Discovery and Inventory Group

 View Only
Back to Library

Custom Inventory to Collect "Autorun" items 

Oct 22, 2009 11:04 PM

We're currently going through a project to try to optimize the client PC workstation experience, and one of the "hot buttons" for many people was the startup time (from logon to functioning desktop).  So we decided to look at items which run at startup on our client workstations.  To do so, we utilized a SysInternals (now owned by Microsoft) tool called Autorunsc (this is a command line version of the graphical Autoruns program.  By the way, how many more links can I put in a single sentence??).  We execute Autorunsc.exe silently and export the output to an XML file, then re-parse that XML file into our script-generated NSI (an example is attached in the zip file).  All very slick if I do say so myself.  One thing you will need to do before putting this into production is take a look at lines 64 - 66.  This specifies the location of the output .NSI file.  For testing purposes it will write the file to the directory where the script itself resides; in production you'll want to comment out that line and uncomment the previous line.  Finally, you'll want to add it to your Inventory Solution package under \\NSServer\NSCap\Bin\Win32\X86\Inventory Solution and update your .ini file.

I have included the custom VBScript in the download; I'm reasonably sure that I (and Symantec) can't redistribute Autoruns, but I suspect you'll be able to find it from the plethora of links to Microsoft's website above.

Statistics
0 Favorited
0 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
zip file
Autoruns_v2.zip   7 KB   1 version
Uploaded - Feb 25, 2020
 
Download

Tags and Keywords

Comments

KSchroeder
Jan 19, 2010 03:34 PM

Sure Doug.  I'll post it, but it will probably have limited utility since one of the components it checks for is the time that MS Office Communicator loaded.  We used this as a proxy for when the user's desktop was available.  So it gathers the "power on time" then the first user logon event after than, then the first instance of MOC starting after that.  I suppose another app could be substituted for MOC if it also drops a registry entry (or if App Metering Start events were being sent...though that might be trickier to catch).

The download is posted here (assuming it is available already).  I didn't re-test it after stripping out "identifying data" but I think the edits I made were safe.

Migration User
Jan 18, 2010 01:06 PM

Kyle, thanks for submitting this custom inventory. It's a great script. Could you also post the startup time script that you mentioned, please? Appreciate it.

Doug & Rene

KSchroeder
Oct 23, 2009 10:27 AM

I'm personally not doing anything with it.  Another individual on my team is taking that data and matching it up with another custom inventory we have that tries to estimate the "time to desktop" by logging the startup time, the user logon time, and another event from MS Office Communicator to approximate the time that the machine was actually usable.  He's looking at those times, and comparing machines which have certain items in the startup list to see which ones seem to delay the startup the longest.  Also you can use it to look for specific malware or other "grayware" that might be running on your workstations, or items you might want to remove (Acrobat_SL.exe for example).

Migration User
Oct 22, 2009 10:40 PM

This looks really cool. I haven't had an opportunity to do much with custom inventory yet. Question: what do you do with this startup information once you have it?

Related Entries and Links

No Related Resource entered.