Creating a clean Win7 user with no startup programs
March 31, 2011 8:26 PM   Subscribe

You're making a category error here: Windows doesn't start up items on a per user basis, for the most part. When you install AVG, say, it's installed as a service, meaning a system-wide program. You can look at the services in the control panel and see that they're started independently of any user account by being run under a system account like NETWORK or something like that. They're started before anyone logs in, if you don't have auto-login enabled.

You could create an account that runs a script you write that kills those services, but there's no way to create an account that doesn't have those services running on login.
posted by fatbird at 8:33 PM on March 31, 2011

There are two startup directories. One is global, and things put into it will start up for every user. The other is account-specific, and things in that directory only start for that particular user.

The first one is:

...well, I'm not exactly sure. I know where it ought to be, but it isn't there on my system.

The second one is:

C:\Users\YourName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

That's considered a "protected system" file so it's hidden unless you expose system files.

This tool (autoruns) lets you see the global startup file and turn things off. Be ***VERY*** ***CAREFUL*** with it; you can royally screw up your system if you turn off the wrong things.
posted by Chocolate Pickle at 9:37 PM on March 31, 2011 [1 favorite]

Well, I'm not sure what you want to do, but one option is to just boot into safe mode. Either hold down the F8 key while your computer is booting and choose safe mode, or go into msconfig and in the Boot tab, check Safe Boot (which will make your machine boot into safe mode every time until you un-check it).

If you want to run a batch file to stop stuff, there are a few commands to know:

taskkill /im program you want to kill
(the /im switch means image name, which is what the program is called when you look at it in Task Manager under the Processes tab)

%SystemRoot%\Syswow64\TaskKill /F /IM program you want to kill
(if you try to kill a program with the regular taskkill command and it doesn't stop in Windows 7 64 bit, try this command instead)

Net Stop service you want to kill
(this is for stopping services by name, which you can find easily in the Task Manager in the Services tab)

SC stop service you want to kill
(an alternative if Net Stop doesn't work for you)

So, for example, a if you open a text file and enter:

taskkill /im winamp.exe
%SystemRoot%\Syswow64\TaskKill /F /IM digsby-app.exe
net stop spooler
sc stop themes

Then save the file as a .bat and run it, it would try to stop Winamp, Digsby, the Print Spooler service, and the Themes service.

Remember, if you write a batch file like this, all the commands may not work properly unless you run it as an Administrator (right click, Run As Administrator).
posted by Menthol at 9:52 PM on March 31, 2011

If you're looking to prevent *brand new* accounts from loading their profile startup items, you'll have to disable them via editing the default profile. You'll want to load the NTUSER.DAT file in REGEDIT, located in c:\users\default\. I usually load Hives in HKU (Hkey_Users) and name it "bob" or anything...the name won't matter.

From there you'll want to clear out everything in "bob" let's say under the following keys:
HKU/Bob/Software/Microsoft/Windows/CurrentVersion/Run
HKU/Bob/Software/Microsoft/Windows/CurrentVersion/RunOnce

Select "Bob" and unload the hive, to make sure it does not remain locked.

Also navigate into your C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs area and delete items found in "Startup" if it exists.

This will essentially stop the start-up items from appearing that are coming from the Default Profile. Normally this is fairly empty by default, unless something has been copied into it. You'll also want to check the "startup" in C:\ProgramData\Microsoft\Windows\Start Menu\Programs as that will be what runs for ALL users.

Heed fatbird's advice here though. With Windows you're going to have things launching after login that are occuring on multiple runlevels. Some are single user based, some are all users based, and some are system level. For system level, you won't find a way to easily have a clean slate login without rebooting Windows into a different mode...

...however what you could work on doing, is migrating all the "all user" based startup items to your own profile. You'd have to then copy the disabled versions into the allusers startup. They keys you're looking for are basically:

HKLM/Software/Microsoft/Windows/CurrentVersion/Run (and runonce)
HKCU/Software/Microsoft/Windows/CurrentVersion/Run (and runonce)

You'll need to export from HKLM and import them into HKCU (use notepad, to replace all instances of HKEY_LOCAL_MACHINE with HKEY_CURRENT_USER.

You'd then disable all items in your profile, and go back to regedit to copy the -disabled version of those keys back to HKEY_LOCAL_MACHINE.

Once this is all done...you'll notice duplicates in msconfig for every item...you would want to enable just the HKCU ones for your profile....when you log into a different account, you wont' see duplicates, but can enable the system wide HKLM versions of those startup items from there.

(trying to keep this as short as possible since its not an easy task...but if you like the idea I can help more step by step via PMs).
posted by samsara at 10:11 PM on March 31, 2011

While you can certainly do this, at some point you need to step back and ask yourself if it's actually a good idea. The configuration you'll end up with is so unlike any normal Windows setup that when something else breaks, the advice that works for most other people might not actually work for you; it's going to take a fair bit of work to set this up in any case, and in my experience the further you get from a default setup with Windows, the more pain and suffering you're creating for yourself. Windows does not reward individuality.

In my opinion you'd be far better off just globally uninstalling anything whose behavior you find irritating, and spending the time you'd otherwise be devoting to doing this kind of per-user fix on researching less-irritating alternatives.

I would personally never run AVG, ZoneAlarm and PeerBlock on the same Windows box at the same time. Hell, I probably wouldn't run any of those packages, ever. Just way, way too much fartarsing about and interruptions to my workflow. I'd reef them all out, install the free version of Panda Cloud Antivirus (without the Security Toolbar option - turn that off during installation) and be done with it.

You do need to be aware, though, that this advice is coming from a man who followed it himself, and ended up concluding that Windows itself was the ultimate cause of all this ridiculous aggro. These days, I run Debian.
posted by flabdablet at 10:54 PM on March 31, 2011 [1 favorite]

What I do :

Click Run
type cmd (get to "dos")
type regedit
hit (f3)
search RunOnce
Key above is Run
click Run
delete unwanted entries right window

cannot compress any further
posted by epjr at 11:00 PM on March 31, 2011

It might help to know -why- you want to set up a windows profile with all of the protection removed. Why would you want to create a profile with no antivirus or firewall?
posted by DWRoelands at 5:25 AM on April 1, 2011

1. I've installed a bunch of programs like AVG, ZoneAlarm, iTunes, etc.

2. Instead of being associated with the user profile I installed them under (my "main" profile), they've decided to associate themselves with all profiles, even brand new ones.

As they say in so many Microsoft knowledge base articles: this behavior is by design.

In general, there is no "association" between an installed app itself (as opposed to its usage settings) and a user profile. When you install an app on a Windows box, its executables and other support files go in a subfolder of C:\Program Files, a globally accessible folder, and assorted registration stuff goes into subkeys of the HKEY_LOCAL_MACHINE registry hive, also globally accessible.

Apps can maintain settings associated with a given user profile, but in general, the normal process of installing an app installs it system-wide. That's why you generally need to use an account with administrative rights to perform software installation on a Windows box.

There are exceptions to this rule (for example, I believe Google Earth does all the right things if you install it inside a user's profile folder rather than into C:\Program Files) but they're definitely not the norm. Things that need to put hooks deep inside Windows in order to do their jobs, like antivirus scanners and firewalls, will definitely not be happy unless installed system-wide.
posted by flabdablet at 10:08 PM on April 1, 2011

This thread is closed to new comments.