Use PowerShell to Provide Startup Information


Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to find startup information.

Hey, Scripting Guy! Question Hey, Scripting Guy! It seems that my laptop running Windows 8.1 takes forever to start lately. I don’t really even know where to begin with this. I haven’t added anything that I know of, but still it is dog slow. I don’t want to reinstall Windows because…well, for one thing, if I don’t solve the issue, it might come back again. Can Windows PowerShell help me with this?

—OB

Hey, Scripting Guy! Answer Hello OB,

Microsoft Scripting Guy, Ed Wilson, is here. The weather is still a bit warm for my taste. I figure it will cool down soon, but when it is 85 degrees Fahrenheit (29.4 degrees Celsius) outside and it is only 7:00 in the morning, I do not think it is going to bode well for a balmy fall day.

The problem with startup in Windows

OB, I agree that there appears to be a problem with lots of stuff starting up. I have one laptop that, for whatever reason, literally takes five minutes before the drive calms down enough for me to be able to sign in. Then once I have signed in, it takes another five minutes before the laptop is usable. Granted, the laptop is five-years old, but dude, it was as fast as a machine could possibly be five years ago. It has 16 GB of RAM, and that should be enough to run Windows, Outlook, and an occasional browsing activity. The issue is that it is way slow, so takes a while before I can do any of that.

There are a number of places to find startup applications. Here are some of the more common locations:

  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKU\ProgID\Software\Microsoft\Windows\CurrentVersion\Run
  • systemdrive\Documents and Settings\All Users\Start Menu\Programs\Startup
  • systemdrive\Documents and Settings\username\Start Menu\Programs\Startup

On my laptop running Windows 8.1, I can use the Task Manager, go to the Startup tab, and see a list of Startup applications. I can even disable startup applications here. This is shown in the following menu:

Image of menu

The problem with only using the Startup tab from Task Manager is that it is per user. So if I create another user account, it will inherit all of the all user or public startup information. An example of this is the HKLM\Run key mentioned earlier. It is shown here:

Image of menu

That is a lot of stuff, and it is only one of the many locations to find startup applications. If I create a new user on the machine, I will immediately get a call asking me to come and figure out why Windows is taking forever to start. It is better to “nip things in the bud”—and to do that, I need information.

Use WMI

I can get the information I need by using WMI to find where things start and what is starting. The Win32_StartupCommand WMI class will help me here. Here is a quick script I wrote to find the information I need:

Get-CimInstance Win32_StartupCommand |

Select-Object Name, command, Location, User |

Format-List 

The Win32_StartupCommand WMI class is documented on MSDN: Win32_StartupCommand class. I decided that the properties I need are the name of the command, the command itself, the location, and the user that it applies to. The best way to view this information is in a list due to the length of the command lines. That is it. Here is the script and a sample of the output.

Image of command output

OB, that is all there is to using WMI to explore Windows startup information. WMI Week will continue tomorrow when I will talk about more cool Windows PowerShell and WMI stuff.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

Comments (1)

  1. Mike Crowley says:

    The trouble is, this can give you a false sense of security. Right now, Win32_StartupCommand has 10 objects, but if I use AutoRuns i see there are actually 183 items.

    https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Skip to main content