Friday, November 27, 2009

Managing the Windows Registry from the Command Prompt with Reg.exe

The command-line utility reg.exe is a powerful and versatile way to manage the Windows XP Registry. This article discusses Its features and application.
Many will be familiar with the graphical interface tool regedit.exe that is available for editing the Windows Registry. Less familiar, however, is the command-line utility reg.exe that also comes with Windows XP. This accessory will do anything that regedit.exe can do and has the additional facility of being directly usable in scripts. It is a common tool for system administrators with many computers to manage but can also be useful to the more experienced home PC user. I will discuss some aspects that may be of interest to this latter group. More details can be found at this Microsoft site. There is also information in the Windows XP Help and Support Center.
Registry editing is not for everybody but it is not as fearsome an operation as it is sometimes made out to be. Just be sure to follow the iron-clad rule to back up the Registry first before editing. There are many useful tweaks that involve a simple Registry edit and reg.exe provides a way that is simpler and safer in some ways than Regedit. It also provides a way to back up keys or entire hives of the Registry into files that can be stored off the main drive.
Like some other command-line utilities, the reg command is a shell or console that has its own set of sub-commands. An complete command will consist of reg subcommand variables Table I lists these subcommands and some are discussed in more detail in sections that follow. The commands can be carried out on remote networked computers as well as the local computer but I will confine the discussion to operations involving just the local computer.
Table I. Subcommands for reg.exe
Subcommand
Function
add
Adds a new subkey or entry to the registry
delete
Deletes a subkey or entries from the registry
query
Displays the data in a subkey or a value
compare
Compares specified registry subkeys or entries
copy
Copies a subkey to another subkey.
save
Saves a copy of specified subkeys, entries, and values of the registry in hive (binary) format
restore
Writes saved subkeys and entries in hive format back to the registry
load
Writes saved subkeys and entries in hive format back to a different subkey
unload
Removes a section of the registry that was loaded using reg load
export
Creates a copy of specified subkeys, entries, and values into a file in REG (text) format
import
Merges a REG file containing exported registry subkeys, entries, and values into the registry
Back to top
Reg add
This command is used to add keys and values to the Registry. The syntax is given by REG ADD KeyName [/v ValueName /ve] [/t Type] [/s Separator] [/d Data] [/f] Table II explains the entries.
Table II. Parameters in REG ADD command
Parameter
Description
KeyName
Complete Registry key name. Uses abbreviations HKCR, HKCU, HKLM, and HKU for root keys
/v ValueName
Adds or changes a value
/ve
Changes a key's default value
/t Type
The type of value: REG_BINARY, REG_DWORD, REG_SZ, REG_MULTI_SZ, etc. The default is REG_SZ
/s Separator
Specifies the character used to separate strings in REG_MULTI_SZ entries. The default is /0
/d Data
The data to assign to a value
/f
Forces overwriting of existing values with prompting
Back to top
REG ADD provides a quick and simple method for adding new keys to the Registry or modifying old ones. As an example, let's look at how to add the sub- key "HackersAreUs" to the Local Machine Software key. The command would be REG ADD HKLM\Software\HackersAreUs Now let's add a value named "Stuff" and make it a binary entry with data "0001". The command would be REG ADD HKLM\Software\HackersAreUs /v Stuff /t REG_BINARY /d 0001 The two commands could have been executed as a single command but I have split them to make the process clearer. I have used upper case for REG ADD but that is for clarity and is not required.
Reg delete
Keys and values can be deleted in a similar but somewhat simpler fashion. The syntax is REG DELETE KeyName [/v ValueName /ve /va] [/f] Table III describes the parameters.
Table III. Parameters in REG DELETE command
Parameter
Description
KeyName
Complete Registry key name. Uses abbreviations HKCR, HKCU, HKLM, and HKU for root keys
/v ValueName
Deletes a value
/ve
Deletes a key's default value
/va
Deletes all values from a key
/f
Forces deletion with prompting
Back to top
Backing up and restoring the RegistryProviding methods for backing up and restoring the Registry are some of the most important applications for regedit.exe. There are two file formats that can be used, either a binary format known as a hive file or a special text format known as a REG file. The latter format may be more familiar since it is often used for Registry tweaks. The relevant commands are discussed in the following sections.
Saving and restoring hive filesTo create a binary backup, use the command REG SAVE KeyName FileName Hive files are better for backup than REG files because they completely replace the contents of a key when they are restored. The restore command is REG RESTORE KeyName FileName
Exporting and importing REG filesREG files are specially formatted text files with the extension "reg" that are copies of one or more Registry keys. They are often encountered as a way to carry out small Registry edits or in using Regedit.. They can also be used for backup. The commands are REG EXPORT KeyName FileNameand REG IMPORT FileName Note that when a REG file is imported it , it is merged with Registry entries rather than completely replacing them. Values that the REG file does not contain are not removed.
Reg Query
If you want to take a quick look at what is contained in a particular Registry key or in a particular value, you can use the command REG QUERY KeyName [/v ValueName /ve] [/s] The only new parameter here is /s. This switch will cause all the subkeys and values in a key to be queried.

No comments:

Explaining DNS Concepts - DNS Servers-DNS Queries-DNS Records

3 types of DNS queries— recursive, iterative, and non-recursive 3 types of DNS servers— DNS Resolver, DNS Root Server and Authoritative Name...