How this started
I did a project several months ago for a client who needed a few web shortcuts on the public desktop so they were available to any logged in user. The sites recommended chrome as the browser. So, the shortcuts were deployed to open with Chrome, which was not the default browser. If you don’t know how to specify which browser opens a link or you need help deploying shortcuts with Intune, see my blog post here – Deploy custom Shortcuts to the public desktop for all users with Intune – SMBtotheCloud
This organization now needed the shortcuts to open in Edge instead of Chrome. The issue with the existing app was the detection method simply looks for the file path to see if the shortcut exists (c:\users\public\desktop\shortcut.lnk). So, even if we deploy a new Win32 app to overwrite the old shortcut, it won’t work using that detection method. We could set the shortcut to be removed and deploy a new one. We could also make a new Win32 app and use a different name for the shortcut. Or, the best method for this, is to use a custom detection rule for the existing app. Custom detection rules are simply PowerShell scripts that return output Intune can interpret to detect if an app is installed or not. If you are not familiar with custom detection rules, there are many other blogs with details, but Andrew Taylor has a great quick overview here – Demystifying Intune Custom App Detection Scripts – Andrew Taylor (andrewstaylor.com).
Changing the existing shortcuts
We need to do two things to update the browser our shortcut uses. First, we need to edit our PowerShell script that creates the shortcut, and then re-package it as a new Win32 app. Next, we need to create our custom detection script. Both of those files will need to be uploaded to the existing Win32 app so its updated.
Here is our updated PowerShell script to create the shortcut. Note the target path specifies the browser. More details on this script can be found this this post.
New-Item -Path "c:\" -Name "mem" -ItemType "directory" -Force
Copy-Item ".\icon.ico" -Destination "c:\mem\icon.ico"
#Shortcut creation and specify settings
$Shell = New-Object -ComObject ("WScript.Shell")
$ShortCut = $Shell.CreateShortcut("C:\users\public\desktop\shortcut.lnk")
$ShortCut.TargetPath="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
$Shortcut.Arguments="https://smbtothecloud.com"
$ShortCut.IconLocation = "C:\mem\icon.ico";
$ShortCut.Description = "Shortcut";
$ShortCut.Save()
Next, we need to create a custom detection script. This took me a bit of googling to figure out. I needed to pull the properties of the shortcut.lnk file. Specifically, the Target field, and then write and if/else statement to check if the shortcut is set to open with Microsoft Edge. If it matches Edge, the script will return “detected” with an Exit code of 0, and the app will be detected. If it’s still using Chrome (or anything else), it will return an exit code of 1, fail detection, and the old shortcut will be overwritten with the new one.
$shortcut = Get-ChildItem "C:\users\public\desktop\shortcut.lnk"
$shell = New-Object -ComObject WScript.Shell
$Properties = @{
Target = $Shell.CreateShortcut($Shortcut).TargetPath
}
If ($Properties.target -eq "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe")
{
Write-Output "Detected"
exit 0
}
else {
exit 1
}
All that’s left to do is package our new shortcut deployment script as a .intunewin file, upload it to the existing application, and change our detection rule to use our custom detection script. I am assuming you know how to package the PowerShell script as a .intunewin file, so I’ll skip that part.
Edit your App in Intune and upload the updated install.intunewin file:
Next, we remove the previous detection rule which looks for the file path and add our custom detection script:
Save your App and wait for devices to check-in and get the new shortcut (or restart the IME service to speed things up) 😊