How To Check What All Programs Will Run When User Logged On To Computer.


The following knowledgebase will tell you how you can check what all programs will run when user has logged on to the computer.

When user logs on to the computer the Winlogon service will use the following registry entry to run any programs (if specified):

HKLM\Software\Micrsofot\Windows\CurrentVersion\Run

HKLM\Software\Micrsofot\Windows\CurrentVersion\RunOnce

The above two registry entries are used by Winlogon service after user has logged on to the system successfully. The Winlogon service will create a list of programs to run.

Please note that domain policy may override this setting if specified. You can also use Group Policy settings to block any program to run.

You can use the following script to check the programs in Run or RunOnce registry key on remote computer.

*** Start ***

@echo off

Set RegQry=HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Set RegQry1=HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

REG.exe Query \\remote_computer\%RegQry% > CheckRun.txt

REG.exe Query \\remote_computer\%RegQry1% > CheckRunOnce.txt

Echo Programs on Computer : Remote_Computer >> Programs.txt

For /F “Skip=5 Tokens=*” %%a In (CheckRun.txt) Do (

Echo %%a >> Programs.txt

)

For /F “Skip=5 Tokens=*” %%a In (CheckRunOnce.txt) Do (

Echo %%a >> Programs.txt

)

*** End ***

You can use PSEXEC (a tool from Sysinternals) to run this script remotely and then redirect the output in a Text file.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: