The registry is a huge
hierarchical database and like most databases, you need tools to modify
it. Applications modify portions of the registry all of the time. For
example, when you save your user settings, they very often appear in the
registry and the application makes the appropriate changes. However,
you also need generic tools to work with the registry. Although you'll
find third-party tools on the market to work with the entire registry,
you also have access to two tools in Windows to perform the work.
The first tool is
RegEdit, which provides both a command line interface and a GUI.
Interestingly enough, the RegEdit GUI works in Server Core so you can
use either interface or both as needed.
The second tool is
SCRegEdit and it's new for Windows 2008. This tool provides only a
command line interface that lets you modify registry entries as needed
without opening a registry editor.
1. Working with the RegEdit Utility GUI
You'll commonly use the Registry Editor (RegEdit.EXE) utility in GUI mode. To start this utility in GUI mode, simply type RegEdit and press Enter. You'll see an initial display like the one shown in Figure 1.
The left pane shows hives and keys, while the right pane shows values
associated with the hives and keys that you select in the left pane.
Anyone who's worked with the registry already knows about hives, keys,
and values.
Table 1 contains a listing of common tasks and a short description of how to perform them.
Table 1. Common RegEdit Tasks
Task | Description |
---|
Locating a key, value name, or data. | Press
Ctrl+F. The Registry Editor displays a Find dialog box. Type the
information you want to find in the Find What field. Choose any or all
of the Look At options. Check Match Whole Strings Only when you want to
locate a particular piece of information. Click OK. The Registry Editor
looks for the information you specified and highlights it as
appropriate. |
Finding a key, value name, or data again. | Press F3. |
Setting a bookmark for a particular registry entry. | Highlight the location you want to bookmark in the registry. Choose Favorites =>
Add to Favorites. You'll see an Add to Favorites dialog box. Type a
name for the location and click OK. The Registry Editor adds this
location and its name to the Favorites menu so you can locate the entry
quickly later. |
Change a value. | Double-click
the entry in the right pane. The Registry Editor displays the correct
editor to modify the value. Click OK when you've finished editing the
value. |
Add a key. | Right-click the parent that will hold the new key and choose New => Key from the context menu. You'll see a new key. Type the key name and press Enter. |
Add a value. | Right-click
the key that will hold the new value and choose one of the value
options from the New menu on the context menu. The value options include
String Value, Binary Value, DWORD (32-bit) Value, QWORD (64-bit) Value,
Multi-String Value, and Expandable String Value. The Registry Editor
displays the correct editor to modify the value. Click OK when you've
finished editing the value. |
Save a registry branch to disk. | Right-click
the starting location for the area of the registry that you want to
save in the left pane and choose Export from the context menu. You'll
see an Export Registry File dialog box. Type a name for the file that
will hold the registry information in the File Name field and click OK.
If you want to save the entire registry, right-click the Computer entry. |
Import existing registry data from disk. | Choose File =>
Import. You'll see an Import Registry File dialog box. Locate the
registry file you want to import and click OK. When the Registry Editor
completes the process, it displays a success message. |
Loading a hive from another location. | Select either the HKEY_LOCAL_MACHINE or HKEY_USERS hive. Choose File =>
Load Hive. You'll see a Load Hive dialog box. Locate the hive file that
you want to load and click OK. The Registry Editor asks which key to
load. Type the name of one of the keys within the hive when you want to
load a particular key and press Enter. The Registry Editor displays the
new hive in the left pane. |
Removing an unneeded hive. | Select the hive that you no longer need to modify in the left pane. Choose File => Unload Hive. The Registry Editor removes the hive from the left pane. |
Connecting to a remote system. | Choose File =>
Connect Network Registry. You'll see a Select Computer dialog box. Type
the name of the computer that will provide the connection and click OK.
If you have permission to access the remote computer and the Remote
Registry service is running on that computer, then the Registry Editor
provides access to the other machine. |
Disconnecting from a remote system | Select
the remote computer's entry in the left pane. Choose File 3 Disconnect
Network Registry. The Registry Editor terminates the connection to the
remote computer. |
Setting registry permissions. | Right-click
the registry hive, key, or value you want to secure and choose
Permissions from the context menu. You'll see a Permissions dialog box.
Set the security features using the same techniques you use for a
directory or file on the hard drive. Click OK to set the permission. |
Removing an entry from the Favorites menu. | Choose Favorites =>
Remove Favorite. You'll see a Remove Favorites dialog box. Choose the
favorite you want to remove and click OK. If you want to remove multiple
favorites, use the Ctrl+Click or Shift+Click methods you use in Windows
Explorer to make multiple selections. Click OK. The Registry Editor
removes the entries from the Favorites menu. |
2. Working with the RegEdit Utility at the Command Line
The RegEdit utility is extremely powerful, yet it's one of the most
undocumented utilities available on your machine. The
Microsoft-recommended command line switches for the RegEdit utility
appear in the Knowledge Base article at http://support.microsoft.com/kb/q82821/. The Knowledge Base article limits you to the /V and /S command line switches. The RegEdit utility itself doesn't display any helpful information when you try the /?
command line switch. The Windows help file just barely discusses using
the utility in GUI mode. In short, not only is this utility extremely
powerful, you also won't get much help from Microsoft in using it. This
utility uses the following syntax:
RegEdit [Filename] [-v] [-s] [-e RegFilename [Key]] [-l:Path] [-r:Path]
[-c RegFilename] [-d Key]
The following list describes each of the command line arguments.
Filename
Specifies the
name of a file that contains registry information. A registry file
normally has a REG file extension. You can use a batch file to restore
previously saved registry entries. For example, you might use this
technique to set up a new system with user settings that you saved
earlier.
-v
Opens RegEdit in
advanced (verbose) mode. If you're familiar with the standard registry
appearance, you'll suddenly notice some registry keys that RegEdit
didn't display before. Use this option with care; all of the registry
settings are editable if you have the proper permissions and the new
settings tend to have dramatic system results.
-s
Suppresses any informational messages. You can use this feature to make a batch file installation work in the background.
-e
RegFilename [Key]
Exports the requested
key to the specified registry file. You can use this command line
switch within a batch file to save user settings prior to a system
change. For example, typing Regedit -e Test.REG "HKEY_CURRENT_USER\Software\Nico Mak Computing" and pressing Enter at the command prompt saves the WinZIP application settings to a file named Test.REG.
Notice that you must enclose keys with spaces in the name in double
quotes to ensure the RegEdit utility interprets them correctly.
-l:
Path
Specifies the path for the System.DAT file to edit in the registry. The system database contains systemwide settings such as the HKEY_LOCAL_MACHINE
hive. You can use this option to edit a registry on another machine as
long as that machine allows remote editing. Use this option with the -c command line switch to create a new user based on an existing setup.
-r:
Path
Specifies the path for the User.DAT file to edit in the registry. The user database appears in the individual user directories and contains the HKEY_CURRENT_USER
hive. You can use this option to edit a registry on another machine as
long as that machine allows remote editing. Use this option with the -c command line switch to create a new user based on an existing setup.
-c
RegFilename
Creates a new registry based on the content of the registry entries in RegFilename. This command line switch is destructive. It completely destroys the System.DAT and User.DAT
files for the affected user and reconstructs them using the contents of
the supplied registry file. With this in mind, you must use this
command line switch with a registry file containing a full registry
backup. Otherwise, you'll leave the system in an unbootable state.
-d
Key
Deletes the specified key. This switch appears to work fine on Windows 9x systems, but doesn't work with Windows NT and above. The command line switch deletes the requested key from the registry.
It's unfortunate that the -d
command line switch doesn't work on newer systems. One way around this
problem for Windows XP and above users is to create a negative key
registry file and then register it as normal. To create such a file,
open Notepad or any other text editor. Enter the following code into the
file.
REGEDIT4
[-HKEY_CLASSES_ROOT\Test]
The negative key entry deletes a key named Test from the HKEY_CLASSES_ROOT hive. Try creating the HKEY_CLASSES_ROOT\Test key and then running this file. You'll find that RegEdit removes the key without any problem.
3. Saving and Restoring the Registry
Before you make any
changes to the registry, you should always create a copy of the registry
section you plan to change. The easiest way to perform this task is to
use the GUI to export or import the entire registry hive or simply a
registry branch. Use these steps to export your registry using the GUI
method.
Type RegEdit. You'll see the Registry Editor window.
Select the My Computer entry.
Choose File => Export to display the Export Registry File dialog box.
Verify that All is selected in the Export Range area.
Type a name for the export file in the File Name field.
Click
Save. The Registry Editor will save a copy of the entire registry in
the location you specified using the filename you provided.
You can accomplish this task at the command line by typing RegEdit -e RegSave.REG
and pressing Enter. Notice that you don't supply the name of a hive or
branch when you want to save the entire registry. When you want to
restore the entire registry, simply type the name of the REG file. For
example, if you type RegSave.REG
and press Enter, then the system will display a dialog box asking if you
want to add the information to the registry. Click Yes and the system
will complete the task.
If you decide to save just a
particular hive or branch of the registry, choose that hive or branch
in the RegEdit utility. When you choose File =>
Export, the Export Registry File dialog box will automatically choose
the Selected Branch option for you and show the hive or branch you've
selected. The -e command line switch description in the previous section
shows how to perform this task at the command line. To restore this
file, you simply type the name of the REG file and press Enter.