Command Line Registry Edits

Command Line Registry Edits

Regchg.exe Rregchg.exe Regfind.exe
Regdel.exe Regini.exe Reg.exe

Microsoft has made a number of command-line registry editing tools available in the NT Resource Kit and its supplements. They all have their own uses, which often overlap between tools, and each can be used effectively for different purposes.

Regchg.exe
Simple usage: Regchg Path EntryName Type Value

For example: regchg "software\control key\installed version" REG_SZ 1.00

Regchg not only allows existing values to be changed on the local machine, it will also create a value if it does not exist. However, it will not create keys.

It focuses solely on the HKEY_LOCAL_MACHINE hive, so all values entered for the Path parameter must be keys of this hive.

The first key given in the Path should not be prefixed with a "\", or an error will be returned.

Both the Path and Value parameters should be enclosed in quotation marks, as shown above, if either parameter includes spaces.

Rregchg.exe
Simple usage: Rregchg \\Servername path EntryName Type Value

Rregchg provides the same functionality as Regchg.exe, except that it is used to edit the registry on a remote server.

The same syntax applies as with Regchg, with the addition of the UNC name of the server.

Regfind.exe
Simple usage: Regfind [-m \\machinename] [-p RegistryKeyPath] [-y] [-n] [searchString [-r ReplacementString]]

For example: regfind –p hkey_local_machine\system\currentcontrolset\services\macfile\parameters\
volumes 32768 –r 262144

Regfind allows the local registry, a remote registry, or an exported registry file to be searched for a given string and optionally replaced with another string. Rather than search the whole registry or file, a path can be set to search down from. Note that like Regchg, quotation marks should be used if any of the options on the command line includes spaces.

Unlike Regchg, Regfind is not confined to looking solely at the HKEY_LOCAL_MACHINE hive, so it is necessary to include the name of the hive to look in when specifying the path to search in.

Use the –y option to ignore the case of the string when running the search.

Use the –n option to look for the value names in the search.

In short: Regfind offers a quick way of searching for values in any hive of the registry and then reporting them to the screen or to a file or replacing them. Remember to run it without the ReplacementString first so that you know exactly what is going to be replaced when it runs with the –r option set.

Regdel.exe
Simple usage: regdel "RegistryPathToDelete"

regdel -r \\ServerName "RegistryPathToDelete"

For example: regdel "software\microsoft\test"

Regdel is used to delete registry keys. It cannot be used to specify and delete just values. This is another utility that focuses solely on the HKEY_LOCAL_MACHINE hive, so the RegistryPathToDelete option only needs to start with Software, System, Hardware, or SAM.

Regdel gives almost no feedback as to what it is doing. If you put "\" in front of the RegistryPathToDelete option, it will just hang; if it doesn't find the key, it will present you with a blank line; and if it works correctly, you get another blank line. It is not case-sensitive, and you can use it on remote servers if you specify a –r option and the UNC server name (for example, \\TestServer).

Regdel is recursive, so if you delete a key too far up the tree you will lose everything underneath.

In short: Regdel is destructive without giving you any prompts, so you must use it carefully. ("This is not a toy!," as my father would say.) If you use it to take away subtrees in a batch file, be sure you know what is being taken away, and make sure you are not editing the registry tree too close to the hive root. It may be prudent to include a Regdmp.exe command in your batch file to back up the part of the registry being removed.

After all these smaller utilities, there are two additional ones that roll them all together.

Regini.exe
All the previously mentioned tools are good for quickly adding to batch files as single commands for a single edit or a small number of edits. But if you need to make a number of registry edits, you may want to look at Regini, which takes a script file you compose and processes each line of that file in turn.

There is a Word document included with the Resource Kit explaining Regini, which you should read to get all the details on this powerful tool, but the following should be enough to get started.

The script file is easy to create. On the first line, enter the key to be edited, and on the following line enter the value to set it to, using this simple syntax:
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Outlook\Office Explorer
Favorites = H:\Windows\.
Views = H:\Windows\.
HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Word\Options
AUTOSAVE-PATH = H:\Temp
DOC-PATH = H:\Windows\Personal
EnableMacroVirusProtection = 0
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Access
Enabled = REG_DWORD 0DWORD

By default, the value type is REG_SZ.

Note that where the two paths appear as values in the same key, they are separated by "." to prevent them from merging into each other. Be aware, too, that there are different versions of Regini, and there is a –b switch to afford some backward compatibility. There is also an –m option to allow the registry of a remote machine to be accessed using the UNC server name.

One good way to get started on your Regini script is to use the Regdmp.exe utility (also on the Resource Kit) to dump out the part of the registry you will be working on to a text file. The output from Regdmp is in the correct form to be used as input for Regini. Using this shortcut, you don't need to start writing your script from scratch.

In short: Regini lets you make a number of edits from one script file. Call this script from a batch file which starts Regini (e.g., c:\ntreskit\regini.exe c:\scripts\testscript.ini) and just edit the script file. That way, you can't alter anything else in the batch file when you add or remove edits from the script. Use the Regdmp utility to create the template script and then alter the values or keys as required.

Reg.exe
Simple usage: REG operation <Parameter List> operation [ QUERY | ADD | UPDATE | DELETE | COPY | SAVE | BACKUP | RESTORE | LOAD | UNLOAD ]

For example: Reg add hkcu\software\testkey\testvalue=1 reg_dword \\testsr

Reg can access the whole of the registry and uses the codes HKCU, HKLM, HKCR, HKU and HKCC to refer to the various hives in the registry. Reg is not case-sensitive.

The Reg operations can be used with remote machines by adding the UNC name of the server to the end of the command line (see reg add /? for more help).

Reg can be found on the Resource Kit supplements. It provides much of the functionality of the previous utilities in a series of commands that are much like the Net command. One of the advantages of using Reg is that the syntax remains the same throughout the tool. It will also back up and restore the registry and provide the options to load and unload parts of the registry on the fly. However, Reg can't search the registry as Regfind can, and it has had its problems and revisions. For example, there was a problem with it not recognizing UNC machine names over 13 characters long, as it counted the two \\s as part of the name. It is advisable to download the latest version from supplements at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386 as reg_x86.exe.

Source: www.techrepublic.com

Home Page Back to M.I.S.

Last modified: October 31, 2005
Yannis Grammatis