How do I run an administrative program (that needs my permission to start) every time I log in and prevent the "Windows has blocked some startup programs" message?

Windows Vista prevents administrative programs that need your permission to start from running automatically when you log in if they are being started from the normal "run" registry keys or startup folders.

However, you can allow an administrative program to start when you log in by creating a scheduled task.

Startup Program Unblocker

I have created a program that automates this process for you. You can download it here:

Download Startup Program Unblocker (English and French)
Download Startup Program Unblocker (French only)

(Thanks to Microsoft MVP Laurent Gebeau of toutwindows.com for translating this program into French)

How to do it manually

Note: This only works if you are an administrator. You cannot cause an administrative program to automatically start on a standard user's desktop.

  1. Click start
  2. Type: task scheduler
  3. Press enter
  4. Click create task in the right
  5. Type a name for the task
  6. Put a check next to the box that says 'run with highest privileges'
  7. Click on the Trigers tab
  8. Click New
  9. Click on the dropdown next to "Begin the task", select At log on
  10. Put a check next to 'specific user or group'
  11. Click OK
  12. Click the actions tab
  13. Click New
  14. Click browse
  15. Find the program you want to run
  16. Click Open
  17. Click OK
  18. Click OK

So... why exactly does Windows block administrative programs from running when I log on?

Most programs cause themselves to start every time you log in by placing an entry in your startup folder, your run registry key, or the system-wide startup folder or run key.

Because your startup folder and personal run registry key can be written to by non-administrative programs, Windows cannot allow administrative programs that are started from these locations to run without prompting you. This would allow untrusted non-administrative programs to place malware in these locations that would be started with admin privileges when you next logged on.

However, it is also unacceptable to allow administrative programs that are started from these locations to prompt for your consent every time you start up your computer. Besides being extremely annoying, a malicous program could potentially put hundreds of malicious administrative programs in these locations, creating an endless series of prompts for you to deal with, creating a denial-of-service scenario.

Since neither option is desirable, Microsoft decided to disallow administrative applications from starting automatically from these locations.

It would also be inappropriate to allow administrative programs to be launched from the machine-wide startup folder and run registry location, since administrative programs can only be started inside of administrative accounts, or from a standard user account with an administrator's credentials entered on-demand.

The reason the task scheduler solution is allowed to work is because non-administrative programs cannot create scheduled tasks, so there is no way for malware to abuse this service in the way that is possible with the other startup methods.