Post Upgrade to Windows Server 2025; process auto-starts under "SYSTEM" account

Hi,

I hope this message finds you well. Based on your description, it appears that:

• The automation workflow (via TestComplete) runs maps_setup.exe under the intended user account MAPSDEVTEST.

After installation, uninstallation, and reboot, maps_setup.exe is found running under the SYSTEM account, which is unexpected.

Possible Causes

    **Scheduled Task or Service Trigger**

• The installer may register a scheduled task or Windows service that launches maps_setup.exe post-reboot under SYSTEM.
• Check Task Scheduler and Services.msc for any entries related to MAPS. Installer Behavior
  • Some installers include post-install hooks or reboot persistence mechanisms that elevate execution context.
  • Review the installation logs or MSI parameters to confirm whether SYSTEM-level execution is embedded.
  TestComplete Execution Context
  • If TestComplete launches the installer with elevated privileges or via a wrapper script, it may inadvertently trigger SYSTEM-level execution.
  Group Policy or Startup Scripts
  • Confirm that no domain-level GPOs or local startup scripts are configured to launch maps_setup.exe on boot.

Recommended Next Steps

1. Audit Startup Entries

Run:

powershell

Get-CimInstance Win32_StartupCommand

• Check registry paths:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

- `HKLM\SYSTEM\CurrentControlSet\Services`

1. Review Scheduled Tasks

Open Task Scheduler and filter by tasks running under SYSTEM.

• Look for any MAPS-related triggers.

1. Check Installer Parameters
   • If available, review the maps_setup.exe documentation or run with /log or /verbose flags to inspect behavior.
2. Monitor Execution Flow
   • Use Process Monitor (ProcMon) to trace the origin of the SYSTEM-level launch during reboot.

Let me know if you'd like help analyzing the startup entries or reviewing the installer behavior. I’d be happy to assist further in narrowing down the root cause.

Best regards,

Quinnie Quoc.