$strComputer = "." $colItems = get-wmiobject -class "Win32_StartupCommand" -namespace "root\CIMV2" ` -computername $strComputer foreach ($objItem in $colItems) { write-host "Caption: " $objItem.Caption write-host "Command: " $objItem.Command write-host "Description: " $objItem.Description write-host "Location: " $objItem.Location write-host "Name: " $objItem.Name write-host "Setting ID: " $objItem.SettingID write-host "User: " $objItem.User write-host }
Output
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT AUTHORITY\LOCAL SERVICE
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT AUTHORITY\NETWORK SERVICE
Caption: OneDrive
Command: “C:\Users\Homelab\AppData\Local\Microsoft\OneDrive\OneDrive.exe” /background
Description: OneDrive
Location: HKU\S-1-5-21-3837425611-1028152604-2918990385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDrive
Setting ID:
User: HOMELAB\Homelab
Caption: GoogleChromeAutoLaunch_1089963C18A81BB97CF58E9A06EFB3F0
Command: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –no-startup-window /prefetch:5
Description: GoogleChromeAutoLaunch_1089963C18A81BB97CF58E9A06EFB3F0
Location: HKU\S-1-5-21-3837425611-1028152604-2918990385-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: GoogleChromeAutoLaunch_1089963C18A81BB97CF58E9A06EFB3F0
Setting ID:
User: HOMELAB\Homelab
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-80-1549978933-2891762758-2075524219-3728768389-1145206490\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT SERVICE\SSASTELEMETRY
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-80-2575449109-2369498003-86869817-2770163484-1998650617\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT SERVICE\SSISTELEMETRY150
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT SERVICE\SQLTELEMETRY
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT SERVICE\MSSQLServerOLAPService
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-80-309224134-970686483-1999427595-3240087295-3167920316\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT SERVICE\MsDtsServer150
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT SERVICE\MSSQLFDLauncher
Caption: OneDriveSetup
Command: C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
Description: OneDriveSetup
Location: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: OneDriveSetup
Setting ID:
User: NT SERVICE\MSSQLSERVER
Caption: Big Free Clock
Command: C:\PROGRA~2\BIGFRE~1\bigclock.exe
Description: Big Free Clock
Location: Common Startup
Name: Big Free Clock
Setting ID:
User: Public
Caption: SecurityHealth
Command: %ProgramFiles%\Windows Defender\MSASCuiL.exe
Description: SecurityHealth
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: SecurityHealth
Setting ID:
User: Public
Caption: RTHDVCPL
Command: “C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe” -s
Description: RTHDVCPL
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: RTHDVCPL
Setting ID:
User: Public
Caption: RtsCM
Command: RTSCM64.EXE
Description: RtsCM
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: RtsCM
Setting ID:
User: Public
Caption: IAStorIcon
Command: “C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe” “C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” 60
Description: IAStorIcon
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: IAStorIcon
Setting ID:
User: Public
tags: MrNetTek