Advertising on the portal

Cmd regedit commands. Working with the Windows registry: how to run the regedit program on your computer? Obtaining owner rights to a registry key using the SubInACL utility

Operating room register Windows systems is responsible for the performance of the entire system; a registry crash means a system crash. However, a significant number of viruses or simply talented people, in various ways they seek to disable it (the registry) or simply gain complete control over it, or, as an option, destructive editing of the registry through the command line.

Options to mock a defenseless user, especially if you have the registry and command command at hand Windows string, quite a lot. So, a situation may arise that through one gifted person you have to reinstall the operating system.

In this article I decided to give an example " bullying» over your own system. First, you should pay attention to which programs are listed in startup. The Startup folder is available through the Start menu, but this is just the tip of the iceberg, there is more the right way view what is in startup, for example, using the utility included in Windows - msconfig(Start/Run/msconfig). Registry command line. However, the world is not so simple, and sometimes it is worth resorting to more advanced tools, for example the utility autoruns.exe. With its help you can see much more on the tab everything The various sections immediately catch your eye, in which a lot of interesting things are written. Without going into details, then simple example It is worth paying attention to the following sections:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

Plus, it's worth taking a look at the section:

  • HKEY_CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\Run

Chapter HKLM covers all users, a HKCU- only the current one. Let's create a new user with administrator rights:

Net user NewUser password /add- create a user NewUser and assign him a password: password

Net localgroup Administrators NewUser /add- add the newly created user to the Administrators group.

It is worth recalling that the script server provides the Wscript.Shell object and its methods for working with the registry.

Now let's try editing the system registry from the command line to change the NewUser user password using the HKLM branch. To do this, you should log into the system through your account and create a batch file with the following contents (text file with the extension .bat):

net user NewUser newpass

The next task is to get the NewUser user to launch it, to do this we write on the command line:

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce /v NewPass /t reg_sz /d c:\Master.bat /f

In this case, we added a new parameter called NewPass with the string type reg_sz to the RunOnce subsection and specified the path to our body file. Now, when you log in, the Master.bat scripts will be launched, which in turn will change the data account.

Of course, this is nothing more than a simple example. The problem is that editing the registry via the command line is worthwhile , otherwise, your actions may not bring the result that was expected. Take for example the sad entry “ Editing the registry is prohibited by the system administrator ”, such a prank is usually carried out by viruses, if the ban was registered in HKCU and you are an administrator, then it is enough to create a new admin user, log into the system through it and open the registry, get to the desired parameter:

HKEY_CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\Policies\System

here is the parameter DisableRegistryTools change from one to zero, or simply delete. But you don’t have to be perverted; it’s enough to use an editor from a third-party developer, for example reglite, or, edit the registry from the command line:

REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools

However, you can slip a pig on your own. There is such a utility as regini, it allows you to assign permissions to certain branches of the registry. I don’t know why, but on the Seven using the command regini /? Full help is displayed, but in Windows XP SP3 - nothing. So, the syntax of the utility is quite simple:

regini.exe -m "computer" "path to script file"

if the utility is used locally, then the -m “computer” parameter is not needed. There are 17 points in total, and each determines certain permissions.

First of all, you need to create a text file in which the desired branch and the rights for it will be written. For example, if you write the line in the file Registry\Machine\Security, then administrators and the local system account will be granted full access rights to the HKLM\SECURITY registry hive. But this utility has one flaw - it overwrites previous rights. If we look at the permissions for the SECURITY branch, we will see that only local system(SYSTEM), which is why, as an administrator, you will not be able to view the contents of this section. Editing the registry via the command line, using the regini utility, I decided to give the SECURITY branch full administrator access (although this can be done in the registry editor itself), I wrote the following line in the script file Registry\Machine\Security. Registry command line.

I launched the utility and specified the path to the script. And lo and behold, I have access to this thread, without suspecting anything, I rebooted the system. When I saw the message when loading “there are no permissions to the file” or something like that, I realized THE LOCAL SYSTEM SHOULD HAVE BEEN GIVEN ACCESS! Fortunately, there was also XP on the other screw, although not SP3 but SP2, I simply replaced the entire registry and lo and behold, the system worked!

In this article we will look at a utility for working with Windows registry– regedit.exe and the command line, through which you can also look into the depths of the system.

No matter how colorful the Windows operating system is in its composition, whether it is the old and forgotten 98 or the modern and rejected Vista, it is still a very simple program with many dark alleys and intricate labyrinths. The Windows family contains quite powerful, useful and at the same time dangerous tool, which is the system registry. It doesn’t matter whether you are an ordinary user or a code master, you will still have to deal with various surprises that the Windows registry can present.

regedit command line utility

First of all, let's start with the basics. Well, first of all, it's worth understanding that the registry itself is not a single whole; it cannot be copied, deleted, or modified in standard ways that apply to most files stored on your hard drive. To work with it, use special editor programs, such as regedit.exe, command line parameters also allow you to edit the registry; the reg utility is used for this. To launch regedit program.exe (or regedit32.exe), you just need to enter the name of the program in the Start/Run menu, or enter regedit.exe in the command line console window and press Enter.

In a simple version, the registry is a database in which parameters and Windows settings: rules when opening folders, appearance some elements, access rights for users and much more. All these parameters and settings are loaded from a series of configuration files, such as the one everyone wants SAM(hash value of passwords). All vital Windows data is stored in the folder %SystemRoot%, the system32\config directory, this is a universal designation, the options can be: C:\Windows\System32\config or C:\Windows.0\System32\config, it all depends on where the operating system is installed. In the initial Windows versions Instead of the registry, we used *.ini files, which was quite inconvenient and created a number of limitations.

When viewing the registry via regedit editor(the command line is much inferior to it in terms of graphics) two columns appear before our eyes, on the left there is a list of root partitions ( root keys) registry. Each branch, as a rule, includes nested branches ( sub keys) and parameters. There are five main sections:

  • HKEY_CLASSES_ROOT- in a simple version, it contains data about file types and applications associated with them.
  • HKEY_CURRENT_USER- this hive is a link to HKEY_USERS\User ID Contains settings for the current user (desktop, environment variables, applications)
  • HKEY_LOCAL_MACHINE- This is perhaps the most important branch, since global settings that apply to all users are stored here. This is where viruses are prescribed.
  • HKEY_USERS- environment settings for each user that lives in the system - user profiles.
  • HKEY_CURRENT_CONFIG- this is essentially a link to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current branch; it contains information about the current hardware configuration.

Unlike regedit, you do not need to use the entire name on the command line; short links are used for this:

  • HKCR – HKEY_CLASSES_ROOT
  • HKCU - HKEY_CURRENT_USER
  • HKLM - HKEY_LOCAL_MACHINE
  • HKU - HKEY_USERS
  • HKCC - HKEY_CURRENT_CONFIG

Since the essence of the article is an introduction to the regedit command line utility, we will use CMD for this. Having launched the shell (via start\run\cmd or by creating a text file, writing cmd in it, changing the extension to bat and running it), let’s try to briefly look at what tools the command line provides for studying the system registry. And so, there is a reg utility that is included in the package Support tools in Windows 2000 if you happy owner XP and higher, then it is present there by default. To view a specific branch, for example, the HKLM section, you should enter the command reg query HKLM, the picture is as follows:

As you can see, the branch HKLM\Security not available - the name speaks for itself; by the way, you won’t find anything in the SAM branch either. Login to these branches is allowed only under a system account. By the way, if you have seven installed, then it is advisable to run the command line itself as an administrator, otherwise many things simply will not work. The problem is solved when using the utility psexec from the PsUtils package (author Mark Rusinovich, great respect to him). Just copy it to the %SystemRoot%\system32 directory, enter it in the command line

psexec –s –i regedit.exe

and voila, the registry is launched under the local system account, now you can view the System and SAM subkeys. And yet, it is clear that the utility must be launched under an administrator, if in XP Sp3 everything goes with a bang, then in Seven there are a number of difficulties if you simply launch the command line and enter the command psexec –s –i regedit, then you will get an “access denied” message. Then go to the System32 directory and run CMD as administrator, and... bummer. When you launch the utility itself, a new PsExecSvc service , Seven ignores it or simply blocks it, as a result we see the error: Error communicating with PsExec service . Apparently the developers have closed this loophole, there is simply no time to figure it out yet, but everything is ahead.

regedit command line options

I will write about how to copy, delete and perform various manipulations with the registry via the command line in the following posts. On topic, you can view the script server methods of the WScript.Shell object -

By default, the Regedit.exe utility is copied to the %SystemRoot% directory (for example, C:Windows) during the installation of the operating system. Typically, the Registry Editor is launched using the Run command from the Start menu.

The Registry Editor can also be launched from the command line with the /s switch. In this case, Regedit.exe will not provide a graphical user interface and will not ask the user for confirmation to perform the operation specified to them. This option allows you to use the Registry Editor in batch files. For example, to import the registry file MyRegSettings.reg into the registry without asking for confirmation, issue the following command: Regedit /s MyRegSettings.reg

Regedit program interface

The Regedit.exe registry editor window consists of four main areas (Figure 3).

Menu bar. This line contains the main menu items: File, Edit, View, Favorites (this menu item was first introduced in Windows 2000) and Help.

Left panel (left pane). Displays the registry hierarchy, organized into keys (often referred to in the literature as "keys") and subkeys (other commonly used terms are "subkeys" or "subkeys").

Right panel (right pane). Shows the current settings of the selected registry key, also known as value entires. Each registry entry is characterized by a name that appears in the Name column in the right pane, a data type that appears in the Type column (the data type is also indicated by a small icon just to the left of the name), and a value that appears in the Data column.

Status bar. The status bar indicates the path to the selected registry item. It is needed to display the full path to the registry key that contains the selected parameter.

Rice. 3.

The Registry Editor window displays only the keys at the top level of the registry hierarchy, branching off from the My Computer icon. These are the names of the root keys, basic information about which was given at the beginning.

If you click with the mouse pointing the cursor at the [+] icon located to the left of the icon of any of the folders, the corresponding key will expand, displaying the hierarchy of subkeys contained within it. This operation expands the registry key tree to the next nesting level and is in many ways similar to the similar operation of expanding folders and subfolders in Explorer.

If nested keys contain other nested keys, then to the left of them there will also be [+] icons, which can in turn be expanded to view the next level of the hierarchy. This layered method of organizing a registry is known as nesting and allows for multiple levels.

Once the lowest nesting level is reached, a [-] icon will appear to the left of the nested key to indicate that no further expansion is possible. After this, moving through the hierarchical tree will be possible only in one direction - up. If a key has neither a [+] nor a [-] sign next to it, it means it does not contain nested keys.

In table 5 is a list of keys used to view the registry using Regedit.exe

Table 5. Keys used in Registry Editor

The right pane of the Registry Editor window contains registry parameters, each of which is characterized by a name, data type, and the data itself.

Each registry setting is characterized by a name. Many of the options provided by Microsoft use the name Default (you'll see this when you start working intensively with the Registry Editor). Parameter names are located in the Name column in the right pane of the Registry Editor window. These names are assigned to significant elements by application and physical device developers.

Data types that characterize registry settings are displayed in the Type column.

For convenience, the Regedit.exe utility also uses special icons that are displayed just to the left of the parameter names and allow you to quickly distinguish binary data from text data. A brief description of the icons displayed in the Regedit registry editor window is given in table. 6.

Table 6. Icons corresponding to data types in the Registry Editor window

The Data column contains the actual data (text or binary) corresponding to the value of the selected parameter. This data can be edited, modified or created to optimize a particular function.

The following sections provide instructions for using these features, as well as instructions for making modifications to the registry.

File menu commands

The Import command allows you to import previously exported REG files and registry hive files into the registry.

To export a registry hive, follow these steps:

  • 1. Select the registry branch, then select the Export command from the File menu.
  • 2. In the File name field of the Export Registry File dialog box that opens (Fig. 4), enter the file name. By default, the file extension will be reg. To save the exported file in a different format, select the desired option from the Save as type list located directly below the File name field. Please note that, despite all the external similarities, the Regedit.exe utilities included with Windows 9x, Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003, are different versions of this application. Therefore, the version of Regedit.exe from Windows XP or Windows Server 2003 allows you to save exported registry files in both the Windows XP/Windows Server 2003 format (the Registration Files (*.reg) option is used for this purpose) and in the Windows 9x/Windows registry file format NT 4 (the Win9x/NT 4 Registration Files (*.reg) option is used for this purpose).

Rice. 4.

  • 3. If you need to save part of the registry, select the option to save only the selected registry branch. To do this, select the Selected branch switch from the Export range group. However, if you frequently modify the registry, then exporting the entire registry is not a bad idea. This will give you additional guarantees of recovery in case of an error.
  • 4. Click the Save button.

You can view the saved file in a text editor to ensure it was saved correctly. The exported registry files contain ASCII text without any formatting characters.

Please remember that files with the reg extension are associated with the Regedit.exe application by default. By default, a merge operation is performed on such files, which imports the contents of the file into the registry. To avoid accidentally importing an exported file into the registry, be careful and careful when handling these types of files.

You should be careful when handling exported registry files, especially if the export is for experimental purposes. For example, experienced administrators who are familiar with the registry experiment with their system or solve some problems by editing the exported registry file and then importing it back into the system. However, before making such changes, it is recommended that you take the following precautions:

  • 1. First create a backup copy of the exported file that you want to edit. If you make an editing mistake that causes problems, you can import a backup copy of this REG file into the registry.
  • 2. If you often experiment with the registries of different operating systems, then it is recommended to keep the exported registry files of each of these operating systems separately from each other, in different directories specially allocated for this purpose. This will help you avoid accidentally importing an incompatible registry file into your system.

The Load Hive and Unload Hive commands operate similarly to the commands of the same name that existed in the Regedt32.exe registry editor. They allow you to load a previously saved hive file into the registry or unload a previously downloaded hive file, respectively. It should be noted that these File menu commands only apply to the HKEY_USERS and HKEY_LOCAL_MACHINE keys and will only be effective when one of these keys is selected. In all other cases, these commands will not be available. Hive, once loaded into the registry, will become a subkey of one of the keys mentioned above.

The Connect Network Registry command allows you to edit the registry on another computer running on the network.

To disconnect from a registry located on a remote computer, use the Disconnect Network Registry command. If you are not currently connected to the online registry, this option will not be available.

To perform procedures such as loading and unloading hives, as well as connecting to the registry of a remote computer, you must have administrator rights or a user from the Administrators group. If your computer is connected to a network, your network policy settings will also affect your ability to perform these procedures.

The Print command from the Registry menu can be used to print a selected registry entry (which may require quite a bit of large number sheets of paper).

The Exit command closes the Regedit window and ends your session with this program.

Edit Menu Commands

The Modify command is used to change the data contained in registry settings. This option will only be available if you select one of the options listed in the right pane of the Registry Editor window. The Modify Binary Data command allows you to edit any data (including data in other formats) in the binary editor window. This command will also only be available if one of the registry options listed in the right pane of the Registry Editor window is selected.

The New command allows you to add new keys and parameters of string types, binary parameters and parameters of the REG_DWORD type to the registry (Fig. 5). You can select the type of parameter in the New submenu in the context menu, which opens by right-clicking on the selected key.


Rice. 5.

The Rename and Delete options in the Edit menu allow you to rename or delete a significant registry entry, respectively. You can also delete a significant element in another way: select the desired element by clicking on it with the mouse, and then press the key . Similarly, to quickly rename a significant element, you can point to it with the cursor, right-click, or select from the context menu Rename command and enter a new name.

Removing registry settings and keys using the Regedit utility is an irreversible operation. Regedit does not have an Undo command, so you should be careful when removing parameters and keys.

The Copy Key Name command allows you to copy the name of the currently selected key to the clipboard. Subsequently, the copied name can be pasted into any text using the Paste command available in any text editor. Since the registry is a complex hierarchical database, the paths to the desired element can be very long and difficult to remember. Therefore, many appreciated the convenience of this function. The Copy Key Name command is very convenient to use in combination with the Find and Find Next commands.

The Find and Find Next commands are used to search for specific items or data (including strings and words) in the registry. You can search for keys, parameters, data, or any combination thereof. The searched values ​​can be either text or numeric. Finally, the Permissions command deserves special attention, as it allows you to manage access rights to registry keys and audit actions regarding registry keys. It should be mentioned here that in Windows NT/2000 these features were only available in Regedt32.exe, where installation required the use of the Security menu options. In Windows XP and Windows Server 2003, all of this functionality was integrated into the registry editor Regedit.exe. Access rights to registry keys can be assigned regardless of the type of file system on the partition that contains operating system files.

Changing the permissions of a registry key can have serious consequences. For example, if you set permissions of type No Access to a key required to configure a network using the Network Connections option from the Control Panel, then this application will not work. At a minimum, members of the Administrators group and the Operating System itself must have Full Control rights to registry keys. This setting of access rights ensures that the administrator can restore the registry key when the system starts.

Because setting permissions on registry keys can have serious consequences, reserve this measure for keys that you add for the purpose of configuring individual custom applications or other types of customization. After changing access rights to registry keys, be sure to install an audit on the system, and then monitor various types system activity by logging into the system using various user and administrative accounts.

In order to be able to perform these actions, you must log in to the system as a user with administrative rights.

In Regedit.exe, the commands from the Permissions menu for assigning ownership and access rights to registry keys work on the same principle as similar commands Windows Explorer for setting access rights to files and directories on NTFS partitions. To set access rights to a specific registry key, do the following:

  • 1. Before making changes, complete backup those registry keys to which access rights will be set.
  • 2. Select the key for which you are going to set access rights. After that, select the Permissions command from the Edit menu.
  • 3. In the dialog box that opens (Fig. 6), select the name of the desired user or group in the Group or user names field and set for them desired type access rights in the Permissions for field

Table 7. Types of access rights to registry keys

Rice. 6.

4. To set audit access to the registry and set a combination of access rights of the Special Permissions type, click the Advanced button. The Advanced Security Settings for , Where -- name of the key for which you want to set extended access rights (Fig. 7). Select a user or group name from the Permission entries list and click the Edit button. The following window will open (Fig. 8), in which you will be given options for advanced editing of access rights to registry keys. The types of access rights that you can set in this window are listed in the table. 8.

Table 8. Permission entry for dialog box checkboxes

Assignable rights

Grants the right to read significant elements from a registry key

Grants the right to set a significant element in a registry key

Grants the right to create subkeys in the selected registry key

Enumerate Subkey

Gives the right to identify subkeys of the selected registry key

Gives the right to install audit on registry keys

Gives the right to delete the selected key

Gives the right to access the key and create/modify an Access Control List (ACL) for it.

Gives the right to assign rights to the owner of this key

Gives the right to view the security settings set for this key

Rice. 7.

Rice. 8.

As a system administrator, you can assign ownership rights to a registry key and restrict access to that key. You can change owner rights on the Owner tab, and set auditing on the Auditing tab.

A user logged on to a computer with administrator rights can assign ownership rights to any registry key. However, if the administrator has owner rights to the key without Full Control access rights, the key cannot be returned to the original owner, and a corresponding message will appear in the audit log.

Audit of Registry Actions

To audit registry activities, you must complete the following steps:

  • 1. Activate auditing in the system and set an audit policy for all events that, from your point of view, are subject to auditing.
  • 2. Specify users and groups whose actions in relation to the selected registry keys need to be audited. To do this, use the Auditing tab of the window shown in Fig. 7.
  • 3. Audit results can be viewed in the Security system log using the Event Viewer snap-in.

To be able to perform any of the above actions, you must be logged on to the computer using an account in the Administrators group. The audit policy is set for each computer individually. Before you can set an audit policy for selected registry keys, you must enable auditing of security-related events on your computer.

At a minimum, when setting up auditing, you must select the Failure option for File and Object Access events. If you select the Success option, a large number of entries may appear in the system log that have little practical significance.

View Menu Commands

The Status Bar command in the View menu allows you to disable the status bar if desired. Since the status bar helps you quickly navigate the registry by displaying the path to the current key, it is recommended to keep it turned on at all times.

The Split option moves the mouse cursor to the separator of the left and right parts of the Registry Editor window, after which all that remains is to move the mouse left or right to find a convenient position for the separator and click the left mouse button.

The Display Binary Data command from the View menu, first introduced in Windows XP, becomes available only after you select one of the registry options displayed in the right pane of the Registry Editor window. This command allows you to view the value of a parameter using one of the following three formats: Byte, Word, or Dword (Figure 9). Note that this command does not allow you to edit the data (if this is what you want to do, you must select the Modify Binary Data command from the Edit menu).

There is another command in the View menu - Refresh. When you make changes to the registry, not all of them may appear in the Registry Editor window immediately after the modification is made. You can refresh the Registry Editor window using the Refresh command or by pressing the key .

As a rule, in Windows NT 4.0, many changes (including those made by editing the registry) take effect only after the system is rebooted. Windows 2000 introduced full Plug and Play support for the first time (for Windows NT operating systems), which was expanded and improved in Windows XP and Windows Server 2003. Therefore, fewer reboots will be required. However, a number of modifications still take effect only after rebooting the operating system.

Rice. 9. The Binary Data window allows you to view the value of the selected registry entry in one of three possible formats - Byte, Word or Dword.


Menu Favorites

One of the useful innovations that first appeared in Windows 2000 is that the Favorites menu item is now everywhere, and the Regedit.exe registry editor is no exception (Figure 10).

Anyone who frequently searches for keys and significant elements in the registry, as well as intensively edits it, will appreciate this convenient functionality. Using the Favorites menu, you can create a list of the most frequently edited registry keys (without repeating the cumbersome search procedure).

To add a registry key to the Favorites list, do the following:

  • 1. Select the registry key that you want to add to the Favorites list.
  • 2. From the Favorites menu, select Add to Favorites.
  • 3. In the Add to Favorites dialog box that opens (Fig. 11), agree with the default key name or enter a new name in the Favorite name field. Click OK and the key will appear in the Favorites list.

Now you can quickly go to the desired key at any time by selecting its name from the Favorites list. Removing a registry key from the Favorites list is very simple - just select the Remove Favorite command from the Favorites menu, and then in the dialog box that opens, select the key that you want to remove from the Favorites list and click OK.


Rice. 10.

Rice. 11. Add to Favorites Dialog Box

The Windows Registry is the most important database in this operating system. Through it you can edit the work of almost any program. To work in it, there is a special editor that opens registry files and provides them in a convenient representation - in the form of so-called branches. You can see what it looks like in practice in the picture above.
How to open the Windows registry editor - Regedit.exe, if it is not in the list of programs?
In fact, it launches - it couldn’t be simpler.

1 way. Relevant for Windows 7. Click the Start button and type the word in the search bar - regedit. The search results should display the desired “Regedit” shortcut.

Great! Click on the icon and the Windows Registry Editor will launch. If you are not working under Administrator, then you will need to right-click on the shortcut and select the “Run as Administrator” menu item.

In Windows 10 it looks like this:

Method 2. This option is more convenient for Windows 8 and 8.1, since there is no normal Start button. On the keyboard, press the key combination Win+R. The Run window will open:

We type the word in it regedit and press the OK button. By the way, this was done on the ancient Windows 2000 and the slightly newer Windows XP.

3 way. Command line. Another one of classical methods To open the Regedit editor is to launch it from the command line with administrator rights. To do this, click the Start button and enter the word “Command”. In the results found, right-click on the found system console icon and select “Run as Administrator” from the context menu. A black window like this will appear:

write the command “regedit” and press the Enter key.

4 way. Through the conductor. You just need to go to the system partition where the operating system is installed and open the Windows folder. It will contain the file regedit.exe. We launch it and voila - the registry will open!

Attention! If suddenly, when you try to launch, the editor does not open and CCleaner, RegCelaner, etc. programs do not work, then read the article. Most often, this happens after the virus has worked and should be taken seriously.

This article outlines the basic principles of working with the Windows registry, knowledge of which will be useful to you in customizing the operating system using registry tweaks.

Terminology

Before we get down to business, we need to define the terminology. Articles about registry tweaks posted on the autoinstall site use official Microsoft terminology, so the terms are quite consistent with the elements of the registry editor.

Figure 1 - Registry Editor

As you can see, there are no “branches” or “keys” here. Now to the point.

REG file

A REG file is a text file with a REG extension, compiled in a specific format.

REG file format

Below is an example of a REG file that disables the recent documents menu.

;Disable recent documents menu

"NoRecentDocsMenu"=hex:01,00,00,00

Creating a REG file

Creating a REG file is very simple. Copy the code into any text editor (for example, Notepad). Press CTRL+S and save the file with any name and .reg extension, enclosing both in quotes.


Figure 2 - Creating a REG file

REG file syntax

  • Windows Registry Editor Version 5.00- the file header, which is an integral part of it. You can also see REGEDIT4 as a header - this is the Windows 98 / NT 4.0 format, which, however, will also be understood by newer Windows operating systems. More information about the differences in formats can be found on the JSO FAQ website (in English).
  • ;Disable recent documents menu- comment. All lines starting with ; (semicolon) represent comments.
  • - This is a registry key. Graphically (in the Registry Editor) it represents the path to the parameter. In REG file format, sections are always enclosed in square brackets. In this example, the Explorer (sub)key belongs to the HKEY_CURRENT_USER key.
  • "NoRecentDocsMenu"=hex:01,00,00,00- registry parameter and its meaning. Depending on the value of the parameter, the behavior of the operating system or object changes. Many parameters can be configured in the operating system GUI, but not all. In such cases, registry editors, tweakers, or REG files are used to change the parameter.

A REG file can contain multiple registry keys and settings, but the header is only used at the very beginning.

Windows Registry Editor Version 5.00

;Disable reboot in case of BSOD

"AutoReboot"=dword:00000000

;Disable the welcome screen notification of unread messages

"MessageExpiryDays"=dword:00000000

This REG file was obtained by exporting from the registry editor regedit.exe. Using REG files, you can make changes to the system registry - this operation is called importing registry settings.

Exporting registry settings

Exporting registry settings is an easy task. As a rule, settings are exported before making changes to the registry (backup), or in order to create a REG file for subsequent import into the registry of another computer, or during an automatic system installation.
You can export registry settings in a variety of ways.

Windows Registry Editor (regedit.exe)

Windows OS includes a program for editing the registry - regedit.exe. Since it is located in the system directory, you do not need to specify the full path to run it on the command line (for example, the following sequence will suffice: Start - Run - regedit - OK).

In order to export a registry key, just right-click on it and select the command from the context menu Export(in Windows 2000 this command is located in the menu File).

Other registry editors

There are a great many programs for making changes to the system registry, which also have the ability to export settings. If you often work with the registry, then you will probably need a program that has an address bar. You can paste a copied registry key (from an article or from a forum post) into the address bar and quickly navigate to the desired setting. An example of such a program would be .

Command line

From the command line, you can export registry settings using the REG EXPORT command, which has the following syntax.

REG EXPORT Full path to the registry key in the form: ROOT\Subkey (for local computer only). Root partition. Values: [ HKLM | HKCU | HKCR | HKU | HKCC]. The full path to the registry key in the selected root partition. The name of the disk file to export. Examples: REG EXPORT HKLM\Software\MyCo\MyApp AppBkUp.reg Exports all subsections and parameter values ​​of the MyApp section to the file AppBkUp.reg

Importing registry settings

There are several ways to import registry settings.

Running a REG file using the GUI

This is the easiest way. It consists of launching a REG file containing the necessary parameters by double-clicking or from the command line.

Double click

As trivial as it sounds, you can make changes to the registry by double-clicking on the REG file. However, first the system will clarify whether you really want to do this. If the answer is positive, changes will be made.


Figure 3 - The system requests confirmation to make changes.

Because of this query, this method is not suitable for importing settings into the registry during automatic installation systems. But there are other ways.

Command line

To import REG files from the command line, there is the REGEDIT command. By typing at the command line

You will get exactly the same dialog box as when double click mice. You can suppress the appearance of the dialog box by running the command with the /S parameter. This is the method most often used during automatic installation of Windows..

REG ADD Command

You can also import registry settings using the REG ADD command. It is convenient because the commands for importing parameters can be included in a batch file that also performs other tasks (i.e., there is no need for an additional REG file). For example, this command is often used to import registry values ​​into the RunOnceEx key and then install programs the first time you log on. The command syntax is quite simple.

REG ADD [\\\] The name of the remote computer; if omitted, it is considered equal to the name of the local computer by default. Only the HKLM and HKU partitions are available on remote computers. Full path to the registry key in the form ROOT\Subkey. Root radel. Values ​​[HKLM | HKCU | HKCR | HKU | HKCC]. The full path to the registry key in the selected root partition. /v The name of the parameter to be added in the specified section. /ve Add an empty parameter (Default) to the specified section. /t Data types. By default, it is considered equal to REG_SZ. /s Specifies the separator that is used to separate data in multiline parameters of type REG_MULTI_SZ. By default, it is considered equal to "\0". /d The value assigned to the registry parameter to be added. /f Force overwrite existing registry entries without warning. Examples: REG ADD \\ABC\HKLM\Software\MyCo Adds the HKLM\Software\MyCo section to remote computer ABC REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead Adds a parameter with name: Data, type: REG_BINARY, and value: fe340ead REG ADD HKLM\Software\MyCo /v MRU /t REG_MULTI_SZ /d fax\0mail Adds a parameter with name: MRU, type: REG_MUTLI_SZ, and value: fax\0mail\0\0 REG ADD HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d %%systemroot%% Adds a parameter with name: Path, type: REG_EXPAND_SZ, and the value: %systemroot% Note: Use double percent characters (%%) in the line

INF file

You can also import settings into the registry using INF files. Their general syntax is somewhat more complex than that of REG files, but writing directly to the registry is quite simple. Below is an example from the Msgina addon

Signature="$Windows NT$" Msgina OptionDesc="Msgina" Tip="GINA Login Library" Modes=0,1,2,3 AddReg=Msgina.AddReg HKLM,"Software\Policies\Microsoft\Windows\System\ Shutdown","ShowHibernateButton",0x10001,1 HKLM,"Software\Policies\Microsoft\Windows\System\Shutdown","HibernateAsButton",0x10001,1

Note. Additional information about INF files can be found in .