How to update shortcut icon file target and argument properties remotely with PowerShell

This is a fun one and is a lot harder than it would seem - this is due to the virtual lock down that Windows places on accessing shortcuts on remote systems.  I had to figure this out as a part of a GoldMine Enterprise CRM upgrade.

If you need to update icons on users workstations then you will need to access the object shell.  This is easiest accomplished with PowerShell – especially since all recent Windows versions have a near virtual lock down on working remotely on users icons and the associated shell.  This is because the object shell for an icon can only be accessed locally and it can only be modified by admin users.  This would normally mean one needs to resort to a login or startup script.  Both of these have their own sets of issues as you would have to give the script admin privileges and probably bypass security procedures to make it run.  They are also known to be problematic for remote push-outs of upgrades and similar.

Instead, the below script does the modifications to the icon on the admin’s system and then copies the icon to the user’s workstation and over writes the current one.  As long as the .ICO file is the same on each workstation (that is the location of the actual image) this works and will take into account unique user settings and/or arguments.  In the case of the below example I have created a script that will update the user switch in the icon argument property.  This makes it so that each user has their username already entered into the application upon startup.

The code itself is pretty simple.  First we obtain the list of workstations from the UserNameList.txt.  This is just a simple text file that lists the computer workstation names and the usernames (this works great when the usernames for the application don’t match-up with Windows AD (Active Directory)).  The text file looks like this:

Basically you are just listing workstation names and user IDs.  In this case the usernames are different from AD as the application does not match with AD as discussed earlier. So, it would be:

WorkstationName1=brette

WorkstationName2=bristlep

and so on...

Now on to the actual code - The first block of code elicits out the workstation name, the username and then adds “/u:” to the username for each entry in the list using a foreach loop.  It then takes the icon file on the admin’s desktop and updates it with the argument for that user.  Then it copies it to the workstation of the user to their C:\Users\Public\Desktop folder. 

The second block of code actually updates the icon shell argument field on the admin’s local workstation (the workstation this is actually being pushed out from) and saves it.  This is how we get around Window’s block on remote access to the user’s shortcut icon shell. Try it directly and you will see what I mean – it is locked down and won’t work.

The third block of code makes sure the admin’s icon is not updated (else this results in an unnecessary error).  It then copies the icon to the user’s workstation and replaces their current icon with it. Then it removes any extra icons the user may have added over the years (non-public, related GM icons (Gold*.lnk).  You can probably see the value in creating a similar powershell script to clean up user icons for your applications - just change the Gold*.lnk to whatever you want.

The complete code is shown below.  

As mentioned earlier, another nice feature of this code is the removal of unwanted or extraneous link files associated with the original link file.  Many times you will encounter situations where numerous users will access the same computer and they could have numerous icon files placed all over the C:\Users path.  This code puts this icon file under Public and deletes any other instances or versions of this shortcut file.  This is very helpful and clean as it removes multiple user icons and leaves one accessible by all.  The main user will have their unique argument recorded whereas other users will have to enter their username and password.  This is good for a cleaner install and maintenance going forward.

This process was used as part of a major application upgrade (GoldMine 2014 CRM enterprise edition upgrade) to automate the process for local installs and it was seamless and error free.   It was used in conjunction with a batch file that handles the actual installation/upgrade (PSEXEC was used to run this).  The PowerShell script then went through and customized the shortcut icon for each user’s workstation.  The script can be modified to modify the icon target, .ICO file, etc… 

You now have a way around the virtual lock down that Windows places on accessing shortcuts on remote systems.

Thank you for taking the time to read this.  If you found this how to article helpful, please like and share so that others may benefit as you have.

I would also like to take a moment to thank God as he is the one that makes everything possible!

Commit your actions to the Lord, and your plans will succeed.  Proverbs 16:3

David Maillie is a technology aficionado and sales superstar available for speaking, training and education to groups, businesses and charities. 

Other great posts and content from David Maillie that you will definitely want to see:

How to do a silent install remotely on numerous workstations with PSEXEC

How to use C# timer jobs to access SharePoint data and write it into a SQL database

How to fix SAP Crystal Reports not running - common issue

How to access SharePoint data in SAP Crystal Reports!

How to copy SharePoint data quickly without any code!

How to create, find and fix alerts in SharePoint

What is the difference between a SharePoint list and library?

Why most sales training does not work!