Using Reg.Exe
Microsoft provide the command line tool Reg.Exe for
working with the Windows Registry for users of Windows XP/Vista/7. It comes with the following built in functions:
QUERY
/ ADD / DELETE / COPY / SAVE / LOAD / UNLOAD / RESTORE / COMPARE / EXPORT /
IMPORT
Whilst it is beyond this article to fully explain each of these options of
Reg.Exe, we can look at some common examples of each.
QUERY
The REG QUERY command allows the user to query a single key for a single
value, or a range of keys for all their values. To display the full range of
parameters that can be used, type the following into the command line:
reg query /?
To display all subkeys and values under the key HKLM\Software\Microsoft\ResKit\Nt\Setup
on a remote computer named ABC, type:
REG QUERY
\\ABC\HKLM\Software\Microsoft\ResKit\Nt\Setup /s
To display
the key, value, and data for exact and case sensitive matches of SYSTEM
under the HKLM root of data type REG_SZ, type:
REG
QUERY HKLM /f SYSTEM /t REG_SZ /c /e
To display all the
subkeys and values of the type REG_MULTI_SZ using # as the separator, type:
REG QUERY HKLM\Software\Microsoft\ResKit\Nt\Setup /se #
ADD
The REG ADD command allows the user to add new keys and values to the
Registry. To display the full range of parameters that can be used, type the
following into the command line: reg add /?
To add the key HKLM\Software\MyNewApp on remote computer PC2, type:
REG ADD \\PC2\HKLM\Software\MyNewApp
To add a
registry entry to HKLM\Software\MyNewApp with a value named Data of type
REG_BINARY and data of fe340ead, type:
REG ADD
HKLM\Software\MyNewApp /v Data /t REG_BINARY /d fe340ead
DELETE
The REG DELETE command allows the user to remove a Registry key or value
(it will remove all subkeys and values beneath the key - but will always
confirm you wish to perform the deletion first.) You should perform this as
an Administrator. To display the full range of parameters that can be used,
type the following into the command line: reg delete /?
To delete the registry key Timeout and its all subkeys and values, type:
REG DELETE HKLM\Software\MyCo\MyApp\Timeout
To delete the registry value MTU under HKLM\Software\MyCo on the
computer named PC2, type:
REG DELETE
\\PC2\HKLM\Software\MyCo /v MTU
COPY
The REG COPY command allows the user to copy a single value or an entire
hive from its original location to another - local or remote. This is a VERY
popular command for administrators supporting Windows computers. To display
the full range of parameters that can be used, type the following into the
command line: reg copy /?
To copy all subkeys and values under the key MyApp to the key SaveMyApp,
type:
REG COPY HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp
/s
To copy all values under the key MyCo on the computer
named PC2 to the key MyCo1 on the local computer, type:
REG COPY \\PC2\HKLM\Software\MyCo HKLM\Software\MyCo1
SAVE
The REG SAVE command allows the user to save a copy of specified Registry
subkeys, entries, and values in a specified file. To display the full range
of parameters that can be used, type the following into the command line:
reg save /?
To save the hive Perk30 into the current folder as a file named
MyRegHive.hiv, type:
REG SAVE HKCU\Software\Perk30
MyRegHive.hiv
To save the hive Perk30 into the folder
Backups, as a named MyRegHive.hiv, type:
REG SAVE
HKCU\Software\Perk30 C:\Backups\MyRegHive.hiv
LOAD
The REG LOAD command allows the user to write saved subkeys and entries
into a different subkey in the registry - it only applies to HKLM and HKU.
It is intended for use with temporary files that are used for
troubleshooting or editing registry entries. (You can use this command to
load an alternative Default user profile on a PC for example). To display
the full range of parameters that can be used, type the following into the
command line: reg load /?
To load the file TempHive.hiv to the Key HKLM\TempHive, type:
REG LOAD HKLM\TempHive TempHive.hiv
UNLOAD
The REG UNLOAD command allows the user to remove a section of the
registry that was loaded using the reg load operation.. To
display the full range of parameters that can be used, type the following
into the command line: reg unload /?
To unload the hive TempHive in the file HKLM, type:
REG UNLOAD HKLM\TempHive
RESTORE
The REG RESTORE command allows the user to write saved subkeys and
entries back to the registry. To display the full range of parameters that
can be used, type the following into the command line: reg
restore /?
To restore the file named NTRKBkUp.hiv into the key HKLM\Software\Microsoft\ResKit,
and overwrite the existing contents of the key, type:
REG RESTORE HKLM\Software\Microsoft\ResKit NTRKBkUp.hiv
COMPARE
The REG COMPARE command allows the user to compare specified registry
subkeys or entries. To display the full range of parameters that can be
used, type the following into the command line: reg compare /?
To compare all values under the key MyApp with all values under the key
SaveMyApp, type:
REG COMPARE HKLM\Software\MyCo\MyApp
HKLM\Software\MyCo\SaveMyApp
EXPORT
The REG EXPORT command allows the user to copy the specified subkeys,
entries, and values of the local computer into a file for transfer to other
servers. To display the full range of parameters that can be used, type the
following into the command line: reg export /?
To export the contents of all subkeys and values of the key MyApp to the
file AppBkUp.reg, type:
REG EXPORT HKLM\Software\MyCo\MyApp
AppBkUp.reg
IMPORT
The REG IMPORT command allows the user to copy the contents of a file
that contains exported registry subkeys, entries, and values into the
registry of the local computer. To display the full range of parameters that
can be used, type the following into the command line: reg
import /?
To import registry entries from the file named AppBkUp.reg, type:
REG IMPORT AppBkUp.reg
