it does everything right except running the script.
    If i go in to C:\ProgramData\AutopilotConfig and i right click and click run with powershell the schortcut gets created on the desktop, but is should got automatically.
    A huge thanks for your guide!!

    1. Hi Nathan,

      You can already change the install command in Intune to: powershell.exe -ExecutionPolicy Bypass -File .\POWERSHELLFILENAME.ps1


  17. Hey Niel,

    Thanks for the article! I am running into a bit of a problem. I have the script working for most of my users but only a handful of them are failing and returning error codes saying that the applciation was not detected after installation completed successfully or the process is in progress however it may time out.

    it’s strange because it’s only 10 of my users within my organization but everyone elses seem to work just fine, any ideas?

  18. He Niels,
    Thanks for making this available, and also for reacting to the comments.
    I do have 1 question, when I try to make the Intune.win file, it never contains the .ico file? >Tried using different .ico files. >Tried to only create the folders and place the ico.> Still no succes

    I also see that PS is started but lacks the admin rights to execute the .PS1, but I will try the option you gave to Nathan.
    Thanks again Niels, learning a lot from you guys!

    1. Hi Nick,

      Thanks for the comment. When you create the package, does the folder that you enter as source folder contain the icon file? Then it should have the icon file. Also, make sure to copy the icon file to the target machine. You can then reference the icon in your script.


  19. Niels,
    The install command is Salesforce.cmd. I had a typo in in the install command ‘Saleforce.cmd’ (left off the ‘s’).
    After making that correction, it installed, but the icon is ‘BLANK’. UGH

  20. Hi Niels,
    I was successful on all my desktop icons with the exception of one. It places the icon and PS script on the remoted computer under the file structure, adds the desktop icon correctly, but the icon is blank. I’ve tweaked the cmd every which way to Tuesday, but I get the same result every time. Any ideas other than another typo? I’ve even rebuilt it from scratch and the icon will not propogate.

    1. Hi Kim,

      Is the file in question an icon file or isn’t it? Maybe you should convert the picture to an icon file?


      1. Hi Niels,
        The picture has been converted to an icon file like all the others that installed correctly. The only difference I’m seeing between the other 6 desktop icons is the INTUNEWIN file is 138kb while the others are 713KB – 74KB. It worked before I had to make a name change to the URL. I’ve rebuilt the script, made various changes and tested along with resetting my entire PC. The icon and PS1 is distributed to the test pc like the others. Just the icon on the desktop will not resolve.

  21. How do you distribute the icons? I’ve seen other tutorials that fetch them from a public URL…not sure how you do that with your Sharepoint.ico

    1. Hi Martin,

      The icon file is packaged within the Win32App and then copied to the device.


Leave a Reply

Your email address will not be published. Required fields are marked *