registry

display and modify the Windows Registry Database 

Command


SYNOPSIS

registry [-S hostname | -D domain-name] -d -k key [-n name] [-3 | -6]

registry [-S hostname | -D domain-name] -p [-k key] [-n name] [-l n] [-r|-u] [-3 | -6]

registry [-S hostname | -D domain-name] -s -k key -n name (-v value | -V type:value | -L filename | -U) [-3 | -6]


DESCRIPTION

registry lets you display and modify Windows Registry Database information from the command line. The registry command is especially useful for automating manipulation of the Registry from within shell scripts. For example, you could treat a shell script as an application, and store information related to that application in the Registry.

The Windows Registry Database stores a hierarchical set of keys that determine how your machine operates. It works in much the same way that Windows .INI files did under Windows 3.1, with each key in the Registry similar to a bracketed heading in an .INI file. Registry keys, however, can contain subkeys, and defined values within the Registry can consist of arbitrary binary data as well as simple text strings.

Structurally, keys in the Registry are analogous to directories, subkeys are like subdirectories, and values are analogous to files. Each step down the hierarchical Registry tree contains more specific operating information; keys are general topic descriptors, whereas values contain the data or binary code necessary to perform specific functions. Note that since subkeys may contain a slash (/), you can only use a backslash (\) to delimit subkeys.

registry can be most useful once you understand the naming conventions employed by the various components of your operating system. Some of the most useful documentation on Registries can be found in the Windows NT Resource Guide, included as part of the Windows NT Resource Kit. See your operating system documentation for further information.

Options

-d 

deletes a key or subsidiary name=value construct. To delete a name=value entry you must specify -n name, where name is the unique name associated with the name=value to be deleted. If only -k key is specified, key is deleted along with all subkeys and name=value entries residing under key. Warning: there are no built-in checks to verify that the keys you are deleting are not essential to the operation of your system.

-D domain-name 

locates the primary domain controller of the specified domain-name, and requests that machine to perform the actions on behalf of the registry command. registry normally performs actions on the local system.

The -D and -S options are mutually exclusive and only work on 7/2008R2/8/2012/10/2016.

-k key 

specifies the full name of any key in the Windows Registry Database. For example, 7/2008R2/8/2012/10/2016 contains the following six predefined keys (which can be specified by any of the three names given for each):

HKEY_CLASSES_ROOT       CLASSES_ROOT       HKCR
HKEY_CURRENT_USER       CURRENT_USER       HKCU
HKEY_LOCAL_MACHINE      LOCAL_MACHINE      HKLM
HKEY_USERS              USERS              HKU
HKEY_CURRENT_CONFIG     CURRENT_CONF       HKCC
HKEY_DYN_DATA           DYN_DATA           HKDD

In addition, 7/2008R2/8/2012/10/2016 has the following predefined key:

HKEY_PERFORMANCE_DATA   PERFORMANCE_DATA   HKPD
-l n 

displays only the first n levels of the database.

-L filename 

loads filename at name point indicated by -n name (7/2008R2/8/2012/10/2016 only). This option requires the SE_RESTORE_NAME privilege and can be dangerous if not used carefully.

-n name 

specifies the Registry description associated with a particular value. For example, you might have a key/subkey hierarchy of

HKLM\System\CurrentControlSet\Control\FileSystem\CDFS

that contains the name

Prefetch

with an associated value of

0x000000e4(228)

The names are case-preserved, but not case-sensitive.

When name is an empty string (""), the key's default value is referenced.

-p 

displays all or part of the Registry database information to standard output. With no options, registry -p displays the entire database. If you specify -k key , only key and its subkeys are displayed. If you specify -n name, only values matching name are displayed. If you specify -l n , only the first n levels of the database are displayed.

Registry database information is displayed as three sets of data across a tab delimited line. The first field is the fully qualified key name. Next is the value name (note that value name can be null), and in the last field is the value associated with the name. The value field can display several different formats; the following table describes some of the more common formats:

Value Format

"xxxxx" a string value
"xxx","yyy" a set of string values
$"xxxx" a string value, subject to environment name expansion
0xXXXXXXXX a hexadecimal string
b1b2b3b4b5... bytes of binary data displayed in hexadecimal
Type (#):b1b2.. a different type with bytes displayed in hex (see your operating system manual for more information on different types)

-r 

displays values in raw format using ASCII characters from the ANSI code page. If value is a string, only the string is displayed without quotes or other formatting characters. If value is binary, -r displays four binary bytes followed by a newline character.

While the -r and -u options to registry -p are of little functional use if value is binary, they can be quite useful when working with string values.

-s 

sets the name=value construct of a key. For this option to properly set key values, you must also specify the -k key option and optionally, either both the -n name and -v value options, or the -v value option alone.

The specified key and any subkeys are created by registry -s if they did not already exist.

-S hostname 

requests that the specified host machine perform the actions on behalf of the registry command. registry normally performs actions on the local system. Optionally, hostname may be preceded by \\ or //.

The -D and -S options are mutually exclusive and only work on 7/2008R2/8/2012/10/2016.

-u 

displays values in raw format using Unicode characters. If value is a string, only the string is displayed without quotes or other formatting characters. If value is binary, -r displays four binary bytes followed by a newline character.

While the -r and -u options to registry -p are of little functional use if value is binary, they can be quite useful when working with string values.

-U 

unloads the key at the name point indicated by -n name (7/2008R2/8/2012/10/2016 only). This option requires the SE_RESTORE_NAME privilege and can be dangerous if not used carefully.

-v value 

specifies the data associated with a particular name in the Registry. value can only be a string and the resulting registry entry is always REG_SIZ, regardless of the type associated with the original value.

-V type:value 

specifies values in the following formats:

Type Value

dword: 1234
str: string
expandstr: expanded string (REG_EXPAND_STR instead of REG_STR)
binary: XXXX...
multistr: str#str...

For the multistr type, each number-sign character (#) writes a \0 to the registry. The final string is automatically terminated with \0\0.

Enter binary values as hexadecimal pairs of the form

-V "binary:01Ef"

Other characters are discarded. If you enter an odd number of characters, add a trailing zero.

-3 
-6 

are relevant only when dealing with the Windows registry of a 64-bit system (either you local system or a remote system accessed with -S); these options are ignored when dealing with the registry of a 32-bit system.

On 64-bit Windows systems, registry keys can be specific to the 32-bit version of an application, specific to the 64-bit version of that application, or common to both versions.

The -3 option refers to the key that is specific to the 32-bit version of an application; or if separate keys for 32-bit and 64-bit versions of the application do not exist, it refers to the common registry key used by both 32-bit and 64-bit versions.

Similarly, the -6 option refers to the key that is specific to the 64-bit version of an application or the common registry key if separate 32-bit and 64-bit versions do not exist.

When neither -3 nor -6 is specified, registry uses the key for the 64-bit version of the application (or the common key if separate 32-bit and 64-bit versions do not exist).


EXAMPLES

This is a simple KornShell script that associates an arbitrary icon with each instance of a given suffix. In this case, the MKS KornShell icon (sh.ico) is associated with each file ending in the suffix .ksh. This script itself is KornShell code, so all backslashes (\) have been doubled.

H=HKEY_LOCAL_MACHINE\\Software\\Classes

Suffix=ksh
Title="A Korn Shell Script"
Iconfile="c:\\mksnt\\sh.ico"
RunCmd="c:\\mksnt\\sh.exe"

registry -s -k "$H\\.$Suffix" -n '' -v ${Suffix}file
registry -s -k "$H\\${Suffix}file" -n '' -v "$Title"
registry -s -k "$H\\${Suffix}file\\DefaultIcon" -n '' -v "$Iconfile, 0"

You could also add the following line to include the Run... command to popup menus, allowing you to run the shell on any file with a .ksh suffix:

registry -s -k "$H\\${Suffix}file\\Shell\\Run...\\Command" -n '' \
    -v "$RunCmd %1"

DIAGNOSTICS

Possible exit status values are:

0 

Successful completion.

1 

Failure.

2 

Failure because of an invalid command line option.


PORTABILITY

Windows 7. Windows Server 2008 R2. Windows 8. Windows Server 2012. Windows 10. Windows Server 2016.


AVAILABILITY

PTC MKS Toolkit for Power Users
PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition


PTC MKS Toolkit 10.1 Documentation Build 15.