Changing the NTFS file permissions on the shortcut is about the only way to
do this. If the user logs in as an account that is in the local
Administrators group, that user can undo anything you can do, so that may be
secure enough, but isn't 100% secure unless you take them out of that group.
