How to Change the My Computer Desktop Icon Using Powershell?

2

I am trying to learn a little bit of Shell-Scripting, as Test-Automation seems to get trendier these days.

My grasp of Powershell is quite generic. My current goal is to change the My Computer desktop icon.

There are some things of the Microsoft Windows 10 operating system that I have not touched yet using Powershell. I hope that maybe some more prolific writers than myself are able to give me a hand in reaching this goal.

I have just tested two snippets that have surprisingly run successfully on their first attempts.

The first one may be called as Create_Shortcut.PS1 and creates a desktop icon for the command-line preprocessing system where batch files may be run.

# Creates the command-line desktop icon.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

$TargetFile = "C:\Windows\System32\Cmd.Exe"

$ShortcutFile = "\\ISXPFV01.hd00.example.com\us_qv2_dem_user_data_pool_nra$\EE65037.HD00\Desktop\Command-Line.Lnk"

$WScriptShell = New-Object -COMObject WScript.Shell

$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)

$Shortcut.TargetPath = $TargetFile

$Shortcut.Save()

The second one might be called as Rename_My_Computer.PS1 and it renames the My Computer desktop icon.

# Changes the My Computer desktop icon name from "This PC" to "VSDC0365".

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

$My_Computer = 17

$Shell = New-Object -COMObject Shell.Application

$NSComputer = $Shell.Namespace($My_Computer)

$NSComputer.Self.Name = $Env:COMPUTERNAME

What I am interested in could prove to be extremely simple to someone who is more experienced in Powershell than myself. I need to change the My Computer desktop icon by specifying its path.

As I have not reached yet this goal, any kind of help on this subject is highly appreciated.

Thanks for reading.

UPDATE after @Theo's great comment:

A new surprisingly working snippet, that manages to produce the My Computer desktop icon:

# HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\
# {20D04FE0-3AEA-1069-A2D8-08002B30309D}
# 0 = show
# 1 = hide

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

$Path = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel"

$Name = "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"

$Exist = "Get-ItemProperty -Path $Path -Name $Name"

if ($Exist)
{
    Set-ItemProperty -Path $Path -Name $Name -Value 0
}
Else
{
    New-ItemProperty -Path $Path -Name $Name -Value 0
}

Now, all that I have to do is to somehow programatically press F5 in order to refresh the Desktop View, after somehow setting the settings that he has mentioned in his comment.

Another UPDATE related to the refresh:

Another surprisingly working snippet, that refreshes the Desktop View:

# Refresh Desktop Ability

$Definition = @'

    [System.Runtime.InteropServices.DllImport("Shell32.dll")]

    private static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2);

    public static void Refresh() {
        SHChangeNotify(0x8000000, 0x1000, IntPtr.Zero, IntPtr.Zero);
    }
'@

Add-Type -MemberDefinition $Definition -Namespace WinAPI -Name Explorer

# Refresh desktop icons
[WinAPI.Explorer]::Refresh()

Now everything that is still left is to change the My Computer desktop icon somehow before the refresh.

UPDATE related to Taking the Ownership of that Registry Key:

Tricky stuff. I had no idea that it can get so complicated.

Currently, it fails with error messages starting with the following one:

PS Y:\> Y:\Digitization\Powershell\The_My_Computer_Desktop_Icon\Change_Registry_Key.PS1
True
Exception calling "OpenSubKey" with "3" argument(s): "Requested registry access is not allowed."
At Y:\Digitization\Powershell\The_My_Computer_Desktop_Icon\Change_Registry_Key.PS1:139 char:1
+ $RegKey = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey(         ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : SecurityException

This is the content of the Change_Registry_Key.PS1 file:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Function Enable-Privilege {
  Param(
  ## The privilege to adjust.
  [ValidateSet(
      "SeAssignPrimaryTokenPrivilege"
    , "SeAuditPrivilege"
    , "SeBackupPrivilege"
    , "SeChangeNotifyPrivilege"
    , "SeCreateGlobalPrivilege"
    , "SeCreatePagefilePrivilege"
    , "SeCreatePermanentPrivilege"
    , "SeCreateSymbolicLinkPrivilege"
    , "SeCreateTokenPrivilege"
    , "SeDebugPrivilege"
    , "SeEnableDelegationPrivilege"
    , "SeImpersonatePrivilege"
    , "SeIncreaseBasePriorityPrivilege"
    , "SeIncreaseQuotaPrivilege"
    , "SeIncreaseWorkingSetPrivilege"
    , "SeLoadDriverPrivilege"
    , "SeLockMemoryPrivilege"
    , "SeMachineAccountPrivilege"
    , "SeManageVolumePrivilege"
    , "SeProfileSingleProcessPrivilege"
    , "SeRelabelPrivilege"
    , "SeRemoteShutdownPrivilege"
    , "SeRestorePrivilege"
    , "SeSecurityPrivilege"
    , "SeShutdownPrivilege"
    , "SeSyncAgentPrivilege"
    , "SeSystemEnvironmentPrivilege"
    , "SeSystemProfilePrivilege"
    , "SeSystemtimePrivilege"
    , "SeTakeOwnershipPrivilege"
    , "SeTcbPrivilege"
    , "SeTimeZonePrivilege"
    , "SeTrustedCredManAccessPrivilege"
    , "SeUndockPrivilege"
    , "SeUnsolicitedInputPrivilege")]
    $Privilege
    ## The process on which to adjust the privilege. Defaults to the current process.
  , $ProcessId = $Pid
    ## Switch to disable the privilege, rather than enable it.
  , [Switch] $Disable
  )

  $Definition = @'
    using System;
    using System.Runtime.InteropServices;

    public class AdjPriv
    {
       [DllImport(  "advapi32.dll"
                  , ExactSpelling = true
                  , SetLastError = true)]

       internal static extern bool AdjustTokenPrivileges(  IntPtr htok
                                                         , bool disall
                                                         , ref TokPriv1Luid newst
                                                         , int len
                                                         , IntPtr prev
                                                         , IntPtr relen);

       [DllImport(  "advapi32.dll"
                  , ExactSpelling = true
                  , SetLastError = true)]

       internal static extern bool OpenProcessToken(  IntPtr h
                                                    , int acc
                                                    , ref IntPtr phtok);

       [DllImport(  "advapi32.dll"
                  , SetLastError = true)]

       internal static extern bool LookupPrivilegeValue(  string host
                                                        , string name
                                                        , ref long pluid);

       [StructLayout(  LayoutKind.Sequential
                     , Pack = 1)]

       internal struct TokPriv1Luid
       {
          public int Count;
          public long Luid;
          public int Attr;
       }

       internal const int SE_PRIVILEGE_ENABLED    = 0x00000002;
       internal const int SE_PRIVILEGE_DISABLED   = 0x00000000;
       internal const int TOKEN_QUERY             = 0x00000008;
       internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;

       public static bool EnablePrivilege(  long processHandle
                                          , string privilege
                                          , bool disable)
       {
           bool retVal;
           TokPriv1Luid tp;
           IntPtr hproc = new IntPtr(processHandle);
           IntPtr htok = IntPtr.Zero;
           retVal = OpenProcessToken(  hproc
                                     , TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
                                     , ref htok);
           tp.Count = 1;
           tp.Luid = 0;
           if(disable)
           {
               tp.Attr = SE_PRIVILEGE_DISABLED;
           }
           else
           {
               tp.Attr = SE_PRIVILEGE_ENABLED;
           }
           retVal = LookupPrivilegeValue(  null
                                         , privilege
                                         , ref tp.Luid);
           retVal = AdjustTokenPrivileges(  htok
                                          , false
                                          , ref tp
                                          , 0
                                          , IntPtr.Zero
                                          , IntPtr.Zero);
           return retVal;
    }
  }
'@

$ProcessHandle = (Get-Process -Id $ProcessId).Handle
$Type = Add-Type $Definition -PassThru
$Type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
}

Enable-Privilege SeTakeOwnershipPrivilege

# Change Owner to the local Administrators group.
$RegKey = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey(               `
            "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"                  `
          , [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree  `
          , [System.Security.AccessControl.RegistryRights]::TakeOwnership)
$RegACL = $RegKey.GetAccessControl()
$RegACL.SetOwner([System.Security.Principal.NTAccount]"Administrators")
$RegKey.SetAccessControl($RegACL)

# Change Permissions for the local Administrators group.
$RegKey = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey(               `
            "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"                  `
          , [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree  `
          , [System.Security.AccessControl.RegistryRights]::ChangePermissions)
$RegACL = $RegKey.GetAccessControl()
$RegRule = New-Object System.Security.AccessControl.RegistryAccessRule(     `
             "Administrators"                                               `
           , "FullControl"                                                  `
           , "ContainerInherit"                                             `
           , "None"                                                         `
           , "Allow")
$RegACL.SetAccessRule($RegRule)
$RegKey.SetAccessControl($RegACL)

UPDATE related to Another Attempt of Taking the Ownership of that Registry Key:

This is the content of another snippet, called as Change_Registry_Key.2.PS1:

#Define HKCR
New-PSDrive -Name       HKCR7              `
            -PSProvider Registry           `
            -Root       HKEY_CLASSES_ROOT

#Set $Path HKCR Key Path
$Path = "HKCR:\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"

#Set $Path Permissions
$ACL = Get-ACL $Path

$Rule = New-Object System.Security.AccessControl.RegistryAccessRule ( `
            "<domain>\<username>"                                     `
          , "FullControl"                                             `
          , "Allow")

$ACL.SetAccessRule($Rule)

$ACL | Set-ACL -Path $path

#Set HKCR 'Attributes' Key Value
Set-ItemProperty -Path   $Path        `
                 -Name   Attributes   `
                 -Value  b0940064

These are the errors that appear in the console area:

PS Y:\> Y:\Digitization\Powershell\The_My_Computer_Desktop_Icon\Change_Registry_Key.2.PS1

Name           Used (GB)     Free (GB) Provider      Root                           
----           ---------     --------- --------      ----                           
HKCR7                                  Registry      HKEY_CLASSES_ROOT              
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity refere
nces could not be translated."
At Y:\Digitization\Powershell\The_My_Computer_Desktop_Icon\Change_Registry_Key.2.PS1
:17 char:1
+ $ACL.SetAccessRule($Rule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : IdentityNotMappedException
 
Set-ACL : Requested registry access is not allowed.
At Y:\Digitization\Powershell\The_My_Computer_Desktop_Icon\Change_Registry_Key.2.PS1
:19 char:8
+ $ACL | Set-ACL -Path $path
+        ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_CLASSES_RO...8-08002B30309D}: 
   String) [Set-Acl], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShel 
   l.Commands.SetAclCommand
 
Set-ItemProperty : Requested registry access is not allowed.
At Y:\Digitization\Powershell\The_My_Computer_Desktop_Icon\Change_Registry_Key.2.PS1
:22 char:1
+ Set-ItemProperty -Path   $Path        `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_CLASSES_RO...8-08002B30309D}: 
   String) [Set-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShel 
   l.Commands.SetItemPropertyCommand

UPDATE Regarding @Theo's Second Version of Renaming the My Computer Desktop Icon:

This version is not working for me yet.

Its testing is quite simple:

  • I am manually renaming the My Computer Desktop Icon to Fifi;
  • then I am running this snippet;
  • then I am manually refreshing the Desktop View.

Although I expect the My Computer Desktop Icon to be renamed back to Work-Laptop, its name still remains fixed as Fifi.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

#Requires -RunAsAdministrator

Function Enable-Privilege {
    [CmdletBinding(  ConfirmImpact         = 'low'
                   , SupportsShouldProcess = $false)]
    [OutputType('System.Boolean')]
    Param(
        [Parameter(  Mandatory = $true
                   , Position  = 0)]
        [ValidateSet(  "SeAssignPrimaryTokenPrivilege"
                     , "SeAuditPrivilege"
                     , "SeBackupPrivilege"
                     , "SeChangeNotifyPrivilege"
                     , "SeCreateGlobalPrivilege"
                     , "SeCreatePagefilePrivilege"
                     , "SeCreatePermanentPrivilege"
                     , "SeCreateSymbolicLinkPrivilege"
                     , "SeCreateTokenPrivilege"
                     , "SeDebugPrivilege"
                     , "SeEnableDelegationPrivilege"
                     , "SeImpersonatePrivilege"
                     , "SeIncreaseBasePriorityPrivilege"
                     , "SeIncreaseQuotaPrivilege"
                     , "SeIncreaseWorkingSetPrivilege"
                     , "SeLoadDriverPrivilege"
                     , "SeLockMemoryPrivilege"
                     , "SeMachineAccountPrivilege"
                     , "SeManageVolumePrivilege"
                     , "SeProfileSingleProcessPrivilege"
                     , "SeRelabelPrivilege"
                     , "SeRemoteShutdownPrivilege"
                     , "SeRestorePrivilege"
                     , "SeSecurityPrivilege"
                     , "SeShutdownPrivilege"
                     , "SeSyncAgentPrivilege"
                     , "SeSystemEnvironmentPrivilege"
                     , "SeSystemProfilePrivilege"
                     , "SeSystemtimePrivilege"
                     , "SeTakeOwnershipPrivilege"
                     , "SeTcbPrivilege"
                     , "SeTimeZonePrivilege"
                     , "SeTrustedCredManAccessPrivilege"
                     , "SeUndockPrivilege"
                     , "SeUnsolicitedInputPrivilege")]
        [String]$Privilege

      , [Parameter(Position = 1)]
        $ProcessId = $PID

      , [switch]$Disable
        )


        Add-Type -TypeDefinition @'
using System;
using System.Runtime.InteropServices;

public class Privilege {
    [DllImport(  "advapi32.dll"
               , ExactSpelling = true
               , SetLastError  = true)]

    internal static extern bool AdjustTokenPrivileges(
         IntPtr htok
       , bool   disall
       , ref    TokPriv1Luid newst
       , int    len
       , IntPtr prev
       , IntPtr relen);

    [DllImport(  "advapi32.dll"
               , ExactSpelling = true
               , SetLastError  = true)]

    internal static extern bool OpenProcessToken(  IntPtr h
                                                 , int    acc
                                                 , ref    IntPtr phtok);

    [DllImport(  "advapi32.dll"
               , SetLastError = true)]

    internal static extern bool LookupPrivilegeValue(  string host
                                                     , string name
                                                     , ref    long pluid);

    [StructLayout(  LayoutKind.Sequential
                  , Pack = 1)]

    internal struct TokPriv1Luid {
        public int  Count;
        public long Luid;
        public int  Attr;
    }

    internal const int SE_PRIVILEGE_ENABLED    = 0x00000002;
    internal const int SE_PRIVILEGE_DISABLED   = 0x00000000;
    internal const int TOKEN_QUERY             = 0x00000008;
    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;

    public static bool EnablePrivilege(  long   processHandle
                                       , string privilege
                                       , bool   disable) {
        bool         retVal;
        TokPriv1Luid tp;
        IntPtr       hproc = new IntPtr(processHandle);
        IntPtr       htok  = IntPtr.Zero;
        retVal = OpenProcessToken(  hproc
                                  , TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
                                  , ref htok);
        tp.Count = 1;
        tp.Luid  = 0;
        if(disable) {
            tp.Attr = SE_PRIVILEGE_DISABLED;
        }
        else {
            tp.Attr = SE_PRIVILEGE_ENABLED;
        }
        retVal = LookupPrivilegeValue(  null
                                      , privilege
                                      , ref tp.Luid);
        retVal = AdjustTokenPrivileges(  htok
                                       , false
                                       , ref tp
                                       , 0
                                       , IntPtr.Zero
                                       , IntPtr.Zero);
        return retVal;
    }
}
'@

    try {
        $proc   = Get-Process -Id $ProcessId -ErrorAction Stop
        $name   = $proc.ProcessName
        $handle = $proc.Handle
        $action = if ($Disable) { 'Disabling' } else { 'Enabling' }
        Write-Verbose (  "{0} privilege '{1}' for process {2}" -f $action `
                       , $Privilege                                       `
                       , $name)
        [Privilege]::EnablePrivilege(  $handle         `
                                     , $Privilege      `
                                     , [bool]$Disable)
    }
    catch {
        throw
    }
}

################################################################
# Step 1: Give the current process the SeTakeOwnershipPrivilege.
################################################################

    $null = Enable-Privilege -Privilege SeTakeOwnershipPrivilege -Verbose

##############################################################
# Step 2: change Owner to the local Administrators group
##############################################################

# Better not use the string "Administrators", because this
# might have a different name in other cultures.
#
# $RegACL.SetOwner([System.Security.Principal.NTAccount]"Administrators")
#
# Use the Well-Known SID instead.
# Local Administrators Group.
$Administrators = `
   [System.Security.Principal.SecurityIdentifier]::new('S-1-5-32-544')

$RegKey = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey(        `
     "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"                  `
   , [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree  `
   , [System.Security.AccessControl.RegistryRights]::TakeOwnership)

$RegACL = $RegKey.GetAccessControl()
$RegACL.SetOwner($Administrators)
$RegKey.SetAccessControl($RegACL)

##############################################################
# Step 3:  Give the Local Administrators Group Full Control.
##############################################################

# Refresh the A.C.L.
$RegACL = $RegKey.GetAccessControl()

# Test if there is a Deny rule in the ACL
# for Administrators and, if so, remove that rule.
$RegACL.GetAccessRules(                                     `
         $true                                              `
       , $true                                              `
       , [System.Security.Principal.SecurityIdentifier]) |  `
    Where-Object {                                          `
             $_.AccessControlType -eq 'Deny'                `
        -and $_.IdentityReference -eq $Administrators.Value `
    } |                                                     `
    ForEach-Object { $null = $RegAcl.RemoveAccessRule($_) }

# Create a new rule allowing the Administrators Full Control.
$RegRule = [System.Security.AccessControl.RegistryAccessRule]::new( `
             $Administrators                                        `
           , 'FullControl'                                          `
           , 'ContainerInherit'                                     `
           , 'None'                                                 `
           , 'Allow')
$RegACL.SetAccessRule($RegRule)
$RegKey.SetAccessControl($RegACL)

# Close the Registry Key.
$RegKey.Close()


##############################################################
# Step 4: Change the 'LocalizedString' property
# in the registry to suit your needs.
##############################################################
#
# With PowerShell 5, you need to use
# `Registry::HKEY_CLASSES_ROOT\..` syntax in order to be able
# to set the registry Type for the value
# with parameter '-Type'.
# As of PowerShell 7, the '-Type' parameter is included.

$RegPath = `
 'Registry::HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}'
Set-ItemProperty -Path  $RegPath          `
                 -Name  'LocalizedString' `
                 -Value "%ComputerName%"  `
                 -Type  ExpandString      `
                 -Force

What I get in the console is the following text:

PS C:\WINDOWS\system32> C:\Users\MihaiDobrescu\OneDrive\Documents\2_Facturi\12_-_Bank_Services\Digitization\Powershell\Change_Registry_Key.3.PS1 -RunAsAdministrator
VERBOSE: Enabling privilege 'SeTakeOwnershipPrivilege' for process powershell_ise

PS C:\WINDOWS\system32>

UPDATE: A Final Version, with all of the Ingredients of the Beautiful Soup inside of it.

Thanks go again to @Theo who has actually debugged the whole mess.

Note: The snippet is surprisingly working even inside the Virtual Machine, as there is no need for it to be run as an Administrator, since no ownership has to be taken upon the whole Solar System in order to solve this problem.

# How to test:
#
# 1. Rename the My Computer Desktop Icon to "Fifi".
# 2. Remove the My Computer Desktop Icon from the Desktop View.
# 3. Run this snippet.
# 4. Observe how the My Computer Desktop Icon is produced on the Desktop View,
#    with the name "Tele-Ordinator" and with a very emotional Desktop Icon.

# Allow the execution of snippets.

Set-ExecutionPolicy               `
    -ExecutionPolicy RemoteSigned `
    -Scope           CurrentUser

# Produce the My Computer Desktop Icon on the Desktop View.

# HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\
# {20D04FE0-3AEA-1069-A2D8-08002B30309D}
# 0 = show
# 1 = hide

$Path = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel"

$Name = "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"

$Exist = "Get-ItemProperty -Path $Path -Name $Name"

if ($Exist)
{
    Set-ItemProperty     `
        -Path  $Path     `
        -Name  $Name     `
        -Value 0
}
Else
{
    New-ItemProperty     `
        -Path  $Path     `
        -Name  $Name     `
        -Value 0
}

# Rename the My Computer Desktop Icon from "This PC" to "Tele-Ordinator".

$My_Computer = 17

$Shell = New-Object -COMObject Shell.Application

$NSComputer = $Shell.Namespace($My_Computer)

$NSComputer.Self.Name = "Tele-Ordinator"

# Change the My Computer Desktop Icon.

$RegPath =                                                                                                                                    `
    'Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon'

if (!(Test-Path -Path $RegPath))
{
    $null = New-Item             `
                -Path   $RegPath `
                -Force
}

Set-ItemProperty                                                               `
    -Path  $RegPath                                                            `
    -Name  '(Default)'                                                         `
    -Value 'Y:\Digitization\Icons\Robsonbillponte-Happy-Holidays-Pictures.ICO' `
    -Type  ExpandString                                                        `
    -Force

# Refresh the Desktop View.

$Definition = @'

    [System.Runtime.InteropServices.DllImport("Shell32.dll")]

    private static extern int SHChangeNotify(
          int    eventId
        , int    flags
        , IntPtr item1
        , IntPtr item2);

    public static void Refresh()
    {
        SHChangeNotify(
          0x8000000
        , 0x1000
        , IntPtr.Zero
        , IntPtr.Zero);
    }
'@

Add-Type                          `
    -MemberDefinition $Definition `
    -Namespace        WinAPI      `
    -Name             Explorer

[WinAPI.Explorer]::Refresh()

Another Final UPDATE for setting and running a batch file that automates the above automation using the Microsoft Windows Batch Files Preprocessing System:

This is just a short snippet called as Change_Desktop_Icons.BAT.

ChDir %SystemRoot%\System32\WindowsPowerShell\v1.0\

%SystemRoot%\System32\WindowsPowerShell\v1.0\PowerShell.Exe Y:\Digitization\PowerShell\The_My_Computer_Desktop_Icon\Change_Desktop_Icon.PS1

Pause

This is the output of the thing, upon the double-click of its own Desktop Icon.

'\\ISXPFV01.hd00.example.com\us_qv2_dem_user_data_pool_nra$\EE65037.HD00\Desktop'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported.  Defaulting to Windows directory.

C:\Windows>ChDir C:\WINDOWS\System32\WindowsPowerShell\v1.0\

C:\Windows\System32\WindowsPowerShell\v1.0>C:\WINDOWS\System32\WindowsPowerShell\v1.0\PowerShell.Exe Y:\Digitization\PowerShell\The_My_Computer_Desktop_Icon\Change_Desktop_Icon.PS1

C:\Windows\System32\WindowsPowerShell\v1.0>Pause
Press any key to continue . . .
windows
powershell
shell
icons
desktop
asked on Stack Overflow Feb 24, 2021 by DOBRESCU_Mihai • edited Mar 9, 2021 by DOBRESCU_Mihai

1 Answer

1

As commented, it is quite a hassle to change the 'Computer' icons caption..

Below code works for me on Windows 10 Pro using PowerShell 5.1

you need run this as Administrator

#Requires -RunAsAdministrator

function Enable-Privilege {
    [CmdletBinding(ConfirmImpact = 'low', SupportsShouldProcess = $false)]  
    [OutputType('System.Boolean')]
    Param(
        [Parameter(Mandatory = $true, Position = 0)]
        [ValidateSet(
            "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", 
            "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", 
            "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege", "SeDebugPrivilege", "SeEnableDelegationPrivilege", 
            "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege", "SeIncreaseQuotaPrivilege", 
            "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege", 
            "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", 
            "SeRelabelPrivilege", "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", 
            "SeShutdownPrivilege", "SeSyncAgentPrivilege", "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", 
            "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", 
            "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
        [String]$Privilege,

        [Parameter(Position = 1)]
        $ProcessId = $PID,

        [switch]$Disable
        )


        Add-Type -TypeDefinition @'
using System;
using System.Runtime.InteropServices;

public class Privilege {
    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);

    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);

    [DllImport("advapi32.dll", SetLastError = true)]
    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);

    [StructLayout(LayoutKind.Sequential, Pack = 1)]
    internal struct TokPriv1Luid {
        public int Count;
        public long Luid;
        public int Attr;
    }

    internal const int SE_PRIVILEGE_ENABLED    = 0x00000002;
    internal const int SE_PRIVILEGE_DISABLED   = 0x00000000;
    internal const int TOKEN_QUERY             = 0x00000008;
    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;

    public static bool EnablePrivilege(long processHandle, string privilege, bool disable) {
        bool retVal;
        TokPriv1Luid tp;
        IntPtr hproc = new IntPtr(processHandle);
        IntPtr htok = IntPtr.Zero;
        retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
        tp.Count = 1;
        tp.Luid = 0;
        if(disable) { tp.Attr = SE_PRIVILEGE_DISABLED; }
        else { tp.Attr = SE_PRIVILEGE_ENABLED; }
        retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
        retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
        return retVal;
    }
}
'@

    try {
        $proc   = Get-Process -Id $ProcessId -ErrorAction Stop
        $name   = $proc.ProcessName
        $handle = $proc.Handle
        $action = if ($Disable) { 'Disabling' } else { 'Enabling' }
        Write-Verbose ("{0} privilege '{1}' for process {2}" -f $action, $Privilege, $name)
        [Privilege]::EnablePrivilege($handle, $Privilege, [bool]$Disable)
    }
    catch {
        throw
    }
}

function Grant-FullControl ([string]$SubKey, [switch]$BreakInheritance) {
    # helper function to grant registry FullControl for Administrators on a certain subkey

    # better not use the string "Administrators", because this might have a different name in other cultures
    # $RegACL.SetOwner([System.Security.Principal.NTAccount]"Administrators")
    # use the Well-Known SID instead
    $Administrators = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-32-544')   # local Administrators group

    $RegKey = [Microsoft.Win32.Registry]::ClassesRoot.OpenSubKey($SubKey,
                                                                 [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,
                                                                 [System.Security.AccessControl.RegistryRights]::TakeOwnership)

    $RegACL = $RegKey.GetAccessControl()
    if ($BreakInheritance) {
        # break inheritance, but keep permissions
        $RegACL.SetAccessRuleProtection($true, $true)
    }

    $RegACL.SetOwner($Administrators)
    $RegKey.SetAccessControl($RegACL)

    # refresh the ACL
    $RegACL = $RegKey.GetAccessControl()

    # test if there is a Deny rule in the ACL for Administrators and if so remove that rule
    $RegACL.GetAccessRules($true, $true, [System.Security.Principal.SecurityIdentifier]) |
        Where-Object { $_.AccessControlType -eq 'Deny' -and $_.IdentityReference -eq $Administrators.Value } |
        ForEach-Object { $null = $RegAcl.RemoveAccessRule($_) }

    # ceate a new rule allowing the Administrators FullControl
    $RegRule =[System.Security.AccessControl.RegistryAccessRule]::new($Administrators,
                                                                      'FullControl',
                                                                      'ContainerInherit',  # ContainerInherit, ObjectInherit
                                                                      'None',              # InheritOnly 
                                                                      'Allow')
    $RegACL.SetAccessRule($RegRule)
    $RegKey.SetAccessControl($RegACL)

    # close the registry key
    $RegKey.Close()
}

##################################################################################
# Step 1: give the current process the SeTakeOwnershipPrivilege
##################################################################################

$null = Enable-Privilege -Privilege SeTakeOwnershipPrivilege -Verbose

##################################################################################
# Step 2: change Key Owner to the local Administrators group and grant FullControl
##################################################################################

# first give Administrators full control on key "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
Grant-FullControl -SubKey "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -BreakInheritance

##################################################################################
# Step 3: change the 'LocalizedString' property in the registry to suit your needs
##################################################################################

# with PowerShell 5 you need to use `Registry::HKEY_CLASSES_ROOT\..` syntax in order to be able
# to set the registry Type for the value with parameter '-Type'.
# As of PowerShell 7 the '-Type' parameter is included

$regPath = 'Registry::HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}'
Set-ItemProperty -Path $regPath -Name 'LocalizedString' -Value "%ComputerName%" -Type ExpandString -Force

##################################################################################
# Step 4: OPTIONAL. Change the Computer icon for NEW user logins
##################################################################################

# give  Administrators full control on subkey "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon"
# now, we do not need to break the inheritance as we needed for the root key
Grant-FullControl -SubKey "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon"

$regPath = 'Registry::HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon'
Set-ItemProperty -Path $regPath -Name '(Default)' -Value '%SystemRoot%\System32\imageres.dll,-149' -Type ExpandString -Force

##################################################################################
# Step 5: Change the Computer icon for the CURRENT user
##################################################################################

$regPath = 'Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon'
Set-ItemProperty -Path $regPath -Name '(Default)' -Value '%SystemRoot%\System32\imageres.dll,-149' -Type ExpandString -Force

After all this, the desktop doesn't show the computername yet. You need to either press F5 on the desktop, or use the code you found to refresh the desktop.


To change the icon itself, you need to change the default value in registrypath

HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon 

for future NEW logins, or registrypath

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon

for the CURRENT user.

By default, it points to %SystemRoot%\System32\imageres.dll,-109, which means it extracts icon no. 109 from the imageres.dll. In that dll. there are ~343 icons, so you could opt to use another one from the same resource, or take one from another existing dll. (you can use IconsExtract from nirsoft for instance).

I didn't test this yet, but it should also be possible to have it point to the full path and filename of an icon of your own like %SystemDrive%\MyComputerIcon.ico.

As example, this will update the icon to use imageres.dll icon no. 149

$regPath = 'Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon'
Set-ItemProperty -Path $regPath -Name '(Default)' -Value '%SystemRoot%\System32\imageres.dll,-149' -Type ExpandString -Force

which looks like this

enter image description here

answered on Stack Overflow Mar 4, 2021 by Theo • edited Mar 8, 2021 by Theo

User contributions licensed under CC BY-SA 3.0