Many IT organizations do not allow their end users to be local administrators on company endpoints, and for good reason. But one issue I have ran across is that some applications install an icon on the public desktop (C:\Users\Public\Desktop) and the end user is unable to delete the icon as it requires administrative rights. Using PowerShell, we can modify the ACL of the public desktop folder and allow our non-admin users to delete these shortcuts.
Copy the PowerShell script below and save it somewhere we can reference it later. This script modifies the permissions for the folder ‘C:\Users\Public\Desktop’ and adds the ‘authenticated users‘ entity to it with the ‘modify’ permission.
$folderPath = "C:\Users\Public\Desktop" $acl = Get-Acl $folderPath $user = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-11') $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ($user,"Modify", "ContainerInherit,ObjectInherit", "None", "Allow") $acl.SetAccessRule($rule) Set-ACL $folderPath $acl