IT admin's guide to the Sysinternals suite
A comprehensive collection of articles, videos and more, hand-picked by our editors
A good thing always deserves to get better, and in this case, it has. Autoruns for Windows is one of the few utilities...
that any self-respecting admin should always have. It's just too useful to live without, and it's helped me debug countless machines that had entirely too much of the wrong kind of software shoehorned into them.
For those not already in the know, Autoruns is one of a clutch of tools published by Microsoft mavens Mark Russinovich and Bryce Cogswell under the Windows Sysinternals banner. Autoruns probes a system and creates an enormously detailed report of every program, driver, hooking DLL and any other system component that gets loaded automatically.
For systems that are running slowly or not at all, Autoruns is an invaluable way to figure out if a given software component is causing problems. You can non-destructively disable individual components, explore their Registry entries, view the presence of the loaded component in Process Explorer (another Sysinternals app that is too good to do without), save and compare scan results from two different machines, and perform a great many other troubleshooting tasks on top of all that. Recently, Autoruns has received a major revision to the left of the decimal point, as version 10.01 sports several new features that make it ever the more indispensible.
Offline system analysis. One long-time problem with Autoruns was that it did not allow you to analyze a system unless it was actually running—a bit of a Catch-22 if the system in question was not functioning well to begin with. Autoruns now lets you read data from a system's disk even if it's not running, as long as the system and user profile directories can be read.
To do this, you need to run the program as Administrator (there's an option for this in the program's own File menu), then select File | Analyze Offline System and point to the \Windows directory. You'll also need to point to a user profile directory; the default is in fact "Default", which may not give you the results you're looking for, so be cautious. Click OK and Autoruns will go to work. (I've seen a few instances where the program crashes while dumping an offline system, but those issues were mostly due to attempting to access a nonexistent user profile.)
Signed Windows entries are hidden by default. A quirk of previous versions of Autoruns was that it dumped out everything it found, which made it a little harder to separate the signal from the noise. It was tough to tell at a glance if the system components and auto-running programs you were being told about were worthy of your attention or not. The program did have a setting under the Options menu—"Hide Microsoft and Windows entries"—which cut down on the clutter by concealing everything that Microsoft put into the system by default. But you had to actually turn it on to reap its benefits, and many people only found out about it after having someone else clue them in.
As of version 10, this option is enabled by default, so what you see when you fire up the program automatically has all Microsoft- and Windows-native drivers and components excluded. This makes the debugging process a good deal less confusing from the get-go.
Finally, as before, the program comes with a command-line-only incarnation, autorunsc.exe, which comes in handy for scripting or unattended automation.
ABOUT THE AUTHOR
Serdar Yegulalp has been writing about computers and information technology for more than 15 years for a variety of publications, including InformationWeek and Windows Magazine.