Can you block installers from making desktop shortcuts?

There is no overwriting setting I am aware of that stops it, however you have three options - one dangerous, one that sort of bypasses and one safe!

Dangerous way

Edit security settings on the following folders: (Go one folder up, right click on it, and do properties)

c:\users\<name>\Desktop

or

%userprofile%\Desktop

and

c:\users\default\Desktop

Next, go to the security tab and click edit. You want to put the Deny property on both Modify and Write. You should do this for just your user if the installer runs under your user.

This has the downside that you cannot create icons, but it should work.

Safe way

Simply delete any icon that is generated by an install!

Bypass way

Right click anywhere on the desktop where there are no items. Expand the view option and untick "Show Desktop Icons"... This of course has the downside that you will not have any icons - but if this is what you are trying to achieve, it doesn't matter!

Here's a simple way using Scheduled Tasks, and no need to write custom scripts or programs.

I set up a scheduled task to delete icons. It's somewhat imperfect, since it runs periodically (and after MSI installs complete) but it works (and after using it for 6 months: it works quite well). It deletes links directly on the desktop of both the current user and the "Public" user's profile, though this is of course dependent on having permission to do so.

---

The task is created as follows:

• Name: Delete Desktop Shortcuts
• Run with highest privileges

• Triggers:
  • On an Event:
    • Log: Application
    • Source: MsiInstaller
    • Event ID: 1042
  • Daily: 5am every day

• Action: Start a program
  • Program/script: cmd
  • Arguments: /c for %f in (%userprofile%\Desktop\*.lnk %userprofile%\..\Public\Desktop\*.lnk) do del "%f"

• Conditions: none

---

Here's the task, which you can save as a .xml file and then import into the Windows Task Scheduler:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2012-11-02T00:46:01.691625</Date>
    <Author>Gregmac</Author>
  </RegistrationInfo>
  <Triggers>
    <EventTrigger>
      <Enabled>true</Enabled>
      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Application"&gt;&lt;Select Path="Application"&gt;*[System[Provider[@Name='MsiInstaller'] and EventID=1042]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
    </EventTrigger>
    <CalendarTrigger>
      <StartBoundary>2012-11-02T05:00:00</StartBoundary>
      <Enabled>true</Enabled>
      <ScheduleByDay>
        <DaysInterval>1</DaysInterval>
      </ScheduleByDay>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>Greg</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>cmd</Command>
      <Arguments>/c for %f in (%userprofile%\Desktop\*.lnk %userprofile%\..\Public\Desktop\*.lnk) do del "%f"</Arguments>
    </Exec>
  </Actions>
</Task>