Microsoft Windows Registry Guide, Second Edition

Editing from the Command Prompt

Windows comes with Console Registry Tool for Windows (Reg.exe). This tool is marvelous. You use it to edit the registry from a command prompt window. With Reg.exe, you can do just about anything that you can do with Regedit–and more. The best part is that you can use Reg.exe to write simple scripts in the form of batch files that change the registry. And unlike in earlier versions of Windows, you don't have to install Reg.exe. It's installed by default and combines the numerous registry tools that came with the resource kits for earlier versions of Windows.

I can explain how great this tool is just by starting with an example. Listing 11-6 is a simple batch file that installs Microsoft Office 2003 Editions the first time that the batch file runs. (Think of it as a logon script). After installing Office 2003 Editions, the batch file calls Reg.exe to add the REG_DWORD value Flag to HKCU\Software\Example. Each time that the file runs, the batch file checks for this value's presence and skips the installation if it exists. Thus, the batch file installs the application only one time. This is a method that you can use to deploy software through users' logon scripts. Instead of checking for a value that you add, as Listing 11-6 does, you can check for a value that the application stores in the registry. For example, the second line in the batch file could just as easily have been Reg QUERY HKCU\Software\Microsoft\Office\11.0>nul, which checks to see if Office 2003 Editions is installed for the user.

Listing 11-6 Login.bat

@Echo Off Reg QUERY HKCU\Software\Example /v Flag >nul goto %ERRORLEVEL% :1    Echo Installing software the first time this runs    \\Camelot\Office\Setup.exe /settings setup.ini    Reg ADD HKCU\Software\Example /v Flag /t REG_DWORD /d "1"     goto CONTINUE :0    Echo Software is already installed, skipping this section :CONTINUE Set HKMS=HKCU\Software\Microsoft Set HKCV=HKCU\Software\Microsoft\Windows\CurrentVersion REM Clear the history lists Reg DELETE %HKCV%\Explorer\MenuOrder /f Reg DELETE %HKCV%\Explorer\RunMRU /f Reg DELETE %HKCV%\Explorer\RecentDocs /f Reg DELETE %HKCV%\Explorer\ComDlg32\LastVisitedMRU /f Reg DELETE "%HKMS%\Search Assistant\ACMru" /f Reg DELETE "%HKMS%\Internet Explorer\TypedURLs" /f

The syntax of the Reg.exe command line is straightforward: reg command options. Command is one of many commands that Reg.exe supports, including ADD, QUERY, and DELETE. Options are the options that the command requires. Options usually include the name of a key, and sometimes a value's name and data. If any key or value name contains spaces, you must enclose the name in quotation marks. It gets more complicated with each of the different commands that you can use with it, however, and I cover each of those in the sections following this one. If you're without this book and need a quick reminder, just type reg /? in a command prompt window to see a list of commands that Reg.exe supports.

Adding Keys and Values

Use the ADD command to add keys and values to the registry.

Syntax

REG ADD [\\computer\]key [/v value | /ve] [/t type] [/s separator] [/d data] [/f]

\\ computer

If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer.

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers.

/v value

This will add or change value.

/ve

This will change the key's default value.

/t type

This is the value's type: REG_BINARY, REG_DWORD, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_MULTI_SZ, or REG_SZ. The default is REG_SZ.

/s separator

This specifies the character used to separate strings when creating REG_MULTI_SZ values. The default is \0, or null.

/d data

This is the data to assign to new or existing values.

/f

This forces Reg.exe to overwrite existing values with prompting.

Example

REG ADD \\JERRY1\HKLM\Software\Honeycutt REG ADD HKLM\Software\Honeycutt /v Data /t REG_BINARY /d CCFEF0BC REG ADD HKLM\Software\Honeycutt /v List /t REG_MULTI_SZ /d Hello\0World REG ADD HKLM\Software\Honeycutt /v Path /t REG_EXPAND_SZ /d %%SYSTEMROOT%%

NOTE

The percent sign (%) has a special purpose at a command prompt and within batch files. You enclose environment variables in percent signs to expand them in place. Thus, to use them on the Reg.exe command line and elsewhere, you must use double percent signs (%%). In the previous example, if you had used single percent signs, the command prompt would have expanded the environment variable before running the command. Using double percent signs prevents the command prompt from expanding the environment variable.

Querying Values

The QUERY command works in three ways. First it can display the data in a specific value. Second it can display all of a key's values. Third it can list all the subkeys and values in a key by adding the /s command-line option. How it works depends on the options you use.

Syntax

REG QUERY [\\computer\]key [/v value | /ve] [/s]

\\computer

If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer.

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers.

/v value

This will query value in key. If you omit /v, Reg.exe queries all values in the key.

/ve

This will query the key's default value.

/s

This will query all the key's subkeys and values.

Example

  REG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion /s   REG QUERY HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion /v CurrentVersion

NOTE

Reg.exe sets ERRORLEVEL to 0 if the command succeeds and to 1 if it doesn't. Thus, you can test ERRORLEVEL in a batch file to determine whether a value exists. You saw an example of this in Listing 11-6 earlier in this chapter. Although you can use the If statement to test ERRORLEVEL, I prefer creating labels in my batch file, one for each level, as shown in Listing 11-6. Then I can just write statements that look like Goto %ERRORLEVEL% or Goto QUERY%ERRORLEVEL%, which branches to the label QUERY1 if ERRORLEVEL is 1.

Deleting Keys and Values

Use the DELETE command to remove keys and values from the registry.

Syntax

REG DELETE [\\computer\]key [/v value | /ve | /va] [/f]

\\computer

If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer.

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers.

/v value

This will delete value from key.

/ve

This will delete the key's default value.

/va

This will delete all values from key.

/f

This will force Reg.exe to delete values with prompting.

Example

REG DELETE \\JERRY1\HKLM\Software\Honeycutt REG DELETE HKLM\Software\Honeycutt /v Data /f REG DELETE HKLM\Software\Honeycutt /va

Comparing Keys and Values

Use the COMPARE command to compare two registry keys. Those keys can be on the same computer or on different computers, making this a useful troubleshooting tool.

The /on command-line option seems odd at first. Why would you compare keys or values and not show the differences? Reg.exe sets ERRORLEVEL according to the comparison's result, and you can use the result in your batch files to execute different code depending on whether the two are the same or different–without displaying any results. Here's the meaning of ERRORLEVEL:

Syntax

REG COMPARE [\\computer1\]key1 [\\computer2\]key2 [/v value | /ve] [/oa|/od|/os|/on] [/s]

\\computer1

If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer.

\\computer2

If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer.

key1

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers.

key2

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers.

/v value

This compares value.

/ve

This compares the key's default value.

/oa

This shows all differences and matches.

/od

This shows only differences.

/os

This shows only matches.

/on

This shows nothing.

/s

This compares all the key's subkeys and values.

Example

REG COMPARE HKCR\txtfile HKR\docfile /ve REG COMPARE \\JERRY1\HKCR \\JERRY2\HKCR /od /s REG COMPARE HKCU\Software \\JERRY2\HKCU\Software /s

Copying Keys and Values

The COPY command copies a subkey to another key. This command is useful to back up subkeys, as you learned in Chapter 3, “Backing Up the Registry.”

Syntax

REG COPY [\\computer1\]key1 [\\computer2\]key2 [/s] [/f]

\\computer1

If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer.

\\ computer2

If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer.

key1

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers.

key2

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers.

/s

This copies all the key's subkeys and values.

/f

This forces Reg.exe to copy with prompting.

Example

REG COPY HKCU\Software\Microsoft\Office HKCU\Backup\Office /s REG COPY HKCR\regfile HKCU\Backup\regfile /s /f

Exporting Keys to REG Files

Use the EXPORT command to export all or part of the registry to REG files. This command has a few limitations, though. First it works only with the local computer. You can't create a REG file from a remote computer's registry. Second it creates only version 5, Unicode REG files. There's no option available to create ANSI REG files. The EXPORT command is the same as clicking File, Export in Regedit.

Syntax

REG EXPORT key filename

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key you want to export to a REG file.

filename

This is the path and name of the REG file to create.

Example

REG EXPORT "HKCU\Control Panel" Preferences.reg

Importing REG Files

Use the IMPORT command to import a REG file into the registry. This command does the same thing as running regedit /s filename. It imports a REG file silently. This command can handle both version 4 and version 5 REG files, but it works only on the local computer.

Syntax

REG IMPORT filename

filename

This is the path and name of the REG file to import.

Example

REG IMPORT Settings.reg

Saving Keys to Hive Files

The SAVE command saves a key as a hive file. This command is similar to clicking File, Export in Regedit, and then changing the file type to Registry Hive Files (*.*). It's a convenient method for backing up the registry before making substantial changes. Chapter 3, “Backing Up the Registry,” describes this technique. This command works only on the local computer.

Syntax

REG SAVE key filename

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key that you want to save as a hive file.

filename

This is the path and name of the hive file to create.

Example

REG SAVE HKU Backup.dat

Restoring Hive Files to Keys

The RESTORE command overwrites a key and all its contents with the contents of a hive file. This is similar to importing a hive file in Regedit. The difference between this command and loading a hive file is that this command overwrites any existing key, whereas loading a hive file creates a new temporary key to contain the hive file's contents. Use this command to restore a backup hive file. This command works only on the local computer.

Syntax

REG RESTORE key filename

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key that you want to overwrite with the contents of the hive file.

filename

This is the path and name of the hive file to restore.

Example

REG RESTORE HKCU Backup.dat

Loading Hive Files

The LOAD command loads a hive file into a temporary key. You reference the hive file's keys and values through the temporary key that you specify on the command line. This command is similar to loading hive files in Regedit. This command works only on the local computer.

Syntax

REG LOAD key filename

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the new temporary key into which you want to load the hive file.

filename

This is the path and name of the hive file to load.

Example

REG LOAD HKU\Temporary Settings.dat

Unloading Hive Files

The UNLOAD command removes a hive file that you've loaded using the LOAD command. It simply unhooks the hive file from the registry. You must remember to unload a hive file that you've loaded before trying to copy or do anything else with the hive file because Windows locks the file while it's in use.

Syntax

REG UNLOAD key

key

This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the name of the key containing the hive file that you want to unload.

Example

REG UNLOAD HKU\Temporary

Категории