Integral Reg

The central importance of the registry in the Windows server environment demands some kind of command-line control of registry settings. The Microsoft Windows NT Resource Kit has offered Reginfo as far back as NT 3.5 or NT 3.1, but Windows 2000 and later come with a useful and—at least in my experience—more reliable tool in reg.exe. Unlike Reginfo, the Reg command is built into the OS, so you don't need to install it.

Several Reg options are available. The Query option lets you perform searches, the Add option lets you add or change keys and values, and the Delete option lets you delete values or keys. You can use the Save and Restore options to back up and restore pieces of the registry to hive files. The Copy option lets you copy entire chunks of a remote system's registry to your computer's registry. And, finally, the Export and Import options let you export and import pieces of the registry to or from Unicode text files.

A comprehensive explanation of Reg's syntax would require more space than I have, so instead I offer some sample scenarios that illustrate Reg's usefulness. To use Reg, you must have the correct permissions; typically (but not always), you need to be an administrator. The ACL of the registry component you want to modify decides whether you can run a given Reg command. Also, Reg isn't case sensitive, except when you're feeding the registry data—some registry subkeys are case sensitive, so be sure to type data values as the registry requires.

Most commonly, I use Reg to change an existing registry value or to add a new value. For example, suppose I want to add to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesi8042prtParameters subkey a value called CrashOnCtrlScroll (of type REG_DWORD) that's set to 1. This value would let me use the Ctrl+Scroll Lock key combination to force a blue screen on my system—a useful capability for determining the causes of lockups. The entry doesn't exist by default on Windows Server 2003, Windows XP, or Win2K systems, so I need to use Reg to create the entry and give it a value of 1:

reg add HKLMSYSTEMCurrentControlSetServicesi8042prtParameters /v CrashOnCntrlScroll /t REG_DWORD /d 1 /f

The first part of the command points to the registry key I want to modify. Notice that Reg accepts the shorthand HKLM instead of HKEY_LOCAL_MACHINE. The /v parameter followed by CrashOnCtrlScroll tells Reg to create or modify the value entry by that name. The /t parameter determines the type of value entry, the /d 1 parameter tells Reg to fill the subkey with a value of 1, and the /f parameter tells Reg to overwrite the value if necessary. (Without this final parameter, if a CrashOnCtrlScroll entry exists, Reg will stop and ask "Are you sure?") Now, I can place this command line inside a batch file, then run that batch file on any system to enable the forced­blue screen key sequence.

Here's another scenario in which Reg proves useful. When you open a shared folder in Windows 2003, XP, or Win2K, you might notice that Windows Explorer displays its flashlight icon while it seems to search for something. Even if the share contains only a few files, Windows Explorer searches the folder for Scheduled Tasks. To instruct Windows Explorer not to perform this search, you can use Reg to delete the entire HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerRemoteComputerNamespace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} registry subkey:

reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerRemoteComputerNamespace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /f

The syntax for this command is simple to follow. Only two parameters follow Reg Delete: the name of the key you want to delete and the /f option. You don't need to reboot to effect this deletion.

The prospect of deleting a registry subkey might concern you. You might wonder how you would restore the key, should you decide you need it. To avoid this dilemma, you can use Reg's Export option to export the subkey before you delete it:

reg export HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerRemoteComputerNamespace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} backup.reg

This command exports the key in Unicode format and creates a familiar .reg file, which you've probably seen Regedit create. To import the file later, you simply use the Reg Import command, followed by the same information—remember to add the /f parameter to prevent Reg from asking you for confirmation.

These scenarios represent only a sampling of what Reg can do. Take your favorite Reg commands and make batch files of them. Then, when trouble calls, you can have a CD-ROM full of batch files at the ready.