What can the REG.EXE command do in Windows XP?
REG.EXE does almost everything Regedt32 can do, but it allows you to do it from a command line. This can be useful when you want to quickly make a change without opening Regedt32, and it also allows you to embed registry operations in logon scripts and batch files.
Resource Kit to add this tool. You can download REG.EXE from here: Download Free Windows 2000 Resource Kit Tools
You can use REG.EXE by giving it a command from a short list of options (query, add, update, delete, copy, save, backup, restore, load, and unload), followed by one or more optional parameters that the command you specify will interpret.
REG query allows you to query a single key for a single value, or a range of keys for all their values. This provides you with a quick way to check whether a key has the value you think it does, or in fact whether it has any values associated with it at all:
REG QUERY KeyName [/v ValueName | /ve] [/s]
KeyName [\\Machine\]FullKey
Machine – Name of remote machine, omitting defaults to the current machine (Note: the REG.EXE help syntax is wrong. You should use \\ and NOT \ as written!)
Only HKLM and HKU are available on remote machines
FullKey – in the form of ROOTKEY\SubKey name
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey – The full name of a registry key under the selected ROOTKEY
/v query for a specific registry key
ValueName – The name, under the selected Key, to query
if omitted, all values under the Key are queried
/ve query for the default value or empty value name <no name>
/s queries all subkeys and values
Example:
C:\WINDOWS>reg query \\srv1\hklm\software\symantec ! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\software\symantec
HKEY_LOCAL_MACHINE\software\symantec\InstalledApps
HKEY_LOCAL_MACHINE\softwaresymantec\LiveUpdate
HKEY_LOCAL_MACHINE\software\symantec\NAVMSE
HKEY_LOCAL_MACHINE\software\symantec\Norton AntiVirus
HKEY_LOCAL_MACHINE\software\symantec\Norton AntiVirus NT
HKEY_LOCAL_MACHINE\software\symantec\Shared Technology
HKEY_LOCAL_MACHINE\software\symantec\SharedDefs
HKEY_LOCAL_MACHINE\software\symantec\SharedUsage
HKEY_LOCAL_MACHINE\software\symantec\Symevent
REG.EXE add adds new keys and values to the Registry. You can add a value to an existing key, add a new key with no values, or create a new key and a value beneath it. If you try to add a key or value that already exists, REG.EXE will warn you.
REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]
KeyName [\\Machine\]FullKey
Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines
FullKey ROOTKEY\SubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
/v The value name, under the selected Key, to add
/ve adds an empty value name <no name> for the key
/t RegKey data types:
[ REG_SZ, REG_MULTI_SZ, REG_DWORD_BIG_ENDIAN, REG_DWORD, REG_BINARY, REG_DWORD_LITTLE_ENDIAN, REG_NONE, REG_EXPAND_SZ ] If omitted, REG_SZ is assumed
/s Specify one charactor that you use as the separator in your data string for REG_MULTI_SZ. If omitted, use "\0" as the separator
/d The data to assign to the registry ValueName being added
/f Force overwriting the existing registry entry without prompt
Examples:
REG ADD \\ABC\HKLM\Software\MyCo Adds a key HKLM\Software\MyCo on remote machine ABC
REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead Adds a value (name: Data, type: REG_BINARY, data: fe340ead)
REG ADD HKLM\Software\MyCo /v MRU /t REG_MULTI_SZ /d fax\0mail Adds a value (name: MRU, type: REG_MUTLI_SZ, data: fax\0mail\0\0)
REG ADD HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d %%systemroot%% Adds a value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%) Notice: Use the double percentage ( %% ) inside the expand string
REG delete removes a key or value. When removing a key, it will remove all subkeys and values beneath that key; however, it will ask you to confirm your intentions before it actually deletes anything. As with REG update, you can only delete keys where the ACLs (and/or the remote Registry settings) allow you access.
REG DELETE KeyName [/v ValueName | /ve | /va] [/f]
KeyName [\\Machine\]FullKey
Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines
FullKey ROOTKEY\SubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
ValueName The value name, under the selected Key, to delete. When omitted, all subkeys and values under the Key are deleted
/ve delete the value of empty value name <no name>
/va delete all values under this key
/f Forces the deletion without propmt
Examples:
REG DELETE HKLM\Software\MyCo\MyApp\Timeout Deletes the registry key Timeout and its all subkeys and values
REG DELETE \\ZODIAC\HKLM\Software\MyCo /v MTU Deletes the registry value MTU under MyCo on ZODIAC
You can use the command to copy a single value or an entire hive from its original location to another; the target location can be on the same machine as the source or on any other machine on the network. This command makes short work out of tasks like copying a standard set of file associations to new machines or tweaking one machine so its configuration matches another.
REG COPY KeyName1 KeyName2 [/s] [/f]
KeyName [\\Machine\]FullKey
Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines
FullKey ROOTKEY\SubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
/s Copies all subkeys and values
/f Forces the copy without propmt
Examples:
REG COPY HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp /s Copies all subkeys and values under the key MyApp to the key SaveMyApp
REG COPY \\ZODIAC\HKLM\Software\MyCo HKLM\Software\MyCo1 Copies all values under the key MyCo on ZODIAC to the key MyCo1 on the current machine
The REGBACK and REGREST utilities allow you to back up and restore entire hives. To save a key and its values, you can use either reg save or reg backup:
REG SAVE KeyName FileName
KeyName ROOTKEY\SubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
FileName The name of the disk file to save. If no path is specified, the file is created in the current folder of the calling process
Examples:
REG SAVE HKLM\Software\MyCo\MyApp AppBkUp.hiv Saves the hive MyApp to the file AppBkUp.hiv in the current folder
REG RESTORE KeyName FileName
KeyName ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key to restore the hive file into. Overwriting the existing key’s values and subkeys
FileName The name of the hive file to restore
You must use REG SAVE to create this file
Examples:
REG RESTORE HKLM\Software\Microsoft\ResKit NTRKBkUp.hiv Restores the file NTRKBkUp.hiv overwriting the key ResKit
Regedt32 lets you load and unload saved keys as hives immediately beneath HKLM or HKU. The REG.EXE utility gives you the same ability and with the same limitations.
To load a hive, you use the REG load command. Unlike REG restore, REG load loads the hive by adding it with the key name you specify instead of overwriting the key you specify. This makes it possible for you to use REG load to load a saved hive, edit it, and unload it again without making any changes to the rest of your registry. Here’s what the command looks like:
REG LOAD KeyName FileName
KeyName ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKU ]
SubKey The key name to load the hive file into. Creating a new key
FileName The name of the hive file to load
You must use REG SAVE to create this file
Examples:
REG LOAD HKLM\TempHive TempHive.hiv Loads the file TempHive.hiv to the Key HKLM\TempHive
REG UNLOAD KeyName
KeyName ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKU ]
SubKey The key name of the hive to unload
Examples:
REG UNLOAD HKLM\TempHive Unloads the hive TempHive in HKLM