Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Autoruns
  New Posts New Posts RSS Feed - Run before logon
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Run before logon
 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
Fazi View Drop Down
Newbie
Newbie


Joined: 09 January 2008
Location: Sri Lanka
Status: Offline
Points: 4 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Fazi Quote  Post ReplyReply Direct Link To This Post Topic: Run before logon
    Posted: 09 January 2008 at 11:08am

Hai friends,

Which Registry key lists the programs that runs at last before the logon screen is presented to the user?
 
 
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Status: Offline
Points: 5131 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 09 January 2008 at 3:07pm
Hi, Fazi.

Frankly speaking, the exact registry key which points to an autoruns location and which is processed directly before the logon screen will be displayed on the screen, largely depends
+ on the exact Windows version
+ on the details of your network environment
+ on a lot of other configuration details.

So I doubt there is a simple answer which will apply to all Windows versions and Windows configurations.

But you might use Regmon and its boot-logging function or Process Monitor and its boot-logging to determine the exact registry key on your system.

Regards,
Karl
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17506 		Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 09 January 2008 at 3:21pm
One technique that may be available and generally common to all (recent) versions of Windows is a Scheduled Task that runs when the computer starts.

Edited by molotov - 09 January 2008 at 3:22pm
Daily affirmation:
net helpmsg 4006
Back to Top
Fazi View Drop Down
Newbie
Newbie


Joined: 09 January 2008
Location: Sri Lanka
Status: Offline
Points: 4 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Fazi Quote  Post ReplyReply Direct Link To This Post Posted: 09 January 2008 at 8:02pm
Thanks Karlchen, i ll check with those utilities. BTW i have windows xp.
Also, thanks molotov, yes, definetly scheduled tasks seems one option.
 
one more question. when the logon screen is presented, are that time registry is also loaded to the memory ?
Back to Top
Mark View Drop Down
Admin Group
Admin Group


Joined: 04 June 2005
Location: United States
Status: Offline
Points: 523 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mark Quote  Post ReplyReply Direct Link To This Post Posted: 09 January 2008 at 8:11pm

Use this command, which works on all version of windows, to run procmon such that it will survie a logoff nad logon:

psexec -sd -i 0 <procmon.exe>
 
Back to Top
Fazi View Drop Down
Newbie
Newbie


Joined: 09 January 2008
Location: Sri Lanka
Status: Offline
Points: 4 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Fazi Quote  Post ReplyReply Direct Link To This Post Posted: 09 January 2008 at 8:22pm
Mark, Invalid prameter -sd it says. i did not undestand, what really this command does with procmon ? i run this command at "Run" dialog,
 
"G:\My Tools\Developer Tools\Sysinternal Monitoring Tools\Process Monitor Latest\Procmon.exe" -sd -i 0 <procmon.exe>
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Status: Offline
Points: 5131 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 10 January 2008 at 12:43am
Originally posted by Fazi Fazi wrote:

"...\Procmon.exe" -sd -i 0 <procmon.exe>

Mark wrote
Quote psexec -sd -i 0 <procmon.exe>
So try again, please, and replace "<procmon.exe>" by the appropriate procmon commandline. "<procmon.exe>" is just a placeholder.

Karl


Edited by Karlchen - 10 January 2008 at 12:44am
Back to Top
Fazi View Drop Down
Newbie
Newbie


Joined: 09 January 2008
Location: Sri Lanka
Status: Offline
Points: 4 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Fazi Quote  Post ReplyReply Direct Link To This Post Posted: 10 January 2008 at 1:05am
Thank You.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down