Category: Edge

Folder Redirection a thing of the past

Folder Redirection a thing of the past

Are you still using folder redirection and do you still rely on it, to provide a decent logon performance? Then this article is probably for you.

This article has been in my head for a quite some time. A while ago I was on an assignment at a customer I hadn’t done any previous work for. The customer was using Citrix Profile Management with a couple of folder redirections, including folder redirection of AppData.

It’s still not uncommon for me to come across setups with Citrix Profile Management and folder redirection of the documents and desktop folders, occasionally I also see the start menu and favorites folders being redirected. However I haven’t seen redirection of the AppData folder for the better part of 10 years now, and there seems to be a general consensus in the EUC world, that redirection of the AppData folder is a no-go as it can lead to a variety of different application related issues. If you are still redirecting AppData, please stop, there are alternatives to both Citrix Profile Management AND folder redirection available.

With FSLogix Profile Container now being the de facto solution for profile management, there really is no need to do any kind of folder redirection anymore. With that said, I do recognize that redirecting the documents folder and maybe the desktop folder as well, may in some circumstances still be relevant, mainly in scenarios where we need to be able to backup files/folders in the Documents and/or Desktop folders.

Today we have the technology to lay the last remnants of folder redirection to rest. With the new Microsoft Edge browser and Microsoft OneDrive, we are able to provide a modern way of redirecting the documents, desktop and favorites folders.

I have written a couple of articles about the new Microsoft Edge browser, which you can find here and here. These articles lay the ground work for the Microsoft Edge deployment and configuration and really should be the baseline for any Microsoft Edge deployment.

Hybrid Azure AD Join

To provide the best solution, when signing in to Edge and OneDrive I recommend configuring hybrid Azure AD join. This configuration provides seamless sign-in to both Edge and OneDrive. Microsoft has a decent article about how to configure hybrid Azure AD join.

Microsoft Edge Enterprise Sync

The Enterprise Sync feature in Microsoft Edge enables synchronization of favorites, passwords, extensions etc. to the Azure cloud, which enables you to roam most of the Edge configuration between different devices. The Enterprise Sync feature requires an Azure AD Premium subscription.

Manual configuration

The manual configuration approach is fairly easy. Log on with your Azure AD credentials (usually your email address) by clicking the “Not syncing” button in the top right corner:

You will have to go through a small wizard

Move the little slider to “Yes” and click Confirm.

Once logged on, you should see the “Sync is on” message:

And the final verification that sync is configured:

As you can see it’s not yet possible to synchronize the history and open tabs browser data.

Automatic configuration

Even though the manual configuration of the sync feature is fairly simple, we don’t want each and everyone of our users to go through this process. The sync feature can be enabled and enforced via group policy. The enforcement prevents the user from inadvertently disabling the sync feature.

Group Policy settings

These group policy settings enables and enforces the sync feature:

The “Browser sign-in settings” enforces the sign-in process, suppressing the sync wizard.

The “Configure whether a user always has a default profile automatically signed in with their work or school account” enables auto sign-in, with a Work profile, using the Azure AD account.

The “Force synchronization of browser data and do not show the sync consent prompt” partly does what it says. It enables and enforces the sync feature and the user will not be able to disable it. However the “do not show the sync consent prompt” is not working in Edge v85.x, as you will see in the screen recording below. This means that the user will have to click the “Sync” button, to enable the sync feature.

With the upcoming v86.x version, which is currently released in the BETA channel and, according to Microsoft, due to hit the stable channel within the coming week, it’s possible to suppress the consent box . This will enable and enforce the sync feature without bothering the user at all.

Microsoft OneDrive Known Folder Move

The Known Folder Move (KFM) feature in OneDrive has been around for a while and I am seeing more and more customers implementing it in production.
KFM redirects, the documents, desktop and pictures folders to your OneDrive for Business account, which makes it easy to access your data when moving between different devices. OneDrive is available in a wide range of different subscriptions, however I usually see it delivered with via a subscription that can be activated in a shared computer setup, like the Microsoft 365 E3 or E5 subscriptions.

Manual Configuration

Like the Enterprise Sync in Edge, we can also configure KFM manually. This configuration is also driven by a wizard so it’s easy to set up.

Click sign in and provide valid OneDrive credentials.

A few clicks later, the wizard has setup the OneDrive client. Right click the little blue cloud in the tray area and click Settings.

Go to the Backup tab (no this isn’t very intuitive) and click managed backup.

Once you click Start Backup, the Desktop, Documents and Pictures folders will be redirected to OneDrive.

As with the Enterprise Sync feature, we really don’t want to leave the configuration of KFM to the user.

A word of advice. If you have folder redirection already configured, you will have to disable it. The traditional folder redirection policies and OneDrive KFM cannot coexist.

Automatic Configuration

The OneDrive configuration and the KFM feature can both be configured and enforced via Group Policy configuration. The most important part of the group policy configuration is the OneDrive (Azure AD) tenant ID, this has to be specified in the OneDrive configuation GPO.

There are a few different ways to obtain the tenant ID. One way is to configure OneDrive, manually, on a computer and get the ID from the registry in HKEY_CURRENT_USER.

The value “ConfiguredTenantId” contains the OneDrive (Azure AD) tenant ID.

If you have access to the Azure portal and Azure AD, this is probably the easiest way to obtain the tenant ID, at least it beats manually configuring the OneDrive client.

With the tenant ID you are now ready to configure the OneDrive and KFM configuration GPO.

I usually configure one GPO with both the computer configuration policies and user configuration policies, it’s basically up to you how to configure that part, however both configuration types are needed to provide a seamless configuration of OneDrive and the KFM feature.

To manage OneDrive via group policy, you’ll have to get the ADMX and ADML files. The ADMX and ADML files are located in the %LOCALAPPDATA%\Microsoft\OneDrive\CurrentBuildNumber\adm folder on any computer with OneDrive installed.
More information about OneDrive group policy configuration can be found in this guide by Microsoft.

Computer Configuration

This configuration will setup both the OneDrive client and the KFM feature. It will also activate the Files On-Demand feature which let’s the user decide which files/folder should be synced to the local OneDrive cache and it also prevents the OneDrive client from doing a complete sync of the online OneDrive content.

When using group policy, the configuration of the OneDrive client with the specified tenant ID will be enforced. That will prevent the user from removing the OneDrive client configuration.

User Configuration

In here the OneDrive tutorial is suppressed and more importantly, the OneDrive folder location is enforced and the user is prevented from changing that location. The %USERPROFILE%\OneDrive – tenantname is the default location for the OneDrive folder, I usually recommend not changing this location, however it is possible to have the OneDrive folder at another location, do NOT put in on a network drive!

Here is a screen recording showing the automatic configuration of the OneDrive client and Known Folder Move feature.

OneDrive pro tip

This is a strange one. When I started with the OneDrive testing and configuration, I was using the manual configuration approach, to get the feel of how to configure OneDrive. When I had the basic OneDrive configuration mastered, I looked into the KFM feature and this is where it gets strange. I noticed the “Backup” tab was missing, and at first I thought I had configured something to remove the tab, however I experienced the same behavior with no group policy configuration applied.

It turns out if the URL g.live.com is blocked on the network, the KFM feature is not available. In my setup, the URL was blocked by my Pi-Hole, as soon as I configured the URL to be in the whitelisted URLs the KFM feature magically appeared.

So, armed with Microsoft Edge Enterprise Sync and Microsoft OneDrive Known Folder Move, you can leave the last remnants of folder redirection in the past and move forward with more modern ways of syncing user data, files and folders.

This concludes the article. As always feel free to contact me on Twitter or in the World of EUC Slack channel if you have any comments or questions.

How to get rid of Internet Explorer

How to get rid of Internet Explorer

The time is right. Internet Explorer has had a very, very good run and it has been a good browser. For years it was the only Microsoft supported browser in a Windows Server operating system, even when Edge (the 1st) was released we still had to make due with Internet Explorer in Windows Server operating systems.
It’s now time to look in a different direction. A direction where we have a fully supported and modern browser with the new Edge browser based on the Chromium project. This browser is also available and supported in a Windows Server operating system.

During the last 6 months I have written a couple of articles about how to install and configure the new Edge browser, I have even penned an article about how to remove the pesky pinned takbar shortcut, which is created during the first launch of Edge.

In my article about how to configure Edge via group policy, I finish off by showing that it is possible to run sites with java content in Edge, something we historically had to use Internet Explorer to do. This is no longer the case, or technically it is, but we can now use “emulated IE” tabs, called IE Mode, within the Edge browser, so we don’t have to leave the browser when accessing legacy sites.

A couple of days ago I was helping a customer, and I noticed that he had Edge running, but Internet Explorer was also running in the same session. So we had a short conversation about IE Mode, he knew about it and what the possibilities were with sites with java content. It turned out he was accessing a Hitachi storage web based configuration site, which needed Adobe Flash Player. Seriously Hitachi, you need Adobe Flash in 2020? In all fairness I have to mention that I don’t know if my customer is on an older model of a Hitachi storage box, which for some reason can’t be updated.
Nonetheless we are also able to use IE Mode with sites with Flash based content.


Be aware that Adobe has announced that the 31st of december 2020 is the End of Life (EOL) for Flash Player.

This means that you should probably start looking at alternatives to whatever sites you are using, if Flash is still a requirement.

What is IE mode

IE Mode is a feature that allows us to specify that certain URLs should open in an “emulated IE” tab within the Edge browser. This is great because the user will never have to leave the primary browser, which is of course Edge, to access legacy sites or sites with legacy content (Java and Flash), everything is kept within the Edge browser window.
We can also open the specified sites outside the Edge browser in a standalone Internet Explorer browser, and not in an IE Mode tab in Edge. We might not get rid of Internet Explorer, but with IE Mode we can limit the use of Internet Explorer to a certain selection of URLs.

Java and Flash in IE mode tabs

I have included a screen recording of Java and Flash content running in IE Mode tabs within Edge:

Standalone Internet Explorer

Here we see the www.citrix.com and www.microsoft.com URLs both open in a standalone Internet Explorer. We also see that the Java.com site opens in IE Mode, we can have both configurations at the same time, so it’s not one or the other.

By now you might be wondering, what is stopping us from keep using the Internet Explorer window, which Edge conveniently launched for us? By default, nothing. We are able to use Internet Explorer all day long, we don’t want that, we want to get rid of Internet Explorer or at least limit the use of it.

Configure IE Mode

Let’s have a look at how to configure IE Mode, and how to prevent us from keep using Internet Explorer, if we are using standalone Internet Explorer windows. In this article I have configured IE Mode via traditional group policies. It is also possible to configure IE Mode via Microsoft InTune, this is not in scope here though.

Group Policy Configuration

The configuration of IE Mode is really easy, it’s basically 4 policies and you’re done.

With the policy configuration for Edge we have specified that we want to use Internet Explorer Mode (IE Mode) and we are also supplying a specific XML file using the Enterprise Mode Site List feature.
For Internet Explorer we have configured the “Send all sites not included in the Enterprise Site List to Microsoft Edge” and we are also, again, supplying the Enterprise Mode Site List.


Configuring the “Send all sites not included in the Enterprise Site List to Microsoft Edge” policy prevents the use of Internet Explorer all day long. If we are trying to access sites not specified in the Enterprise Mode Site List, we are directed back into the Edge browser. This is a very good way of limiting the use of Internet Explorer.

Enterprise Mode Site List

So, how do we create this so called Enterprise Mode Site List?
I would recommend the free tool by Microsoft called “Enterprise Mode Site List Manager”.

The Enterprise Mode Site List Manager can be found in Microsoft’s Download Center here:
https://www.microsoft.com/en-us/download/details.aspx?id=49974

The download provides you with a EMIESiteListManager.msi file. Go through the setup process:

Once installed you should have shortcuts to the Enterprise Mode Site List Manager on both the desktop and in the start menu.

When lauching the Enteprise Mode Site List Manager for the first time, it provides you with a blank site list configuration:

Here you will have to add the URLs for either IE Mode and/or standalone Internet Explorer.

Click Add:

  1. Specify in the URL, without http/https.
  2. Select Open In IE11
  3. If you want the URL to open in a standalone Internet Explorer, click the “Standalone IE:” check box
  4. If you check the “Allow Redirect” box, if there is a server-side redirected URL, it will have the same browser configuration applied.
  5. Leave the Compat Mode dropdown box at the default configuration

When you have the needed URLs configured, you will end up with something looking like this:

These are the URLs demonstrated in the screen recordings earlier. Notice the “Standalone IE” is true for www.citrix.com and www.microsoft.com, these URLs will open in standalone Internet Explorer windows, any other URLs will open in IE Mode within the Edge browser window.

To save the current list of URLs to an XML file go to File and select Save to XML:

Provide a name, in this example, for lack of creativity, I call it Sites.xml:

Once the XML file has been saved, be aware that a version number is assigned, you can find the version number here:

Or you can crack open the XML file and find it here:

The Sites.xml should be made available from a central location. Microsoft recommends to publish it via a web server, this is due to performance reasons. I usually makes it available via the NETLOGON share, as regular users cannot write/modify files and folders in that location.

When the user logs on, the Sites.xml is copied to the user’s profile, we’ll see where in a moment, the version of the Sites.xml is important, as the one in the user’s profile is compared to the one in the central location.

The downside by publishing is via NETLOGON or another file share, is that the file is copied to the user’s profile before a version comparison is made. If you have hundreds or thousands of URLs, it’s performs better via HTTP/HTTPS, as IE Mode can read the version number before copying the file.

If you need to make changes to an existing Sites.xml file, remember to also export the URL list configured.

The exported Sites.emie2 is needed for future changes as it keeps the version information.

So, import the Sites.emie2, make whatever changes necessary and then click Save to XML and save and overwrite the Sites.xml in the central location:

As you can see we are now on version 2 of the XML file.

The 65 seconds delay

The version comparison has a timeout of 65 seconds. This means that Edge and IE Mode does nothing with the Sites.xml until after 65 seconds after Edge is launched. At that time the Sites.xml in the central location and the one in the profile are compared and if a Sites.xml with a higher version exists in the central location, it’s copied and enumerated. This means that for 65 seconds after launching Edge, IE Mode is basically not in effect, which means that any sites that are configured to open in an IE mode tab or a standalone Internet Explorer are treated as any other sites, and will open in Edge.

I have worked with a lot of customers which wanted their intranet site as default startup page. If that intranet site is now configured to open in an IE Mode tab, because of the 65 seconds delay, that will not happen.

Luckily for us Microsoft introduced a new feature in Edge v84.0.522.40, which was released a couple of weeks ago, that enables us to prevent navigation in Edge if the Sites.xml does not exist in the user’s profile.
If a Sites.xml file exists, there is no longer a wait for the central Sites.xml and local Sites.xml to be compared, the local Sites.xml file will be used and any changes in the central Sites.xml file will be copied in the background. The feature can be enable via the Require that the Enterprise Mode Site List is available before tab navigation policy:

Here we see the new feature in effect. If we immediately after logon launch Edge, and type mycugc.org, Edge stalls until the Sites.xml is enumerated, as mentioned a great feature if you have an intranet site or a similar legacy site configure as a startup site. Unfortunately this new feature, doesn’t work with sites configured to open in a standalone Internet Explorer.

Keep in mind that Microsoft does not recommend enabling this feature, unless there is a specific need for it, as you can see it can/will slow down Edge in certain scenarios.

Now that we have the Sites.xml file and the 65 seconds delay covered, let’s see what happens on the client side.

IE Mode in effect

As mentioned, during logon the Sites.xml is copied to the user’s profile. The Sites.xml is copied to %LocalAppData%\Microsoft\Edge\User Data\Emiesitelist.xml and not Sitex.xml, a bit confusing:

If we open the EmieSitelist.xml with Notepad, we can see that the contents are the same as in the Sites.xml file:

Notice we are now using the version 2 of the Sites.xml, the one we created earlier.

This means that the latest addition to the Sites.xml file, www.mycugc.org, open in IE Mode within the Edge browser, as you have seen earlier.

The mycucg.org website is still opening in IE Mode tab within the Edge browser, so did both the Java test page and Adobe Flash test page.
The citrix.com and microsoft.com websites still open in a standalone Internet Explorer, but because of the “Send all sites not included in the Enterprise Site List to Microsoft Edge” policy we now also see that I am not allowed to use Internet Explorer to access youtube.com, that request is redirected back into the Edge browser.
There is a small delay on youtube.com, this is because of the Browser Content Redirection extension in Edge.

Troubleshooting IE Mode

The 65 seconds delay

When testing IE Mode the first thing that is almost always is reported back to me is, “IE Mode is not working!”. And it almost always turns out that the customer forgot about the 65 seconds timeout and being a bit more patient usually does the trick. If the Require that the Enterprise Mode Site List is available before tab navigation policy is configured that is probably not the case.

Also make sure that the Enterprise Mode Site list path and name is properly configured in the Configure the Enterprise Mode Site List policy.

Microsoft Edge policies

If you are experiencing IE Mode doesn’t work, make sure to check that Edge actually receives the IE Mode policies and a valid site list.
To verify the policies applied to Edge, you can enter edge://policy in the address bar:

If you don’t see the “InternetExplorerIntegrationLevel” and the “InternetExplorerIntegrationSiteList” values in this list, you can click the “Reload Policies” button, if that doesn’t help, you will probably have to check your GPO configuration.

Microsoft Edge Compatibility

If you are experiencing sites not opening i IE Mode or in a standalone Internet Explore, but you expect them to. You can verify which site list version is currently used and which sites are on the site list. This can be done by entering edge://compat in the address bar:

Now there should be no excuses for not getting rid of Internet Explorer, or at least limit the use of it.

This concludes the article. As always feel free to contact me on Twitter or in the World of EUC Slack channel if you have any comments or questions.

The curious case of the pinned Microsoft Edge shortcut

The curious case of the pinned Microsoft Edge shortcut

I really love the new Microsoft Edge browser! Most of all because we now have a modern browser which is supported by Microsoft in a server operating system, but also because we are now able to integrate our Microsoft Azure AD/Office 365 account with Edge, which among other things enables favorites and password sync.

UPDATE – 06-06-2020 (June 6th 2020): I did not do proper testing during my last update, rather embarrassing. This means, that you will still get a pinned taskbar Edge shortcut. It looks like Microsoft implemented a partial fix, which doesn’t pin Edge to the taskbar of the account installing Edge. Any other accounts logging in, will still get the pinned Edge shortcut on the taskbar. I uploaded a new screen recording, recorded on a non-domain joined Windows Server 2019 with the latest CU installed and using the latest version of Edge.
Solutions in this article are still valid!

UPDATE – 04-06-2020 (June 4th 2020): As of 83.0.478.44 stable Microsoft has now fixed the install/configuration process, so a pinned shortcut is no longer created. I have tested this in both Windows Server 2019 and Windows 10. However in Windows 10, if the legacy Edge browser is pinned to the taskbar before deploying the new Edge browser, it will be replaced with a shortcut to the new Edge browser.

It’s been a few months since my very first article on the Microsoft Edge browser, written during Citrix Summit 2020. As you’ll probably notice, this article is focused mainly on how to install Edge in a Citrix setup.

I have penned an additional Edge article where I focus on how to secure the browser using the Microsoft Security baseline GPO settings.

As you can see I have spent a great deal of time with Edge, and it has of course also become my first choice of internet browser. The are so many scenarios where Edge fits right in, so I also spend a great deal of time telling customers and colleagues about the fantastic use cases where Edge might provide new or better functionality or solve an issue in a Citrix VAD setup.

However as much as I like Edge, I have found that Edge is now doing stuff it shouldn’t be doing. To be specific, when launching Edge for the first time in Windows Server 2016/2019 (probably also 2012 R2) a pinned taskbar shortcut is created, for no apparent reason. It is well known that when installing Edge on an up to date Windows 10 machine, the so called “legacy Edge browser” is replaced, Microsoft published an article around the same time as the first stable release of Edge. This means that any legacy Edge browser shortcuts, are replaced with shortcuts to the new Edge app, however we do not have the legacy Edge browser in a server operating system. I have also seen that evene if I don’t have a pinned “legacy Edge” shortcut in the taskbar, a pinned shortcut to the new Edge browser i still created, not OK!

I have created a small screen recording to shown what is going on. To rule out any domain related configuration like group policy, scripts etc. I have conducted the test on a non-domain joined Windows Server 2019 with the latest cumulative update. I am of course installing the latest Microsoft Edge stable release.

Screenpresso.com does not endorse this recording or this blog, I simply forgot to register the application 🙂

UPDATE – 06-06-2020: New screen recording uploaded showing the pinned Edge shortcut still appears with the latest Edge build v83.0.478.45

How is the pinned shortcut created?

During the installation of Edge an Active Setup registry key is created which launches a setup.exe file with a specific set of parameters.

This particular Active Setup is created during setup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}

From what I can see in Process Monitor, the setup.exe process actually doesn’t do very much, but it does create a registry value in HKCU\Software\Microsoft\Edge (even in a server OS) called TaskBarAutoPin.

The first time Edge is launched, and this value data is “1”, a pinned taskbar shortcut is created, and the value is deleted.

How to get rid of the pinned shortcut?

I started looking into the documentation a The Chromium Projects website, and I found an article describing how to create a master_preference file. I have used master_preferences before in Google Chrome and also with the earlier releases of Edge, to remove the Edge shortcut on the desktop. In the documentation a “do_not_create_taskbar_shortcut” setting is mentioned, however it only works in Windows 8 and older, which I confirmed to be true, it does not work in either Windows 10 or Windows Server 2019.

With the Edge stable version 81.0.416.32 , Microsoft introduced an MSI command line parameter the “DONOTCREATEDESKTOPSHORTCUT=TRUE” which does indeed work, it prevents the desktop shortcut from being created. Hoping that Microsoft had built in a “secret” command line parameter I had to try “DONOTCREATETASKBARSHORTCUT=TRUE”, unfortunately it did not work.

I reached out to a former colleague of mine who is now a program manager at Microsoft. We discussed this issue for quite some time, and it basically ended up with him recommending me to submit a so called Microsoft Edge User Voice where I should describe the issue. Someone had beat me to it, a User Voice for the issue had already been submitted here. Please cast your vote, we need to make Microsoft aware of this issue and hopefully make them change this unusual behavior of creating pinned taskbar shortcuts. Or at least give us a way to prevent the pinned taskbar shortcut from appearing, in both Windows Server and Windows 10.

I am a tenacious guy, so I managed to find 4 different ways to get rid of the pinned taskbar shortcut, take that Microsoft! Credit goes out to Trentent Tye, James Rankin and Nathan Sperry for providing inspiration and/Or information to a couple of the solutions described.

Solution 1:

Using one of my favorite applications, Citrix Workspace Environment Management, we are able to remove all pinned shortcuts in the taskbar during logon by simply checking a box:

This will delete the shortcut during logon, it works and it is a non-destructive way of removing the shortcut. It’s was not quite what I was looking for though, I wanted to flat out prevent the shortcut from ever appearing, this procedure also removes any other pinned shortcuts, that might not be desirable.

Solution 2:

Another favorite of mine is FSLogix. The App Masking feature in FSLogix can be used for a variety of different things, but in this particular case it can be used to hide the entire Active Setup registry key created by the Edge setup, so the setup.exe process is never even launched.

I have created a very simple hiding rule which hides the Edge Active Setup key. This procedure is non-destructive which means it doesn’t delete anything, so if something breaks you can remove the hiding rule and the Edge Active Setup key is back in business.

I have created a hiding rule via the FSLogix Rule Editor:

Create a new blank hiding rule

Provide the hiding rule with a name and click the New Rule button:

In the object name box put in the full key path to the Edge Active Setup key and specify that it is a Directory/Registry in object type and click OK.

Lastly we need to specify which users/groups this hiding rule is applied to. I have specified that Everyone should have this rule applied, but if you want to be a bit more granular in your approach, you might want to select one or more AD groups instead.
To configure the user/group assignment, right click the name of the hiding rule and select Manage Assignments:

Here you will be able to enable the Everyone group and specify other groups this rule should apply to.

Click OK. Your hiding rule is now ready.

The only thing left to do is to copy the hiding rules files to the C:\Program Files\FSLogix\Apps\Rules folder:

The Edge Active Setup key is now hidden for all users logging on to the server, hence it will not run the setup.exe process and we will not get the pinned taskbar icon, happy days!

Solution 3:

Really simple solution. Delete the Edge Active setup registry key entirely. This can of course be done manually via regedit or via PowerShell::
Remove-Item -Path “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}” -Force

This is a destructive solution, so if anything breaks, you will have to have some way back to the original state. You can incorporate this solution is a part of the Edge setup process.

Solution 4:

Also a fairly simple solution. Delete the TaskbarAutoPin value in registry. Again this can be done manually via regedit or via PowerShell:
Remove-ItemProperty -Path “HKCU:\Software\Microsoft\Edge” -Name “TaskbarAutoPin” -Force

However I will of course recommend using Citrix WEM to delete the TaskbarAutoPin value via a registry action:

Like solution 3, this is also a destructive solution, so if needed you will also have to have a way back if things go sideways.

So there you have it, leave it to a Citrix-guy to fix Microsoft’s mess. I do hope that Microsoft will provide us with a better and/or simpler solution to prevent the pinned taskbar shortcut from being created. In the meantime we now have a couple of different workarounds to remove the shortcut.