How do I run an administrative program (that needs my permission to start) every time I log in and prevent the "Windows has blocked some startup programs" message?
Windows Vista prevents administrative programs that need your permission to start
from running automatically when you log in if they are being started from the normal
"run" registry keys or startup folders.
However, you can allow an administrative program to start when you log in by creating
a scheduled task.
Startup Program Unblocker
I have created a program that automates this process for you. You can download it
here:
Download Startup
Program Unblocker (English and French)
Download Startup
Program Unblocker (French only)
(Thanks to Microsoft MVP Laurent Gébeau of
toutwindows.com
for translating this program into French)
How to do it manually
Note: This only works if you are an administrator. You cannot cause an administrative
program to automatically start on a standard user's desktop.
- Click start
- Type: task scheduler
- Press enter
- Click create
task in the right
- Type a name for the task
- Put a check next to the box
that says 'run with highest privileges'
- Click on the Trigers tab
- Click
New
- Click on the dropdown next to "Begin the task", select At log on
-
Put a check next to 'specific user or group'
- Click OK
- Click the actions
tab
- Click New
- Click browse
- Find the program you want to run
-
Click Open
- Click OK
- Click OK
So... why exactly does Windows block administrative programs from running when I
log on?
Most programs cause themselves to start every time you log in by placing an entry
in your startup folder, your run registry key, or the system-wide startup folder
or run key.
Because your startup folder and personal run registry key can be written to by non-administrative
programs, Windows cannot allow administrative programs that are started from these
locations to run without prompting you. This would allow untrusted non-administrative
programs to place malware in these locations that would be started with admin privileges
when you next logged on.
However, it is also unacceptable to allow administrative programs that are started
from these locations to prompt for your consent every time you start up your computer.
Besides being extremely annoying, a malicous program could potentially put hundreds
of malicious administrative programs in these locations, creating an endless series
of prompts for you to deal with, creating a denial-of-service scenario.
Since neither option is desirable, Microsoft decided to disallow administrative
applications from starting automatically from these locations.
It would also be inappropriate to allow administrative programs to be launched from
the machine-wide startup folder and run registry location, since administrative
programs can only be started inside of administrative accounts, or from a standard
user account with an administrator's credentials entered on-demand.
The reason the task scheduler solution is allowed to work is because non-administrative
programs cannot create scheduled tasks, so there is no way for malware to abuse
this service in the way that is possible with the other startup methods.