Edit the registry directly only if you have no choice. Registry Editor ignores standard security measures so that these settings degrade performance, damage the system, and even require users to reinstall Windows. You can change most registry settings by using Program security in Control Panel or Microsoft Management Console (MMC). If you must edit the registry directly, back it up first. Edit the registry of the local or remote computer directly using Reg. These changes may cause the computer to not operate and require the operating system to be reinstalled. So do not edit the registry directly, but make the registry change as much as possible by using Control Panel or Microsoft Management Console (MMC). Some operations can view or configure registry keys for local or remote computers, while others only allow you to configure registry settings for the local computer. Also, remote access to the registry may limit the parameters used for an operation. Check the syntax of each operation to verify that the operation is available to the remote computer, and to verify the parameters that can be used in that case.
The reg command is provided by Windows XP to add, change, and display registry subkey information and values in registry keys.
1,reg Add new subkeys or items to the registry
Syntax: REG ADD KeyName [/V entryname|/ve] [/t DataType] [/s separator] [/d] [/f]
Parameters
KeyName
Specifies the full path of the subkey. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring computername causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. There are only HKLM and HKU on the remote machine.
Value Description
Hkcr:hkey_classes_root
Hkcu:hkey_current_user
Hklm:hkey_local_machine
Hku:hkey_users
Hkcc:hkey_current_config
/V EntryName
Specifies the name of the item to add to the specified subkey.
/ve
Specifies that the entries added to the registry are null values.
/T DataType
The data type of the specified item value. DataType can be of the following types:
Reg_SZ
Reg_Multi_SZ
Reg_dword_big_endian
Reg_dword
REG_Binary
Reg_dword_little_endian
Reg_link
Reg_full_resource_descriptor
Reg_expand_sz
/s Separator
Specifies the character used to separate multiple instances of data. Use this parameter when REG_MULTI_SZ is specified as a data type and you need to list more than one item. If it is not specified, the default delimiter is used.
/d Value
Specifies the value of the new registry key.
/F
Add subkeys or items directly without asking for information.
/?
Display Help at the command prompt.
Comments
This operation cannot add a subtree. This version of Reg does not need to request confirmation when adding subkeys.
The following table lists the return values for the REG add operation. Value Description
0 success
1 failure
/ v The Value name to add under the selected item.
/ve adds a blank value name to the registry key (default).
/t RegKey data type
[REG_SZ | REG_MULTI_SZ | REG_EXPAND_SZ |
REG_DWORD | Reg_qword | REG_BINARY | Reg_none]
If omitted, the REG_SZ is used.
/s specifies a character to be used as a delimiter in the REG_MULTI_SZ data string
If omitted, "" is used as a separator.
/d The data to be assigned to the added registry ValueName.
/ f Force Overwrite existing registry key without prompting.
Example
(Supplemental, cmd/k to use reg command in run)
The following examples illustrate how to use the REG ADD command:
cmd/k reg ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"/V checkedvalue/t reg_dword/d 1/f (Show hidden files and folders)
cmd/k reg ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"/V systray/t reg_sz/d "%systemroot%\system32\ Systray.exe "/F (power-on start volume control)
cmd/k reg ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"/V shell/t reg_sz/d "%SystemRoot%\explorer. EXE/F (Startup Explorer Shell)
cmd/k reg ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"/V soundman/t reg_sz/d "%systemroot%\soundman.exe" /f (power-on start AC97 Sound Administrator program)
cmd/k reg ADD "Hklm\software\microsoft\windows\currentversion\app Paths\IEXPLORE. EXE "/ve/d"%ProgramFiles%\Internet explorer\iexplore. EXE "/t reg_sz/f
(UC Room not open broadcast)
cmd/k reg ADD "Hklm\software\microsoft\windows\currentversion\app paths\msconfig. EXE "/ve/d"%systemroot%\pchealth\helpctr\binaries\msconfig.exe "/t reg_sz/f
(Run Msconfig hint cannot find the file)
cmd/k reg ADD "Hklm\software\microsoft\windows\currentversion\app paths\wmplayer.exe"/ve/d "%ProgramFiles%\Windows Media Player\wmplayer.exe "/t reg_sz/f
(repair of WMP player cannot be called correctly)
cmd/k reg ADD "Hklm\software\microsoft\windows\currentversion\app paths\wordpad. EXE "/ve/d"%ProgramFiles%\Windows Nt\accessories\wordpad. EXE "/t reg_sz/f
(Repair of WordPad cannot be called correctly)
cmd/k reg ADD "Hkcu\software\microsoft\windows\currentversion\run"/V ctfmon.exe/t reg_sz/d "%SystemRoot%\system32\ Ctfmon.exe "/F (power-on boot input program Ctfmon)
cmd/k reg ADD "hkcu\controlpanel\desktop"/V waittokillapptimeout/t reg_sz/d 10000/f (Accelerated shutdown application)
For example:
REG ADD \\ABC\HKLM\Software\MyCo
Add a registry key on the remote machine ABC HKLM\Software\MyCo
REG ADD hklm\software\myco/v data/t reg_binary/d fe340ead
Add a value (name: Data, type: REG_BINARY, Date: fe340ead)
REG ADD hklm\software\myco/v mru/t reg_multi_sz/d fax\0mail
Add a value (name: MRU, type: REG_MUTLI_SZ, data: fax\0mail\0\0)
REG ADD hklm\software\myco/v path/t reg_expand_sz/d ^%systemroot^%
Add a value (name: Path, type: REG_EXPAND_SZ, data:%systemroot%)
Note: Use the caret (^) in the curried string
reg ADD hklm\system\currentcontrolset\services\http\parameters/v maxconnections/t reg_dword/d 100000
REG ADD hklm\system\currentcontrolset\services\nlasvc\parameters\internet/v enableactiveprobing/t reg_dword/d 1
2,reg Delete an item or subkey from the registry
Syntax: REG DELETE KeyName [{/V Entryname|/ve|/va}] [F]
Parameters
KeyName
Specifies the full path of the subkey. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring computername causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
/V EntryName
Deletes a specific item under a subkey. If no item is specified, all items and subkeys under the subkey are deleted.
/ve
Specifies that only items that can be deleted are null values.
/va
Deletes all items under the specified subkey. You cannot delete a subkey under a specified subkey using this parameter.
/F
Deletes an existing registry subkey or item without requesting confirmation.
/?
Display Help at the command prompt.
Comments
The following table lists the return values for the reg delete operation. Value Description
0 success
1 failure
Example
The following example shows how to use the reg delete command:
cmd/k reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution options\taskmgr.exe"/ F (Task Manager in taskbar is grayed)
cmd/k reg delete "hklm\software\microsoft\shared Tools\msconfig\startupreg"/f (delete unchecked items in MSConfig startup)
cmd/k reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution options\ctfmon.exe"/ F (Delete Ctfmon image hijacking)
cmd/k reg Delete "hkcu\software\microsoft\windows\currentversion\explorer\traynotify"/V iconstreams/f
cmd/k reg Delete "hkcu\software\microsoft\windows\currentversion\explorer\traynotify"/V PastIconsStream/ F (Delete the history of the notification area)
3,reg Compare Compare the specified registry subkey or item
Syntax: REG compare KeyName1 KeyName2 [/V entryname |/ve] {[/oa]|[ /od]| [/os]| [On]} [/s]
Parameters
KeyName
Specifies the full path of the subkey. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring computername causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can use only HKLM and HKU subtree.
/V EntryName
Compares a specific item under a subkey.
/ve
Specifies that only items with no value can be compared.
{[/oa]| [/od]| [/os]| [On]}
Specifies how different points and matching points are displayed. The default setting is/od. Value Description
/OA specifies that all the different points and matching points are displayed. By default, only the different points are listed.
/OD specifies that only different points are displayed. This is the default action.
/OS specifies that only matching points are displayed. By default, only the different points are listed.
/ON Specifies that no content is displayed. By default, only the different points are listed.
/s Separator
Compares all subkeys and items.
/?
Display Help at the command prompt.
Comments
The following table lists the return values for the Reg compare operation. Value Description
0 is more successful and the results are the same.
1 comparison failed.
2 more successful and found different points.
Example
The following example shows how to use the Reg compare command:
Reg compare "hkcu\software\microsoft\winmine" "hkcu\software\microsoft\winmine"/od/s
4,reg Copy a registry key to a local or remote computer at a specified location
Syntax: REG copy KeyName1 KeyName2 [/s] [/f]
Parameters
KeyName1
Specifies the full path of the subkey to be copied. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring computername causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can use only HKLM and HKU subtree.
KeyName2
Specifies the full path of the child project's land. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring computername causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can use only HKLM and HKU subtree.
/s
Copies all subkeys and items under the specified subkey.
/F
The subkey is copied directly without requesting confirmation.
/?
Display Help at the command prompt.
Comments
This version of Reg does not need to request confirmation when copying subkeys.
The following table lists the return values for the reg copy operation. Value Description
0 success
1 failure
Example
The following examples illustrate how to use the reg copy command:
Reg copy "hkcu\software\microsoft\winmine" "HKCU\SOFTWARE\MICROSOFT\WINMINEBK"/s/f
Reg copy "hkcu\software\microsoft\winminebk" "hkcu\software\microsoft\winmine"/s
5,reg Export creates a copy of the specified subkeys, items, and values into a file so that it can be transferred to another server
Syntax: REG EXPORT KeyName FileName
Parameters
KeyName
Specifies the full path of the subkey. The export operation can only work on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
FileName
Specifies the name and path of the file to be exported. The file must have a. reg extension.
/?
Display Help at the command prompt.
Comments
The following table lists the return values for the Reg export operation. Value Description
0 success
1 failure
Example
The following example shows how to use the Reg Export command:
Reg export "hkcu\software\microsoft\winmine" C:\data\regbackups\wmbkup.reg
6,reg import copies files that contain exported registry subkeys, keys, and values to the local computer's registry
Syntax: REG import FileName
Parameters
FileName
Specifies the name and path of the file that will be copied to the local computer registry. The file must be created in advance by using the REG Export command.
/?
Display Help at the command prompt.
Comments
The following table lists the return values for the reg import operation. Value Description
0 success
1 failure
Example
The following example shows how to use the Reg import command:
Reg Import Hkcu\software\microsoft\winmine "C:\data\regbackups\wmbkup.reg
7,reg Load writes saved subkeys and items back to different subkeys in the registry
The purpose is to save to a temporary file that can be used to troubleshoot or edit registry keys.
Syntax: REG LOAD KeyName FileName
Parameters
KeyName
Specifies the full path of the subkey. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring computername causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory tree for HKLM
8,reg Query Returns a list of items and next-level subkeys under subkeys of the registry
Syntax: REG QUERY KeyName [{/V entryname|/ve}] [/s]
Parameters
KeyName
Specifies the full path of the subkey. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring ComputerName causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can use only HKLM and HKU subtree.
/V EntryName
Returns a specific item and its value. This parameter returns only the items that are directly in the next layer of the specified subkey. The item in the subkey under the current subkey will not be found. If EntryName is omitted, all items under the subkey are returned.
/ve
Specifies an item that is returned only as a null value.
/s
All the subkeys and items in each layer are returned. If you do not use this argument, only the next level of subkeys and items will be returned.
/?
Display Help at the command prompt.
Comments
The following table lists the return values for the REG query operation. Value Description
0 success
1 failure
Example
The following example shows how to use the REG query command:
Reg QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager"/V maxstacktracedepth
Reg QUERY "hkcu\software\microsoft\winmine"/s
9,reg Restore writes saved subkeys and entries back to the registry
Syntax: reg RESTORE KeyName FileName
Parameters
KeyName
Specifies the full path of the subkey. The Restore operation works only on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
FileName
Specifies the name and path of the file that will be written back to the registry. You must use the Reg save operation with the. HIV extension to create the file beforehand.
/?
Display Help at the command prompt.
Comments
This action overrides the edited registry key. Before you edit the registry key, use the Reg save action to save the parent child. If the edit fails, you can use this action to recover the subkey.
The following table lists the return values for the Reg restore operation. Value Description
0 success
1 failure
Example
The following example shows how to use the reg RESTORE command:
Reg restore "hkcu\software\microsoft\winmine" Wmbkup.hiv
10,reg Save a copy of the specified subkeys, items, and registry values to the specified file.
Grammar
Reg SAVE KeyName FileName
Parameters
KeyName
Specifies the full path of the subkey. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring ComputerName causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
FileName
Specifies the name and path of the file you are creating. If no path is specified, the current path is used.
/?
Display Help at the command prompt.
Comments
The following table lists the return values for the Reg save operation. Value Description
0 success
1 failure
Example
The following example shows how to use the Reg Save command:
Reg save "hkcu\software\microsoft\winmine" Wmbkup.hiv
11,reg unload use reg load action to delete a loaded part of the registry
Syntax: REG UNLOAD KeyName
Parameters
KeyName
Specifies the full path of the subkey. For a remote computer, include the computer name in front of the subkey path in \\ComputerName\PathToSubkey. Ignoring ComputerName causes the default to operate on the local computer. Start the path with the appropriate subdirectory tree. Valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
/?
Display Help at the command prompt.
Comments
The following table lists the return values for the reg unload operation. Value Description
0 success
1 failure
Example
The following example shows how to use the reg unload command:
Reg unload "HKCU\SOFTWARE\MICROSOFT\WINMINEBK2"