Random Apps Start up at Restart
I have a Windows 10 Pro workstation, domain joined, which is acting just a bit strangely. While I can live with it, I should know how to fix the behavior.
In the last few weeks, under my normal Standard User account, the workstation would come up with an unusual window opened. Unfortunately, I don't remember what that window was.
Now a different one is opening. This one can be opened running C:\Windows\System32\ncpa.cpl
And can also be opened by selecting "Change adapter settings" from Control Panel Network and Sharing Center.
The common startup folder is empty.
The User startup folder is empty.
I've looked at the registry RUN list and the app isn't there.
I've look at the Startup Apps in Settings and the app isn't there.
I figure there must be *somewhere* to look.
I'm wondering if Windows 10 now has some "feature" to reopen things at boot. It seems like I've seen that happen lately on other computers.. ??
It appears that this strange thing is only happening under my Standard User account. Well, at least it isn't happening under one other account on this computer.
In the last few weeks, under my normal Standard User account, the workstation would come up with an unusual window opened. Unfortunately, I don't remember what that window was.
Now a different one is opening. This one can be opened running C:\Windows\System32\ncpa.cpl
And can also be opened by selecting "Change adapter settings" from Control Panel Network and Sharing Center.
The common startup folder is empty.
The User startup folder is empty.
I've looked at the registry RUN list and the app isn't there.
I've look at the Startup Apps in Settings and the app isn't there.
I figure there must be *somewhere* to look.
I'm wondering if Windows 10 now has some "feature" to reopen things at boot. It seems like I've seen that happen lately on other computers.. ??
It appears that this strange thing is only happening under my Standard User account. Well, at least it isn't happening under one other account on this computer.
Download a copy of Microsoft Autoruns and review what it reports as running at startup/login. There is a surprising amount of "stuff" in most systems.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
ASKER
Bembi: The tenforums article was pretty interesting! But no solution there. In some cases, the settings of interest weren't even present although the Windows version met the requirement for it.
Restart apps after signing in was missing on the start/power menu.
Dr. Klahn: Autoruns didn't reveal the ncpa.cpl item...
So, it's still a mystery.
Restart apps after signing in was missing on the start/power menu.
Dr. Klahn: Autoruns didn't reveal the ncpa.cpl item...
So, it's still a mystery.
Accounts - Sign-in options ??
From an actual built...
or
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Reg DWORD RestartApps 0 or 1
From an actual built...
or
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Reg DWORD RestartApps 0 or 1
You may also in the policiy hive, possibly ist set by a GPO.
ASKER
Bembi: Here is one version from the target computer OS Build 19042.1052. It's on a domain and subject to GPOs which I control and know almost entirely.
Here is another from OS Build 19043.1110 in a WORKGROUP:
Here is another from OS Build 19043.1110 in a WORKGROUP:
- Perhaps update Windows further
- What do Event Viewer logs sections showcase pertaining to the time of this you last saw any error codes, or perhaps try ProcMon or Process Explorer to isolate the source of it if it and capture events happening
- Maybe try running from an elevated command prompt: sfc /scannow to see if it finds any errors
Yes sure , which each built you may have new features or others are gone.
I was just asking for the settings. If these are the affected machines, we can exclude this option.
I just made even the experience yesterday that Win 10 not neccessarily shows all settings if they are set via Policy.
So, even a Policy is set, the option is avalablöe and can be changed but doesn't has an effect or is reset.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Reg DWORD RestartApps 0 or 1
and
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon
may be just worth to check.
I was just asking for the settings. If these are the affected machines, we can exclude this option.
I just made even the experience yesterday that Win 10 not neccessarily shows all settings if they are set via Policy.
So, even a Policy is set, the option is avalablöe and can be changed but doesn't has an effect or is reset.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Reg DWORD RestartApps 0 or 1
and
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon
may be just worth to check.
ASKER
I'm in the midst of updating the OS version to 21H1.
We'll see if that changes anything.
In the process, I see that the program launch happens even when I log back in after a timeout.
As I recall, we have a GPO that forces a logoff after so much time of inactivity.
I don't know that I can easily tell the difference between a passworded screen saver logon and a logoff/logon. I should think that would be easy but I've not tried to see.
But, this tracks with other User accounts not having this issue.
We'll see if that changes anything.
In the process, I see that the program launch happens even when I log back in after a timeout.
As I recall, we have a GPO that forces a logoff after so much time of inactivity.
I don't know that I can easily tell the difference between a passworded screen saver logon and a logoff/logon. I should think that would be easy but I've not tried to see.
But, this tracks with other User accounts not having this issue.
The sceen save lock is not the same, here it was usual, that application stay open.
For a real logout is was definitely the default behaviour that all applications are closed until MS introduced this new feature. Admins used this to free up application, i.e. for updates.
As Microsoft is sometimes a bit far away from the real practise, its possible that the changed the default behaviour again.
Even if registry keys are not present, windows uses a default value.
This may also explain why not all users have this issue, depending from the question from which built they updated to a newer built. or which built they currently use.
So interesting what happens after the update.
For a real logout is was definitely the default behaviour that all applications are closed until MS introduced this new feature. Admins used this to free up application, i.e. for updates.
As Microsoft is sometimes a bit far away from the real practise, its possible that the changed the default behaviour again.
Even if registry keys are not present, windows uses a default value.
This may also explain why not all users have this issue, depending from the question from which built they updated to a newer built. or which built they currently use.
So interesting what happens after the update.
ASKER
OK.. I have it at 21H1 now.
The new version hasn't changed the behavior.
Even if registry keys are not present, windows uses a default value.OK. So the "value" has to reside somewhere, eh? I wouldn't know where to look.
The new version hasn't changed the behavior.
I posted the registry keys above..
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
look for Reg DWORD RestartApps 0 or 1
and
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon
and for any case also
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
look for Reg DWORD RestartApps 0 or 1
and
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon
and for any case also
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon
Definitely, try what Bembi suggested above first, examine the registry carefully.
Other thoughts:
Can you try AutoRuns? Or another tool to examine the startup further for investigating and scanning startup items. Or capture events with ProcMon to find other potential areas:
Other thoughts:
Can you try AutoRuns? Or another tool to examine the startup further for investigating and scanning startup items. Or capture events with ProcMon to find other potential areas:
- https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
- https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
- Maybe the behavior is tied to a Shell Extension:
- Is Fast startup enabled or disabled? And is there a difference when switched off?
- Maybe a fresh user profile won't encounter this issue when you test as a last resort, or perhaps try sfc /scannow from an elevated command prompt as admin to see if it finds any errors.
- Did you run a full antivirus scan on your station also? I doubt it's malware or virus activity, but always a good idea to double-check when you see odd behavior.
- Do you see any error codes or anything else in Event Viewer file logs?
ASKER
Bembi: Yes, I looked at all those registry keys to no avail...
When you said: "Even if registry keys are not present, windows uses a default value." I didn't know where to look for those default values.
Jazz Kaur:
Well I've done all those things and nothing seems to have changed.
But, it turns out that there *are* interesting errors.
A script launched by GPO included a servername which had changed....so that threw errors
re: This may also explain why not all users have this issue, depending from the question from which built they updated to a newer built. or which built they currently use.There is only one machine with various Users here.... so the builds and build history are the same. Or, did I misunderstand?
When you said: "Even if registry keys are not present, windows uses a default value." I didn't know where to look for those default values.
Jazz Kaur:
Well I've done all those things and nothing seems to have changed.
But, it turns out that there *are* interesting errors.
A script launched by GPO included a servername which had changed....so that threw errors
> When you said: "Even if registry keys are not present, windows uses a default value." I didn't know where to look for those default values.
This means, that the default value is handled by the OS.
You can change the behaviour by creating the value, but if the value is not present, the OS takes a defualt value.
Interesting would be what happens, ist you set manually
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Reg DWORD RestartApps = 0
This means, that the default value is handled by the OS.
You can change the behaviour by creating the value, but if the value is not present, the OS takes a defualt value.
Interesting would be what happens, ist you set manually
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Reg DWORD RestartApps = 0
ASKER
Bembi: Thank you! Well I'd already had set that registry item as you suggested.....
Jazz Kaur: I tried them all. Nothing jumps out that's obvious to me! :-)
The fast startup setting didn't change it.
Jazz Kaur: I tried them all. Nothing jumps out that's obvious to me! :-)
The fast startup setting didn't change it.
Mmh, sounds curious,
Jazz gave you the links to all the other tools.
Means sysinternals shows everything what may be conneted to autostart locations...
Due to this I would exclude all such sources.
If you can identify the file for the process (you said i.e. ncpa.cpl)
Have you tried to search the registry for that file? I mean, it will be there, but should not in the context of an automatic startup.
Also what I have in my mind is the MS technology preview program. Was it enabled on such machines?
Jazz gave you the links to all the other tools.
Means sysinternals shows everything what may be conneted to autostart locations...
Due to this I would exclude all such sources.
If you can identify the file for the process (you said i.e. ncpa.cpl)
Have you tried to search the registry for that file? I mean, it will be there, but should not in the context of an automatic startup.
Also what I have in my mind is the MS technology preview program. Was it enabled on such machines?
ASKER
Bembi: No MS technology preview program....
Good idea re:searching the registry. I hadn't done that yet.
ncpa.cpl, amongst many others is listed in both Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Control Panel\don't load
... and that's it...
Good idea re:searching the registry. I hadn't done that yet.
ncpa.cpl, amongst many others is listed in both Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Control Panel\don't load
... and that's it...
So, just to clarify...
If you boot the machine...
ncpa.cpl comes up if it was open before...
or it comes up intepended if it was open or not?
At least my imagination is, that everything what loads should be written somewhere. So windows has to remember something and there are not so much places, where they can be stored...
registry, we didn't find anything.
Startup options (sysinternals) didn't show anything.
So, left over....
- a batch file (bat, vbs, ps1 ot whatever)
- a policy / startup script (can be found in the registry)
--> but they have also be connected to startup items...
- An AD startup script (this is the only one which doesn't leave settings on the client)
- task manager job...
- any other internal function driven by a registry key (sometimes the options are not written in clear text into the registry).
- for win 10 I can have also some apps in my mind, which are doing some unusual things.
If you boot the machine...
ncpa.cpl comes up if it was open before...
or it comes up intepended if it was open or not?
At least my imagination is, that everything what loads should be written somewhere. So windows has to remember something and there are not so much places, where they can be stored...
registry, we didn't find anything.
Startup options (sysinternals) didn't show anything.
So, left over....
- a batch file (bat, vbs, ps1 ot whatever)
- a policy / startup script (can be found in the registry)
--> but they have also be connected to startup items...
- An AD startup script (this is the only one which doesn't leave settings on the client)
- task manager job...
- any other internal function driven by a registry key (sometimes the options are not written in clear text into the registry).
- for win 10 I can have also some apps in my mind, which are doing some unusual things.
ASKER
I tried the old trick of "do the opposite":
I added ncpa.cpl to the start at logon list.
It then opened at logon, but only one instance as before.
Then I disabled the added entry in the startup list.
It's still starting up at logon....
This is obviously not the end of the world but figuring things out is always useful.
I added ncpa.cpl to the start at logon list.
It then opened at logon, but only one instance as before.
Then I disabled the added entry in the startup list.
It's still starting up at logon....
This is obviously not the end of the world but figuring things out is always useful.
ASKER
I almost always close the window just because it's in the way.
So, no, it wasn't running each time there's been a restart.
So, no, it wasn't running each time there's been a restart.
If it wasn't running before a reboot, it can not have anything to do with the Win 10 feature from my ealier post.
This feature should just recreate the desktop as it looked before.
So if a single application starts independend from the fact that is was opened before or not, I would rather search the issue in the direction of statup scripts, policies, AD logon scripts etc.
As the content of such scripts is not directly searchable, possibly not easy to find, but at least connected to tha fact, that a startup script exists.
Have you checked if it is connected to the user or machine? What happens if a different user logs in?
This feature should just recreate the desktop as it looked before.
So if a single application starts independend from the fact that is was opened before or not, I would rather search the issue in the direction of statup scripts, policies, AD logon scripts etc.
As the content of such scripts is not directly searchable, possibly not easy to find, but at least connected to tha fact, that a startup script exists.
Have you checked if it is connected to the user or machine? What happens if a different user logs in?
Vice versa, what happens, if a user, where is happens, logons on a different machine?
ASKER
Bembi:
Yes, as I mentioned, other users don't have this issue on this computer (or others).
The same user, on other computers, doesn't have this issue.
Just for context, in this domain, we have over 60 computers and 30 users.
I "touch" many of those computers AND logon to them in various ways, including THIS user and others with the issue on THIS one computer with this ONE user.
Yes, as I mentioned, other users don't have this issue on this computer (or others).
The same user, on other computers, doesn't have this issue.
Just for context, in this domain, we have over 60 computers and 30 users.
I "touch" many of those computers AND logon to them in various ways, including THIS user and others with the issue on THIS one computer with this ONE user.
Can you describe the window a bit further that you're seeing what does it looks like a cmd window flash with some details or a particular message or bits of a message perhaps you catch?
The only thing I can think of as a last resort is to start fresh with a new user profile on the station and migrate your data.
The only thing I can think of as a last resort is to start fresh with a new user profile on the station and migrate your data.
ASKER
Jazz Kaur: Good idea if I knew how to do it gracefully. But then that would be a "fix" and I'm more interested in understanding this. I'd not know what had been fixed. So, yes, as you suggest: a last resort.
I guess, I never would have got an IT Expert, if I always would have choosen the fast path...
So, reinstalling something is very seldom for me.
I had the feeling that your question went into the direction to find the reason rather than to find a fast solution.
@Jazz, your "last resort" is absolute correct..., but it is the fast path :-)
According your other question, it is (lately) ncpa.cpl, so network connections.
Nevertheless there is always a reason why something happens, so the question is only, how much effort you want to put into a topic. And most of the solutions are simple, as far a you have found them...
So, to dig again into the topic...
What makes me a bit wondering is your descriptiption, that it happens only on one machine and only with one user account. And the negative test fails, it doesn't happen on other systems with the same user, nor with another user on the affected system.
So has to be a setting which happens in the user context and is limited to the local machine...
- local policies...
- task manager
Have you checked the policy result set? As it combines local policies with GPOs.
Also sheduled task can be triggered by logon events....
You said before
> In the process, I see that the program launch happens even when I log back in after a timeout.
Does it happen always, when you relogon to this machine?
This would at least confirm, that is is triggered by the logon event.
So, reinstalling something is very seldom for me.
I had the feeling that your question went into the direction to find the reason rather than to find a fast solution.
@Jazz, your "last resort" is absolute correct..., but it is the fast path :-)
According your other question, it is (lately) ncpa.cpl, so network connections.
Nevertheless there is always a reason why something happens, so the question is only, how much effort you want to put into a topic. And most of the solutions are simple, as far a you have found them...
So, to dig again into the topic...
What makes me a bit wondering is your descriptiption, that it happens only on one machine and only with one user account. And the negative test fails, it doesn't happen on other systems with the same user, nor with another user on the affected system.
So has to be a setting which happens in the user context and is limited to the local machine...
- local policies...
- task manager
Have you checked the policy result set? As it combines local policies with GPOs.
Also sheduled task can be triggered by logon events....
You said before
> In the process, I see that the program launch happens even when I log back in after a timeout.
Does it happen always, when you relogon to this machine?
This would at least confirm, that is is triggered by the logon event.
ASKER
Bembi: Thanks! Yes, I see the program launch when I log back in after a timeout. I'm doing this remotely but the local timeout is shorter than any remote timeout.
I ran RSOP under this Standard User and found two GPO settings applied:
Password protect the screen saver
Screen saver timeout
They are supposed to be there (and should be) except for a few special computers that we don't want to log out.
I've looked at Task Manager startup and see nothing interesting in the short list of Enabled items.
Just to see, I disabled everything that can be disabled - leaving 4 items.
No change in doing that....
I ran RSOP under this Standard User and found two GPO settings applied:
Password protect the screen saver
Screen saver timeout
They are supposed to be there (and should be) except for a few special computers that we don't want to log out.
I've looked at Task Manager startup and see nothing interesting in the short list of Enabled items.
Just to see, I disabled everything that can be disabled - leaving 4 items.
No change in doing that....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jazz Kaur and Bembi: Thank you both!
Jazz asked:
If you run ncpa.cpl the result is always "Network Connections". That's what I see consistently.
I only know how to launch it by running ncpa.cpl or going through Control Panel with mouse clicks. The result in doing either one is always the same.
I'm going to forego answering the other questions as we've found the problem!
1) There *was* a scheduled task set to run at startup. It would run a .bat file in C:\Program Files\Npca:
CheckStatus.bat
There was just this one task set to run at startup. I must say, finding it was most unexpected.
The .bat file was too complicated to quickly figure out.
2) I immediately suspected Wireshark w/ npcap. [which is NOT ncpa.cpl nor "ncpap" that's just a coincidence I believe]
3) First, I confirmed that Network Connections did not start using my admin account.
4) Then, I removed Wireshark AND npcap but noticed an OEM NPCAP install which I left alone.
5) Booted to my Standard User "fred" - Network Connections opened again.
6) Checked the installs and OEM NPCAP was now gone.
7) Logged off and back on. Network Connections did not open this time.
8) Rebooted and logged on Standard User "fred": Network Connections did not open this time.
So, the problem is solved it appears!!
Then, I reinstalled Wireshark 3.4.2 64-bit with npcap 1.00 from my download folder
Restarted the computer.
The problem didn't reappear.
Also, I believe this version of npcap installed with Wireshark is different than what I'd had; the list of installs shows NPCAP and not OEM NPCAP.
I believe the latter was installed with PRTG but I'm not going to test that idea right now.....
Also, I may well have renamed some network connections - which the .bat file may be sensitive to.
Thanks for sticking with this!!
Jazz asked:
"Yes, I see the program launch "No. W10:yes, Store:no, 3rdParty:no.
Are you seeing different program names each time or one, in particular, remerge each time? Are these W10-based apps or Microsoft Store popping up and windows or third-party program or a mix of apps\windows at random (both) overall?
If you run ncpa.cpl the result is always "Network Connections". That's what I see consistently.
I only know how to launch it by running ncpa.cpl or going through Control Panel with mouse clicks. The result in doing either one is always the same.
I'm going to forego answering the other questions as we've found the problem!
1) There *was* a scheduled task set to run at startup. It would run a .bat file in C:\Program Files\Npca:
CheckStatus.bat
There was just this one task set to run at startup. I must say, finding it was most unexpected.
The .bat file was too complicated to quickly figure out.
2) I immediately suspected Wireshark w/ npcap. [which is NOT ncpa.cpl nor "ncpap" that's just a coincidence I believe]
3) First, I confirmed that Network Connections did not start using my admin account.
4) Then, I removed Wireshark AND npcap but noticed an OEM NPCAP install which I left alone.
5) Booted to my Standard User "fred" - Network Connections opened again.
6) Checked the installs and OEM NPCAP was now gone.
7) Logged off and back on. Network Connections did not open this time.
8) Rebooted and logged on Standard User "fred": Network Connections did not open this time.
So, the problem is solved it appears!!
Then, I reinstalled Wireshark 3.4.2 64-bit with npcap 1.00 from my download folder
Restarted the computer.
The problem didn't reappear.
Also, I believe this version of npcap installed with Wireshark is different than what I'd had; the list of installs shows NPCAP and not OEM NPCAP.
I believe the latter was installed with PRTG but I'm not going to test that idea right now.....
Also, I may well have renamed some network connections - which the .bat file may be sensitive to.
Thanks for sticking with this!!
Awesome! I am glad this one got isolated!
Hi, perfect....
So, if you are interested in npcap OEM, than you may read this here...
https://nmap.org/npcap/oem/redist.html
npcap is needed by wireshark and bundled into the setup ( the free version).
The OEM version is a commercial variant....
So, if you are interested in npcap OEM, than you may read this here...
https://nmap.org/npcap/oem/redist.html
npcap is needed by wireshark and bundled into the setup ( the free version).
The OEM version is a commercial variant....
ASKER
Bembi: Yes. npcap was originally installed with Wireshark. Then I installed a recent version of PRTG which brings OEM NPCAP with it. I'll be doing that again one of these days so we'll see. This looks like a bug in the .bat file they install that's scheduled to run at startup.
I sure didn't expect that scheduled task! Good of you to suggest.
I sure didn't expect that scheduled task! Good of you to suggest.
ASKER
I finally found the cause but not the reason!
It started happening on another computer and the app opening at startup was a different one.
The first computer was opening ncpa.cpl.
The second computer began opening Event Viewer as Administrator so was asking for admin credentials first.
Each of these had a desktop shortcut icon.
I tend to use lots of desktop icons so these culprits are only examples of what could have been, but yet were unique in this startup behavior.
Deleting just those particular desktop icons solved the "problem".
WHY? BUT WHY? ARGHHH!! Ha. Really no need to satisfy my curiosity.....
It started happening on another computer and the app opening at startup was a different one.
The first computer was opening ncpa.cpl.
The second computer began opening Event Viewer as Administrator so was asking for admin credentials first.
Each of these had a desktop shortcut icon.
I tend to use lots of desktop icons so these culprits are only examples of what could have been, but yet were unique in this startup behavior.
Deleting just those particular desktop icons solved the "problem".
WHY? BUT WHY? ARGHHH!! Ha. Really no need to satisfy my curiosity.....
ASKER
New observation:
It seems that the app that starts at boot not only has a desktop shortcut icon but ALSO the location of the icon on the desktop is:
One over from the left column of icons and one down from the top row of icons.
So, if the icon locations were numbered like Excel cells, it would be in location B2.
- Removing that one shortcut icon seems to fix the problem....
- Sliding another shortcut icon into that position, causes *that one* to start shortly after logon.
- Logging on as another user doesn't seem to have this problem - even with a shortcut icon at "B2".
Still don't know why - but this might suggest something.
It seems that the app that starts at boot not only has a desktop shortcut icon but ALSO the location of the icon on the desktop is:
One over from the left column of icons and one down from the top row of icons.
So, if the icon locations were numbered like Excel cells, it would be in location B2.
- Removing that one shortcut icon seems to fix the problem....
- Sliding another shortcut icon into that position, causes *that one* to start shortly after logon.
- Logging on as another user doesn't seem to have this problem - even with a shortcut icon at "B2".
Still don't know why - but this might suggest something.
But also a not so new feature of Windows 10:
https://www.tenforums.com/tutorials/138685-turn-off-automatically-restart-apps-after-sign-windows-10-a.html