|
|
Windows XP comes with Console Registry Tool for Windows (Reg.exe). This tool is nothing short of marvelous. You use it to edit the registry from the MS-DOS command prompt. You can do with Reg.exe just about anything you can do with Regedit, and more. The best part of Reg.exe is that you can use it to write simple scripts in the form of batch files that change the registry. And unlike in earlier versions of Windows, you don't have to install Reg.exe. It's installed by default and combines the numerous registry tools that came with the resource kits for earlier versions of Windows.
This tool is so cool I can just start with an example. Listing 9-6 is a simple batch file that installs Microsoft Office XP the first time the batch file runs (think logon script). After installing Office XP, the batch file calls Reg.exe to add the REG_DWORD value Flag to HKCU \Software\Example. The batch file checks for this value's presence each time the file runs and skips the installation if it exists. Thus, the batch file installs the application only one time. This is a method you can use to deploy software through users' logon scripts. Instead of checking for a value that you add, as Listing 9-6 does, you can check for a value that the application stores in the registry. For example, the second line in the batch file could just as easily been Reg QUERY HKCU\Software\Microsoft\Office\10.0 >nul, which checks to see if Office XP is installed for the user.
Listing 9-6: Login.bat
@Echo Off Reg QUERY HKCU\Software\Example /v Flag >nul goto %ERRORLEVEL% :1 Echo Installing software the first time this runs \\Camelot\Office\Setup.exe /settings setup.ini Reg ADD HKCU\Software\Example /v Flag /t REG_DWORD /d "1" goto CONTINUE :0 Echo Software is already installed, skipping this section :CONTINUE Set HKMS=HKCU\Software\Microsoft Set HKCV=HKCU\Software\Microsoft\Windows\CurrentVersion REM Clear the history lists Reg DELETE %HKCV%\Explorer\MenuOrder /f Reg DELETE %HKCV%\Explorer\RunMRU /f Reg DELETE %HKCV%\Explorer\RecentDocs /f Reg DELETE %HKCV%\Explorer\ComDlg32\LastVisitedMRU /f Reg DELETE "%HKMS%\Search Assistant\ACMru" /f Reg DELETE "%HKMS%\Internet Explorer\TypedURLs" /f
The syntax of the Reg.exe command line is straightforward: reg command options. Command is one of the many commands that Reg.exe supports, including ADD, QUERY, and DELETE. Options is the options that the command requires. Options usually include the name of a key, and sometimes a value's name and data. If any key or value name contains spaces, you must enclose the name in quotation marks. It gets more complicated for each of the different commands you can use with it, however, and I cover each of those in the sections following this one. If you're without this book and need a quick refresh, just type reg /? at the MS-DOS command prompt to see a list of commands that Regexe supports.
Use the ADD command to add keys and values to the registry.
REG ADD [\\ computer \]key [/v value | /ve] [/t type] [/s separator] [/d data] [/f]
\\ computer | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This will add or change value. |
/ve | This will change the key's default value. |
/t type | This is the value's type: REG_BINARY, REG_DWORD, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_MULTI_SZ, or REG_SZ. The default is REG_SZ. |
/s separator | This specifies the character used to separate strings when creating REG_MULTI_SZ values. the default is \0, or null. |
/d data | This is the data to assign to new or existing values. |
/f | This forces Reg.exe to overwrite existing values with prompting. |
REG ADD \\JERRY1\HKLM\Software\Honeycutt REG ADD HKLM\Software\Honeycutt /v Data /t REG_BINARY /d CCFEF0BC REG ADD HKLM\Software\Honeycutt /v List /t REG_MULTI_SZ /d Hello\0World REG ADD HKLM\Software\Honeycutt /v Path /t REG_EXPAND_SZ /d %%SYSTEMROOT%%
Note | The percent sign (%) has a special purpose on the MS-DOS command prompt and within batch files. You enclose environment variables in percent signs to expand them in place. Thus, to use them on the Reg.exe command line, and elsewhere for that matter, you must use double percent signs (%%). In the previous example, if you had used single percent signs, the command prompt would have expanded the environment variable before running the command. Using double percent signs prevents the command prompt from expanding the environment variable. |
The QUERY command works three ways. First it can display the data in a specific value. Second it can display all of a key's values. Third it can list all the subkeys and values in a key by adding the /s command-line option. How it works depends on the options you use.
REG QUERY [\\computer\]key [/v value | /ve] [/s]
\\ computer | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This will query value in key. If you omit /v, Reg.exe queries all values in the key. |
/ve | This will query the key's default value. |
/s | This will query all the key's subkeys and values. |
REG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion /s REG QUERY HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion /v CurrentVersion
Note | Reg.exe sets ERRORLEVEL to 0 if the command succeeds and 1 if it doesn't. Thus, you can test ERRORLEVEL in a batch file to determine if a value exists or not. You saw an example of this in Listing 9-6. Although you can use the If statement to test ERRORLEVEL, I prefer creating labels in my batch file, one for each level, as shown in Listing 9-6 earlier in this chapter. Then I can just write statements that look like Goto %ERRORLEVEL% or Goto QUERY%ERRORLEVEL%, which branches to the label QUERY1 if ERRORLEVEL is 1. |
Use the DELETE command to remove keys and values from the registry.
REG DELETE [\\ computer \]key [/v value | /ve | /va] [/f]
\\ computer | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This will delete value from key. |
/ve | This will delete the key's default value. |
/va | This will delete all values from key. |
/f | This will force Reg.exe to delete values with prompting. |
REG DELETE \\JERRY1\HKLM\Software\Honeycutt REG DELETE HKLM\Software\Honeycutt /v Data /f REG DELETE HKLM\Software\Honeycutt /va
Use the COMPARE command to compare two registry keys. Those keys can be on the same computer or different computers, making this a useful troubleshooting tool.
The /on command-line option seems odd at first. Why would you compare keys or values and not show the differences? Reg.exe sets ERRORLEVEL depending on the comparison's result, and you can use that in your batch files to execute different code depending on whether the two are the same or different—without displaying any results. Here's the meaning of ERRORLEVEL:
0. The command was successful and the keys or values are identical.
1. The command failed.
2. The command was successful and the keys or values are different.
REG COMPARE [\\ computer1 \]key1 [\\computer2 \]key2 [/v value | /ve] [/oa|/od|/os|/on] [/s]
\\ computer1 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
\\ computer2 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key1 | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
key2 | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/v value | This compares value. |
/ve | This compares the key's default value. |
/oa | This shows all differences and matches. |
/od | This shows only differences. |
/os | This shows only matches. |
/on | This shows nothing. |
/s | This compares all the key's subkeys and values. |
REG COMPARE HKCR\txtfile HKR\docfile /ve REG COMPARE \\JERRY1\HKCR \\JERRY2\HKCR /od /s REG COMPARE HKCU\Software \\JERRY2\HKCU\Software /s
The COPY command copies a subkey to another key. This command is useful to back up subkeys, as you learned in Chapter 3, "Backing Up the Registry."
REG COPY [\\ computer1 \]key1 [\\computer2 \]key2 [/s] [/f]
\\ computer1 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
\\ computer2 | If omitted, Reg.exe connects to the local computer; otherwise, Reg.exe connects to the remote computer. |
key1 | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
key2 | The key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. Only HKLM and HKU are available when connecting to remote computers. |
/s | This copies all the key's subkeys and values. |
/f | This forces Reg.exe to copy with prompting. |
REG COPY HKCU\Software\Microsoft\Office HKCU\Backup\Office /s REG COPY HKCR\regfile HKCU\Backup\regfile /s /f
Use the EXPORT command to export all or part of the registry to REG files. This command has a few limitations, though. First it works only with the local computer. You can't create a REG file from a remote computer's registry. Second it creates only version 5, Unicode REG files. There's no option available to create ANSI REG files. The EXPORT command is the same as clicking File, Export in Regedit.
REG EXPORT key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key you want to export to a REG file. |
filename | This is the path and name of the REG file to create. |
REG EXPORT "HKCU\Control Panel" Preferences.reg
Use the IMPORT command to import a REG file in to the registry. This command does the same thing as running regedit /s filename. It imports a REG file silently. This command can handle both version 4 and version 5 REG files, but it works only on the local computer.
REG IMPORT filename
filename | This is the path and name of the REG file to import. |
REG IMPORT Settings.reg
The SAVE command saves a key as a hive file. This command is similar to clicking File, Export in Regedit, and then changing the file type to Registry Hive Files (*.*). It's a convenient method for backing up the registry before making substantial changes. Chapter 3, "Backing Up the Registry," describes this technique. This command works only on the local computer.
REG SAVE key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key you want to save as a hive file. |
filename | This is the path and name of the hive file to create. |
REG SAVE HKU Backup.dat
The RESTORE command overwrites a key and all of its contents with the contents of a hive file. This is similar to importing a hive file in Regedit. The difference between this command and loading a hive file is that this command overwrites any existing key, whereas loading a hive file creates a new temporary key to contain the hive file's contents. Use this command to restore a backup hive file. This command works only on the local computer.
REG RESTORE key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the key you want to overwrite with the contents of the hive file. |
filename | This is the path and name of the hive file to restore. |
REG RESTORE HKCU Backup.dat
The LOAD command loads a hive file into a temporary key. You reference the hive file's keys and values through the temporary key you specify on the command line. This command is similar to loading hive files in Regedit. This command works only on the local computer.
REG LOAD key filename
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the new temporary key into which you want to load the hive file. |
filename | This is the path and name of the hive file to load. |
REG LOAD HKU\Temporary Settings.dat
The UNLOAD command removes a hive file that you've loaded using the LOADcommand. It simply unhooks the hive file from the registry. You must remember to unload a hive file that you've loaded before trying to copy or do anything else with the hive file because Windows XP locks the file while it's in use.
REG UNLOAD key
key | This is the key's path, beginning with the root key. Use the root-key abbreviations HKCR, HKCU, HKLM, and HKU. This is the name of the key containing the hive file you want to unload. |
REG UNLOAD HKU\Temporary
|
|