Author Posts

April 28, 2017 at 7:52 pm

Hello,

When you open the task manager in Windows 10 you have a tab that says startup. You can select any of those programs and disable or enable depending on the current state. How can this be done with powershell?

Thank you in advance for any help on this!

Matt

April 28, 2017 at 9:54 pm

You can use PowerShell to modify the associated registry keys. Have a look at the help for the registry provider
Get-Help about_providers
Get-Help registry

If you compare the entries in Task Manager with the output from SysInternals Autoruns then Task Manager is displaying programs from the following locations:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

I guess there may be more locations depending on your exact configuration but the above is true for my machine.

Autoruns enables and disables startup programs by deleting and adding the registry keys (note: I have an old version, this behaviour may have changed).

However, Task Manager doesn't remove the registry entries, it actually modifies registry entries in the following locations:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run

Each program, listed in Task Manager, has an entry. It looks like a value of 02 00 00 00 00 00 00 00 00 00 00 00 is enabled and anything else is disabled. I've only experimented briefly though and had to close/open Task Manager to see it change from enabled to disabled.

# Example 1 list programs
Get-Item HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run

# Example 2 view values for a program
Get-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run -Name f.lux

# Example 3 Disable a program
Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run -Name f.lux -Value ([byte[]](0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00))

# Example 4 Enable a program
Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run -Name f.lux -Value ([byte[]](0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00))

May 2, 2017 at 1:45 am

Sorry for the late response and Thank you for the reply! This helps a lot! I will give it a try.

Thanks again for your help!

Matt