禁用启动程序

时间:2018-10-07 21:01:11

标签: powershell registry startup disable

我希望使用PowerShell禁用启动程序列表。我已经走了很远,但后来撞墙了。目前,我无法获得第二个启动程序列表来像我的第一个列表一样很好地列出。

function Disable-Startups {
    [CmdletBinding()]
    Param(
        [parameter(DontShow = $true)]
        $32bit = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $32bitRunOnce = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $64bit = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $64bitRunOnce = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $currentLOU = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $currentLOURunOnce = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
    )

    Begin {
        $disableList = @(
            "iTunesHelper",
            "Cisco AnyConnect Secure Mobility Agent for Windows",
            "Ccleaner Monitoring",
            #"SunJavaUpdateSched",
            "Steam",
            "Discord"
        )
        New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | Out-Null
        $startups = Get-CimInstance Win32_StartupCommand | Select-Object Name,Location
    }
    Process {
        foreach ($startUp in $startUps){
            if ($startUp.Name -in $disableList){
                $number = ($startUp.Location).IndexOf("\")
                $location = ($startUp.Location).Insert("$number",":")
                Write-Output "Disabling $($startUp.Name) from $location)"
                #Remove-ItemProperty -Path "$location" -Name "$($startUp.name)" 
            }
        }

        $regStartList = Get-ItemProperty -Path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce | Format-List
    }
    End {}
}

因此,基本上,当$regStartList开始时,我想要每个注册表的每个项目的显示名称和位置,并将所有这些都放入一个变量中。但我无法列出这样一个不错的列表

Name                Location
----                --------
OneDriveSetup       HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OneDriveSetup       HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Send to OneNote     Startup
OneDrive            HKU\S-1-5-21-3687383513-804626811-2257261628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CCleaner Monitoring HKU\S-1-5-21-3687383513-804626811-2257261628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

但是即使我跑步,也要得到它。

$regStartList = Get-ItemProperty -Path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce | Select-Object name,location

name location
---- --------

由于某些原因,没有位置或名称/显示名称被抢劫。

编辑: 我回答了我自己的问题,但是如果有人有更好的问题,请告诉我。

$regStartList = Get-Item -path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce |
    Where-Object {$_.ValueCount -ne 0} | Select-Object  property,name

foreach ($regName in $regStartList.name) {
   $regNumber = ($regName).IndexOf("\")
   $regLocation = ($regName).Insert("$regNumber",":")
   if ($regLocation -like "*HKEY_LOCAL_MACHINE*"){
    $regLocation = $regLocation.Replace("HKEY_LOCAL_MACHINE","HKLM")
    write-host $regLocation
   }
   if ($regLocation -like "*HKEY_CURRENT_USER*"){
    $regLocation = $regLocation.Replace("HKEY_CURRENT_USER","HKCU")
    write-host $regLocation
   }
    foreach($disable in $disableList) {
       if (Get-ItemProperty -Path "$reglocation" -name "$Disable"-ErrorAction SilentlyContinue) {
            Write-host "yeah i exist"
            #Remove-ItemProperty -Path "$location" -Name "$($startUp.name)" -whatif
       }else {write-host "no exist"}
    }   

}

2 个答案:

答案 0 :(得分:1)

我想出了自己的解决方案。如果有人有更好的主意,请告诉我

$regStartList = Get-Item -path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce |
Where-Object {$_.ValueCount -ne 0} | Select-Object  property,name

foreach ($regName in $regStartList.name) {
   $regNumber = ($regName).IndexOf("\")
   $regLocation = ($regName).Insert("$regNumber",":")
   if ($regLocation -like "*HKEY_LOCAL_MACHINE*"){
    $regLocation = $regLocation.Replace("HKEY_LOCAL_MACHINE","HKLM")
    write-host $regLocation
   }
   if ($regLocation -like "*HKEY_CURRENT_USER*"){
    $regLocation = $regLocation.Replace("HKEY_CURRENT_USER","HKCU")
    write-host $regLocation
   }
    foreach($disable in $disableList) {
       if (Get-ItemProperty -Path "$reglocation" -name "$Disable"-ErrorAction SilentlyContinue) {
            Write-host "yeah i exist"
            #Remove-ItemProperty -Path "$location" -Name "$($startUp.name)" -whatif
       }else {write-host "no exist"}
    }   

}

答案 1 :(得分:0)

至此...

  

由于某些原因,没有可获取的位置或名称/显示名称   抓住。

..那是正确的

 Get-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run' | Select-Object -Property *


AutoStartVMA : {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
OneDrive     : {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved
PSChildName  : Run
PSDrive      : HKCU
PSProvider   : Microsoft.PowerShell.Core\Registry


Get-ItemProperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run' | Get-Member


   TypeName: System.Management.Automation.PSCustomObject

Name         MemberType   Definition                                                                                                                                  
----         ----------   ----------                                                                                                                                  
Equals       Method       bool Equals(System.Object obj)                                                                                                              
GetHashCode  Method       int GetHashCode()                                                                                                                           
GetType      Method       type GetType()                                                                                                                              
ToString     Method       string ToString()                                                                                                                           
AutoStartVMA NoteProperty byte[] AutoStartVMA=System.Byte[]                                                                                                           
OneDrive     NoteProperty byte[] OneDrive=System.Byte[]                                                                                                               
PSChildName  NoteProperty string PSChildName=Run                                                                                                                      
PSDrive      NoteProperty PSDriveInfo PSDrive=HKCU                                                                                                                    
PSParentPath NoteProperty string PSParentPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved
PSPath       NoteProperty string PSPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run  
PSProvider   NoteProperty ProviderInfo PSProvider=Microsoft.PowerShell.Core\Registry

OP更新

我一直在处理您的请求,当我看到您的更新时正要回发。

好吧,您问是否还有另一种方法。因此,这是我在看到您的更新之前想到的。当然,我必须在“禁用列表”中添加一些项目才能显示两个结果。

#Startup List
function Disable-Startups 
{
    [CmdletBinding()]

    Param
    (
        [parameter(DontShow = $true)]
        $32bit = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $32bitRunOnce = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $64bit = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $64bitRunOnce = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce",
        [parameter(DontShow = $true)]
        $currentLOU = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
        [parameter(DontShow = $true)]
        $currentLOURunOnce = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
    )

    begin 
    {
        $disableList = @(
        'SecurityHealth'
        'OneDrive',
        'iTunesHelper',
        'Cisco AnyConnect Secure Mobility Agent for Windows',
        'Ccleaner Monitoring',
        #'SunJavaUpdateSched',
        'Steam',
        'Discord'
        )
        New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS | 
        out-null
        $startups = Get-CimInstance Win32_StartupCommand | 
        Select-Object Name,Location
    }
    process 
    {
        Get-Item -path $32bit,$32bitRunOnce,$64bit,$64bitRunOnce,$currentLOU,$currentLOURunOnce |
        Where-Object {$_.ValueCount -ne 0} | 
        Select-Object  @{Name = 'Location';Expression = {$_.name -replace 'HKEY_LOCAL_MACHINE','HKLM' -replace 'HKEY_CURRENT_USER','HKCU'}},
        @{Name = 'Name';Expression = {$_.Property}} | 
        %{
            ForEach($disableListName in $disableList)
            {
                If($_.Name -contains $disableListName)
                { $_ | Select-Object -Property Location,Name }
                Else
                { Write-Warning -Message "$disableListName not found in registry" }
            }
        }
    }
    end {}
}
Clear-Host
Disable-Startups

# Results

WARNING: OneDrive not found in registry
WARNING: iTunesHelper not found in registry
WARNING: Cisco AnyConnect Secure Mobility Agent for Windows not found in registry
WARNING: Ccleaner Monitoring not found in registry
WARNING: Steam not found in registry
WARNING: Discord not found in registry
WARNING: SecurityHealth not found in registry
WARNING: OneDrive not found in registry
WARNING: iTunesHelper not found in registry
WARNING: Cisco AnyConnect Secure Mobility Agent for Windows not found in registry
WARNING: Ccleaner Monitoring not found in registry
WARNING: Steam not found in registry
WARNING: Discord not found in registry
WARNING: SecurityHealth not found in registry
WARNING: iTunesHelper not found in registry
WARNING: Cisco AnyConnect Secure Mobility Agent for Windows not found in registry
WARNING: Ccleaner Monitoring not found in registry
WARNING: Steam not found in registry
WARNING: Discord not found in registry
Location                                           Name                                
--------                                           ----                                
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {SecurityHealth, MacDrive 10 helper}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {OneDrive, AutoStartVMA}
相关问题
最新问题