SCCM – VBScript – Hide Desktop Icons

email me

Compile to EXE, add the EXE you just created to SCCM as a package: Create Package > Environment > Program can run: Only when user is logged on > Run with administrator rights.

on error resume next

Set objShell = CreateObject("Wscript.Shell")

Const HKEY_LOCAL_MACHINE = &H80000002

Const OverwriteExisting = TRUE

strCurrentDirectory = objShell.CurrentDirectory

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set objRegistry=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList"

objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys

For Each objSubkey In arrSubkeys

on error resume next

strValueName = "ProfileImagePath"

strSubPath = strKeyPath & "\" & objSubkey

objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set objAccount = objWMIService.Get("Win32_SID.SID='" & objSubkey & "'")

strUser = objAccount.AccountName

objSubkey = trim(objSubkey)'trims whitespace
strUser = trim(strUser)'trims whitespace

'LOGIC TO DETERMINE IF REGISTRY ACCOUNT IS TO BE LOADED
if strUser = "SYSTEM" then strUser=""
if strUser = "LOCAL SERVICE" then strUser=""
if strUser = "NETWORK SERVICE" then strUser=""
if strUser = "ADMINISTRATOR" then strUser=""
if strUser = "Administrator" then strUser=""
if strUser = "Media" then strUser=""
if strUser = "Default" then strUser=""
if strUser = "IntuneAdmin" then strUser=""

if strUser <> "" then

on error resume next

objShell.Run "REG ADD " & chr(34) & "HKEY_Users\" & objSubkey & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" & chr(34) & " /v NoDesktop /t REG_DWORD /d 1 /f",0,false

end if

Next