Autoruns on multiple computer

Hello, rhap4boy.

Summary
From what will be shown below it should become clear that collecting autoruns information may be done with a single command or at least with very few commands.
Setting up a group policy enforcing particular autoruns entries and disallowing others is a totally different business and pretty unrelated to the autoruns(c) utilities.

Details

Q.1

rhap4boy wrote: I was wondering if there is a way to use autoruns on multiple computers to collect startup entries into a file

I am sure there is more than one way of achieving this part.
The GUI programmes Autoruns.exe may not be the best choice, because it needs to be run interactively on 1 machine.

Therefore, a better choice will be to use the command line equivalent of autoruns.exe, Autorunsc.exe and launch something like

autoruns -accepteula -a -c > writeable_folder\%computername%.txt

on each machine.

---
1 possible approach to collect autoruns information

Depending on the configuration of your network, a good approach to collect autoruns information may be combining psexec and autorunsc.exe.

Something like this might be used to collect autoruns information on all client machines:

• put the names or IP-addresses of all your client machines in a file e.g. named "complist.txt", one per line


• launch a psexec command line like this from your local machine / from a central server targetting all machines in "complist.txt":
  

  for /F %i in (complist.txt) do (    psexec @complist.txt -u admin -p passw -e -c autorunsc.exe -accepteula -a -c > "writable_folder\autoruns_%i.csv" )

  
  Note
  + the psexec command line has to be typed in 1 line
  + if you put the command in a batch file you need to replace "%i" by "%%i".
  + replace Writable_folder by a folder on a network drive available to all client machines.
  + you will get 1 file per client machine.

The approach and the commands given above may need fine tuning in order to be usable in your environment.
---

Q.2

rhap4boy wrote: and then use group policy to enforce those startup entries and delete everything else.

The output format generated by autorunsc.exe, no matter whether used with or without the -c option, is not suitable for re-applying the collected information directly.
Moreover, it is absolutely unclear which settings you wish to keep and which you wish to delete, because you said you were going to check multiple machines. Their autoruns entries may be partially different. How to tell the good autoruns entries from the bad ones automatically?
Anyway, there is no direct way of deriving any group policy from an autorunsc logfile.
Setting up group policies allowing or disallowing particular autoruns settings is not an automatic action, but a set of decisions to be taken deliberately and to be coded as group policies.


Q.3

rhap4boy wrote: If so, what is the exact command I should use?

Ok, I guess that from what has been stated before, collecting autoruns information may be done with a single command or at least with very few commands.
Setting up a group policy enforcing particular autoruns entries and disallowing others is a totally different business and pretty unrelated to the autoruns(c) utilities.

Karl

rhap4boy wrote: Right now when the users login they execute a domain login script which basically execute this batch file that contains the autorunsc command.

This means each user executes the autorunsc command locally. Therefore psexec will not be needed in this case.
This should reduce the command needed to

autorunsc.exe -accepteula -a -c > "writable_folder\autoruns_%computername%.csv"

(You may drop the "-c" option if you do not want the comma separated format.)

And the special character to escape will not be the pipe sign "|", but the ">" (redirect stdout)?!

About the "start /min" command:
I would not prefix it to the autorunsc command.
Inside the login script I would "start /min" the complete batch file which holds the autorunsc command line.

HTH,
Karl



Edited by Karlchen - 09 February 2007 at 6:43pm