3

I am looking to disable a list of startup programs using PowerShell. I have gotten so far but then hit a wall. Currently I cannot get a second listing of startup programs to list nicely like my first.

function Disable-Startups {
    [CmdletBinding()]
    Param(
        [parameter(DontShow = $true)]
        $32bit = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $32bitRunOnce = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $64bit = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $64bitRunOnce = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $currentLOU = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $currentLOURunOnce = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
    )

    Begin {
        $disableList = @(
            "iTunesHelper",
            "Cisco AnyConnect Secure Mobility Agent for Windows",
            "Ccleaner Monitoring",
            #"SunJavaUpdateSched",
            "Steam",
            "Discord"
        )
        New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null
        $startups = Get-CimInstance Win32_StartupCommand | Select-Object Name,Location
    }
    Process {
        foreach ($startUp in $startUps){
            if ($startUp.Name -in $disableList){
                $number = ($startUp.Location).IndexOf("\")
                $location = ($startUp.Location).Insert("$number",":")
                Write-Output "Disabling $($startUp.Name) from $location)"
                #Remove-ItemProperty -Path "$location" -Name "$($startUp.name)" 
            }
        }

        $regStartList = Get-ItemProperty -Path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce | Format-List
    }
    End {}
}

So basically when $regStartList starts I want the the display name and location of each item for each registry and I want to put all of that into one variable. but I cannot get a nice list like this to be listed

Name                Location
----                --------
OneDriveSetup       HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OneDriveSetup       HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Send to OneNote     Startup
OneDrive            HKU\S-1-5-21-3687383513-804626811-2257261628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CCleaner Monitoring HKU\S-1-5-21-3687383513-804626811-2257261628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

But instead get this, even if I run.

$regStartList = Get-ItemProperty -Path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce | Select-Object name,location

name location
---- --------

Some reason there is not a location or name/displayname that gets grabbed.

EDIT: I answered my own question but if someone has a better one let me know.

$regStartList = Get-Item -path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce |
    Where-Object {$_.ValueCount -ne 0} | Select-Object  property,name

foreach ($regName in $regStartList.name) {
   $regNumber = ($regName).IndexOf("\")
   $regLocation = ($regName).Insert("$regNumber",":")
   if ($regLocation -like "*HKEY_LOCAL_MACHINE*"){
    $regLocation = $regLocation.Replace("HKEY_LOCAL_MACHINE","HKLM")
    write-host $regLocation
   }
   if ($regLocation -like "*HKEY_CURRENT_USER*"){
    $regLocation = $regLocation.Replace("HKEY_CURRENT_USER","HKCU")
    write-host $regLocation
   }
    foreach($disable in $disableList) {
       if (Get-ItemProperty -Path "$reglocation" -name "$Disable"-ErrorAction SilentlyContinue) {
            Write-host "yeah i exist"
            #Remove-ItemProperty -Path "$location" -Name "$($startUp.name)" -whatif
       }else {write-host "no exist"}
    }   

}
Improve this question
4
  • Just a thought. But start up program lists are usually small in nature. You might wanna reverse the code and make it a white list check. And if so you could remove all unwanted startups. Instead of just the 5 or 6 you dislike. Becareful though. In 3 years a new program could be needed and no one can figure out why it won't start with windows. 🤣🤣 Commented Oct 8, 2018 at 4:37
  • @RobertCotterman I would normally whitelist but we have so many items that could possibly need it or that someone may change at anytime and then like you said come to find out that it doesn't work. and most of these programs I have installed so they don't have startup. That and I have been finding software from the 90's that are installed on computer that we "need" and with such a wide possibility its better to blacklist for me... Currently. Let me know if I am thinking wrong still though. I am up for trying things out Commented Oct 8, 2018 at 19:57
  • Security wise, whitelist is always best. You could probe all computers for their startup items and get a list. But it takes time. You could also have any computer this triggers on to email the it department allowing them to see the problem that is happening. Future proofing it. Commented Oct 10, 2018 at 5:01
  • Sysinternals has a command line version of autoruns called autorunsc. Oh it lists only. Commented Jul 30 at 15:38

2 Answers 2

Reset to default
3

As for this...

Some reason there is not a location or name/displayname that gets grabbed.

.. that is correct

 Get-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run' | Select-Object -Property *


AutoStartVMA : {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
OneDrive     : {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved
PSChildName  : Run
PSDrive      : HKCU
PSProvider   : Microsoft.PowerShell.Core\Registry


Get-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run' | Get-Member


   TypeName: System.Management.Automation.PSCustomObject

Name         MemberType   Definition                                                                                                                                  
----         ----------   ----------                                                                                                                                  
Equals       Method       bool Equals(System.Object obj)                                                                                                              
GetHashCode  Method       int GetHashCode()                                                                                                                           
GetType      Method       type GetType()                                                                                                                              
ToString     Method       string ToString()                                                                                                                           
AutoStartVMA NoteProperty byte[] AutoStartVMA=System.Byte[]                                                                                                           
OneDrive     NoteProperty byte[] OneDrive=System.Byte[]                                                                                                               
PSChildName  NoteProperty string PSChildName=Run                                                                                                                      
PSDrive      NoteProperty PSDriveInfo PSDrive=HKCU                                                                                                                    
PSParentPath NoteProperty string PSParentPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved
PSPath       NoteProperty string PSPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run  
PSProvider   NoteProperty ProviderInfo PSProvider=Microsoft.PowerShell.Core\Registry

Update for OP

I had been toying with your request for a bit, and was just about to post back when I saw your update.

Well, you asked if there was another way. So, here is what I came up with before seeing your update. Of course I had to add a couple of items that I have to the Disablelist to show both results.

#Startup List
function Disable-Startups 
{
    [CmdletBinding()]

    Param
    (
        [parameter(DontShow = $true)]
        $32bit = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $32bitRunOnce = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $64bit = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $64bitRunOnce = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $currentLOU = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $currentLOURunOnce = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
    )

    begin 
    {
        $disableList = @(
        'SecurityHealth'
        'OneDrive',
        'iTunesHelper',
        'Cisco AnyConnect Secure Mobility Agent for Windows',
        'Ccleaner Monitoring',
        #'SunJavaUpdateSched',
        'Steam',
        'Discord'
        )
        New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | 
        out-null
        $startups = Get-CimInstance Win32_StartupCommand | 
        Select-Object Name,Location
    }
    process 
    {
        Get-Item -path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce |
        Where-Object {$_.ValueCount -ne 0} | 
        Select-Object  @{Name = 'Location';Expression = {$_.name -replace 'HKEY_LOCAL_MACHINE','HKLM' -replace 'HKEY_CURRENT_USER','HKCU'}},
        @{Name = 'Name';Expression = {$_.Property}} | 
        %{
            ForEach($disableListName in $disableList)
            {
                If($_.Name -contains $disableListName)
                { $_ | Select-Object -Property Location,Name }
                Else
                { Write-Warning -Message "$disableListName not found in registry" }
            }
        }
    }
    end {}
}
Clear-Host
Disable-Startups

# Results

WARNING: OneDrive not found in registry
WARNING: iTunesHelper not found in registry
WARNING: Cisco AnyConnect Secure Mobility Agent for Windows not found in registry
WARNING: Ccleaner Monitoring not found in registry
WARNING: Steam not found in registry
WARNING: Discord not found in registry
WARNING: SecurityHealth not found in registry
WARNING: OneDrive not found in registry
WARNING: iTunesHelper not found in registry
WARNING: Cisco AnyConnect Secure Mobility Agent for Windows not found in registry
WARNING: Ccleaner Monitoring not found in registry
WARNING: Steam not found in registry
WARNING: Discord not found in registry
WARNING: SecurityHealth not found in registry
WARNING: iTunesHelper not found in registry
WARNING: Cisco AnyConnect Secure Mobility Agent for Windows not found in registry
WARNING: Ccleaner Monitoring not found in registry
WARNING: Steam not found in registry
WARNING: Discord not found in registry
Location                                           Name                                
--------                                           ----                                
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {SecurityHealth, MacDrive 10 helper}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {OneDrive, AutoStartVMA}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for replying back! I'll take a look at what you got there once I get a chance.
2

I came up with my own solution. If anyone has a better idea let me know

$regStartList = Get-Item -path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce |
Where-Object {$_.ValueCount -ne 0} | Select-Object  property,name

foreach ($regName in $regStartList.name) {
   $regNumber = ($regName).IndexOf("\")
   $regLocation = ($regName).Insert("$regNumber",":")
   if ($regLocation -like "*HKEY_LOCAL_MACHINE*"){
    $regLocation = $regLocation.Replace("HKEY_LOCAL_MACHINE","HKLM")
    write-host $regLocation
   }
   if ($regLocation -like "*HKEY_CURRENT_USER*"){
    $regLocation = $regLocation.Replace("HKEY_CURRENT_USER","HKCU")
    write-host $regLocation
   }
    foreach($disable in $disableList) {
       if (Get-ItemProperty -Path "$reglocation" -name "$Disable"-ErrorAction SilentlyContinue) {
            Write-host "yeah i exist"
            #Remove-ItemProperty -Path "$location" -Name "$($startUp.name)" -whatif
       }else {write-host "no exist"}
    }   

}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.