i’d split this up - use GPO or at minimum registry to achieve this then snapin to push out relevant xml start menu layout

Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\Explorer] - 64bit location
“LockedStartLayout”=dword:00000001
“StartLayoutFile”="C:\PATH\TO\START\MENU\LAYOUT\.xml

you can partially lockdown start menu aswell so you give users a standard put they can pin their own stuff too (not allowed to edit what you’ve set)

the snapin could just handle which start menu they get

i.e. Admin-> this startmenu.xml
IT-> this startmenu.xml

just when they reach the location set in registry name it the same so like:
IT-Startmenu.xml copies locally to startmenu.xml
Admin-Startmenu.xml copies locally to startmenu.xml

Hope this makes sense