To check if your Windows machine has any scripts (or programs) running at boot/startup

Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours scrolling social media and waste money on things we forget, but won’t spend 30 minutes a day earning certifications that can change our lives.
Master in DevOps, SRE, DevSecOps & MLOps by DevOpsSchool!

Learn from Guru Rajesh Kumar and double your salary in just one year.

To check if your Windows machine has any scripts (or programs) running at boot/startup, you need to look in several locations. Windows supports multiple mechanisms for startup scripts, both for user logins and for system boot. Here’s a complete, step-by-step guide to check all major places.

1. Task Manager – Startup Tab

Right-click the Taskbar → choose Task Manager (or press Ctrl + Shift + Esc).
Go to the Startup tab.
Here you’ll see all enabled/disabled startup apps for your user account.
This won’t show Group Policy/system scripts, but it’s a quick check for user-level startup items.

2. Startup Folders

User Startup folder:
C:\Users\<YourUsername>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
All Users Startup folder:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Any scripts (.bat, .cmd, .vbs, .ps1, shortcuts, etc.) here will run at user login.

3. Windows Registry – Run Keys

Press Win + R, type regedit, and open the Registry Editor.
Check these keys: User-specific: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce System-wide: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Any entries here pointing to scripts or executables will run at user login or system startup.

4. Group Policy Startup Scripts

For corporate or domain-joined PCs (less common at home):

Press Win + R, type gpedit.msc, and open the Local Group Policy Editor.
Go to:
Computer Configuration → Windows Settings → Scripts (Startup/Shutdown)
Check for entries under Startup (runs at boot for all users) and Shutdown.
Also check:
User Configuration → Windows Settings → Scripts (Logon/Logoff)

Note: On Home editions, gpedit.msc may not be available, but you can still check the folders:

C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup
C:\Windows\System32\GroupPolicy\User\Scripts\Logon

5. Task Scheduler

Many scripts and programs are set to run at boot/logon via Task Scheduler.

Open Task Scheduler (taskschd.msc).
In the left pane, expand Task Scheduler Library.
Look through:
- Task Scheduler Library
- Microsoft → Windows (and all subfolders)
Look for tasks with Triggers set to “At startup” or “At log on”.
The Actions tab will show the script or program that runs.

6. Services

Some scripts may be run as Windows Services.

Open Services (services.msc).
Look for any custom or suspicious services, especially with “Manual” or “Automatic” startup.
Check the Path to executable for each service—sometimes it points to a script.

7. Autoruns (Sysinternals Tool – Advanced)

For a comprehensive view, use Microsoft’s Autoruns tool (free, official):

Download from https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Run it as Administrator.
It lists everything that can run at startup (including obscure places).
You can search/filter for scripts (.bat, .vbs, .ps1, etc.).

Summary Table of Places to Check

Location	Method	Script Types Supported
Task Manager → Startup Tab	GUI	Executables, script shortcuts
Startup Folders	File Explorer	Shortcuts, .bat, .cmd, .vbs, .ps1
Registry Run/RunOnce Keys	regedit	Any file path
Group Policy Scripts	gpedit.msc	.bat, .cmd, .ps1, etc.
Task Scheduler	taskschd.msc	Any script or program
Services	services.msc	Executables, some scripts
Autoruns (Sysinternals)	Autoruns.exe	All

Tips

If you find an unknown or suspicious script, search its name/path online to verify its legitimacy.
Always be careful before disabling/deleting startup entries, especially on work machines.

Here’s a PowerShell script that will enumerate the most common startup locations and list out any startup items—including scripts (.bat, .cmd, .ps1, .vbs), executables, and shortcuts.
This script checks:

Startup folders (user and all users)
Registry Run/RunOnce keys (user and system)
Scheduled Tasks with “At startup” or “At logon” triggers

PowerShell Script: List All Windows Startup Items

Write-Host "====== WINDOWS STARTUP ITEMS ======" -ForegroundColor Cyan

# 1. Startup Folders
$startupFolders = @(
    "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup",
    "$env:PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\Startup"
)

Write-Host "`n-- Startup Folders --" -ForegroundColor Yellow
foreach ($folder in $startupFolders) {
    if (Test-Path $folder) {
        Get-ChildItem -Path $folder -File | ForEach-Object {
            Write-Host "$($folder)$($_.Name)"
        }
    }
}

# 2. Registry Run/RunOnce Keys
$runKeys = @(
    "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run",
    "HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnce",
    "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run",
    "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce"
)

Write-Host "`n-- Registry Run/RunOnce Keys --" -ForegroundColor Yellow
foreach ($key in $runKeys) {
    if (Test-Path $key) {
        Get-ItemProperty -Path $key | ForEach-Object {
            $_.PSObject.Properties | Where-Object { $_.Name -ne "PSPath" -and $_.Name -ne "PSParentPath" -and $_.Name -ne "PSChildName" -and $_.Name -ne "PSDrive" -and $_.Name -ne "PSProvider" } | ForEach-Object {
                Write-Host "$key -> $($_.Name): $($_.Value)"
            }
        }
    }
}

# 3. Scheduled Tasks: At startup / At logon
Write-Host "`n-- Scheduled Tasks (At startup/logon) --" -ForegroundColor Yellow
$tasks = Get-ScheduledTask | Where-Object {
    $_.Triggers | Where-Object { $_.TriggerType -eq 'AtStartup' -or $_.TriggerType -eq 'AtLogon' }
}
foreach ($task in $tasks) {
    foreach ($action in $task.Actions) {
        Write-Host "Task: $($task.TaskName) -> $($action.Execute) $($action.Arguments)"
    }
}

Write-Host "`n====== END OF LIST ======" -ForegroundColor Cyan
Code language: PHP (php)

How to Run

Open PowerShell as Administrator (for full results).
Copy and paste the above script into the console (or save as List-StartupItems.ps1 and run it).
Review the output—it will print all startup scripts and programs.

What Does This Script Cover?

Items in Startup folders (user & all users)
Entries in Registry Run/RunOnce keys (user & system)
Scheduled Tasks with triggers set to At startup or At logon

Extra: To Export to File

If you want to save the output:

.\List-StartupItems.ps1 | Out-File "startup-items.txt"
Code language: PHP (php)

Want to Check for Group Policy/Service scripts as well?

Let me know! I can expand the script for advanced/enterprise scenarios.

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.

Do you want to learn Quantum Computing?

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs: