Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours scrolling social media and waste money on things we forget, but won’t spend 30 minutes a day earning certifications that can change our lives.
Master in DevOps, SRE, DevSecOps & MLOps by DevOpsSchool!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

To check if your Windows machine has any scripts (or programs) running at boot/startup

To check if your Windows machine has any scripts (or programs) running at boot/startup, you need to look in several locations. Windows supports multiple mechanisms for startup scripts, both for user logins and for system boot. Here’s a complete, step-by-step guide to check all major places.


1. Task Manager – Startup Tab

  • Right-click the Taskbar → choose Task Manager (or press Ctrl + Shift + Esc).
  • Go to the Startup tab.
  • Here you’ll see all enabled/disabled startup apps for your user account.
  • This won’t show Group Policy/system scripts, but it’s a quick check for user-level startup items.

2. Startup Folders

  • User Startup folder:
    C:\Users\<YourUsername>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
  • All Users Startup folder:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
  • Any scripts (.bat, .cmd, .vbs, .ps1, shortcuts, etc.) here will run at user login.

3. Windows Registry – Run Keys

  • Press Win + R, type regedit, and open the Registry Editor.
  • Check these keys: User-specific: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce System-wide: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • Any entries here pointing to scripts or executables will run at user login or system startup.

4. Group Policy Startup Scripts

For corporate or domain-joined PCs (less common at home):

  • Press Win + R, type gpedit.msc, and open the Local Group Policy Editor.
  • Go to:
    Computer Configuration → Windows Settings → Scripts (Startup/Shutdown)
  • Check for entries under Startup (runs at boot for all users) and Shutdown.
  • Also check:
    User Configuration → Windows Settings → Scripts (Logon/Logoff)

Note: On Home editions, gpedit.msc may not be available, but you can still check the folders:

  • C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup
  • C:\Windows\System32\GroupPolicy\User\Scripts\Logon

5. Task Scheduler

Many scripts and programs are set to run at boot/logon via Task Scheduler.

  • Open Task Scheduler (taskschd.msc).
  • In the left pane, expand Task Scheduler Library.
  • Look through:
    • Task Scheduler Library
    • Microsoft → Windows (and all subfolders)
  • Look for tasks with Triggers set to “At startup” or “At log on”.
    The Actions tab will show the script or program that runs.

6. Services

Some scripts may be run as Windows Services.

  • Open Services (services.msc).
  • Look for any custom or suspicious services, especially with “Manual” or “Automatic” startup.
  • Check the Path to executable for each service—sometimes it points to a script.

7. Autoruns (Sysinternals Tool – Advanced)

For a comprehensive view, use Microsoft’s Autoruns tool (free, official):


Summary Table of Places to Check

LocationMethodScript Types Supported
Task Manager → Startup TabGUIExecutables, script shortcuts
Startup FoldersFile ExplorerShortcuts, .bat, .cmd, .vbs, .ps1
Registry Run/RunOnce KeysregeditAny file path
Group Policy Scriptsgpedit.msc.bat, .cmd, .ps1, etc.
Task Schedulertaskschd.mscAny script or program
Servicesservices.mscExecutables, some scripts
Autoruns (Sysinternals)Autoruns.exeAll

Tips

  • If you find an unknown or suspicious script, search its name/path online to verify its legitimacy.
  • Always be careful before disabling/deleting startup entries, especially on work machines.

Here’s a PowerShell script that will enumerate the most common startup locations and list out any startup items—including scripts (.bat, .cmd, .ps1, .vbs), executables, and shortcuts.
This script checks:

  • Startup folders (user and all users)
  • Registry Run/RunOnce keys (user and system)
  • Scheduled Tasks with “At startup” or “At logon” triggers

PowerShell Script: List All Windows Startup Items

Write-Host "====== WINDOWS STARTUP ITEMS ======" -ForegroundColor Cyan

# 1. Startup Folders
$startupFolders = @(
    "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup",
    "$env:PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Startup"
)

Write-Host "`n-- Startup Folders --" -ForegroundColor Yellow
foreach ($folder in $startupFolders) {
    if (Test-Path $folder) {
        Get-ChildItem -Path $folder -File | ForEach-Object {
            Write-Host "$($folder)$($_.Name)"
        }
    }
}

# 2. Registry Run/RunOnce Keys
$runKeys = @(
    "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run",
    "HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnce",
    "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run",
    "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce"
)

Write-Host "`n-- Registry Run/RunOnce Keys --" -ForegroundColor Yellow
foreach ($key in $runKeys) {
    if (Test-Path $key) {
        Get-ItemProperty -Path $key | ForEach-Object {
            $_.PSObject.Properties | Where-Object { $_.Name -ne "PSPath" -and $_.Name -ne "PSParentPath" -and $_.Name -ne "PSChildName" -and $_.Name -ne "PSDrive" -and $_.Name -ne "PSProvider" } | ForEach-Object {
                Write-Host "$key -> $($_.Name): $($_.Value)"
            }
        }
    }
}

# 3. Scheduled Tasks: At startup / At logon
Write-Host "`n-- Scheduled Tasks (At startup/logon) --" -ForegroundColor Yellow
$tasks = Get-ScheduledTask | Where-Object {
    $_.Triggers | Where-Object { $_.TriggerType -eq 'AtStartup' -or $_.TriggerType -eq 'AtLogon' }
}
foreach ($task in $tasks) {
    foreach ($action in $task.Actions) {
        Write-Host "Task: $($task.TaskName) -> $($action.Execute) $($action.Arguments)"
    }
}

Write-Host "`n====== END OF LIST ======" -ForegroundColor Cyan
Code language: PHP (php)

How to Run

  1. Open PowerShell as Administrator (for full results).
  2. Copy and paste the above script into the console (or save as List-StartupItems.ps1 and run it).
  3. Review the output—it will print all startup scripts and programs.

What Does This Script Cover?

  • Items in Startup folders (user & all users)
  • Entries in Registry Run/RunOnce keys (user & system)
  • Scheduled Tasks with triggers set to At startup or At logon

Extra: To Export to File

If you want to save the output:

.\List-StartupItems.ps1 | Out-File "startup-items.txt"
Code language: PHP (php)

Want to Check for Group Policy/Service scripts as well?

Let me know! I can expand the script for advanced/enterprise scenarios.


Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x