Microsoft Windows Registry Guide, Second Edition
Editing from the Command Prompt
Windows comes with Console Registry Tool for Windows (Reg.exe). This tool is marvelous. You use it to edit the registry from a command prompt window. With Reg.exe, you can do just about anything that you can do with Regedit–and more. The best part is that you can use Reg.exe to write simple scripts in the form of batch files that change the registry. And unlike in earlier versions of Windows, you don't have to install Reg.exe. It's installed by default and combines the numerous registry tools that came with the resource kits for earlier versions of Windows.
I can explain how great this tool is just by starting with an example. Listing 11-6 is a simple batch file that installs Microsoft Office 2003 Editions the first time that the batch file runs. (Think of it as a logon script). After installing Office 2003 Editions, the batch file calls Reg.exe to add the REG_DWORD value Flag to HKCU\Software\Example. Each time that the file runs, the batch file checks for this value's presence and skips the installation if it exists. Thus, the batch file installs the application only one time. This is a method that you can use to deploy software through users' logon scripts. Instead of checking for a value that you add, as Listing 11-6 does, you can check for a value that the application stores in the registry. For example, the second line in the batch file could just as easily have been Reg QUERY HKCU\Software\Microsoft\Office\11.0>nul, which checks to see if Office 2003 Editions is installed for the user.
Listing 11-6 Login.bat
@Echo Off Reg QUERY HKCU\Software\Example /v Flag >nul goto %ERRORLEVEL% :1 Echo Installing software the first time this runs \\Camelot\Office\Setup.exe /settings setup.ini Reg ADD HKCU\Software\Example /v Flag /t REG_DWORD /d "1" goto CONTINUE :0 Echo Software is already installed, skipping this section :CONTINUE Set HKMS=HKCU\Software\Microsoft Set HKCV=HKCU\Software\Microsoft\Windows\CurrentVersion REM Clear the history lists Reg DELETE %HKCV%\Explorer\MenuOrder /f Reg DELETE %HKCV%\Explorer\RunMRU /f Reg DELETE %HKCV%\Explorer\RecentDocs /f Reg DELETE %HKCV%\Explorer\ComDlg32\LastVisitedMRU /f Reg DELETE "%HKMS%\Search Assistant\ACMru" /f Reg DELETE "%HKMS%\Internet Explorer\TypedURLs" /f
The syntax of the Reg.exe command line is straightforward: reg command options. Command is one of many commands that Reg.exe supports, including ADD, QUERY, and DELETE. Options are the options that the command requires. Options usually include the name of a key, and sometimes a value's name and data. If any key or value name contains spaces, you must enclose the name in quotation marks. It gets more complicated with each of the different commands that you can use with it, however, and I cover each of those in the sections following this one. If you're without this book and need a quick reminder, just type reg /? in a command prompt window to see a list of commands that Reg.exe supports.
Adding Keys and Values
Use the ADD command to add keys and values to the registry.
Syntax
REG ADD [\\computer\]key [/v value | /ve] [/t type] [/s separator] [/d data] [/f]
\\ computer | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This will add or change value. |
/ve | This will change the key's default value. |
/t type | This is the value's type: REG_BINARY, REG_DWORD, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_MULTI_SZ, or REG_SZ. The default is REG_SZ. |
/s separator | This specifies the character used to separate strings when creating REG_MULTI_SZ values. The default is \0, or null. |
/d data | This is the data to assign to new or existing values. |
/f | This forces Reg.exe to overwrite existing values with prompting. |
Example
REG ADD \\JERRY1\HKLM\Software\Honeycutt REG ADD HKLM\Software\Honeycutt /v Data /t REG_BINARY /d CCFEF0BC REG ADD HKLM\Software\Honeycutt /v List /t REG_MULTI_SZ /d Hello\0World REG ADD HKLM\Software\Honeycutt /v Path /t REG_EXPAND_SZ /d %%SYSTEMROOT%%
NOTE
The percent sign (%) has a special purpose at a command prompt and within batch files. You enclose environment variables in percent signs to expand them in place. Thus, to use them on the Reg.exe command line and elsewhere, you must use double percent signs (%%). In the previous example, if you had used single percent signs, the command prompt would have expanded the environment variable before running the command. Using double percent signs prevents the command prompt from expanding the environment variable.
Querying Values
The QUERY command works in three ways. First it can display the data in a specific value. Second it can display all of a key's values. Third it can list all the subkeys and values in a key by adding the /s command-line option. How it works depends on the options you use.
Syntax
REG QUERY [\\computer\]key [/v value | /ve] [/s]
\\computer | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This will query value in key. If you omit /v, Reg.exe queries all values in the key. |
/ve | This will query the key's default value. |
/s | This will query all the key's subkeys and values. |
Example
REG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion /s REG QUERY HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion /v CurrentVersion
NOTE
Reg.exe sets ERRORLEVEL to 0 if the command succeeds and to 1 if it doesn't. Thus, you can test ERRORLEVEL in a batch file to determine whether a value exists. You saw an example of this in Listing 11-6 earlier in this chapter. Although you can use the If statement to test ERRORLEVEL, I prefer creating labels in my batch file, one for each level, as shown in Listing 11-6. Then I can just write statements that look like Goto %ERRORLEVEL% or Goto QUERY%ERRORLEVEL%, which branches to the label QUERY1 if ERRORLEVEL is 1.
Deleting Keys and Values
Use the DELETE command to remove keys and values from the registry.
Syntax
REG DELETE [\\computer\]key [/v value | /ve | /va] [/f]
\\computer | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This will delete value from key. |
/ve | This will delete the key's default value. |
/va | This will delete all values from key. |
/f | This will force Reg.exe to delete values with prompting. |
Example
REG DELETE \\JERRY1\HKLM\Software\Honeycutt REG DELETE HKLM\Software\Honeycutt /v Data /f REG DELETE HKLM\Software\Honeycutt /va
Comparing Keys and Values
Use the COMPARE command to compare two registry keys. Those keys can be on the same computer or on different computers, making this a useful troubleshooting tool.
The /on command-line option seems odd at first. Why would you compare keys or values and not show the differences? Reg.exe sets ERRORLEVEL according to the comparison's result, and you can use the result in your batch files to execute different code depending on whether the two are the same or different–without displaying any results. Here's the meaning of ERRORLEVEL:
0. The command was successful, and the keys or values are identical.
1. The command failed.
2. The command was successful, and the keys or values are different.
Syntax
REG COMPARE [\\computer1\]key1 [\\computer2\]key2 [/v value | /ve] [/oa|/od|/os|/on] [/s]
\\computer1 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
\\computer2 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key1 | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
key2 | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This compares value. |
/ve | This compares the key's default value. |
/oa | This shows all differences and matches. |
/od | This shows only differences. |
/os | This shows only matches. |
/on | This shows nothing. |
/s | This compares all the key's subkeys and values. |
Example
REG COMPARE HKCR\txtfile HKR\docfile /ve REG COMPARE \\JERRY1\HKCR \\JERRY2\HKCR /od /s REG COMPARE HKCU\Software \\JERRY2\HKCU\Software /s
Copying Keys and Values
The COPY command copies a subkey to another key. This command is useful to back up subkeys, as you learned in Chapter 3, “Backing Up the Registry.”
Syntax
REG COPY [\\computer1\]key1 [\\computer2\]key2 [/s] [/f]
\\computer1 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
\\ computer2 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key1 | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
key2 | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/s | This copies all the key's subkeys and values. |
/f | This forces Reg.exe to copy with prompting. |
Example
REG COPY HKCU\Software\Microsoft\Office HKCU\Backup\Office /s REG COPY HKCR\regfile HKCU\Backup\regfile /s /f
Exporting Keys to REG Files
Use the EXPORT command to export all or part of the registry to REG files. This command has a few limitations, though. First it works only with the local computer. You can't create a REG file from a remote computer's registry. Second it creates only version 5, Unicode REG files. There's no option available to create ANSI REG files. The EXPORT command is the same as clicking File, Export in Regedit.
Syntax
REG EXPORT key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key you want to export to a REG file. |
filename | This is the path and name of the REG file to create. |
Example
REG EXPORT "HKCU\Control Panel" Preferences.reg
Importing REG Files
Use the IMPORT command to import a REG file into the registry. This command does the same thing as running regedit /s filename. It imports a REG file silently. This command can handle both version 4 and version 5 REG files, but it works only on the local computer.
Syntax
REG IMPORT filename
filename | This is the path and name of the REG file to import. |
Example
REG IMPORT Settings.reg
Saving Keys to Hive Files
The SAVE command saves a key as a hive file. This command is similar to clicking File, Export in Regedit, and then changing the file type to Registry Hive Files (*.*). It's a convenient method for backing up the registry before making substantial changes. Chapter 3, “Backing Up the Registry,” describes this technique. This command works only on the local computer.
Syntax
REG SAVE key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key that you want to save as a hive file. |
filename | This is the path and name of the hive file to create. |
Example
REG SAVE HKU Backup.dat
Restoring Hive Files to Keys
The RESTORE command overwrites a key and all its contents with the contents of a hive file. This is similar to importing a hive file in Regedit. The difference between this command and loading a hive file is that this command overwrites any existing key, whereas loading a hive file creates a new temporary key to contain the hive file's contents. Use this command to restore a backup hive file. This command works only on the local computer.
Syntax
REG RESTORE key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key that you want to overwrite with the contents of the hive file. |
filename | This is the path and name of the hive file to restore. |
Example
REG RESTORE HKCU Backup.dat
Loading Hive Files
The LOAD command loads a hive file into a temporary key. You reference the hive file's keys and values through the temporary key that you specify on the command line. This command is similar to loading hive files in Regedit. This command works only on the local computer.
Syntax
REG LOAD key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the new temporary key into which you want to load the hive file. |
filename | This is the path and name of the hive file to load. |
Example
REG LOAD HKU\Temporary Settings.dat
Unloading Hive Files
The UNLOAD command removes a hive file that you've loaded using the LOAD command. It simply unhooks the hive file from the registry. You must remember to unload a hive file that you've loaded before trying to copy or do anything else with the hive file because Windows locks the file while it's in use.
Syntax
REG UNLOAD key
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the name of the key containing the hive file that you want to unload. |
Example
REG UNLOAD HKU\Temporary