REG Command in Windows XP

What can the REG.EXE command do in Windows XP?

REG.EXE does almost everything Regedt32 can do, but it allows you to do it from a command line. This can be useful when you want to quickly make a change without opening Regedt32, and it also allows you to embed registry operations in logon scripts and batch files. 


Resource Kit to add this tool. You can download REG.EXE from here: Download Free Windows 2000 Resource Kit Tools

You can use REG.EXE by giving it a command from a short list of options (query, add, update, delete, copy, save, backup, restore, load, and unload), followed by one or more optional parameters that the command you specify will interpret.

Querying keys

REG query allows you to query a single key for a single value, or a range of keys for all their values. This provides you with a quick way to check whether a key has the value you think it does, or in fact whether it has any values associated with it at all:

REG QUERY KeyName [/v ValueName | /ve] [/s]

  • KeyName [\\Machine\]FullKey

    Machine – Name of remote machine, omitting defaults to the current machine (Note: the REG.EXE help syntax is wrong. You should use \\ and NOT \ as written!)

    Only HKLM and HKU are available on remote machines

    FullKey – in the form of ROOTKEY\SubKey name

    ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]

    SubKey – The full name of a registry key under the selected ROOTKEY

  • /v query for a specific registry key

    ValueName – The name, under the selected Key, to query

    if omitted, all values under the Key are queried

  • /ve query for the default value or empty value name <no name>

  • /s queries all subkeys and values

Example:

C:\WINDOWS>reg query \\srv1\hklm\software\symantec ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\software\symantec
HKEY_LOCAL_MACHINE\software\symantec\InstalledApps
HKEY_LOCAL_MACHINE\softwaresymantec\LiveUpdate
HKEY_LOCAL_MACHINE\software\symantec\NAVMSE
HKEY_LOCAL_MACHINE\software\symantec\Norton AntiVirus
HKEY_LOCAL_MACHINE\software\symantec\Norton AntiVirus NT
HKEY_LOCAL_MACHINE\software\symantec\Shared Technology
HKEY_LOCAL_MACHINE\software\symantec\SharedDefs
HKEY_LOCAL_MACHINE\software\symantec\SharedUsage
HKEY_LOCAL_MACHINE\software\symantec\Symevent

Adding new keys

REG.EXE add adds new keys and values to the Registry. You can add a value to an existing key, add a new key with no values, or create a new key and a value beneath it. If you try to add a key or value that already exists, REG.EXE will warn you.

REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]

  • KeyName [\\Machine\]FullKey

Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines

FullKey ROOTKEY\SubKey

ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]

SubKey The full name of a registry key under the selected ROOTKEY

  • /v The value name, under the selected Key, to add

  • /ve adds an empty value name <no name> for the key

  • /t RegKey data types:

[ REG_SZ, REG_MULTI_SZ, REG_DWORD_BIG_ENDIAN, REG_DWORD, REG_BINARY, REG_DWORD_LITTLE_ENDIAN, REG_NONE, REG_EXPAND_SZ ] If omitted, REG_SZ is assumed

  • /s Specify one charactor that you use as the separator in your data string for REG_MULTI_SZ. If omitted, use "\0" as the separator

  • /d The data to assign to the registry ValueName being added

  • /f Force overwriting the existing registry entry without prompt

Examples:

REG ADD \\ABC\HKLM\Software\MyCo Adds a key HKLM\Software\MyCo on remote machine ABC

REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead Adds a value (name: Data, type: REG_BINARY, data: fe340ead)

REG ADD HKLM\Software\MyCo /v MRU /t REG_MULTI_SZ /d fax\0mail Adds a value (name: MRU, type: REG_MUTLI_SZ, data: fax\0mail\0\0)

REG ADD HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d %%systemroot%% Adds a value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%) Notice: Use the double percentage ( %% ) inside the expand string

Removing a key

REG delete removes a key or value. When removing a key, it will remove all subkeys and values beneath that key; however, it will ask you to confirm your intentions before it actually deletes anything. As with REG update, you can only delete keys where the ACLs (and/or the remote Registry settings) allow you access.

REG DELETE KeyName [/v ValueName | /ve | /va] [/f]

  • KeyName [\\Machine\]FullKey

Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines

FullKey ROOTKEY\SubKey

ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]

SubKey The full name of a registry key under the selected ROOTKEY

  • ValueName The value name, under the selected Key, to delete. When omitted, all subkeys and values under the Key are deleted

  • /ve delete the value of empty value name <no name>

  • /va delete all values under this key

  • /f Forces the deletion without propmt

Examples:

REG DELETE HKLM\Software\MyCo\MyApp\Timeout Deletes the registry key Timeout and its all subkeys and values

REG DELETE \\ZODIAC\HKLM\Software\MyCo /v MTU Deletes the registry value MTU under MyCo on ZODIAC

Copying keys and values

You can use the command to copy a single value or an entire hive from its original location to another; the target location can be on the same machine as the source or on any other machine on the network. This command makes short work out of tasks like copying a standard set of file associations to new machines or tweaking one machine so its configuration matches another.

REG COPY KeyName1 KeyName2 [/s] [/f]

  • KeyName [\\Machine\]FullKey

Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines

FullKey ROOTKEY\SubKey

ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]

SubKey The full name of a registry key under the selected ROOTKEY

  • /s Copies all subkeys and values

  • /f Forces the copy without propmt

Examples:

REG COPY HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp /s Copies all subkeys and values under the key MyApp to the key SaveMyApp

REG COPY \\ZODIAC\HKLM\Software\MyCo HKLM\Software\MyCo1 Copies all values under the key MyCo on ZODIAC to the key MyCo1 on the current machine

Saving and restoring keys

The REGBACK and REGREST utilities allow you to back up and restore entire hives. To save a key and its values, you can use either reg save or reg backup:

REG SAVE KeyName FileName

  • KeyName ROOTKEY\SubKey

ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]

SubKey The full name of a registry key under the selected ROOTKEY

  • FileName The name of the disk file to save. If no path is specified, the file is created in the current folder of the calling process

Examples:

REG SAVE HKLM\Software\MyCo\MyApp AppBkUp.hiv Saves the hive MyApp to the file AppBkUp.hiv in the current folder

REG RESTORE KeyName FileName

  • KeyName ROOTKEY\SubKey (local machine only)

ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]

SubKey The full name of a registry key to restore the hive file into. Overwriting the existing key’s values and subkeys

  • FileName The name of the hive file to restore

You must use REG SAVE to create this file

Examples:

REG RESTORE HKLM\Software\Microsoft\ResKit NTRKBkUp.hiv Restores the file NTRKBkUp.hiv overwriting the key ResKit

Loading and unloading hives

Regedt32 lets you load and unload saved keys as hives immediately beneath HKLM or HKU. The REG.EXE utility gives you the same ability and with the same limitations.

To load a hive, you use the REG load command. Unlike REG restore, REG load loads the hive by adding it with the key name you specify instead of overwriting the key you specify. This makes it possible for you to use REG load to load a saved hive, edit it, and unload it again without making any changes to the rest of your registry. Here’s what the command looks like:

REG LOAD KeyName FileName

  • KeyName ROOTKEY\SubKey (local machine only)

ROOTKEY [ HKLM | HKU ]

SubKey The key name to load the hive file into. Creating a new key

  • FileName The name of the hive file to load

You must use REG SAVE to create this file

Examples:

REG LOAD HKLM\TempHive TempHive.hiv Loads the file TempHive.hiv to the Key HKLM\TempHive

REG UNLOAD KeyName

  • KeyName ROOTKEY\SubKey (local machine only)

ROOTKEY [ HKLM | HKU ]

SubKey The key name of the hive to unload

Examples:

REG UNLOAD HKLM\TempHive Unloads the hive TempHive in HKLM