What do you know about Windows RunOnce?

Do you know the RunOnce key in the registry? If you do not know we will talk about it below, after we see what it does.

Various programs and services can add a command there, which will run once on the next startup of Windows and then be deleted.

However, Windows supports several options to force the key not to be deleted, which is wrong. Especially if you advertise it.

RunOnce can (as mentioned above) be found in the registry by following the (HKLM) and (HKCU) paths.

• HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce
• HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce

These keys are used by various applications by placing entries so that they can, for example, start certain operations on the first boot after installation.

But anyone could do the same malicious software. He could just pass his orders there. This wouldn't be much of a problem if RunOnce ran a command on startup and then automatically deleted it.

But Microsoft seems to have published since 2018, a webσελίδα with more information about the Run and RunOnce keys. By default, the value of the RunOnce key is cleared before the command line is run.

But Microsoft says:

You can append the name of a RunOnce value with an exclamation mark (!) to defer deleting the value until after the command has run. Without the exclamation mark, the associated program will not run the next time o is started computer you if the RunOnce operation fails.

There's even one more option that malicious users will love. Adding an asterisk (*) before the name of a value will run the command contained in RunOnce instead of ignoring it in safe mode.

The icing on the cake is Microsoft warning that a program running on these keys should not write its own key when it runs, as this will affect other programs that have RunOnce entries.

It states that applications should use the RunOnce key only temporarily, such as to complete the application setup. An application should not constantly create entries in RunOnce as this will affect the installation of Windows.