Startup Programs - Enable or Disable

gordon55y

Member
Shawn,
Thanks for your explanations.

The following are my comments on the OP titled:
WHY ARE ADMINISTRATIVE STARTUP PROGRAMS BLOCKED ?

I think I understand now, but reading the
OP again, I am somewhat confused in trying to figure out what it is trying to say.
Part of the problem is that it says stuff like:
>disallow administrative applications
When it really means something like:
>disallow autorun administrative applications
where autorun means it will run an administrative application without UAC prompt.

The original question in the title implies that all admin apps are blocked.

The startup folder/key are acting no differently than any other application
run by the user. Why the explanation?
Maybe I am missing something?

thanks,
gordon
 

My Computer

Brink

Staff member
mvp
How's it now. ;)
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech wireless K800
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD

gordon55y

Member
Shawn,
Thanks for your explanations.

Typo at:
A program or shortcut is listed in as a startup program

Is the following correct?
>personal run registry key can be written to by non-administrative (non-elevated) programs
I need to use UAC to run regedit.

The title implies that startup is different:
WHY ARE ADMINISTRATIVE STARTUP PROGRAMS BLOCKED ?
The question should be Why are administrative apps blocked?
I would have preferred an explanation (and justification) for UAC, and then simply
say that startup is the same as interactively running an app.
I don't think startup is different from running an app interactively.
I believe that even applies to the task scheduler. I read that
you can run an admin app through task scheduler interactively without UAC.
Reference:
www.vistax64.com/tutorials/162976-bypass-uac.html

By the way, I notice that when I have an administrative app in startup, the UAC
is available for about 2 mins, then times out. That confused me as I do not
watch boot up normally. You might mention that if that is what you see also.

thanks,
gordon
 

My Computer

Brink

Staff member
mvp
Gordon,

Non-elevated programs can make such changes to the run registry key. This is one reason why Vista blocks them by a UAC prompt at startup to prevent them from doing so automatically. Some startup programs, like drivers, load before Vista, so it's important to only have trusted and approved startup programs. If the elevated program was malware, it could do some damage if allowed to run at startup automatically with the other non-elevated startup programs.

UAC is your last line of defense to either allow or deny a program that wants to "run as an administrator" from doing so and having full access to everything on your computer. This can stop malware in it's tracks by giving you the change to deny it from running with the UAC prompt.

At the bottom of the yellow TIP box, you'll see that you can use Method Two in OPTION ONE to create a task in Task Scheduler to manually bypas the UAC prompt if you wanted to. This should only be used with a trusted program though.

Yeah, that timeout is another reason to either not have elevated programs in the startup programs list, or have it run through Task Scheduler instead.
 
Last edited:

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech wireless K800
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD

gordon55y

Member
Shawn,
Thanks for your web site.

>Only elevated programs that have been granted UAC permission by you can make
>such changes to the run registry key. This is one reason why Vista blocks them
>by a UAC prompt at startup to prevent them from doing so automatically.
>Some startup programs, like drivers, load before Vista, so it's important to only
>have trusted and approved startup programs. If the elevated program was malware,
>it could do some damage if allowed to run at startup automatically with the
>other non-elevated startup programs.

I agree. But you are avoiding responding to my point that your text
>personal run registry key can be written to by non-administrative (non-elevated) programs
says the opposite. Am I missing something here?

>UAC is your last line of defense to either allow or deny a program that wants
>to "run as an administrator" from doing so and having full access to everything
>on your computer. This can stop malware in it's tracks by giving you the
>change to deny it from running with the UAC prompt.

Did I say something that is in disagreement with this?
Are you responding to something I said?

>At the bottom of the yellow TIP box, you'll see that you can use Method Two
>in OPTION ONE to create a task in Task Scheduler to manually bypas the
>UAC prompt if you wanted to. This should only be used with a trusted
>program though.

I made the point that the "feature" available to run the task scheduler in
startup is the same "feature" that is available when running as a user executable.
Your response is that there is a "feature" in startup that allows the
task scheduler to run in startup? Didn't I already say that?
Are you disagreeing with what I said?

>Yeah, that timeout is another reason to either not have elevated programs
>in the startup programs list, or have it run through Task Scheduler instead.

We agree.

thanks,
gordon
 

My Computer

Brink

Staff member
mvp
>Only elevated programs that have been granted UAC permission by you can make
>such changes to the run registry key. This is one reason why Vista blocks them
>by a UAC prompt at startup to prevent them from doing so automatically.
>Some startup programs, like drivers, load before Vista, so it's important to only
>have trusted and approved startup programs. If the elevated program was malware,
>it could do some damage if allowed to run at startup automatically with the
>other non-elevated startup programs.

I agree. But you are avoiding responding to my point that your text
>personal run registry key can be written to by non-administrative (non-elevated) programs

says the opposite. Am I missing something here?
It was a mistake on my part in the reply. The part in the TIP box is correct.

"Because your startup folder and personal run registry key can be written to by non-administrative (non-elevated) programs, Windows cannot allow elevated (Run as administrator) programs to run at startup from these locations without prompting you with UAC first."



>UAC is your last line of defense to either allow or deny a program that wants
>to "run as an administrator" from doing so and having full access to everything
>on your computer. This can stop malware in it's tracks by giving you the
>change to deny it from running with the UAC prompt.

Did I say something that is in disagreement with this?
Are you responding to something I said?
I was responding to your statement of: "I would have preferred an explanation (and justification) for UAC...."



>At the bottom of the yellow TIP box, you'll see that you can use Method Two
>in OPTION ONE to create a task in Task Scheduler to manually bypas the
>UAC prompt if you wanted to. This should only be used with a trusted
>program though.

I made the point that the "feature" available to run the task scheduler in
startup is the same "feature" that is available when running as a user executable.
Your response is that there is a "feature" in startup that allows the
task scheduler to run in startup? Didn't I already say that?
Are you disagreeing with what I said?
Not at all, but from your statement below, I was not sure if you have seen it the TIP box or understood if that was for the same thing. I was just pointing it out.

"I don't think startup is different from running an app interactively.
I believe that even applies to the task scheduler. I read that
you can run an admin app through task scheduler interactively without UAC.
Reference:
www.vistax64.com/tutorials/162976-bypass-uac.html "
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech wireless K800
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD
Top