Following is an example of a ‘how to create a log-off button on Everyone’s desktop’. There are several methods: manual GUI, PowerShell, and Group Policy Objects. The manual GUI method is boring, so I’ll skip that. What’s better than Ctrl+C & Ctrl+V in this life?
Single Computer:
function createShortcutOnEveryoneDesktop{
param(
$targetExecutable="C:\Windows\system32\logoff.exe",
$arguments,
$startIn,
$iconLocation="$env:windir\system32\shell32.dll,44"
)
$target=if($arguments){$targetExecutable+" $arguments"}else{$targetExecutable}
$startIn=if($startIn){$startIn}else{split-path $targetExecutable -parent}
$programName=[regex]::match((split-path $targetExecutable -leaf),'^(.*)\.{1}').groups[1].value
$shortcutLink="$env:Public\Desktop\$programName.lnk"
$shellObject=New-Object -ComObject WScript.Shell
$shortcut=$shellObject.CreateShortcut($shortcutLink)
$shortcut.TargetPath=$target
$shortcut.WorkingDirectory=$startIn
if($iconLocation){$shortcut.IconLocation=$iconLocation}
$shortcut.Save()
}
createShortcutOnEveryoneDesktop
Multiple Computers:
# createShortcutOnEveryoneDesktop.ps1
$computerNames='server01','server02','server03','server04'
function createShortcutOnEveryoneDesktop{
param(
$targetExecutable="C:\Windows\system32\logoff.exe",
$arguments,
$startIn,
$iconLocation="$env:windir\system32\shell32.dll,44"
)
$target=if($arguments){$targetExecutable+" $arguments"}else{$targetExecutable}
$startIn=if($startIn){$startIn}else{split-path $targetExecutable -parent}
$programName=[regex]::match((split-path $targetExecutable -leaf),'^(.*)\.{1}').groups[1].value
$shortcutLink="$env:Public\Desktop\$programName.lnk"
$shellObject=New-Object -ComObject WScript.Shell
$shortcut=$shellObject.CreateShortcut($shortcutLink)
$shortcut.TargetPath=$target
$shortcut.WorkingDirectory=$startIn
if($iconLocation){$shortcut.IconLocation=$iconLocation}
$shortcut.Save()
}
foreach ($computer in $computerNames){
invoke-command -computername $computer -scriptblock{
param($createShortcutOnEveryoneDesktop)
[scriptblock]::create($createShortcutOnEveryoneDesktop).invoke()
} -Args ${function:createShortcutOnEveryoneDesktop}
}
How To Create a Shortcut via Group Policy Objects (GPO’s)
- On your domain controller, open up Group Policy (gpmc.msc)
- Create a new GP (best practice is to dedicate each GPO for intended purposes rather than a single GPO with multiple settings for ease of troubleshooting)
- Create a Test OU in Active Directory
- Make a Test User in Active Directory
- Make sure that your test user is within that Test OU (or it will not apply)
- Right-click on your GPO and select edit
- Expand User “Configuration” > “Preferences” > “Windows Settings” > “Shortcuts”
- Right-click in the empty space and select “New” > “Shortcut”
- For “Action” select “Replace” (so that if you want to delete it later it will remove it from everyone’s desktop)
- In the “Name” Field put an appropriate display name for the Web Application shortcut
- For “Target type” select “File System Object”
- For “Location” select “Desktop”
- In the “Target Path” text box put C:\Windows\system32\logoff.exe
- In the “Arguments” input nothing in this case
- If you want a dedicated Icon for the shortcut, in the “Icon file path” type the file path of the icon or use the browse button to navigate to the location of the icon (make sure the users have rights to that folder/icon)
- Click on the Common tab and check “remove this item when it is no longer needed”)
- Click OK and Close all open windows
- Now go to a computer and login as your test user and you should see the Shortcut with the icon and correct URL
Categories: