Hey, Scripting Guy! How can I list all the items in the Run key in the registry?
— JW
Hey, JW. How can you list all the items in the Run key in the registry? Well, to be honest, we’re not going to tell you. Nope, sorry. Not because we don’t like you, but because we think we have a better answer for you. (If we’re wrong, well, let’s just say it won’t be the first time.)
Because you’re interested in the Run key we’re assuming that what you really want to know is how to find out which programs are configured to automatically run each time Windows starts. You can definitely read that information from the Run key, do doubt about that. Well, actually, you can read that information from the Run keys, seeing as how both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE have Run keys. And they both have RunOnce keys. And then there’s the Startup folder, and the All Users Startup folder, and ….
You get the idea. The problem with trying to figure out which programs are configured to automatically run each time Windows starts is that this information might be stored in any one of a million different places. Could we write a script that checks each and every one of those million places? You bet we could. But we think this is a better way:
strComputer = “.”Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
Set colStartupCommands = objWMIService.ExecQuery _ (“Select * from Win32_StartupCommand”)
For Each objStartupCommand in colStartupCommands Wscript.Echo “Command: ” & objStartupCommand.Command Wscript.Echo “Description: ” & objStartupCommand.Description Wscript.Echo “Location: ” & objStartupCommand.Location Wscript.Echo “Name: ” & objStartupCommand.Name Wscript.Echo “User: ” & objStartupCommand.User Wscript.Echo Next
Instead of poking around in every nook and cranny trying to find out where Windows keeps information about auto-run programs we’ve decided to let WMI do all that work for us. The WMI class Win32_StartupCommand is designed to ferret out information about auto-run programs, regardless of whether that information is stored in the registry, in a Startup folder, or in some other location. For example, when we run this script we’ll get back information similar to this:
Command: Microsoft Office OneNote 2003 Quick Launch.lnk Description: Microsoft Office OneNote 2003 Quick Launch Location: Startup Name: Microsoft Office OneNote 2003 Quick Launch User: FABRIKAM\kenmyerCommand: C:\WINDOWS\System32\ctfmon.exe Description: ctfmon.exe Location: HKU\S-1-5-21-1987391165-1004336648-1605550848-8553\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Name: ctfmon.exe User: FABRIKAM\kenmyer
As you can see, we have two different auto-run programs here: one that has a shortcut in the Startup folder, the other is an application listed in Run in the HKEY_USERS portion of the registry. (Yet another location on the computer where auto-run information might be stored.) And our one simple little script can go out and, in a matter of seconds, retrieve information about both these programs, as well as any other auto-run applications. That’s why we consider a script that uses Win32_StartupCommand to be the better approach.
So how does the script itself work? Well, it’s about as simple a WMI script as you’ll ever write. We start off by connecting to the WMI service on the local computer. Needless to say, we could also use this script to connect to the WMI service on a remote computer (which would return a list of programs configured to auto-run on that machine). We then call the ExecQuery method and issue the following query, one that goes out and grabs a collection of all the auto-run programs it can find:
Set colStartupCommands = objWMIService.ExecQuery _ (“Select * from Win32_StartupCommand”)
All that’s left now is to set up a For Each loop and walk through the collection of programs, echoing back such data as the application name and the location where the auto-run information can be found. It’s fast, it’s easy and – best of all – it returns a lot more information than you could get just by reading values filed under a single registry key. What’s not to like, huh?
We hope that helps, JW. If it doesn’t, if you really did need to just read the Run key and be done with it, well, let us know and we’ll see what we can do for you. Any more questions? Do we know who ate the last piece of cake, the one you were saving for yourself? Well, we could answer that, JW. But we’re not going to.
0 comments