How do you disable startup programs that only exist in the Task Manager Startup tab via command line?

1

1

Searching the web yields plenty of results for Get/Set-Service, wmic and sc and plenty of GUI options with msconfig and Task Manager itself, but I need to setup an unattended install of a Windows machine, and therefore need to disable these startup programs via command line.

To find these apps, open Task Manager and click on the Startup tab. You will see a list of applications set to "Enabled" or "Disabled" along with their Startup impact.

The applications I am trying to keep from startup, for example, are Citrix and KeePass.

PowerShell's Get-Service command does not show these services. Running sc query does not show these services, and wmic startup also does not show these services. I am at a loss as to how I can disable these via command line.

Johnny

Posted 2019-03-13T22:55:43.283

Reputation: 11

1Keepass preload uses the RUN key in the Registry. Use the REG command to delete it. I believe it's an installation option whether this is created. – David Marshall – 2019-03-13T23:58:55.780

Problem #1.. they aren't services. – Señor CMasMas – 2019-10-04T14:16:11.100

Answers

1

Auto startup is located in the registry or scheduled tasks.

Find and delete those entries or delete them. However, if this is a corporate machine and you are not the a local admin, you will not be able to do this. Even if you are. If there are domain level GPO's that are enforced, they will start back up anyway.

How to Access or Modify StartUp Items in the Window Registry

You can use PowerShell to modify the associated registry keys. Have a look at the help for the registry provider

Get-Help about_providers
Get-Help registry

If you compare the entries in Task Manager with the output from SysInternals Autoruns then Task Manager is displaying programs from the following locations:

 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
 C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 HKCU\Software\Microsoft\Windows\CurrentVersion\Run

I guess there may be more locations depending on your exact configuration but the above is true for my machine.

Autoruns enables and disables startup programs by deleting and adding the registry keys

However, Task Manager doesn't remove the registry entries, it actually modifies registry entries in the following locations: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run

Each program, listed in Task Manager, has an entry. It looks like a value of 02 00 00 00 00 00 00 00 00 00 00 00 is enabled and anything else is disabled. I've only experimented briefly though and had to close/open Task Manager to see it change from enabled to disabled.

Get/Stop-Process (normal apps, scripts, etc.). 

# get function / cmdlet details
(Get-Command -Name Get-Process).Parameters
Get-help -Name Get-Process -Full
Get-help -Name Get-Process -Online
Get-help -Name Get-Process -Examples


(Get-Command -Name Stop-Process).Parameters
Stophelp -Name Stop-Process -Full
Get-help -Name Stop-Process -Online
Get-help -Name Stop-Process -Examples

Get/Stop-Service is for services not processes (real services, faux services).

# get function / cmdlet details
(Get-Command -Name Get-Service).Parameters
Get-help -Name Get-Service -Full
Get-help -Name Get-Service -Online
Get-help -Name Get-Process -Examples


(Get-Command -Name Stop-Service).Parameters
Get-help -Name Stop-Service -Full
Get-help -Name Stop-Service -Online
Get-help -Name Stop-Service -Examples

postanote

Posted 2019-03-13T22:55:43.283

Reputation: 1 783

Asked: 2019-03-13T22:55:43.283

Viewed: 3 766 times

Active: 2019-10-04T12:02:45.430