Mar 14 2022 02:29 AM
Hi all,
How do I delete a shortcut via intune?
I have created a shortcut using powershell but I had to update the URL which seems to have broke the shortcut so need to delete it and redeploy a new shortcut.
Please help!
Mar 14 2022 04:23 AM
Mar 14 2022 04:39 AM
Mar 14 2022 08:14 AM
I have had it running for a while now. I have passed the Detection with no issues but the remediation hasnt run yet and its been like 4 hours:
I used https://www.imab.dk/remove-desktop-shortcuts-for-the-current-user-and-public-profile-using-powershel... for help
Any ideas?
Mar 14 2022 08:17 AM - edited Mar 14 2022 08:19 AM
Could you share the detection and remediation script? Anything showing in the logs of a client? (And it is a Windows 10/11 Enterprise machine?)
Mar 14 2022 08:24 AM
Remediation:
<#
.SYNOPSIS
Detect and remove desktop shortcuts using Proactive Remediations in Microft Endpoint Manager.
.DESCRIPTION
Detect and remove desktop shortcuts using Proactive Remediations in Microft Endpoint Manager.
Shortcuts on All Users desktop (public desktop) or the current user's desktop can be detected and removed.
.NOTES
Filename: Remediation-DeleteShortcuts.ps1
Version: 1.0
Author: Martin Bengtsson
Blog: www.imab.dk
Twitter: @mwbengtsson
.LINK
#>
#region Functions
#Getting the current user's username by querying the explorer.exe process
function Get-CurrentUser() {
try {
$currentUser = (Get-Process -IncludeUserName -Name explorer | Select-Object -First 1 | Select-Object -ExpandProperty UserName).Split("\")[1]
}
catch {
Write-Output "Failed to get current user."
}
if (-NOT[string]::IsNullOrEmpty($currentUser)) {
Write-Output $currentUser
}
}
#Getting the current user's SID by using the user's username
function Get-UserSID([string]$fCurrentUser) {
try {
$user = New-Object System.Security.Principal.NTAccount($fcurrentUser)
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
}
catch {
Write-Output "Failed to get current user SID."
}
if (-NOT[string]::IsNullOrEmpty($sid)) {
Write-Output $sid.Value
}
}
#Getting the current user's desktop path by querying registry with the user's SID
function Get-CurrentUserDesktop([string]$fUserRegistryPath) {
try {
if (Test-Path -Path $fUserRegistryPath) {
$currentUserDesktop = (Get-ItemProperty -Path $fUserRegistryPath -Name Desktop -ErrorAction Ignore).Desktop
}
}
catch {
Write-Output "Failed to get current user's desktop"
}
if (-NOT[string]::IsNullOrEmpty($currentUserDesktop)) {
Write-Output $currentUserDesktop
}
}
#endregion
#region Execution
try {
#Edit here with names of the shortcuts you want removed
$shortCutNames = @(
"*WiFi Connect*"
)
#Create empty array for shortcutsFound
$shortcutsFound = @()
#Retrieving current user and current user's SID
$currentUser = Get-CurrentUser
$currentUserSID = Get-UserSID $currentUser
# Getting the AllUsers desktop path
$allUsersDesktop = [Environment]::GetFolderPath("CommonDesktopDirectory")
$userRegistryPath = "Registry::HKEY_USERS\$($currentUserSID)\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
$currentUserDesktop = Get-CurrentUserDesktop $userRegistryPath
if (Test-Path -Path $allUsersDesktop) {
foreach ($ShortcutName in $shortCutNames) {
$shortCutsFound += Get-ChildItem -Path $allUsersDesktop -Filter *.lnk | Where-Object {$_.Name -like $shortCutName}
}
}
if (Test-Path -Path $currentUserDesktop) {
foreach ($ShortcutName in $shortCutNames) {
$shortCutsFound += Get-ChildItem -Path $currentUserDesktop -Filter *.lnk | Where-Object {$_.Name -like $shortCutName}
}
}
if (-NOT[string]::IsNullOrEmpty($shortcutsFound)) {
Write-Output "Desktop shortcuts found. Returning True"
$shortcutsFoundStatus = $true
}
elseif ([string]::IsNullOrEmpty($shortcutsFound)) {
Write-Output "Desktop shortcuts NOT found. Returning False"
$shortcutsFoundStatus = $false
}
}
catch {
Write-Output "Something went wrong during running of the script. Variable values are: $currentUser,$currentUserSID,$allUsersDesktop,$currentUserDesktop"
}
finally {
if ($shortcutsFoundStatus -eq $true) {
Write-Output "shortcutsFoundStatus equals True. Removing shortcuts..."
foreach ($shortcut in $shortcutsFound) {
try {
Remove-Item -Path $shortcut.FullName
}
catch {
Write-Output "Failed to remove shortcut: $($shortcut.Name)"
}
}
}
elseif ($shortcutsFoundStatus -eq $false) {
Write-Output "shortcutsFoundStatus equals False. Doing nothing"
}
}
#endregion
Detection:
<#
.SYNOPSIS
Detect and remove desktop shortcuts using Proactive Remediations in Microft Endpoint Manager.
.DESCRIPTION
Detect and remove desktop shortcuts using Proactive Remediations in Microft Endpoint Manager.
Shortcuts on All Users desktop (public desktop) or the current user's desktop can be detected and removed.
.NOTES
Filename: Detection-DeleteShortcuts.ps1
Version: 1.0
Author: Martin Bengtsson
Blog: www.imab.dk
Twitter: @mwbengtsson
.LINK
#>
#region Functions
#Getting the current user's username by querying the explorer.exe process
function Get-CurrentUser() {
try {
$currentUser = (Get-Process -IncludeUserName -Name explorer | Select-Object -First 1 | Select-Object -ExpandProperty UserName).Split("\")[1]
}
catch {
Write-Output "Failed to get current user."
}
if (-NOT[string]::IsNullOrEmpty($currentUser)) {
Write-Output $currentUser
}
}
#Getting the current user's SID by using the user's username
function Get-UserSID([string]$fCurrentUser) {
try {
$user = New-Object System.Security.Principal.NTAccount($fcurrentUser)
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
}
catch {
Write-Output "Failed to get current user SID."
}
if (-NOT[string]::IsNullOrEmpty($sid)) {
Write-Output $sid.Value
}
}
#Getting the current user's desktop path by querying registry with the user's SID
function Get-CurrentUserDesktop([string]$fUserRegistryPath) {
try {
if (Test-Path -Path $fUserRegistryPath) {
$currentUserDesktop = (Get-ItemProperty -Path $fUserRegistryPath -Name Desktop -ErrorAction Ignore).Desktop
}
}
catch {
Write-Output "Failed to get current user's desktop"
}
if (-NOT[string]::IsNullOrEmpty($currentUserDesktop)) {
Write-Output $currentUserDesktop
}
}
#endregion
#region Execution
try {
#Edit here with names of the shortcuts you want removed
$shortCutNames = @(
"*WiFi Connect*"
)
#Create empty array for shortcutsFound
$shortcutsFound = @()
#Retrieving current user and current user's SID
$currentUser = Get-CurrentUser
$currentUserSID = Get-UserSID $currentUser
# Getting the AllUsers desktop path
$allUsersDesktop = [Environment]::GetFolderPath("CommonDesktopDirectory")
$userRegistryPath = "Registry::HKEY_USERS\$($currentUserSID)\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
$currentUserDesktop = Get-CurrentUserDesktop $userRegistryPath
if (Test-Path -Path $allUsersDesktop) {
foreach ($ShortcutName in $shortCutNames) {
$shortCutsFound += Get-ChildItem -Path $allUsersDesktop -Filter *.lnk | Where-Object {$_.Name -like $shortCutName}
}
}
if (Test-Path -Path $currentUserDesktop) {
foreach ($ShortcutName in $shortCutNames) {
$shortCutsFound += Get-ChildItem -Path $currentUserDesktop -Filter *.lnk | Where-Object {$_.Name -like $shortCutName}
}
}
if (-NOT[string]::IsNullOrEmpty($shortcutsFound)) {
Write-Output "Desktop shortcuts found. Returning True"
$shortcutsFoundStatus = $true
}
elseif ([string]::IsNullOrEmpty($shortcutsFound)) {
Write-Output "Desktop shortcuts NOT found. Returning False"
$shortcutsFoundStatus = $false
}
}
catch {
Write-Output "Something went wrong during running of the script. Variable values are: $currentUser,$currentUserSID,$allUsersDesktop,$currentUserDesktop"
}
finally {
if ($shortcutsFoundStatus -eq $true) {
Write-Output "shortcutsFoundStatus equals True. Exiting with 1"
exit 1
}
elseif ($shortcutsFoundStatus -eq $false) {
Write-Output "shortcutsFoundStatus equals False. Exiting with 0"
exit 0
}
}
#endregion
For logs I couldnt see much but is it the intunemanagementextension document I need to check?
Mar 14 2022 08:56 AM
Mar 14 2022 09:19 AM
Mar 14 2022 09:34 AM
Mar 15 2022 02:45 AM
Mar 15 2022 02:59 AM
Mar 15 2022 03:10 AM
Mar 15 2022 03:26 AM
@AB21805 Remediation script would be better, it's more difficult running a uninstall and detection for user things...
Detection script
if (Test-Path -Path $env:USERPROFILE\Desktop\shortcut.lnk) {
write-Host Found shortcut
exit 1
}
Else {
Write-Host Shortcut not found
exit 0
}
Remediation script:
Remove-Item $env:USERPROFILE\Desktop\shortcut.lnk -Force:$true
Mar 15 2022 03:39 AM
Does this look correct?
Dont know whats at the beginning of each script with those random symbols as I didnt include that when putting scripts in powershell
Mar 15 2022 03:59 AM
Mar 15 2022 04:22 AM
Mar 15 2022 04:25 AM
Mar 15 2022 04:31 AM
All set up
Are the config correct like 64 bit powershell?
Mar 15 2022 04:35 AM
Mar 15 2022 04:36 AM
Mar 15 2022 07:38 AM
Solution@AB21805 Changed it to handle both situations:
Detection:
$desktop = [Environment]::GetFolderPath("Desktop")
if (Test-Path -Path "$($desktop)\Wifi Connect.lnk") {
write-Host Found shortcut
exit 1
}
Else {
Write-Host Shortcut not found
exit 0
}
Remediation:
$desktop = [Environment]::GetFolderPath("Desktop")
Remove-Item -Path "$($desktop)\Wifi Connect.lnk" -Force:$true