Creating A Web Shortcut For A Non-Default Browser Through Group Policy

Overview

The method I will be using will also work if you just want to create a shortcut for the default browser, but with some minor differences. For my use case here we had a web app that worked better in Chrome – which unfortunately is not the company standard browser. There’s some great documentation out there for the method I will be using, but I have found some weird quirks that are not documented and left me scratching my head for a while. I figured I’d save the next guy some trouble. My work environment uses a Windows Server 2008 R2 box as its’ primary domain controller. If you’re using my reference guide on a newer OS some of these settings might be different. Let’s get started.

Creating the Group Policy Object

First you’re going to create a New Group Policy Object, and then right-click it and select Edit.

Then you’re going to navigate to User Configuration > Preferences > Windows Settings > Shortcuts. If you don’t care who gets this shortcut, you can follow the same instructions but create it under Computer Configuration instead.

From menu select Actions > New > Shortcut. The dialogue below will appear.

Here is a sample of the settings that I used for my use case.

Action Create
Name C:\Users\%USERNAME%\Desktop\MyShortcutName
Target Type File System Object
Location Specify full path
Target Path “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
Arguments www.typicaltim.com
Start In
Shortcut Key None
Run Normal Window
Comment
Icon File Path \\MyServer\Folder1\IconFile.ico
Icon Index 0
CLICK ME to reveal invaluable notes
Linking the GPO

After you have all your settings in place click Apply and then OK. Close the Group Policy Management Editor and get back into the Group Policy Management. Here’s where your use case comes into play. If you don’t care who gets the shortcut, link the GPO at the top of your domain by right-clicking the location you want it in and select Link Existing GPO then select the one you made.

Deploying to Specific Users

If you only want to deploy this to specific users you can do some filtering with security groups. For my use case I created a security group in Active Directory named similarly to “Web App Users” and then added the target users as members of that group.

In Group Policy Management you can then add the security group as a filter.

Allow some time for the new policy to propagate throughout the network. If you want to test on a target user, have them log in and run:

gpupdate /force