Creating a clean Win7 user with no startup programs
March 31, 2011 8:26 PM   Subscribe

How can I create a new user account with absolutely zero startup items Windows 7?

I've never had multiple users on one computer before -- ever -- but I'm in a situation now where I'd like to create a user on my computer (running Windows 7) that has no startup programs. Nothing but Windows and whatever base drivers come with it. So not running in Safe Mode or anything, but booting "clean" to a Windows that doesn't auto-run any programs other than Windows.

Every time I create a new account, it still loads up AVG, ZoneAlarm, PeerBlock, IntelliType, etc. etc. etc.

I can deactivate these from the new account (if the new account is given admin privileges) via msconfig and the Startup tab, but this deactivates them globally -- in my main account as well as the new account. When I look at msconfig from my main account, some items that don't appear in the startup tab of the new account are there, and selected -- and the ones I deactivated in the new account are also deactivated in the main account.

I'd like a new account that has nothing in the startup tab in msconfig.

So what I guess I have to do is somehow "reassign" all of those startup items -- which seem to be consigned to "all users" somehow -- to my main account only, and create a new account that doesn't have anything starting up automatically except Windows.

I have no idea how to do this.

I hope this is clear -- I'm in the category of people that know just enough to be dangerous to themselves, but not enough to figure out how to do things like this.
posted by Shepherd to Computers & Internet (12 answers total) 3 users marked this as a favorite
 
You're making a category error here: Windows doesn't start up items on a per user basis, for the most part. When you install AVG, say, it's installed as a service, meaning a system-wide program. You can look at the services in the control panel and see that they're started independently of any user account by being run under a system account like NETWORK or something like that. They're started before anyone logs in, if you don't have auto-login enabled.

You could create an account that runs a script you write that kills those services, but there's no way to create an account that doesn't have those services running on login.
posted by fatbird at 8:33 PM on March 31, 2011


There are two startup directories. One is global, and things put into it will start up for every user. The other is account-specific, and things in that directory only start for that particular user.

The first one is:

...well, I'm not exactly sure. I know where it ought to be, but it isn't there on my system.

The second one is:

C:\Users\YourName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

That's considered a "protected system" file so it's hidden unless you expose system files.

This tool (autoruns) lets you see the global startup file and turn things off. Be ***VERY*** ***CAREFUL*** with it; you can royally screw up your system if you turn off the wrong things.
posted by Chocolate Pickle at 9:37 PM on March 31, 2011 [1 favorite]


Well, I'm not sure what you want to do, but one option is to just boot into safe mode. Either hold down the F8 key while your computer is booting and choose safe mode, or go into msconfig and in the Boot tab, check Safe Boot (which will make your machine boot into safe mode every time until you un-check it).

If you want to run a batch file to stop stuff, there are a few commands to know:

taskkill /im program you want to kill
(the /im switch means image name, which is what the program is called when you look at it in Task Manager under the Processes tab)

%SystemRoot%\Syswow64\TaskKill /F /IM program you want to kill
(if you try to kill a program with the regular taskkill command and it doesn't stop in Windows 7 64 bit, try this command instead)

Net Stop service you want to kill
(this is for stopping services by name, which you can find easily in the Task Manager in the Services tab)

SC stop service you want to kill
(an alternative if Net Stop doesn't work for you)

So, for example, a if you open a text file and enter:

taskkill /im winamp.exe
%SystemRoot%\Syswow64\TaskKill /F /IM digsby-app.exe
net stop spooler
sc stop themes


Then save the file as a .bat and run it, it would try to stop Winamp, Digsby, the Print Spooler service, and the Themes service.

Remember, if you write a batch file like this, all the commands may not work properly unless you run it as an Administrator (right click, Run As Administrator).
posted by Menthol at 9:52 PM on March 31, 2011


If you're looking to prevent *brand new* accounts from loading their profile startup items, you'll have to disable them via editing the default profile. You'll want to load the NTUSER.DAT file in REGEDIT, located in c:\users\default\. I usually load Hives in HKU (Hkey_Users) and name it "bob" or anything...the name won't matter.

From there you'll want to clear out everything in "bob" let's say under the following keys:
HKU/Bob/Software/Microsoft/Windows/CurrentVersion/Run
HKU/Bob/Software/Microsoft/Windows/CurrentVersion/RunOnce

Select "Bob" and unload the hive, to make sure it does not remain locked.

Also navigate into your C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs area and delete items found in "Startup" if it exists.

This will essentially stop the start-up items from appearing that are coming from the Default Profile. Normally this is fairly empty by default, unless something has been copied into it. You'll also want to check the "startup" in C:\ProgramData\Microsoft\Windows\Start Menu\Programs as that will be what runs for ALL users.

Heed fatbird's advice here though. With Windows you're going to have things launching after login that are occuring on multiple runlevels. Some are single user based, some are all users based, and some are system level. For system level, you won't find a way to easily have a clean slate login without rebooting Windows into a different mode...

...however what you could work on doing, is migrating all the "all user" based startup items to your own profile. You'd have to then copy the disabled versions into the allusers startup. They keys you're looking for are basically:

HKLM/Software/Microsoft/Windows/CurrentVersion/Run (and runonce)
HKCU/Software/Microsoft/Windows/CurrentVersion/Run (and runonce)

You'll need to export from HKLM and import them into HKCU (use notepad, to replace all instances of HKEY_LOCAL_MACHINE with HKEY_CURRENT_USER.

You'd then disable all items in your profile, and go back to regedit to copy the -disabled version of those keys back to HKEY_LOCAL_MACHINE.

Once this is all done...you'll notice duplicates in msconfig for every item...you would want to enable just the HKCU ones for your profile....when you log into a different account, you wont' see duplicates, but can enable the system wide HKLM versions of those startup items from there.

(trying to keep this as short as possible since its not an easy task...but if you like the idea I can help more step by step via PMs).
posted by samsara at 10:11 PM on March 31, 2011


Best answer: Actually the more I look at the original post I think the 2nd half of what I'm suggesting is closer to what you want.

So the short version:

- Move all items from HKLM/Software/Microsoft/Windows/CurrentVersion/Run to
HKCU/Software/Microsoft/Windows/CurrentVersion/Run

- Move all items from C:\ProgramData\Microsoft\Windows\Start Menu\Programs to C:\Users\(yourprofile)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

- Disable items in msconfig
- Copy flagged -disabled items back to HKLM and ProgramData's startup
- Re-enable items in msconfig only for HKCU and (yourprofile)'s startup
posted by samsara at 10:19 PM on March 31, 2011


While you can certainly do this, at some point you need to step back and ask yourself if it's actually a good idea. The configuration you'll end up with is so unlike any normal Windows setup that when something else breaks, the advice that works for most other people might not actually work for you; it's going to take a fair bit of work to set this up in any case, and in my experience the further you get from a default setup with Windows, the more pain and suffering you're creating for yourself. Windows does not reward individuality.

In my opinion you'd be far better off just globally uninstalling anything whose behavior you find irritating, and spending the time you'd otherwise be devoting to doing this kind of per-user fix on researching less-irritating alternatives.

I would personally never run AVG, ZoneAlarm and PeerBlock on the same Windows box at the same time. Hell, I probably wouldn't run any of those packages, ever. Just way, way too much fartarsing about and interruptions to my workflow. I'd reef them all out, install the free version of Panda Cloud Antivirus (without the Security Toolbar option - turn that off during installation) and be done with it.

You do need to be aware, though, that this advice is coming from a man who followed it himself, and ended up concluding that Windows itself was the ultimate cause of all this ridiculous aggro. These days, I run Debian.
posted by flabdablet at 10:54 PM on March 31, 2011


What I do :

Click Run
type cmd (get to "dos")
type regedit
hit (f3)
search RunOnce
Key above is Run
click Run
delete unwanted entries right window

cannot compress any further
posted by epjr at 11:00 PM on March 31, 2011


Response by poster: After a bit of sleep, I think I can provide a little more clarity by redefining the problem (and I think samsara is kind of proposing a solution already):

1. I've installed a bunch of programs like AVG, ZoneAlarm, iTunes, etc.

2. Instead of being associated with the user profile I installed them under (my "main" profile), they've decided to associate themselves with all profiles, even brand new ones.

3. I'd like to make a new profile, and have none of those programs associated with it.

4. So the new profile would be a fresh profile, one without any programs installed in my "main" profile carrying over to it.

I'd don't understand flabdablet's perspective that this could somehow break Windows (not that I think he's wrong, I just don't understand this stuff entirely). These are programs I installed, and could uninstall. So having a profile that doesn't have them installed doesn't seem like super crazy talk. It's just running a profile as though I never installed AVG, iTunes, etc.

Debian is not an option. I can't run a lot of the software I want to run under Linux.
posted by Shepherd at 2:18 AM on April 1, 2011


It might help to know -why- you want to set up a windows profile with all of the protection removed. Why would you want to create a profile with no antivirus or firewall?
posted by DWRoelands at 5:25 AM on April 1, 2011


Best answer: It sounds like you need to find a way to dual boot, rather than just having a new user. That way one installation of win7 would have everything, and the other would have nothing, and there would be no connection between the two. I know you can do this with multiple different operating systems, but I don't know if you can do this with just win7
posted by markblasco at 8:19 AM on April 1, 2011


Best answer: You can have multiple installs of Windows 7 on a single machine, handled by the bootmgr. (menu selection at startup). Best practice is to assign a different drive or partition per installation.
posted by samsara at 8:24 AM on April 1, 2011


1. I've installed a bunch of programs like AVG, ZoneAlarm, iTunes, etc.

2. Instead of being associated with the user profile I installed them under (my "main" profile), they've decided to associate themselves with all profiles, even brand new ones.


As they say in so many Microsoft knowledge base articles: this behavior is by design.

In general, there is no "association" between an installed app itself (as opposed to its usage settings) and a user profile. When you install an app on a Windows box, its executables and other support files go in a subfolder of C:\Program Files, a globally accessible folder, and assorted registration stuff goes into subkeys of the HKEY_LOCAL_MACHINE registry hive, also globally accessible.

Apps can maintain settings associated with a given user profile, but in general, the normal process of installing an app installs it system-wide. That's why you generally need to use an account with administrative rights to perform software installation on a Windows box.

There are exceptions to this rule (for example, I believe Google Earth does all the right things if you install it inside a user's profile folder rather than into C:\Program Files) but they're definitely not the norm. Things that need to put hooks deep inside Windows in order to do their jobs, like antivirus scanners and firewalls, will definitely not be happy unless installed system-wide.
posted by flabdablet at 10:08 PM on April 1, 2011


« Older Help me turn it up to 11   |   Toddler Not Speaking Newer »
This thread is closed to new comments.