Autoexec commands

To run a command as soon as the command prompt is opened -

HKLM\Software\Microsoft\Command Processor\AutoRun
HKCU\Software\Microsoft\Command Processor\AutoRun

To run a command as soon as a user logs in -

The STARTUP folder (Start Menu)
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

To run a command as soon as the machine powers up, (like AUTOEXEC.BAT in MS-DOS), use the Windows Task Scheduler - choosing the option:

Run a task:
When my computer starts (before a user logs on)

Autoexec.bat file

The autoexec.bat file was an MS-DOS feature. Under Windows there is a still a degree of backwards compatibility - if the file (C:\autoexec.bat) exists, any SET statements within it will be parsed at boot time.
Variables set in this way are not available to gui programs - they will be visible from the CMD prompt but don’t appear in the control panel. All other commands in autoexec.bat will be ignored. This behaviour is to allow old DOS applications to install correctly.

Scripts running at Windows startup

To see exactly what is running (or running slowly) at windows startup/login, set the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"verbosestatus"=dword:00000001

AutoRun

In Windows 7/2008 R2, autorun events are (mostly) restricted to drives of type DRIVE_CDROM. The default behaviour is to invoke AutoPlay. The NoAutoRun registry entry can be used to disables the AutoPlay and/or AutoRun feature on individual drives. This can be set in the registry under HKCU and/or HKLM. (If both are set then HKLM will take priority.)

The NoDriveTypeAutoRun registry entry disables or enables the AutoRun feature on all drives of the type specified. It can be set in the registry under HKCU and/or HKLM. (If both are set then HKLM will take priority.) Values: 0xFF=Disable AutoRun on all types of drive, 0x91=Disable AutoRun on network drives, 0x95=Disable AutoRun on removable + network drives.

The NoDriveAutoRun registry entry disables or enables the AutoRun feature on individual drives. It can be set in the registry under HKCU and/or HKLM. (If both are set then HKLM will take priority.)

In all cases the registry keys are set under:
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

The registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 contains cached information about every removable device seen so far. This cache can bypass the registry settings above which can leave a machine vulnerable. See Q967715 for patches that address this issue. Alternatively the iniFileMapping method described below will disable AutoRun completely.

To effectively disable AutoRun in all versions of Microsoft Windows, import the following registry value (source: US-Cert Alert TA09-020A) this applies to any autorun.inf in any location and on any drive:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

“The real danger is not that machines will begin to think like men, but that men will begin to think like machines” ~ Sydney J. Harris

Related:

http://sourceforge.net/projects/noautorun/
SC - Service Control
SET - Display, set, or remove Windows environment variables
Q967715 - How to disable the Autorun functionality in Windows
Q137890 - SRVANY - create a User-Defined Service
Q243486 - AutoExNT Run a Batch File before Logging on (Windows 2000)


© Copyright SS64.com 1999-2014
Some rights reserved