DesktopComposer: Deploy Windows 10 Start menu and desktop shortcuts with Group Policy

DesktopComposer is an open source tool that simplifies Start Menu and Desktop shortcut deployment in Windows 10, Windows Server 2016, and Windows Server 2019 with Group Policy.

Installation ^

DesktopComposer comprises two programs: an agent that has to be installed on every client machine and an administration program that is installed on the admin machine.

First download the latest release of DesktopComposer from GitHub and install it on your client machines. You can also deploy it silently by launching the setup file with the /VERYSILENT flag.

Then move to your admin machine and install the ComposerAdmin software.

Creating the composition file ^

Open ComposerAdmin and begin editing your Start menu. As a starting point, you can:

  • Import the Start menu of the local computer
  • Import the Start menu of a computer in the local network (e.g., your terminal server)
  • Create a Start menu from scratch
ComposerAdmin after importing the Start menu from the local machine

ComposerAdmin after importing the Start menu from the local machine

As in Windows Explorer, you can edit shortcut properties. In addition, you can:

  • Disable shortcut deployment
  • Set shortcut deployment to the user's Start menu
  • Set shortcut deployment to the user's desktop

You can edit shortcuts as in Windows Explorer

You can set an ACL for every shortcut that is based on user and group membership in your Active Directory.

Every ACL can be disabled or denied if you want to deploy shortcuts for users who are NOT members of the group specified in the ACL.

Set ACL on shortcut

Set ACL on shortcut

When you have finished editing the Start menu, save the composition file to a location readable by users you wish to deploy (for example, \\mydomain\netlogon\startmenu.dcxml).

Deploy Start menu with Group Policy ^

First, install the administrative templates provided with ComposerAdmin software. The installer deploys a shortcut for the admx folder (the default location of ADMX files is C:\Program Files\Sequence Software\ComposerAdmin\Tools\ADMX).

Computer policy

In Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups, create a new local group called DesktopComposer Users and add the users or groups to it whose Start menu configuration you want to control with DesktopComposer.

Add users to DesktopComposer local group

Add users to DesktopComposer local group

User Policy

Open User Configuration > Windows Settings > Scripts (Logon/Logoff) > Logon and add a new logon script:

  • Script Name: %PROGRAMFILES%\Sequence Software\Composer Agent\ComposerAgent.exe
  • Script Parameters: -compose
    This triggers the composition of the Start menu and desktop shortcuts at user logon.
Add logon script

Add logon script

Optionally, open User Configuration > Windows Settings > Scripts (Logon/Logoff)\Logoff and add a new logoff script:

  • Script Name: %PROGRAMFILES%\Sequence Software\Composer Agent\ComposerAgent.exe
  • Script Parameters: -decompose
    This restores the initial Start menu and desktop shortcuts at user logoff.

Next, open User Configuration > Administrative Templates > Sequence Software > DesktopComposer Agent.

DesktopComposer specific group policy settings

DesktopComposer specific group policy settings

  1. Set Enable Composition Agent to Enabled.
  2. Set Composition File Location to the composition file previously saved (e.g., \\mydomain\netlogon\startmenu.dcxml).
  3. Optionally, you can set the Log File Location (e.g., %TEMP%\COMPOSERLOG.LOG) and Log Threshold. By default, it saves logs in %APPDATA%\Desktop Composer.

Testing ^

Log in with your favorite test user and see whether the Start menu is built according to the settings specified in the composition file.

Testing Start menu deployment

Testing Start menu deployment

If something goes wrong, check the logs (by default, they are located in %APPDATA%\DesktopComposer) and/or raise the log verbosity.

Further improvements ^

DesktopComposer is designed for terminal services and VDI clients, so a strict requirement is that the machine is connected to a domain network for the program to work. A cache feature is planned for the upcoming version.

The ability to manage and dynamically deploy the tiles of the Start menu is currently under investigation.

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads and for free by becoming a member!

3+
avataravatar
Share
5 Comments
  1. Hello Riccardo and welcome to 4sysops crew .)

    Interresting tool. A bit cumbersome that it requires intallation on the target machines.

    Is is so that the defined start menu items are added to the menu or it completely replaces the default one?

    Cheers L

    0

  2. Author

    Hi Leos! Glad to be here 🙂

    Installation of agent isn't strictly required, It is just for convenience because the installer does some tasks, like setting ACL on all user's menu and adding a user group to the system that can be done also in a machine login script GPO (by calling %agentexecutablefullpath% -install).

    Start menu items defined in Composition file will replace both the common start menu and user's start menu. At startup the agent takes a backup of initial user's start menu, which will be restored at logoff, when agent is called with switch -decompose.

    Cheers!

    0

    • Welcome 🙂

      Few more questions please.

      1) Icon replacement - in your screen I see 2 default icons - settings and security. Is is something you defined in the tool? The reason Im asking is, if I want user to have things like Calculator, etc, do I need to define them in the composer or the Default Windows things are always available?

      2) How the application of the layout works on the target machine if the agent is not installed? In the GPO you configure I see the GPO calls the agent executable as the first step. 

      Thanks L

       

      0

  3. Author

    1) In this case settings are defined in the tool. Security is a link that unfortunately can't be overridden. If you want the user to have calculator, notepad, etc... you'll have to define them in composer.

    2) You can avoid agent install by putting the agent folder on  an UNC path (i.e. \\mydomain\netlogon\composeragent\ and in the GPO call the executable. But you have to call the after-installation steps of agent in computer logon scripts (i.e. \\mydomain\netlogon\composeragent\composeragent.exe -install ), which creates the DesktopComposer Local user groups and sets ACLs on Common start menu folder.

    1+
    avatar

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account