Showing results for 
Show  only  | Search instead for 
Did you mean: 
Engaged Sweeper III
I was looking at the report "Autorun: High number of autorun items" and it was reporting about 70 of my computers had over 4000 autorun items. To investigate further I made a report to show all Autorun items and the number of computers. I'm curious to know why these .dll's and .exe's are reported as Autorun items by Lansweeper. Here are a few examples:

simpdata Common Startup simpdata.tlb 74
slayerxp Common Startup slayerxp.dll 74
slbcsp Common Startup slbcsp.dll 74
sensapi Common Startup sensapi.dll 74
share Common Startup share.exe 74
shell Common Startup shell.dll 74
shmedia Common Startup shmedia.dll 74
rtutils Common Startup rtutils.dll 74
rundll32 Common Startup rundll32.exe 74
samsrv Common Startup samsrv.dll 74
sapi.cpl Common Startup sapi.cpl.manifest 74
qasf Common Startup qasf.dll 74
qmgrprxy Common Startup qmgrprxy.dll 74
rasapi32 Common Startup rasapi32.dll 74
rasman Common Startup rasman.dll 74
rexec Common Startup rexec.exe 74
route Common Startup route.exe 74
rdshost Common Startup rdshost.exe 74
recover Common Startup recover.exe 74
regedt32 Common Startup regedt32.exe
Engaged Sweeper III
I'm running the latest version.

Database schema: 19
Website version: 4034

I looked at the date of last scan foe all of the Autorun items in question and they were from back in 2011. I blew away all the rows in tblAutorun and did a full rescan of some of the machines experiencing the issue and it looks like it no longer detects them anymore.

Lansweeper Alumni
More recent Lansweeper versions skip autorun scanning for these kinds of machines and warn you that there is a configuration issue. (All other data is scanned normally.) Could you update your installation as per the instructions on page 103 and beyond of our online documentation.
Engaged Sweeper III
Now that I know how you were pulling that I figured out what it was! Thanks!

Problem Description:
'Win32_StartupCommand' returns thousands of files (4000+) that look like they are coming from the windows system32 folder (C:\Windows\System32)

If the windows registry string value "Startup" located at

"HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" has no value or points to a non-existant folder then the problem described above occurs. This folder can be pointed to a dummy folder that is empy to prevent this problem or you can set this value to:

"C:\Documents and Settings\Default User\Start Menu\Programs\Startup"
Lansweeper Alumni
Autorun info is pulled from the Win32_StartupCommand WMI class. Could you execute the command below on one of your client machines and verify the contents of the resulting lansweepertest.txt file. The results should match what is reported by Lansweeper for the machine.

c:\>wmic path win32_startupcommand >lansweepertest.txt
Engaged Sweeper III

Select Distinct Top 1000000 tblAutorun.Caption, tblAutorun.Location, tblAutorun.Command, Count(tblAutorun.AutorunID) As Count From tblAutorun Group By All tblAutorun.Caption, tblAutorun.Location, tblAutorun.Command Order By Count(tblAutorun.AutorunID) Desc

Lansweeper Alumni
Could you post the SQL code of the report you ran.