Adding a program/application to Windows Startup can be accomplished in various ways such as:
- Modifying registry settings.
- Writing to the startup files.
A list of registry keys that can start a program when Windows boots-up and some of the file to be modified is given below. You can add the programs to the below given keys, as required. In the article I have frequently used two root keys i.e. HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.
The HKEY_LOCAL_MACHINE registry sub-tree contains information about the local computer system, including hardware and operating system data, such as bus type, system memory, device drivers, and startup control parameters.
The HKEY_CURRENT_USER registry sub-tree contains the user profile for the user who is currently logged on to the computer. The user profile includes environment variables, personal program groups, desktop settings, network connections, printers, and application preferences. The data in the user profile is similar to the data stored in the Win.ini file in Windows 3. x.
Modifying Registry Keys
When we turn on the computer the registry keys are loaded in the following order:
This key is designed to start services when a computer boots up. These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\..\..\..\RunOnce registry can start loading its programs.
This key is designed to start services also. These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\...\RunOnce registry can start loading its programs.
* Logon Prompt is placed on Screen. After a user logs in the rest of the keys are loaded.
RunOnce Local Machine Key
These keys are normally used by Setup programs. Entries in these keys are started once and then are deleted from the key (registry). If there an exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs. This is important, because if the exclamation point is not used, and the program referenced in this key fails to complete, it will not run again as it will have already been deleted. All entries in this key are started synchronously in an undefined order. The RunOnce keys are ignored under Windows 2000 and Windows XP in Safe Mode.
These are the most common startup locations for programs to install auto start from. By default these keys are not executed in Safe mode. If you want to run these keys in safe mode, then prefix asterisk (*) to the value of the key.
•HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run registry key
•HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key
All Users Startup Folder
For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at:
Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup
Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\StartupUser Profile Startup Folder - This folder will be executed for the particular user who logs in. This folder is usually found in:
Win 9X, ME c:\windows\start menu\programs\startup
Windows XP C:\Documents and Settings\LoginName\Start Menu\Programs\Startup
RunOnce Current User Key
These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there a exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs. This is important, because if the exclamation point is not use, and the program referenced in this key fails to complete, it will not run again as it will have already been deleted. The RunOnce keys are ignored under Windows 2000 and Windows XP in Safe Mode. The RunOnce keys are not supported by Windows NT 3.51.
These keys is normally used to load programs as part of a policy set in place on the computer or user.
This key specifies the program to be launched after a user logs into Windows. For example: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = C:\windows\system32\userinit.exe,c:\windows\badprogram.exe. If you observer carefully we have two comma separated programs listed above. The userinit.exe is a default program that loads users profile and should always be present in this key. You can add your own programs by separating them using comma.
This key is used to add a program that will run when a particular event occurs. Events include logon, logoff, startup, shutdown, startscreensaver, and stopscreensaver. When Winlogon.exe generates an event such as the ones listed, Windows will look in the Notify registry key for a DLL that will handle this event. Malware has been known to use this method to load itself when a user logs on to their computer. Loading in such a way allows the malware program to load in such a way that it is not easy to stop.
This section corresponds to files being loaded through the SharedTaskScheduler registry value for XP, NT, 2000 machines.The entries in this registry run automatically when you start windows.
You can also modify the below given files to add your programs to start-up:
windir\win.ini - [windows] "load"
windir\win.ini - [windows] "run"
windir\system.ini - [boot] "shell"