What do you know about Windows RunOnce?

Do you know the RunOnce key in the registry? If you do not know we will talk about it below, after we see what it does.

Various programs and services can add some command there, which will run once on their next startup and then it will be deleted.

However, Windows supports several options to force the key not to be deleted, which is wrong. Especially if you advertise it.Windows settings

RunOnce can (as mentioned above) be found in the registry by following the (HKLM) and (HKCU) paths.

  • HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce
  • HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce

These keys are used by various applications by placing entries so that they can, for example, start certain operations on the first boot after installation.

But any malware could do the same. He could just pass his orders there. This would not be a big problem if RunOnce ran a command at startup and then deleted it automatically.

But Microsoft seems to have published since 2018, a with more information about the Run and RunOnce keys. From before, the value of the RunOnce key is cleared before the command line is executed.

But Microsoft says:

You can add the name of a RunOnce value with an exclamation mark (!) To postpone deleting the value until after the command is executed. Without the exclamation mark, the relevant it will not run the next time o is started you if the RunOnce operation fails.

There is even one option that malicious users will love. If you add an asterisk (*) before the name of a value it will run the command in RunOnce instead of ignoring it in safe mode.

The icing on the cake is Microsoft warning that a program running on these keys should not write its own key when it runs, as this will affect other programs that have RunOnce entries.

It states that applications should use the RunOnce key only temporarily, such as to complete the application setup. An application should not constantly create entries in RunOnce as this will affect the installation of Windows.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

windowsWindows 10

Windows, windows 10, windows 11, RunOnce, runonce registry location, runonce registry example, iguru, iguru.gr

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).