Home  │  Lock Registry │  Merge Registry │ 
 

Registry editing using Console Registry Tool reg.exe

Topics on this page:

[1] Console Registry Tool for Windows v. 3.0

[2] The commands

[2.1] REG ADD

[2.1.1] Example: Add or change NoRecentDocsMenu policy

[2.2] REG DELETE

[2.2.1] Example: Using REG DELETE to unlock regedit

[2.3] REG QUERY

[2.3.1] Example: REG QUERY NoDriveTypeAutoRun policy key

 

1. Console Registry Tool for Windows v. 3.0

This is a brief introduction to using Windows XP's built-in Console Registry Tool for Windows v.3.0, reg.exe to edit the registry. There are other alternatives including VBScript, JScript and inf files. These are powerful methods to edit the registry.

You can use this tool to unlock your registry. Refer to my article on "lock registry" for more details on unlocking regedit. Because it runs from the command prompt, it can be used in a batch script for deployment and unattended installations.

 

2. The commands

There are 11 reg.exe commands available. In the command prompt or script you can use capitals or small letters.

REG QUERY

REG ADD

REG DELETE

REG COPY

REG SAVE

REG LOAD

REG UNLOAD

REG RESTORE

REG COMPARE

REG EXPORT

REG IMPORT

 

I will not cover each of them in detail but will only concentrate on REG ADD, REG DELETE and REG QUERY. These are useful in dealing with hijacking when regedit.exe is disabled.

The REG LOAD command loads a registry hive file (dat) to a temporary key and is similar to File > Load Hive in the registry editor.

The REG RESTORE command uses a registry hive file to overwrite the existing hive thereby restoring the registry using the backup hive. Note the difference between this and the REG LOAD command.

The REG IMPORT command is similar to running this command:

regedit /s <filename.reg>

You will find details of the syntax of each command by typing:

REG <COMMAND> /?

in the command prompt.

As always, test your commands and scripts in a test computer or virtual host and not on your production computer. The examples above are taken from my registry and Group Policy articles.

 

2.1. REG ADD

REG ADD [\\Machine\ROOTKEY\Subkey] [/v ValueName │ ve ] [/t Type] [/s separator] [/d Data] [/f]

\\Machine If connecting to the local computer, omit \\Machine. You can use standard abbreviations for the ROOTKEY such as HKCU, HKLM, HKCR, HKU, HKCC.
/v ValueName the specified value name from the key
/ve the key's empty values
/t specifies one of the eight the data type; the default is REG_SZ
/s specifies the separator character in REG_MULTI_SZ; or just use the \0 default
/d specifies the data to add
/f adds the key or values without prompting

 

2.1.1. Example: Add or change NoRecentDocsMenu policy

This command will change the No Recent Document Menu policy registry key from the existing value of 1 (policy enabled) to 0 (policy disabled):

REG ADD HKCU\Software\Microsoft\Windows\_
CurrentVersion\Policies\Explorer /v NoRecentDocsMenu _
/t REG_DWORD /d 0

You must type Y to the prompt to proceed. If the data name did not exist then it will simply add the add and its value without prompting.

Figure 1 shows the above two operations. The second command was run after the value was first manually deleted.

REG ADD command in operation

Fig. 1. REG ADD command in operation

 

REG ADD commands can be added together sequentially in a batch script for example in unattended installations using RunOnceEx to add applications.

 

2.2. REG DELETE

REG DELETE [\\Machine\ROOTKEY\Subkey] [/v ValueName │ ve │ va] [/f]

 

\\Machine If connecting to the local computer, omit \\Machine. You can use standard abbreviations for the ROOTKEY such as HKCU, HKLM, HKCR, HKU, HKCC.
/v ValueName deletes the specified value name from the key.
/ve deletes the key's empty values.
/va deletes all the values under the key.
/f deletes the key or values without prompting.

 

2.2.1. Example: unlock regedit

The following command will delete the relevant key value to unlock the registry after it has been disabled by the administrator (or hijacking script; please refer to my article on registry locking):

REG DELETE HKCU\Software\Microsoft\Windows\_
CurrentVersion\Policies\System /v DisableRegistryTools

The following command will delete the whole \System subkey:

REG DELETE HKCU\Software\Microsoft\Windows\_
CurrentVersion\Policies\System

These commands are especially useful in Windows XP Home Edition in which there is no Group Policy Editor to unlock the policy.

Figure 2 shows the above two commands and the interactive prompts.

Reg delete command to unlock the registry

Fig. 2. REG DELETE command to unlock the registry

 

The command can easily be incorporated in a batch script (bat or cmd, fig. 3).

Unlock registry batch script in operation.

Fig. 3. Unlock registry batch script in operation.

 

2.3. REG QUERY

REG QUERY [\\Machine\ROOTKEY\Subkey] [/v ValueName │ ve ] [/s]

 

\\Machine If connecting to the local computer, omit \\Machine. You can use standard abbreviations for the ROOTKEY such as HKCU, HKLM, HKCR, HKU, HKCC.
/v ValueName queries the specified value name from the key.
/ve queries the key's empty or default values
/s queries all subkeys and values

2.3.1. Example: Reg query NoDriveTypeAutoRun policy key

The following command queries the registry for the NoDriveTypeAutoRun policy key and its value.

REG QUERY HKCU\Software\Microsoft\Windows\_
CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun

Figure 4 shows the actual operation; note that the binary value 0x91 is shown (rather than the decimal 145) for this key.

REG QUERY command for NoDriveTypeAutoRun

Fig. 4. REG QUERY command for NoDriveTypeAutoRun

 

The REG QUERY command returns an ERRORLEVEL to 0 when it succeeds and 1 otherwise. This can be useful in an automated batch script when you only want to add a key if it doesn't already exists.

 

 

Reference

Microsoft MSDN Scripting Library

Honeycutt, Jerry, Microsoft Windows XP Registry Guide (Redmond: Microsoft Press, 2003)

Knittel, Brian, Windows XP Under the Hood. Hardcore Windows Scripting and Command Line Power (Indianapolis: Que, 2003)

 

Go to TOP

 

 

Copyright © 2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author.

This is not an official support page for any products mentioned. All the products mentioned are trademarks of their companies. Edit the registry at your own risk and back up first.

Created 18 Mar 2005 Last updated 22 Mar 2005