In today’s post I will show you how to configure the pinned programs on the Windows Taskbar with the help of Group Policy, Registry settings, and logon scripts.
Latest posts by Michael Pietroforte (see all)

Considering that I’ve written three posts about the pinning of apps to the Taskbar, you might think everything has been said already. Well, almost. Let’s recap what we’ve learned so far. In my first post in this series, I described the official way of removing the Store app from the Taskbar, which essentially means that you have to disable the Windows Store app altogether. Then, I showed you how to pin and unpin apps on the Taskbar with a PowerShell script, and in another post I demonstrated how you can use this method in a logon script to unpin the Windows Store app.

These solutions all pertain to adding or removing a certain program to or from the Taskbar. However, the methods I discuss today allow you to configure the Taskbar with multiple pinned programs and ensure that users can’t change this setting. Such a configuration makes sense in an environment where all users log on with the same user name, such as on kiosk computers. Or perhaps some of your users work only with a few programs and you want to ensure that these apps are always pinned to the Taskbar without the possibility of users playing with these settings.

Of course, you can also deploy a particular Taskbar configuration with your OS image. But this is a different topic. Today, we just focus on how to change the Taskbar after you deploy Windows.

Taskbar Registry settings

The configuration of all pinned apps is stored in a Registry key: HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Explorer > Taskband.

Taskband - Registry settings of the pinned apps on the Taskbar

Taskband - Registry settings of the pinned apps on the Taskbar

As you can see in the screenshot, the Registry entries are rather cryptic. Thus, you can’t just edit the Registry manually to configure the Taskbar. However, you can configure the Taskbar on a reference machine, export the Taskband Registry key, and then deploy the corresponding REG file.

Deploy with Group Policy Preferences

In a previous post, I explained how you can convert the REG file into an XML file and then import the Registry settings into Group Policy Preferences. This also works with the Taskband Registry key; however, your users will only get the new configuration after they log on the second time. The reason is that Group Policy Preferences deploys Registry settings after Windows Explorer is already loaded. If you restart File Explorer through the Task Manager after the first logon, the Taskbar will load the new settings right away.

Hence, one way to deploy your Taskbar configuration is to restart Explorer right after the user logs on with a logon script. You could do this with a little batch script:

taskkill /f /im explorer.exe
start explorer.exe

You should use the Group Policy User Configuration > Policies > Administrative Templates > System > Logon for this purpose because the logon scripts in the Windows Settings Group Policy run too early in the logon process.

Run these programs at user logon

Run these programs at user logon

The procedure described so far only works with Modern apps. Windows handles shortcuts for desktop applications and Modern apps differently. Whenever you pin a desktop application to the Taskbar, Windows adds the corresponding shortcut to the folder %APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\.

Thus, in addition to the Registry settings, you have copy the shortcut of the desktop application to this folder. If you don’t do this, users will see the application pinned to the Taskbar; however, when they click it, they will get the error message “Can’t open this item.” This problem doesn’t exist for Modern apps.

Can't open this item

“Can’t open this item” message

You could copy the shortcut with Group Policy Preferences or in your logon script that restarts Explorer. The example below shows what your batch script might look like if you want to pin Notepad to the Taskbar:

xcopy /y "\\win2012r2\scripts\Notepad.lnk" "%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\"
taskkill /f /im explorer.exe
start explorer.exe

In addition, you have to deploy Registry settings discussed above with Group Policy Preferences.

The solution has two downsides. One is that the user will see a command window pop up after logon. Perhaps even more problematic is restarting Explorer after the user logs on. If the user manages to start an application before your script runs, this can cause problems.

Deploy with a logon script only

A better solution is to work without Group Policy Preferences and to deploy the Registry settings in the logon script. In this case, you work with the logon script configuration under User Configuration > Windows Settings > Scripts (Logon/Logoff).

Windows Settings - Logon scripts

Windows Settings - Logon scripts

This is the corresponding sample batch script:

regedit.exe /s \\win2012r2\scripts\Taskband.reg
xcopy /y "\\win2012r2\scripts\Notepad.lnk" "%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\"

The first line deploys the Registry settings that contain the pinned apps of your Taskband configuration. The user won’t notice anything and will get the correct the Taskbar settings right after logon.

A problem with this method is that it only works if File Explorer is started after the Registry settings have been deployed. Hence, you should enable the Group Policy Run logon scripts synchronously, which you can find in User Configuration > Policies > Administrative Templates > System > Scripts. During my tests, the logon scripts always worked without this setting, but I wouldn’t count on it. A downside of this policy is that it can slow down the logon process.

Run logon scripts synchronously

Run logon scripts synchronously

I think this case demonstrates nicely that Group Policy Preferences can’t always replace logon scripts.

Freeze the Taskbar

Thus far, we only ensured that users will always get the same Taskbar configuration after they log on. They can still pin and unpin apps to the Taskbar during a session. In some environments, that might make sense. However, if you don’t want to frustrate your users because their Taskbar configuration always changes back to the original setting, you might want to prevent users from changing the pinned apps. This can be done with the Group Policy setting Do not allow pinning programs to the Taskbar, which you can find under User Configuration > Policies > Administrative Templates > Start Menu and Taskbar.

Do not allow pinning programs to the Taskbar

Do not allow pinning programs to the Taskbar

Note that this policy doesn’t change the programs currently pinned to the Taskbar. It just removes Pin this program to the Taskbar and Unpin this program from the Taskbar from the context menu when you right-click a Taskbar icon. Also note that the policy doesn’t interfere with the deployment methods described above. Thus, you can still deploy a new REG file with your Taskbar settings without disabling this policy.


If running logon scripts synchronously doesn’t cause slow logons in your environment, I would go for the method without Group Policy Preferences. In any case, I recommend testing the deployment process in the lab until you are sure you understand what you are doing. Pinning and unpinning programs to the Taskbar programmatically is not supported by Microsoft and can be quite tricky.

  1. Avatar
    TwoDoors 9 years ago

    Thanks for the step-by-step instructions. What about unpinning the default items (Internet Explorer, Windows Explorer, Windows Media Player)? Can this be done with a script and if so, how?

  2. Avatar
    Harry 8 years ago

    Well… that’s sure lots of troubles to go through. ProfileHelper does it automatically through gpo. and lots of other useful stuff too I might add. Hope helpful

  3. Avatar
    Kevin 8 years ago

    If you deploy this with a logon script it will run ever time and then the user can not customize the taskbar if they want.

  4. Avatar
    Me 7 years ago

    this worked great for users already in AD

    tested this with a new user, and it failed, the logon script works and running, and copyingthe files – but i can not see any icons on the taskband – its empty

    any ideas how to fix this ?

  5. Avatar
    Steve 7 years ago

    how do we unpin just Edge from the taskbar?

  6. Avatar
    Dan 7 years ago

    Even after choosing Run logon scripts synchronously, the taskband.reg doesn’t have effect till logoff and back in….GRR

  7. Avatar
    Rahiem Jacobs 5 years ago

    After implementing a lockdown of th taskbar not to pin any applications to the taskbar, is there a way to modify the group policy to add one application “Windows Snipping Tool”?

Leave a reply to Me Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account