MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
AumHa VSOP » Silent Runners [r56]

Silent Runners [r56]

Silent Runners R56 checks four additional values in the HKLM...Control tree and allows IPv6 localhost addresses to be recognized in the HOSTS file. Minor changes have been made to output format.

It is recommended that you download Silent Runners R56 and delete earlier versions.

1. HKLM\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ImagePath
2. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
3. HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Execute
4. HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SetupExecute
--------------------------------------------------------------------------

I added these values for a variety of reasons:

Geert M ( http://www.runscanner.net/ ) recommended that I add 1, 3 and 4. Thanks, Geert!

Microsoft documents #1:
http://www.microsoft.com/technet/prodtechn...ntry/58555.mspx

An empty value exists by default for #4 in Vista.

I included #3 because, well, Autoruns checks it. (I can't seem to find anything else about it.)

I've saved #2 for last because it's the most interesting. I thank Jay S. of HandyNetworks.com for bringing it to my attention.

It's documented by Microsoft here:
http://msdn2.microsoft.com/en-us/library/a...784(VS.85).aspx

It turns out that it's an exceptionally powerful launch point, since it's accessed during login.


IPv6 localhost notation
-----------------------

Vista includes "::1" in the HOSTS file to point to localhost. This is
IPv6 shorthand for 127.0.0.1. Thanks to Jules C. for cluing me in.


Vista execution tip
-------------------

Silent Runners will be able to look at a lot more places in Vista if its run from an Administrative-level command prompt.

To get to such a command prompt, right-click on "Command Prompt" in the Start menu and choose "Run as Administrator". After clicking through the UA alert, cd to the Silent Runners directory and issue the following command: cscript "Silent Runners.vbs"

Note that the quotes are mandatory.

The launch points list on the web site has been updated.
http://www.silentrunners.org/sr_launchpoints.html

The updated script (R56) can be found here:
http://www.silentrunners.org/Silent%20Runners.vbs

A zipped version can be found here:
http://www.silentrunners.org/Silent%20Runners.zip

Posted Feb 28 2008, 12:03 PM by siljaline


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems