Solved

Avoiding desktop icon creation

  • 10 August 2022
  • 2 replies
  • 219 views

Badge

When software is updated, it often results in unwanted icons being added to the desktop. Is there any way to avoid this?

icon

Best answer by RobertE-Automox 12 August 2022, 20:01

View original

2 replies

Leveraging a Worklet to remove unwanted icons might be the best solution. In this example, I’ve created a shortcut that will launch when the device is started.

Evaluation Code

Exit 1

Remediation Code

Copy-Item -Path ".\Remediation-RemoveDesktopIcons.ps1" -Destination "C:\temp\"
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\RemoveDesktopIcons.lnk")
$Shortcut.TargetPath = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$Shortcut.Arguments = '-WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\temp\Remediation-RemoveDesktopIcons.ps1"'
$Shortcut.Save()


Payload Code (PowerShell Script)


<#
.SYNOPSIS
Removes Icons from Desktop
OS Support: Windows 8/10/11
Required modules: NONE

.DESCRIPTION
This script uses a list of names to remove icons from users desktop.

.REQUIREMENTS
PowerShell 2.0

.EXAMPLE

.NOTES
Author :Martin Bengtsson
Modified By :Robert Eickleberry
Prerequisite :PowerShell V2 and up over Win 8/10/11
Date :12 Aug 2022
#>

#List of icons to search for
$shortCutNames = @(
"*Google Chrome*"
"*Microsoft Teams*"
"*Zoom*"
)

#Start Logging
Start-Transcript -Append C:\Temp\Logs\PSScriptLog.txt


#Getting the current user's username by querying the explorer.exe process
function Get-CurrentUser() {
try {
$currentUser = Get-WMIObject -class Win32_ComputerSystem | select username
$currentUser = "$currentUser" -replace "[{}]"
$currentUser = "$currentUser".split("\")[1] }
catch {
Write-Output "Failed to get current user."
}
if (-NOT[string]::IsNullOrEmpty($currentUser)) {
Write-Output $currentUser
}
}
#Getting the current user's SID by using the user's username
function Get-UserSID([string]$currentUser) {
try {
$user = New-Object System.Security.Principal.NTAccount($currentUser)
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
}
catch {
Write-Output "Failed to get current user SID."
}
if (-NOT[string]::IsNullOrEmpty($sid)) {
Write-Output $sid.Value
}
}
#Getting the current user's desktop path by querying registry with the user's SID
function Get-CurrentUserDesktop([string]$fUserRegistryPath) {
try {
if (Test-Path -Path $fUserRegistryPath) {
$currentUserDesktop = (Get-ItemProperty -Path $fUserRegistryPath -Name Desktop -ErrorAction Ignore).Desktop
}
}
catch {
Write-Output "Failed to get current user's desktop"
}
if (-NOT[string]::IsNullOrEmpty($currentUserDesktop)) {
Write-Output $currentUserDesktop
}
}

try {
#Create empty array for shortcutsFound
$shortcutsFound = @()
#Retrieving current user and current user's SID
$currentUser = Get-CurrentUser
$currentUserSID = Get-UserSID $currentUser
# Getting the AllUsers desktop path
$allUsersDesktop = [Environment]::GetFolderPath("CommonDesktopDirectory")
$userRegistryPath = "Registry::HKEY_USERS\$($currentUserSID)\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
$currentUserDesktop = Get-CurrentUserDesktop $userRegistryPath

if (Test-Path -Path $allUsersDesktop) {
foreach ($ShortcutName in $shortCutNames) {
$shortCutsFound += Get-ChildItem -Path $allUsersDesktop -Filter *.lnk | Where-Object {$_.Name -like $shortCutName}
}
}
if (Test-Path -Path $currentUserDesktop) {
foreach ($ShortcutName in $shortCutNames) {
$shortCutsFound += Get-ChildItem -Path $currentUserDesktop -Filter *.lnk | Where-Object {$_.Name -like $shortCutName}
}
}
if (-NOT[string]::IsNullOrEmpty($shortcutsFound)) {
Write-Output "Desktop shortcuts found. Returning True"
$shortcutsFoundStatus = $true

}
elseif ([string]::IsNullOrEmpty($shortcutsFound)) {
Write-Output "Desktop shortcuts NOT found. Returning False"
$shortcutsFoundStatus = $false
}
}
catch {
Write-Output "Something went wrong during running of the script. Variable values are: $currentUser,$currentUserSID,$allUsersDesktop,$currentUserDesktop"
}

finally {
if ($shortcutsFoundStatus -eq $true) {
Write-Output "shortcutsFoundStatus equals True. Removing shortcuts..."
foreach ($shortcut in $shortcutsFound) {
try {
Remove-Item -Path $shortcut.FullName
}
catch {
Write-Output "Failed to remove shortcut: $($shortcut.Name)"
}
}
}
elseif ($shortcutsFoundStatus -eq $false) {
Write-Output "shortcutsFoundStatus equals False. Doing nothing"
}
}

#Refreshes the desktop after icons have been removed
$code = @'
[System.Runtime.InteropServices.DllImport("Shell32.dll")]
private static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2);

public static void Refresh() {
SHChangeNotify(0x8000000, 0x1000, IntPtr.Zero, IntPtr.Zero);
}
'@

Add-Type -MemberDefinition $code -Namespace WinAPI -Name Explorer
[WinAPI.Explorer]::Refresh()

#Stop Logging
Stop-Transcript


Note: All code is provided as is, and is just one example of how this might be accomplished.

Does this only work for applications that are installed in to C:\Users\AppData? 

I’ve tested this out on 2 computers where Google Chrome is installed system wide (C:\Program Files\Google\Chrome\Application) and the desktop icon isn’t being removed.

 

The difference would be C:\Users\%USERNAME$\Desktop vs C:\Users\Public\Desktop

 

Reply