Sysinternals Autoruns utility beefs up software debugging

Already popular among Windows admins, the Autoruns utility has been tweaked to further improve the process of troubleshooting software issues on slow or unresponsive systems.

A good thing always deserves to get better, and in this case, it has. Autoruns for Windows is one of the few utilities

that any self-respecting admin should always have. It's just too useful to live without, and it's helped me debug countless machines that had entirely too much of the wrong kind of software shoehorned into them.

For those not already in the know, Autoruns is one of a clutch of tools published by Microsoft mavens Mark Russinovich and Bryce Cogswell under the Windows Sysinternals banner. Autoruns probes a system and creates an enormously detailed report of every program, driver, hooking DLL and any other system component that gets loaded automatically.

The value of Sysinternals utilities for Windows

"I'm often surprised by the lack of Windows server administration tools that are used in some enterprises. Many administrators I work with just use the built-in tools that ship with Windows Server -- something I liken to going through life without experiencing the exhilaration of a powerful and great-handling sports car."
-- Kevin Beaver, CISSP

Read more: The very best Sysinternals tools for Windows server security

For systems that are running slowly or not at all, Autoruns is an invaluable way to figure out if a given software component is causing problems. You can non-destructively disable individual components, explore their Registry entries, view the presence of the loaded component in Process Explorer (another Sysinternals app that is too good to do without), save and compare scan results from two different machines, and perform a great many other troubleshooting tasks on top of all that. Recently, Autoruns has received a major revision to the left of the decimal point, as version 10.01 sports several new features that make it ever the more indispensible.

Offline system analysis. One long-time problem with Autoruns was that it did not allow you to analyze a system unless it was actually running—a bit of a Catch-22 if the system in question was not functioning well to begin with. Autoruns now lets you read data from a system's disk even if it's not running, as long as the system and user profile directories can be read.

To do this, you need to run the program as Administrator (there's an option for this in the program's own File menu), then select File | Analyze Offline System and point to the \Windows directory. You'll also need to point to a user profile directory; the default is in fact "Default", which may not give you the results you're looking for, so be cautious. Click OK and Autoruns will go to work. (I've seen a few instances where the program crashes while dumping an offline system, but those issues were mostly due to attempting to access a nonexistent user profile.)

Signed Windows entries are hidden by default. A quirk of previous versions of Autoruns was that it dumped out everything it found, which made it a little harder to separate the signal from the noise. It was tough to tell at a glance if the system components and auto-running programs you were being told about were worthy of your attention or not. The program did have a setting under the Options menu—"Hide Microsoft and Windows entries"—which cut down on the clutter by concealing everything that Microsoft put into the system by default. But you had to actually turn it on to reap its benefits, and many people only found out about it after having someone else clue them in.

As of version 10, this option is enabled by default, so what you see when you fire up the program automatically has all Microsoft- and Windows-native drivers and components excluded. This makes the debugging process a good deal less confusing from the get-go.

Finally, as before, the program comes with a command-line-only incarnation, autorunsc.exe, which comes in handy for scripting or unattended automation.

Figure 1. Autoruns version 10.01 (click to enlarge)
Autoruns now lets you dump out the auto-run information from a system that's offline but accessible through a file path.

ABOUT THE AUTHOR
Serdar Yegulalp
has been writing about computers and information technology for more than 15 years for a variety of publications, including InformationWeek and Windows Magazine.

This was first published in June 2010

Dig deeper on Microsoft Windows Server Provisioning

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close