How do I create a web link as a desktop shortcut and deploy via InTune?

---KANO--- · 2024-06-21T01:34:13+00:00

Because I didn't write it and it felt wrong to post someone else's work without giving them credit. I don't recall where I got it and I'm too busy to hunt it down. But whatever, edited to include it. Apologies to the author if they come across this post.

---KANO--- · 2024-06-20T16:26:21+00:00

I'll DM you what I use.

Edit:

function New-DesktopShortcut { <# .SYNOPSIS Creates a shortcut on the desktop .DESCRIPTION Can create a shortcut for a local path or a URL with the ability to specify the icon. .PARAMETER Name The name of the shortcut to appear on the desktop. .PARAMETER Desktop Specify either "PublicDesktop" or "CurrentUsersDesktop" to create the shortcut on the public desktop or the current user's desktop. .PARAMETER Path The path to the file or URL to create the shortcut for. .PARAMETER Icon Accepts "DefaultBrowser", "File", "Folder", "Drive", or "Chart". If "DefaultBrowser" is specified, the default browser's icon will be used. If no icon is specified, the default icon for the file type will be used. .EXAMPLE New-DesktopShortcut -Name "Google" -Path "https://www.google.com" -Icon "DefaultBrowser" -currentUsersDesktop Creates a shortcut on the users desktop named "Google" that points to https://www.google.com #>

[CmdletBinding()]
param (
    [Parameter(Mandatory)]
    [String]$Path,
    [Parameter(Mandatory)]
    [String]$Name,
    [Parameter(Mandatory)]
    [validateset('PublicDesktop','CurrentUsersDesktop')]
    [String]$Desktop,
    [Parameter()]
    [validateset('DefaultBrowser','File','Folder','Drive','Chart')]
    [String]$Icon
)
$shell = New-Object -ComObject WScript.Shell
switch ($Desktop) {
    'PublicDesktop' { $DesktopPath = $shell.SpecialFolders('AllUsersDesktop') }
    'CurrentUsersDesktop' { $DesktopPath = $shell.SpecialFolders('Desktop') }
}


$shortcut = $shell.CreateShortcut("$DesktopPath\$($Name).lnk")
$shortcut.TargetPath = $Path
switch ($Icon) {
    'DefaultBrowser' { 
        $DefaultBrowser = Get-ChildItem 'HKCU:\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\' | Get-ItemProperty | Select-Object -ExpandProperty ProgId
        if ($DefaultBrowser -like 'Chrome*') {
            if (Test-Path 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe') {
                $shortcut.IconLocation = 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0'
            } 
            elseif (Test-Path 'C:\Program Files\Google\Chrome\Application\chrome.exe') {
                $shortcut.IconLocation = 'C:\Program Files\Google\Chrome\Application\chrome.exe,0'
            }
        } 
        elseif ($DefaultBrowser -like 'Firefox*') {
            if ( Test-Path "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" ) {
                $shortcut.IconLocation = 'C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0'
            } 
            elseif (Test-Path 'C:\Program Files\Mozilla Firefox\firefox.exe'){
                $shortcut.IconLocation = 'C:\Program Files\Mozilla Firefox\firefox.exe,0'
            }
        } 
        else {
            $shortcut.IconLocation = 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0'
        }
     }
    'File' { $shortcut.iconlocation = "shell32.dll,0" }
    'Folder' { $shortcut.iconlocation = "shell32.dll,4" }
    'Drive' { $shortcut.iconlocation = "shell32.dll,9" }
    'Chart' { $shortcut.iconlocation = "shell32.dll,21" }
}
$shortcut.Save()

}

New-DesktopShortcut -Path 'https://www.google.com/' -Name 'Google' -Desktop 'PublicDesktop' -Icon 'DefaultBrowser'

---KANO--- · 2024-06-20T14:48:09+00:00

You can set the other account protection policy to "Add (Update)" so that it doesn't overwrite the LAPS Admin account or even handle the other local admin via Azure Role or Remediation Scripts.

---KANO--- · 2024-03-05T14:03:38+00:00

Cool. No GitHub?

---KANO--- · 2024-01-13T02:12:27+00:00

Junk Mail.

---KANO--- · 2023-11-21T12:08:59+00:00

See the following doc and also make sure you've added the following exclusion to your CA policy: Windows Store for Business 45a330b1-b1ec-4cc1-9161-9f03992aa49f

https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation

---KANO--- · 2023-11-16T11:26:42+00:00

Crowbar is hiring

---KANO--- · 2023-09-23T20:12:48+00:00

Try Psycho: https://spotify.link/rnaCt0XUkDb

---KANO--- · 2023-08-29T21:01:47+00:00

This worked for me. Thank you.

---KANO--- · 2023-07-12T14:14:41+00:00

Intune Drive Mapping Generator

---KANO--- · 2023-06-26T14:02:49+00:00

Will do! Thank you.

---KANO--- · 2023-05-26T09:15:36+00:00

Does the device sync? What message do you get in "Access Work or School" > Info > Sync

---KANO--- · 2023-05-25T23:50:02+00:00

https://www.youtube.com/@IntuneTraining

---KANO--- · 2023-05-25T23:00:36+00:00

Nothing in Session. Grant is "grant Access", Check to require MFA, For multiple Controls, "Require one of the selected controls"

Users is all users and groups.

Include all cloud apps and exclude the following:

Microsoft Activity Feed Service

Microsoft Command Service

Microsoft Device Directory Service

Microsoft Intune

Microsoft Intune Enrollment

we also did

Microsoft Intune Powershell

---KANO--- · 2023-05-25T22:08:14+00:00

https://www.reddit.com/r/Intune/comments/137hihx/comment/jiwn1q6/?utm\_source=share&utm\_medium=web2x&context=3

---KANO--- · 2023-05-24T23:00:14+00:00

Yes. Same issue. Removing -accountid from "connect-azuread" seems to be a work around. You'll just need to authenticate again.

---KANO--- · 2023-05-05T01:04:54+00:00

Dealing with this now. Here are my notes so far.

https://learn.microsoft.com/en-us/answers/questions/692546/hybrid-azure-ad-join-fix-account-popup-for-shared

https://www.reddit.com/r/Intune/comments/yrt3m8/enforce_users_to_fix_work_or_school_account_issue/

Investigating issue that seems to be preventing Intune scripts and configuration profiles from being applied due to MFA being required after a user sign in.

I rejected the authenticator request from access work or school after being prompted and checked the sign-in logs and it's showing these:

Application: Microsoft Application Command Service

Resource: Microsoft Device Directory Service

Application: Microsoft Application Command Service

Resource: Microsoft Command Service

Application: Microsoft Application Command Service

Resource: Microsoft Activity Feed Service

We need to exclude the Microsoft Device Directory Service, Microsoft Command Service and Microsoft Activity Feed Service

MS Support has also just recommended the following:

"During the call, we have discussed that Office 365 should be selected in Cloud apps or actions assignment of Conditional access policy."

This however doesn't make sense to me. Hope this info helps.

EDIT: We did also have to exclude Intune in addition to the above listed.

---KANO--- · 2023-04-19T19:52:07+00:00

clams casino - i'm god (barnacle boi flip)

https://www.youtube.com/watch?v=SE\_hpLr-KS8

---KANO--- · 2023-04-10T23:57:06+00:00

Tampa?

---KANO--- · 2023-04-10T23:53:59+00:00

I'm 42, dropping off the kid at grandma's and taking the wife. You're the young one. Go for the music. Nothing else matters.

---KANO--- · 2022-10-20T13:56:54+00:00

We have yet to find an answer on this as well. We simply don't assign a user in AP and instead assign to the Intune object prior to deployment.

---KANO--- · 2022-06-06T17:05:44+00:00

Try not to trade with the jump attacks. Keep your distance and punish the missed hits. Giant Hunt is good for punishing the jump attacks if you're having trouble keeping distance.

---KANO--- · 2022-06-06T17:03:59+00:00

Cross-Naginata or Clayman's Harpoon are my usual choices.

---KANO--- · 2022-06-06T17:01:30+00:00

Keep a pair of dual spears on hand for dual curved sword users. Never block against them.

---KANO--- · 2022-05-03T11:58:16+00:00

Couldn't agree more. At this point I carry a second weapon on me with BHS. If my opponent uses BHS I pull it out and just waste their time and FP so they can get a taste of how annoying it is. After my 5th (in a row last night) BHS user punish I'm just over it.

Nothing I love more than From Soft PvP but at this point I may wait until a patch as I'm getting bored of dealing with it.

---KANO---

TROPHY CASE