MED-V V2: Additional Guidance for Launching Startup Programs in MED-V V2
In many situations, there are times when you need to remediate an application using MED-V that requires one or more components to be resident at user logon/startup. These type of programs can certainly be remediated with MED-V. it is important to understand that while there are several ways of doing this in Windows, but not all of those ways will work within MED-V. Typically, the options for startup upon user login include:
- Launching in the System Tray: These applications will automatically launch and will be published to the host system tray with a “(Remote)” option. No additional configuration should be necessary when running these types of applications under MED-V.
- Launching via the “Run” key (in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run): These applications will also automatically start when the user logs in and no additional configuration should be necessary when running these types of applications under MED-V.
- Launching via the “Startup” Program Group in the Windows Start Menu: Here is where you will run into problems. Since Explorer.exe is not the shell used when launching applications in MED-V (RDPShell is) the Startup program group shortcuts will not be launched.
Additional Options for Launching Shortcuts
Since the shortcut contains vital information such as working directory, command line arguments, etc., simply putting the command into the Run key will not suffice as a workaround in many cases. You can, however, configure the run key to process the shortcut .LNK file by adding the entry to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run as a REG_SZ value (give it a name of your choice) and use the following syntax for launching the application:
cmd /c start "window name" <PATH><NAME>.LNK
Please Note: The “Window Name” is not optional and must be in quotes. The name can be whatever you choose so long as the path is valid to the .LNK file of the shortcut.