Identify and remove unnecessary startup tasks with Autoruns

When it comes to what is run at startup on a Windows server, it can be difficult to determine where something is launched. A Sysinternals tool makes this task easy.

A Windows server's lifecycle can have many factors that affect the system's operating integrity. Sometimes drivers, program installations, management software, or even malware can run at startup and become difficult to remove.

Too often, we go through the normal places to look for the startup components. I've hacked through the registry, the startup folder, Windows services, and the Plug and Play device driver inventory to see where I can stop a piece of software from running. Fortunately, I now know about the Sysinternals Autoruns tool, which provides a way to see what is launched on the server in a number of locations. The Autoruns tool allows you to visually see what is running at boot and where it is being controlled; also, you have the option to turn it off in the Autoruns console. Figure A shows the boot execute section of Autoruns on a Windows Server. Figure A

Click the image to enlarge.

Autoruns is a good compliment to the netstat command, which shows you which executable is using a TCP/IP port. You can use these tools in tandem to backtrack a suspect process and remove it from startup if required.

The AutoRuns tool that TechRepublic blogger Scott Lowe wrote about in 2007 has been updated to include two new categories for Windows servers: codecs and sidebar gadgets. The 16 other core categories are available in the December 2009 version 9.57 of Autoruns. The autorunsc.exe command is also available for a command-line version of the tool; this can be a good way to set a baseline for future troubleshooting. Running the autorunsc.exe command will only be useful in a list capacity, compared to the graphical tool's ability to remove entries. Figure B shows the autorunsc.exe command output. Figure B

Click the image to enlarge.

If you have used Autoruns to look what is called at startup, let us know what you think of the tool.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday.

Automatically sign up today!