Custom Inventory to Collect "Autorun" items
We're currently going through a project to try to optimize the client PC workstation experience, and one of the "hot buttons" for many people was the startup time (from logon to functioning desktop). So we decided to look at items which run at startup on our client workstations. To do so, we utilized a SysInternals (now owned by Microsoft) tool called Autorunsc (this is a command line version of the graphical Autoruns program. By the way, how many more links can I put in a single sentence??). We execute Autorunsc.exe silently and export the output to an XML file, then re-parse that XML file into our script-generated NSI (an example is attached in the zip file). All very slick if I do say so myself. One thing you will need to do before putting this into production is take a look at lines 64 - 66. This specifies the location of the output .NSI file. For testing purposes it will write the file to the directory where the script itself resides; in production you'll want to comment out that line and uncomment the previous line. Finally, you'll want to add it to your Inventory Solution package under \\NSServer\NSCap\Bin\Win32\X86\Inventory Solution and update your .ini file.
I have included the custom VBScript in the download; I'm reasonably sure that I (and Symantec) can't redistribute Autoruns, but I suspect you'll be able to find it from the plethora of links to Microsoft's website above.
Comments
Sweet
This looks really cool. I haven't had an opportunity to do much with custom inventory yet. Question: what do you do with this startup information once you have it?
-Geo
well...
I'm personally not doing anything with it. Another individual on my team is taking that data and matching it up with another custom inventory we have that tries to estimate the "time to desktop" by logging the startup time, the user logon time, and another event from MS Office Communicator to approximate the time that the machine was actually usable. He's looking at those times, and comparing machines which have certain items in the startup list to see which ones seem to delay the startup the longest. Also you can use it to look for specific malware or other "grayware" that might be running on your workstations, or items you might want to remove (Acrobat_SL.exe for example).
Thanks,
Kyle
Symantec Trusted Advisor
For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.
Custom Inventory to Collect "Autorun" items
Kyle, thanks for submitting this custom inventory. It's a great script. Could you also post the startup time script that you mentioned, please? Appreciate it.
Doug & Rene
Sure
Sure Doug. I'll post it, but it will probably have limited utility since one of the components it checks for is the time that MS Office Communicator loaded. We used this as a proxy for when the user's desktop was available. So it gathers the "power on time" then the first user logon event after than, then the first instance of MOC starting after that. I suppose another app could be substituted for MOC if it also drops a registry entry (or if App Metering Start events were being sent...though that might be trickier to catch).
The download is posted here (assuming it is available already). I didn't re-test it after stripping out "identifying data" but I think the edits I made were safe.
Thanks,
Kyle
Symantec Trusted Advisor
For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.
Would you like to reply?
Login or Register to post your comment.