Immediate Solutions | Windows Admin Scripting Little Black Book (Little Black Books (Paraglyph Press))

Backing Up and Restoring the Registry

Before modifying the registry, you should perform a backup that you can revert to in case of any system failures. Knowing the different methods to back up and restore the entire registry properly can save you hours of unnecessary data recovery and troubleshooting.

Understanding Windows 2000/XP/2003 Registry Backup Misconceptions

Backing up the registry is a tricky subject. Here is a list of some common misconceptions about backing up the registry:

You can back up the entire registry by simply making a copy of the registry files. Unlike Windows 9 x , Windows 2000/XP/2003 accesses many sections of the registry directly. These files are open , so you cannot back them up because they are already in use.
You can back up the entire registry by running RDISK /S. The RDISK (Repair Disk) utility backs up important system files and parts of the registry to an ERD (Emergency Repair Disk). This disk is used in conjunction with the setup disks to restore critical parts of the operating system that may be damaged. It cannot and was never intended to be used as a registry backup utility.
You can use REGEDIT to back up and restore the entire registry. REGEDIT for Windows 2000/XP/2003 does not support the same switches as the Windows 9 x version. Although you may be able to back up the registry manually into one large REG file, you will not be able to restore it. The registry has special security settings on certain keys that prevent restoring or modifying.

Backing Up the Windows 2000/XP/2003 Registry

There are two methods to back up the entire Windows 2000/XP/2003 registry. The first method is to use the built-in backup utility to perform a complete backup of the registry. This will be discussed in more detail in Chapter 14. The second method is to use a resource kit utility called REGBACK. To perform a complete backup of the registry using REGBACK, proceed as follows :

Create a new directory to store all files included in this example.
Obtain the latest version of REGBACK.EXE from the resource kit and copy it to the new directory.
Select StartRun and enter " scriptfile .bat."

Here, scriptfile is the full path and file name of a script file that contains the following:

 @Echo Off REGBACK C:\REGBACKUP.RBU if errorlevel 1 echo Error during backup if errorlevel 0 echo Successfully backed up

Restoring the Windows 2000/XP/2003 Registry

The resource kit utility REGREST is used to restore registry backups created by REGBACK. To restore a registry backup created by REGREST, proceed as follows:

Create a new directory to store all files included in this example.
Obtain the latest version of REGREST.EXE from the resource kit and copy it to the new directory.
Select StartRun and enter " scriptfile .bat."

Here, scriptfile is the full path and file name of a script file that contains the following:

 @Echo Off REGREST C:\REGBACKUP.RBU C:\REGSAVE.RBU if errorlevel 1 echo Error during restore if errorlevel 0 echo Successfully restored

Here, C:\REGSAVE.RBU is an arbitrary name to which your current registry is backed up before restoring your backup.

Modifying the Registry with Shell Scripting

Because shell scripting was created before the birth of the registry, it does not contain any functions to modify the registry. To manipulate the registry through shell scripting, you can use REG.EXE, included in WindowsXP/2003 and in the Windows 2000 Resource Kit. REG.EXE supports the following parameters:

Add ”Adds keys or values
Backup ”Identical to the Save parameter
Compare ”Compares a registry key or value to another or to a string
Copy ”Copies a registry key or value from one machine to another
Delete ”Deletes keys and values
Export ”Saves keys and values to a REG file
Find ”Finds and replaces keys or values
Import ”Loads registry keys and values from a REG file
Load ”Loads hive files to the registry
Query ”Displays the contents of keys and values
Restore ”Restores registry keys from hive files
Save ”Stores registry keys to hive files
Unload ”Removes hive files from the registry
Update ”Replaces information in a key or value

Backing Up a Registry Key

To back up a registry key using REG.EXE, start a command prompt and enter the following:

 REG SAVE  key file

Here, key is the registry key to back up, and file is the hive file to back up the registry key.

Restoring a Registry Key

To restore a registry key using REG.EXE, start a command prompt and enter the following:

 REG LOAD  file key

Here, file is the hive file to restore; and key is the registry key to which to restore the hive.

Querying the Registry

To display registry keys or values from the command line using REG.EXE, start a command prompt and enter the following:

 REG QUERY  keyval

Here, keyval is the registry key or value you want to display. For example, to display the current cursor blink rate, start a command prompt and enter the following:

 REG QUERY "HKCU\Control Panel\Desktop\CursorBlinkRate"

Note	If a registry entry contains a space, you must surround it with quotation marks.

Searching the Registry

Sometimes the registry stores information you wish it didn't, such as usernames and passwords. You can use the resource kit utility SCANREG.EXE to search the registry for these values. To search the registry for a key containing a specific phrase, proceed as follows:

 SCANREG  string start    k

Here, string is the phrase to search for, and start is where to start searching in the registry.

Customizing Windows 2000/XP/2003

With the introduction of a new operating system come new features, and with new features come new annoyances. To remove these annoyances, you simply need to make a few registry changes.

Disabling Start Menu Scrolling

When the Start menu grows larger than one column, Windows will simply scroll the column rather than creating a new column. This can become quite annoying when you have a large Start menu. To disable the Start menu scrolling and have Windows create a new column to fit the additional Start menu items, start a command prompt and enter the following:

  REG UPDATE HKCU\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced\StartMenuScrollPrograms=NO

Note	The code above must be placed on one line.

Disabling Pop-up Descriptions

An initially helpful but quickly annoying feature are the pop-up descriptions that appear when the mouse pointer remains above certain objects for a short period of time. To disable the pop-up descriptions using REG.EXE, start a command prompt and enter the following:

  REG UPDATE HKCU\Software\Microsoft\Windows\CurrentVersion\ Explorer\Advanced\ShowInfoTip=0

Note	The code above must be placed on one line.

Disabling Balloon Tips

Windows XP balloon tips are another helpful feature that is annoying more often than not. To disable balloon tips using REG.EXE, start a command prompt and enter the following:

  REG ADD HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer     \ Advanced \ EnableBalloonTips=0

Note	The code above must be placed on one line.

Deleting Registry Keys Using REGEDIT

Although you can use REG.EXE to delete registry keys, you can also use REGEDIT. To delete registry keys using REGEDIT, select StartRun and enter "regedit regfile. " Here, regfile is a registry file that contains the following:

 REGEDIT4 [-  COMPLETEKEY  ]

Here, COMPLETEKEY is the complete registry key to delete, such as HKEY_LOCAL_MACHINE\SOFTWARE\APPLE.

Note	The minus sign in front of COMPLETEKEY causes the key to be deleted.

Clearing the Run Dialog List

Every time you run a command through the StartRun dialog box, that command is stored in a Most Recently Used (MRU) list within the registry. To delete this list from the registry, select StartRun and enter "regedit regfile. " Here, regfile is a registry file that contains the following:

 REGEDIT4  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\RunMRU]

Note	The highlighted code above must be placed on one line.

Deleting Persistent Drive Mappings

Whenever you map a drive to " reconnect at logon" or map it persistently through the NET USE command, the settings for this drive mapping are stored within the registry. To remove persistent drive mappings for the current user , select StartRun and enter "regedit regfile. " Here, regfile is a registry file that contains the following:

 REGEDIT4  [-HKEY_CURRENT_USER\Software\Microsoft\Windows NT\ CurrentVersion\Network\Persistent Connections]

Note	The highlighted code above must be placed on one line.

Modifying the Registry with REGINI.EXE

REGINI.EXE, included in Windows XP/2003 and the Windows 2000 Resource Kit, is a powerful utility designed to manipulate the registry through a batch file. It can add or update registry values as well as set registry key permissions. REGINI.EXE interprets registry hives differently because it only works with kernel mode. See Table 6.2.

Disabling Dr. Watson

Dr. Watson is an annoying debugging utility that appears every so often during application or system crashes. To disable Dr. Watson, proceed as follows:

Create a new directory to store all files included in this example.
For Windows 2000 only, obtain the latest version of REGINI.EXE from the Windows 2000 Resource Kit and copy it to the new directory.
Select StartRun and enter "REGINI scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

Table 6.2: Regular mode versus kernel mode.
Regular Mode	Kernel Mode
HKEY_LOCAL_MACHINE	\Registry\Machine
HKEY_USERS	\Registry\User

 \Registry\Machine      SOFTWARE             Microsoft                   Windows NT                         CurrentVersion                               AeDebug                                     AUTO = REG_SZ 0

Tip	To re-enable Dr. Watson, run DRWTSN32 -I from the command prompt.

Securing Recycle Bin Properties

To restrict users from modifying the Recycle Bin properties, proceed as follows:

Create a new directory to store all files included in this example.
For Windows 2000 only, obtain the latest version of REGINI.EXE from the Windows 2000 Resource Kit and copy it to the new directory.
Select StartRun and enter "REGINI scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

 \Registry\Machine       SOFTWARE              Microsoft                    Windows                          CurrentVersion                                Explorer                                      BitBucket [1 17 8]

Modifying the Registry with KiXtart

KiXtart provides many functions to manipulate the registry:

AddKey ”Adds a subkey to the regsitry
DelKey ”Deletes a subkey from the registry
Deltree ”Deletes a key and all its subkeys
DelValue ”Deletes a value from the registry
EnumKey ”Lists the keys within a key or subkey
EnumValue ”Lists the values within a key or subkey
ExistKey ”Checks for the existence of a subkey
LoadHive ”Loads HKEY_LOCAL_MACHINE or HKEY_USER hive information from a REG file
LoadKey ”Loads a registry key from a hive file
ReadType ”Determines the value type
ReadValue ”Reads the data within a registry value
SaveKey ”Saves a key to a hive file
WriteValue ”Writes data to or creates a registry value

Note	For complete usage details, see the KiXtart manual.

Backing Up a Registry Key

To back up a registry key to a hive file using KiXtart, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $RegKey  = "  key  "  $RegFile  = "  file  " SaveKey(  $RegKey, $RegFile  )

Here, key is the registry key to back up, and file is the hive file to back up the registry key.

Restoring a Registry Key

To restore a registry key from a hive file using KiXtart, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $RegKey = "key"   $RegFile = "file"   LoadKey($RegKey, $RegFile)

Here, key is the registry key to restore, and file is the hive file to restore from.

Disabling the Welcome Screen

Microsoft has made it a habit to greet every new user to a machine running its operating system through the Welcome screen. Although this greeting seems like a good idea, it can quickly become annoying to users as they travel from machine to machine. To disable the Welcome screen, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $  RegKey  = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Policies\Explorer"  WriteValue($  RegKey  , "NoWelcomeScreen", "1", "REG_DWORD")

Note	The highlighted code above must be placed on one line.

Working with Icons

Microsoft Windows includes many default icons on the desktop for your convenience. You can easily delete or hide these icons or modify their properties by manipulating the registry.

Removing the My Computer Icon from the Desktop

To remove the My Computer icon from the desktop, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $  RegKey  = "HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}"  Deltree($  RegKey  )

Note	The highlighted code above must be placed on one line.

Removing the Dial-Up Networking Icon from My Computer

To remove the Windows 2000 Dial-Up Networking icon from My Computer, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $  RegKey  = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\ Explorer\MyComputer\NameSpace\ {a4d92740-67cd-11cf-96f2-00aa00a11dd9}"  Deltree($  RegKey  )

Note	The highlighted code above must be placed on one line.

Removing the Scheduled Tasks Icon from My Computer

To remove the Windows 2000 Scheduled Tasks icon from My Computer, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $  RegKey  = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\ Explorer\MyComputer\NameSpace\ {D6277990-4C6A-11CF-8D87-00AA0060F5BF}"  Deltree($  RegKey  )

Note	The highlighted code above must be placed on one line.

Hiding the Windows 2000 Network Neighborhood Icon

To hide the Windows 2000 Network Neighborhood icon from the desktop for the current user, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $  RegKey  = "SOFTWARE\Microsoft\Windows\CurrentVersion\ Policies\Explorer"  WriteValue($  RegKey  , "NoNetHood", "1", "REG_DWORD")

Note	The highlighted code above must be placed on one line.

Hiding All Windows 2000 Desktop Icons

To hide all Windows 2000 desktop icons for the current user, proceed as follows:

Create a new directory to store all files included in this example.
Download and extract the latest version of KiXtart, from http://www.kixtart.org, to the new directory.
Select StartRun and enter "kix32 scriptfile. "

Here, scriptfile is the full path of the new directory from step 1 and file name of a script file that contains the following:

  $  RegKey  = "SOFTWARE\Microsoft\Windows\CurrentVersion\ Policies\Explorer"  WriteValue($  RegKey  , "NoDesktop", "1", "REG_DWORD")

Note	The highlighted code above must be placed on one line.

Modifying the Registry with Windows Script Host

Windows Script Host provides the easiest way to manipulate the registry. You can modify the registry using the WScript object. This object contains three simple registry methods:

RegDelete ”Deletes registry keys and values
RegRead ”Reads registry keys or values
RegWrite ”Writes registry keys or values

Note	Windows Script Host does not include any methods to back up or restore registry keys or values.

Disabling Windows Security Menu Options

Once Windows is up and running, you can press Ctrl+Alt+Del to call up the Windows security menu to perform common tasks. Although this is convenient for users, you may want to selectively disable these options for guest or kiosk stations .

Disabling the Lock Workstation Button

To disable the Lock Workstation button, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  SHELL  = CreateObject("WScript.Shell")  RegValue  = "HKCU\Software\Microsoft\Windows\" & _ "CurrentVersion\Policies\System\DisableLockWorkstation"  SHELL  .RegWrite RegValue, 1, "REG_DWORD"

Disabling the Change Password Button

To disable the Change Password button, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  SHELL  = CreateObject("WScript.Shell")  RegValue  = "HKCU\Software\Microsoft\Windows\" & _ "CurrentVersion\Policies\System\DisableChangePassword"  SHELL  .RegWrite  RegValue  , 1, "REG_DWORD"

Disabling the Logoff Button

To disable the Logoff button, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  SHELL  = CreateObject("WScript.Shell")  RegValue  = "HKCU\Software\Microsoft\Windows\" & _ "CurrentVersion\Policies\System\NoLogOff"  SHELL  .RegWrite  RegValue  , 1, "REG_DWORD"

Modifying NTFS Properties

NTFS includes many benefits over the regular FAT file system. The price of these benefits is the extra overhead and access time of the file system. You can modify the registry to disable some of these features.

Disabling 8.3 File Naming

When a file is created, it retains both long and short (DOS 8.3) file names . If you do not use DOS programs, you can disable 8.3 file naming to increase performance. To disable 8.3 file naming, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  SHELL  = CreateObject("WScript.Shell")  RegValue  = "HKLM\System\CurrentControlSet\Control\FileSystem\" & _ "NTFSDisable8dot3NameCreation"  SHELL  .RegWrite  RegValue  , 1, "REG_DWORD"

Related solution:	Found on page:
Renaming Files with Short File Names	82

Disabling the Last Access Time Stamp

When a file is accessed, a time stamp is placed on that file. If you do not need this information, you can disable the last access time stamp to increase performance. To disable the last access time stamp, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  SHELL  = CreateObject("WScript.Shell")  RegValue  = "HKLM\System\CurrentControlSet\Control\FileSystem\" & _        "NTFSDisableLastAccessUpdate"  SHELL  .RegWrite  RegValue  , 1, "REG_DWORD"

Modifying the Context Menu

A context menu is the menu that appears when you right click on almost anything in Windows (file, folder, URL, and so on). Some typical context menu items are "Open", "Print", and "Properties." Context menu items and their associated commands are stored in the registry. You can modify the registry to add your own, modify, or remove existing context menu items.

Adding a Windows XP/2003 "Defrag" Context Menu Item

To add a context menu item used to defrag a partition, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  objShell  = CreateObject("WScript.Shell") Command = "DEFRAG.EXE %1"  objShell  .RegWrite "HKCR\Drive\Shell\Defrag\Command\", Command  objShell  .RegWrite "HKCR\Drive\Shell\Defrag\", "Defrag"

After running this script, you can right click on any partition and a "Defrag" item should appear in the context menu. Selecting this item will defrag the partition you right clicked on.

Adding an "Email Attachment" Context Menu Item

Microsoft Outlook includes various command line options to create, open, and print email messages. To add a context menu item which uses Outlook to attach a file to a new email message, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  objShell  = CreateObject("WScript.Shell") 'Get Outlook's default open command  Command  =  objShell  .RegRead("HKCR\outlook\shell\open\command\") 'Now modify the command to attach a file Command = REPLACE(Command,CHR(34) & " " & CHR(34),CHR(34) & _ " /a " & CHR(34))  objShell  .RegWrite "HKCR\*\Shell\EmailAttachment\Command\", Command  objShell  .RegWrite "HKCR\*\Shell\EmailAttachment\", _ "Email Attachment"

After running this script, you can right click on any file and an "Email Attachment" item should appear in the context menu. Selecting this item will create a new email message and attach the file you right clicked on.

Tip	See Microsoft Knowledge Base Article Q296192 to learn about Outlook's additional command line switches.

Adding an "Open with Notepad" Context Menu Item

When you attempt to open a file an unknown or missing file extension, Windows will prompt you to select a program to open the file and or associate with it. To add a context menu item to open any file with notepad, proceed as follows:

Create a new directory to store all files included in this example.
Download and install the latest version of Windows Script Host, from http://www.microsoft.com, to the new directory.
Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  objShell  = CreateObject("WScript.Shell")  Command  = "NOTEPAD.EXE %1"  objShell  .RegWrite "HKCR\*\Shell\OpenWithNotepad\Command\", Command  objShell  .RegWrite "HKCR\*\Shell\OpenWithNotepad\"_ "Open With Notepad"

After running this script, you can right click on any file and a "Open with Notepad" item should appear in the context menu. Selecting this item will open the file you right clicked on in Notepad.