To run a command as soon as the command prompt is opened:
HKLM\Software\Microsoft\Command Processor\AutoRun
HKCU\Software\Microsoft\Command Processor\AutoRun
To run a command as soon as a user logs in:
The STARTUP folder (Start Menu)
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
To run a command as soon as the machine powers up, (like AUTOEXEC.BAT in MS-DOS), use the Windows Task Scheduler - choosing the option:
Run a task:
When my computer starts (before a user logs on)
The autoexec.bat file was an MS-DOS feature. Under Windows there is a still a degree of backwards compatibility - if the file (C:\autoexec.bat) exists, any SET statements within it will be parsed at boot time.
Variables set in this way are not available to gui programs - they will be visible from the CMD prompt but don’t appear in the control panel. All other commands in autoexec.bat will be ignored. This behaviour is to allow old DOS applications to install correctly.
To see exactly what is running (or running slowly) at windows startup/login, set the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"verbosestatus"=dword:00000001
Autorun events are (mostly) restricted to drives of type DRIVE_CDROM. The default behaviour is to invoke AutoPlay. The NoAutoRun registry entry can be used to disable the AutoPlay and/or AutoRun feature on individual drives. This can be set in the registry under HKCU and/or HKLM. (If both are set then HKLM will take priority.)
The NoDriveTypeAutoRun registry entry disables or enables the AutoRun feature on all drives of the type specified. It can be set in the registry under HKCU and/or HKLM. (If both are set then HKLM will take priority.)
Values:
0xFF=Disable AutoRun on all types of drive
0x91=Disable AutoRun on network drives,
0x95=Disable AutoRun on removable + network drives.The NoDriveAutoRun registry entry disables or enables the AutoRun feature on individual drives. It can be set in the registry under HKCU and/or HKLM. (If both are set then HKLM will take priority.)
In all cases the registry keys are set under:
\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerThe registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 contains cached information about every removable device seen so far. This cache can bypass the registry settings above which can leave a machine vulnerable. See Q967715 for patches that address this issue. Alternatively the iniFileMapping method described below will disable AutoRun completely.
To effectively disable AutoRun in all versions of Microsoft Windows, import the following registry value (source: US-Cert Alert TA09-020A) this applies to any autorun.inf in any location and on any drive:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
“The real danger is not that machines will begin to think like men, but that men will begin to think like machines” ~ Sydney J. Harris
Related:
SC - Service Control.
SET - Display, set, or remove Windows environment
variables.
Q967715 - How to disable the Autorun functionality in Windows.
Q137890 - SRVANY - create an NT Service from any executable. Not supported on current OS's use a Scheduled Task instead.