Many will be familiar with the graphical interface tool regedit.exe that is available for editing the Windows Registry. Less familiar, however, is the command-line utility reg.exe that also comes with Windows XP. This accessory will do anything that regedit.exe can do and has the additional facility of being directly usable in scripts. It is a common tool for system administrators with many computers to manage but can also be useful to the more experienced home PC user. I will discuss some aspects that may be of interest to this latter group. More details can be found at this Microsoft site. There is also information in the Windows XP Help and Support Center.

Registry editing is not for everybody but it is not as fearsome an operation as it is sometimes made out to be. Just be sure to follow the iron-clad rule to back up the Registry first before editing. There are many useful tweaks that involve a simple Registry edit and reg.exe provides a way that is simpler and safer in some ways than Regedit. It also provides a way to back up keys or entire hives of the Registry into files that can be stored off the main drive.

Like some other command-line utilities, the reg command is a shell or console that has its own set of sub-commands. An complete command will consist of reg subcommand variables Table I lists these subcommands and some are discussed in more detail in sections that follow. The commands can be carried out on remote networked computers as well as the local computer but I will confine the discussion to operations involving just the local computer.

Table I. Subcommands for reg.exe

Subcommand	Function
add	Adds a new subkey or entry to the registry
delete	Deletes a subkey or entries from the registry
query	Displays the data in a subkey or a value
compare	Compares specified registry subkeys or entries
copy	Copies a subkey to another subkey.
save	Saves a copy of specified subkeys, entries, and values of the registry in hive (binary) format
restore	Writes saved subkeys and entries in hive format back to the registry
load	Writes saved subkeys and entries in hive format back to a different subkey
unload	Removes a section of the registry that was loaded using reg load
export	Creates a copy of specified subkeys, entries, and values into a file in REG (text) format
import	Merges a REG file containing exported registry subkeys, entries, and values into the registry

Back to top

Reg add

This command is used to add keys and values to the Registry. The syntax is given by REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f] Table II explains the entries.

Table II. Parameters in REG ADD command

Parameter	Description
KeyName	Complete Registry key name. Uses abbreviations HKCR, HKCU, HKLM, and HKU for root keys
/v ValueName	Adds or changes a value
/ve	Changes a key's default value
/t Type	The type of value: REG_BINARY, REG_DWORD, REG_SZ, REG_MULTI_SZ, etc. The default is REG_SZ
/s Separator	Specifies the character used to separate strings in REG_MULTI_SZ entries. The default is /0
/d Data	The data to assign to a value
/f	Forces overwriting of existing values with prompting

Back to top

REG ADD provides a quick and simple method for adding new keys to the Registry or modifying old ones. As an example, let's look at how to add the sub- key "HackersAreUs" to the Local Machine Software key. The command would be REG ADD HKLM\Software\HackersAreUs Now let's add a value named "Stuff" and make it a binary entry with data "0001". The command would be REG ADD HKLM\Software\HackersAreUs /v Stuff /t REG_BINARY /d 0001 The two commands could have been executed as a single command but I have split them to make the process clearer. I have used upper case for REG ADD but that is for clarity and is not required.

Reg delete

Keys and values can be deleted in a similar but somewhat simpler fashion. The syntax is REG DELETE KeyName [/v ValueName | /ve | /va] [/f] Table III describes the parameters.

Table III. Parameters in REG DELETE command

Parameter	Description
KeyName	Complete Registry key name. Uses abbreviations HKCR, HKCU, HKLM, and HKU for root keys
/v ValueName	Deletes a value
/ve	Deletes a key's default value
/va	Deletes all values from a key
/f	Forces deletion with prompting

Back to top

Backing up and restoring the Registry

Providing methods for backing up and restoring the Registry are some of the most important applications for regedit.exe. There are two file formats that can be used, either a binary format known as a hive file or a special text format known as a REG file. The latter format may be more familiar since it is often used for Registry tweaks. The relevant commands are discussed in the following sections.

Saving and restoring hive files

To create a binary backup, use the command REG SAVE KeyName FileName Hive files are better for backup than REG files because they completely replace the contents of a key when they are restored. The restore command is REG RESTORE KeyName FileName

Exporting and importing REG files

REG files are specially formatted text files with the extension "reg" that are copies of one or more Registry keys. They are often encountered as a way to carry out small Registry edits or in using Regedit.. They can also be used for backup. The commands are REG EXPORT KeyName FileNameand REG IMPORT FileName Note that when a REG file is imported it , it is merged with Registry entries rather than completely replacing them. Values that the REG file does not contain are not removed.

Reg Query

If you want to take a quick look at what is contained in a particular Registry key or in a particular value, you can use the command REG QUERY KeyName [/v ValueName | /ve] [/s] The only new parameter here is /s. This switch will cause all the subkeys and values in a key to be queried.