You can directly edit the registry only when you have no choice. The Registry Editor ignores standard security measures to reduce performance, damage the system, and even require users to reinstall Windows. You can use the program security in the control panel or Microsoft Management Console (MMC) to change most registry settings. If you must directly edit the registry, back up it first. Use Reg to directly edit the registry of a local or remote computer. These changes may cause the computer to be unable to operate and require the operating system to be reinstalled. Therefore, instead of directly editing the registry, use the control panel or Microsoft Management Console (MMC) whenever possible to change the registry. Some operations can be used to view or configure registry entries for local or remote computers, while others can only configure registry settings for local computers. In addition, remote access to the registry may also limit the parameters used for an operation. Check the syntax of each operation to verify that the operation can be used on a remote computer, and that the parameters can be used in that case.
The reg command is provided by Windows XP. It can add, modify, and display the Registry subitem information and values in the registry key.
1. reg add new subitem or item to the Registry
Syntax: reg add KeyName [/v EntryName |/ve] [/t DataType] [/s separator] [/d value] [/f]
Parameters
KeyName
Specify the full path of the sub-item. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. Only HKLM and HKU are available on the remote machine.
Value description
HKCR: HKEY_CLASSES_ROOT
HKCU: HKEY_CURRENT_USER
HKLM: HKEY_LOCAL_MACHINE
HKU: HKEY_USERS
HKCC: HKEY_CURRENT_CONFIG
/V EntryName
Specifies the name of the item to be added to the specified subitem.
/Ve
The entry added to the registry is null.
/T DataType
Data Type of the specified item value. DataType can be of the following types:
REG_SZ
REG_MULTI_SZ
REG_DWORD_BIG_ENDIAN
REG_DWORD
REG_BINARY
REG_DWORD_LITTLE_ENDIAN
REG_LINK
REG_FULL_RESOURCE_DESCRIPTOR
REG_EXPAND_SZ
/S separator
Specifies the characters used to separate multiple data instances. Use this parameter when REG_MULTI_SZ is specified as the data type and multiple items need to be listed. If not specified, the default separator "\ 0" is used ".
/D value
Specify the value of the new registry key.
/F
Add a subitem or item directly without asking for information.
/?
Display help at the command prompt.
Note
This operation cannot add Subtrees. This version of Reg does not need to be confirmed when you add a subitem.
The following table lists the return values of the reg add operation. Value description
0 successful
1 failed
Example
(In addition, cmd/k is used to run the reg command)
The following example illustrates how to use the reg add command:
Cmd/k reg add "HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ explorer \ Advanced \ Folder \ Hidden \ SHOWALL"/v Checkedvalue/t reg_dword/d 1/f (hide files and folders)
Cmd/k reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run"/v sort Ray/t REG_SZ/d "% SystemRoot % \ system32 \ systray.exe"/f (start upon startup) volume Control)
Cmd/k reg add "HKLM \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon"/v Shell/t REG_SZ/d "% SystemRoot % \ assumer.exe"/f (start explorer shell Program)
Cmd/k reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run"/v SoundMan/t REG_SZ/d "% SystemRoot % \ SOUNDMAN.exe"/f (enable AC97 sound effects upon startup administrator Program)
Cmd/k reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ App Paths \ iw.e. EXE "/ve/d" % ProgramFiles % \ Internet Explorer \ iw.e. EXE "/t REG_SZ/f
(UC room cannot open broadcast)
Cmd/k reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ App Paths \ MSCONFIG. EXE "/ve/d" % SystemRoot % \ PCHealth \ HelpCtr \ Binaries \ MSConfig.exe "/t REG_SZ/f
(Running MSConfig prompts that the file cannot be found)
Cmd/k reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ App Paths \ wmplayer.exe"/ve/d "% ProgramFiles % \ Windows Media Player \ wmplayer.exe"/t REG_SZ/ f
(WMP player cannot be properly called for restoration)
Cmd/k reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ App Paths \ WORDPAD. EXE "/ve/d" % ProgramFiles % \ Windows NT \ Accessories \ WORDPAD. EXE "/t REG_SZ/f
(The repair of the WordPad cannot be called normally)
Cmd/k reg add "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run"/v ctfmon.exe/t REG_SZ/d "% SystemRoot % \ system32 \ ctfmon.exe"/f (start CTFMON)
Cmd/k reg add "HKCU \ ControlPanel \ Desktop"/v WaitToKIllAppTimeOut/t REG_SZ/d 10000/f (accelerate application shutdown)
2. reg delete deletes a key or subitem from the registry.
Syntax: reg delete KeyName [{/v EntryName |/ve |/va}] [/f]
Parameters
KeyName
Specify the full path of the sub-item. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
/V EntryName
Delete a specific item under a subitem. If no item is specified, all items and subitems under the subitem are deleted.
/Ve
Only items with null values can be deleted.
/Va
Deletes all items under a specified subitem. This parameter cannot be used to delete a subitem under a specified subitem.
/F
You do not need to request confirmation to delete an existing registry subitem or entry.
/?
Display help at the command prompt.
Note
The following table lists the return values of the reg delete operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg delete command:
Cmd/k reg delete "HKLM \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe"/f (the Task Manager in the taskbar is gray)
Cmd/k reg delete "HKLM \ SOFTWARE \ Microsoft \ Shared Tools \ MSConfig \ startupreg"/f (delete unselected items in MSConfig startup)
Cmd/k reg delete "HKLM \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ctfmon.exe"/f (delete CTFMON Image hijacking)
Cmd/k reg delete "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ traypolicy"/v IconStreams/f
Cmd/k reg delete "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ TrayNotify"/v PastIconsStream/f (delete the history of the notification area)
3. reg compare compares the specified registry subkeys or items.
Syntax: reg compare KeyName1 KeyName2 [/v EntryName |/ve] {[/oa] | [/od] | [/OS] | [on]} [/s]
Parameters
KeyName
Specify the full path of the sub-item. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can only use the HKLM and HKU subdirectory trees.
/V EntryName
Compares specific items under a subitem.
/Ve
Only items with no value can be compared.
{[/Oa] | [/od] | [/OS] | [on]}
Specify the display mode of different points and matching points. The default value is/od. Value description
/Oa indicates that all different points and matching points are displayed. By default, only differences are listed.
/Od indicates that only different points are displayed. This is the default operation.
/OS indicates that only matching points are displayed. By default, only differences are listed.
/On specifies that no content is displayed. By default, only differences are listed.
/S Separator
Compare all subitems and items.
/?
Display help at the command prompt.
Note
The following table lists the return values of the reg compare operation. Value description
0 is successful and the result is the same.
1. Comparison failed.
2. The comparison is successful and the difference is found.
Example
The following example shows how to use the reg compare command:
Reg compare "hkcu \ software \ microsoft \ winmine" "hkcu \ software \ microsoft \ winmine"/od/s
4. reg copy Copies a registry key to a specified location on a local or remote computer.
Syntax: reg copy KeyName1 KeyName2 [/s] [/f]
Parameters
KeyName1
Specifies the full path of the subitem to be copied. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can only use the HKLM and HKU subdirectory trees.
KeyName2
Specifies the full path of the subitem destination. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can only use the HKLM and HKU subdirectory trees.
/S
Copy all the sub-items and items under the specified sub-item.
/F
Copy the subitem directly without request confirmation.
/?
Display help at the command prompt.
Note
This version of Reg does not require confirmation when copying subitems.
The following table lists the return values of the reg copy operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg copy command:
Reg copy "hkcu \ software \ microsoft \ winmine" "hkcu \ software \ microsoft \ winminebk"/s/f
Reg copy "hkcu \ software \ microsoft \ winminebk" "hkcu \ software \ microsoft \ winmine"/s
5. reg export creates a copy of the specified sub-item, item, and value to the file so that it can be transmitted to other servers.
Syntax: reg export KeyName FileName
Parameters
KeyName
Specify the full path of the sub-item. The Export operation can only work on a local computer. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
FileName
Specifies the name and path of the file to be exported. The file must have the. reg extension.
/?
Display help at the command prompt.
Note
The following table lists the return values of the reg export operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg export command:
Reg export "hkcu \ software \ microsoft \ winmine" c: \ data \ regbackups \ wmbkup. reg
6. reg import copies the file containing the exported registry subkeys, keys, and values to the registry of the local computer.
Syntax: reg import FileName
Parameters
FileName
Specifies the name and path of the file to be copied to the registry of the local computer. You must use the reg export command to create the file in advance.
/?
Display help at the command prompt.
Note
The following table lists the return values of the reg import operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg import command:
Reg import hkcu \ software \ microsoft \ winmine "c: \ data \ regbackups \ wmbkup. reg
7. reg load writes the saved sub-keys and items back to different sub-keys in the registry.
The purpose is to save it to a temporary file, which can be used to answer the registry key or edit the registry key.
Syntax: reg load KeyName FileName
Parameters
KeyName
Specify the full path of the sub-item. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory tree is HKLM.
8. reg query returns the items under the subkeys of the Registry and the list of subkeys of the next layer.
Syntax: reg query KeyName [{/v EntryName |/ve}] [/s]
Parameters
KeyName
Specify the full path of the sub-item. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC. If you specify a remote computer, you can only use the HKLM and HKU subdirectory trees.
/V EntryName
Returns a specific item and its value. This parameter only returns items directly located in the next layer of the specified subitem. The items in the subitem under the current subitem cannot be found. If EntryName is omitted, all items under the subitem are returned.
/Ve
Only items with null values are returned.
/S
All sub-items and items in each layer are returned. If this parameter is not used, only the subitem and item of the next layer are returned.
/?
Display help at the command prompt.
Note
The following table lists the return values of the reg query operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg query command:
Reg query "hklm \ system \ currentcontrolset \ control \ session manager"/v maxstacktracedepth
Reg query "hkcu \ software \ microsoft \ winmine"/s
9. reg restore writes the saved sub-keys and items back to the Registry.
Syntax: reg restore KeyName FileName
Parameters
KeyName
Specify the full path of the sub-item. The Restore operation only works on the local computer. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
FileName
Specify the name and path of the file that will be written back to the Registry. The file must be created in advance using the reg save operation with the. hiv extension.
/?
Display help at the command prompt.
Note
This operation overwrites the edited registry key. Before editing the registry key, use reg save to save the parent key. If the editing fails, you can use this operation to restore the subitem.
The following table lists the return values of the reg restore operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg restore command:
Reg restore "hkcu \ software \ microsoft \ winmine" wmbkup. hiv
10. reg save saves copies of the specified subitem, item, and registry value to the specified file.
Syntax
Reg save KeyName FileName
Parameters
KeyName
Specify the full path of the sub-item. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
FileName
Specify the name and path of the created file. If no path is specified, the current path is used.
/?
Display help at the command prompt.
Note
The following table lists the return values of the reg save operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg save command:
Reg save "hkcu \ software \ microsoft \ winmine" wmbkup. hiv
11. reg unload uses reg load to delete some loaded registries.
Syntax: reg unload KeyName
Parameters
KeyName
Specify the full path of the sub-item. For remote computers, please include the computer name before the sub-path in \ ComputerName \ PathToSubkey. If ComputerName is ignored, operations on the local computer are performed by default. Start with the corresponding subdirectory tree path. The valid subdirectory trees are HKLM, HKCU, HKCR, HKU, and HKCC.
/?
Display help at the command prompt.
Note
The following table lists the return values of the reg unload operation. Value description
0 successful
1 failed
Example
The following example shows how to use the reg unload command:
Reg unload "hkcu \ software \ microsoft \ winminebk2"