\
Windows CommandsREG.exe (registry operations, read/write load/unload and more)
| REG.exe (registry operations, read/write load/unload and more) |
This is an example of a script which loads a users registery
(its not run under the user's context) and then make a registry change and
saves (unloads) it.
The following example uses the ProfileRoot() routine:
set UserId=Fred
set Regfile=remove-chrome.reg
call :ProfileRoot
set UserRegistryFile=%ProfileRoot%\%UserId%\NTuser.dat
reg.exe load "HKEY_USERS\$TmpUserRegistery$" "%UserRegistryFile%"
regedit.exe /s "%regfile%"
reg.exe unload "HKEY_USERS\$TmpUserRegistery$"
REG Operation [Parameter List]
Operation [ QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT | FLAGS ]
Return Code: (Except for REG COMPARE)
0 - Successful
1 - Failed
For help on a specific operation type:
REG Operation /?
Examples:
REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?
REG FLAGS /?
REG QUERY KeyName [/v [ValueName] | /ve] [/s]
[/f Data [/k] [/d] [/c] [/e]] [/t Type] [/z] [/se Separator]
KeyName [\\Machine\]FullKey
Machine - Name of remote machine, omitting defaults to the
current machine. Only HKLM and HKU are available on
remote machines
FullKey - in the form of ROOTKEY\SubKey name
ROOTKEY - [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey - The full name of a registry key under the
selected ROOTKEY
/v Queries for a specific registry key values.
If omitted, all values for the key are queried.
Argument to this switch can be optional only when specified
along with /f switch. This specifies to search in valuenames only.
/ve Queries for the default value or empty value name (Default).
/s Queries all subkeys and values recursively (like dir /s).
/se Specifies the separator (length of 1 character only) in
data string for REG_MULTI_SZ. Defaults to "\0" as the separator.
/f Specifies the data or pattern to search for.
Use double quotes if a string contains spaces. Default is "*".
/k Specifies to search in key names only.
/d Specifies the search in data only.
/c Specifies that the search is case sensitive.
The default search is case insensitive.
/e Specifies to return only exact matches.
By default all the matches are returned.
/t Specifies registry value data type.
Valid types are:
REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ,
REG_DWORD, REG_QWORD, REG_BINARY, REG_NONE
Defaults to all types.
/z Verbose: Shows the numeric equivalent for the type of the valuename.
Examples:
REG QUERY HKLM\Software\Microsoft\ResKit /v Version
Displays the value of the registry value Version
REG QUERY \\ABC\HKLM\Software\Microsoft\ResKit\Nt\Setup /s
Displays all subkeys and values under the registry key Setup
on remote machine ABC
REG QUERY HKLM\Software\Microsoft\ResKit\Nt\Setup /se #
Displays all the subkeys and values with "#" as the seperator
for all valuenames whose type is REG_MULTI_SZ.
REG QUERY HKLM /f SYSTEM /t REG_SZ /c /e
Displays Key, Value and Data with case sensitive and exact
occurrences of "SYSTEM" under HKLM root for the data type REG_SZ
REG QUERY HKCU /f 0F /d /t REG_BINARY
Displays Key, Value and Data for the occurrences of "0F" in data
under HKCU root for the data type REG_BINARY
REG QUERY HKLM\SOFTWARE /ve
Displays Value and Data for the empty value (Default)
under HKLM\SOFTWARE
REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]
KeyName [\\Machine\]FullKey
Machine Name of remote machine - omitting defaults to the
current machine. Only HKLM and HKU are available on remote
machines.
FullKey ROOTKEY\SubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY.
/v The value name, under the selected Key, to add.
/ve adds an empty value name (Default) for the key.
/t RegKey data types
[ REG_SZ | REG_MULTI_SZ | REG_EXPAND_SZ |
REG_DWORD | REG_QWORD | REG_BINARY | REG_NONE ]
If omitted, REG_SZ is assumed.
/s Specify one character that you use as the separator in your data
string for REG_MULTI_SZ. If omitted, use "\0" as the separator.
/d The data to assign to the registry ValueName being added.
/f Force overwriting the existing registry entry without prompt.
Examples:
REG ADD \\ABC\HKLM\Software\MyCo
Adds a key HKLM\Software\MyCo on remote machine ABC
REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead
Adds a value (name: Data, type: REG_BINARY, data: fe340ead)
REG ADD HKLM\Software\MyCo /v MRU /t REG_MULTI_SZ /d fax\0mail
Adds a value (name: MRU, type: REG_MULTI_SZ, data: fax\0mail\0\0)
REG ADD HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d ^%systemroot^%
Adds a value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%)
Notice: Use the caret symbol ( ^ ) inside the expand string
| SYNTAX: REG.EXE COMPARE /? |
REG COMPARE KeyName1 KeyName2 [/v ValueName | /ve] [Output] [/s]
KeyName [\\Machine\]FullKey
Machine Name of remote machine - omitting defaults to the current machine.
Only HKLM and HKU are available on remote machines.
FullKey ROOTKEY\SubKey
If FullKey2 is not specified, FullKey2 is the same as FullKey1.
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY.
ValueName The value name, under the selected Key, to compare.
When omitted, all values under the Key are compared.
/ve compare the value of empty value name (Default).
/s Compare all subkeys and values.
Output [/oa | /od | /os | /on]
When omitted, output only differences.
/oa Output all of differences and matches.
/od Output only differences.
/os Output only matches.
/on No output.
Return Code:
0 - Successful, the result compared is identical
1 - Failed
2 - Successful, the result compared is different
Note:
The symbols at the front of each outputted line are defined as:
= means FullKey1 data is equal to FullKey2 data
< refers to FullKey1 data and is different than FullKey2 data
> refers to FullKey2 data and is different than Fullkey1 data
Examples:
REG COMPARE HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp
Compares all values under the key MyApp with SaveMyApp
REG COMPARE HKLM\Software\MyCo HKLM\Software\MyCo1 /v Version
Compares the value Version under the key MyCo and MyCo1
REG COMPARE \\ZODIAC\HKLM\Software\MyCo \\. /s
Compares all subkeys and values under HKLM\Software\MyCo on ZODIAC
with the same key on the current machine
REG LOAD KeyName FileName
KeyName ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKU ]
SubKey The key name to load the hive file into. Creates a new key.
FileName The name of the hive file to load.
You must use REG SAVE to create this file.
Examples:
REG LOAD HKLM\TempHive TempHive.hiv
Loads the file TempHive.hiv to the Key HKLM\TempHive
| SYNTAX: REG.EXE UNLOAD /? |
REG UNLOAD KeyName
KeyName ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKU ]
SubKey The key name of the hive to unload.
Examples:
REG UNLOAD HKLM\TempHive
Unloads the hive TempHive in HKLM
REG FLAGS KeyName [QUERY |
SET [DONT_VIRTUALIZE] [DONT_SILENT_FAIL] [RECURSE_FLAG]]
Keyname "HKLM\Software"[\SubKey] (Restricted to these keys on
local machine only).
SubKey The full name of a registry key under HKLM\Software.
DONT_VIRTUALIZE DONT_SILENT_FAIL RECURSE_FLAG
Used with SET; flags specified on the command line will be set,
while those not specified will be cleared.
Examples:
REG FLAGS HKLM\Software\MyCo\MyApp QUERY
Displays the current flags of the key MyApp.
REG FLAGS HKLM\Software\MyCo\MyApp SET DONT_VIRTUALIZE /s
Sets the DONT_VIRTUALIZE flag (and clears DONT_SILENT_FAIL and
RECURSE_FLAG) on MyApp and all its subkeys
![[Bottom]](bottom.gif){kind=small}
![[Contents]](nav_contents.jpg){kind=small}
![[Prev]: IF (Determines whether something is true or false)](prev.gif){kind=small}
![[Next]: NLTEST.exe (Active Directory [AD] tool)](next.gif){kind=small}
![[Top]](top.gif){kind=small}