Many will be familiar with the graphical interface tool regedit.exe that is available for editing the Windows Registry. Less familiar, however, is the command-line utility reg.exe that also comes with Windows. This accessory will do anything that regedit.exe can do and has the additional facility of being directly usable in scripts. It is a common tool for system administrators with many computers to manage but can also be useful to the more experienced home PC user. I will discuss some aspects that may be of interest to this latter group. More details can be found at this Microsoft site.
Registry editing is not for everybody but it is not as fearsome an operation as it is sometimes made out to be. Just be sure to follow the iron-clad rule to back up the Registry first before editing. There are many useful tweaks that involve a simple Registry edit and reg.exe provides a way that is simpler and safer in some ways than Regedit. It also provides a way to back up keys or entire hives of the Registry into files that can be stored off the main drive.
Like some other command-line utilities, the reg command is a shell or console
that has its own set of sub-commands. A complete command will consist of reg subcommand
variables Table
I lists these subcommands and some are discussed in more detail in sections
that follow. The commands can be carried out on remote networked computers
as well as the local computer but I will confine the discussion to operations
involving just the local computer.
| Subcommand | Function |
|---|---|
| add | Adds a new subkey or entry to the registry |
| delete | Deletes a subkey or entries from the registry |
| query | Displays the data in a subkey or a value |
| compare | Compares specified registry subkeys or entries |
| copy | Copies a subkey to another subkey. |
| save | Saves a copy of specified subkeys, entries, and values of the registry in hive (binary) format |
| restore | Writes saved subkeys and entries in hive format back to the registry |
| load | Writes saved subkeys and entries in hive format back to a different subkey |
| unload | Removes a section of the registry that was loaded using reg load |
| export | Creates a copy of specified subkeys, entries, and values into a file in REG (text) format |
| import | Merges a REG file containing exported registry subkeys, entries, and values into the registry |
| flags | Operations for flags in registry keys (Vista, Windows 7) |
Reg add
This command is used to add keys and values to the Registry. The syntax is
given by REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]
Table II explains the entries.
| Parameter | Description |
|---|---|
| KeyName | Complete Registry key name. Uses abbreviations HKCR, HKCU, HKLM, and HKU for root keys |
| /v ValueName | Adds or changes a value |
| /ve | Changes a key's default value |
| /t Type | The type of value: REG_BINARY, REG_DWORD, REG_SZ, REG_MULTI_SZ, etc. The default is REG_SZ |
| /s Separator | Specifies the character used to separate strings in REG_MULTI_SZ entries. The default is /0 |
| /d Data | The data to assign to a value |
| /f | Forces overwriting of existing values with prompting |
REG ADD provides a quick and simple method for adding new keys
to the Registry or modifying old ones. As an example, let's look at how to
add the sub- key "HackersAreUs"
to the Local Machine Software key. The command would be REG ADD HKLM\Software\HackersAreUs Now
let's add a value named "Stuff" and make it a binary entry with
data "0001".
The command would be REG
ADD HKLM\Software\HackersAreUs /v Stuff /t REG_BINARY /d 0001 The two
commands could have been executed as a single command but I have split them
to make the process clearer. I have used upper case for REG ADD but that is
for clarity and is not required.
Reg delete
Keys and values can be deleted in a similar but somewhat simpler fashion.
The syntax is REG
DELETE KeyName [/v ValueName | /ve | /va] [/f] Table III describes
the parameters.
| Parameter | Description |
|---|---|
| KeyName | Complete Registry key name. Uses abbreviations HKCR, HKCU, HKLM, and HKU for root keys |
| /v ValueName | Deletes a value |
| /ve | Deletes a key's default value |
| /va | Deletes all values from a key |
| /f | Forces deletion without prompting |
Backing up and restoring the Registry
Providing methods for backing up and restoring the Registry are some of the most important applications for regedit.exe. There are two file formats that can be used, either a binary format known as a hive file or a special text format known as a REG file. The latter format may be more familiar since it is often used for Registry tweaks. The relevant commands are discussed in the following sections.Saving and restoring hive files
To create a binary backup, use the commandREG SAVE KeyName FileName
Hive files are better for backup than REG files because they completely
replace the contents of a key when they are restored. The restore command
is REG
RESTORE KeyName FileName
Exporting and importing REG files
REG files are specially formatted text files with the extension "reg" that are copies of one or more Registry keys. They are often encountered as a way to carry out small Registry edits or in using Regedit.. They can also be used for backup. The commands areREG EXPORT KeyName FileNameand
REG IMPORT FileName Note that when a REG file is imported it
, it is merged with Registry entries rather than completely replacing
them. Values that the REG file does not contain are not removed.
Reg Query
If you want to take a quick look at what is contained in a particular
Registry key or in a particular value, you can use the command REG
QUERY KeyName [/v ValueName | /ve] [/s] The only new parameter here
is /s.
This switch will cause all the subkeys and values in a key to be queried.