The Registry Editor may be used from the command line

French | Spanish | Portuguese | Italian | German | Japanese | Chinese | Korean | Russian | Arabic

Using the Registry Editor from the Command Line

The Registry Editor may be used from the command line, without user interaction. The commands that the Registry Editor uses include those described below. (Note that not all commands may be available under all operating systems.)

• To import a registry file into the Registry Editor:

  REGEDIT [/L:system] [/R:user] filename1

• To create a registry object from a file:

  REGEDIT [/L:system] [/R:user] /C filename2

• To export a registry (or part of the registry):

  REGEDIT [/L:system] [/R:user] /E filename3 [regpath1]

• To delete part of a registry:

  REGEDIT [/L:system] [/R:user] /D regpath2

Restoring

Restoring is what Joe and Ed on the Learning Channel do to old furniture, right? Well, maybe so, but it's also possible to restore an object in the registry using the Registry Editor. The process is straightforward, although like everything else, you must have something to restore from. As explained above, using Export (in the File menu), you can save a registry object to a file. The file extension is .reg, and it is a really good idea to keep filenames as descriptive as possible. A suggestion: If you have a strong desire to play with the import and export functionality of the Registry Editor, install a practice copy of Windows. Don't do this on a working version at least not a copy of Windows that you, or anyone else, care about. Note When an object is restored, the data overwrites the existing object. It becomes permanent, as everything that the Registry Editor does is immediately written to the registry. Warning More important: When an object is restored, it is written on top of the currently selected object. Make sure that the object you are restoring belongs at the current selection. Again, make sure you name your file well so that you know exactly which object a given file represents. Imagine coming back to a saved file, perhaps weeks later, and trying to restore it without knowing which object it was saved from. Warning Even much more important: Restoring an object may override the read-only mode option it will write to the registry no matter what! Care to guess how I found that out? When an object is restored, the selected object is not renamed, even though the contents of the object are replaced.

Security

Security is paramount in a Windows installation. The registry, just like the NTFS file system, can be protected from unauthorized access. This can be a critical issue, because Windows supports remote registry editing. Note It is possible to make changes to one computer's registry from another computer without the user of the changed computer even knowing that a change has been made (that is, until they see the results of the change).

The Registry Editor supports security modifications. If a hive is not accessible to the Registry Editor, the user is unable to view the hive or change it, depending on the level of access granted by the system. However, the Registry Editor's Edit → Permissions menu selection allows you to change the security attributes for a hive and any keys (if you have sufficient authority to do so). Initially, when you select Edit → Permissions, the Permissions For dialog box is displayed. You set basic security in this dialog box, while you set advanced functionality (permissions, auditing, and owner) in the Advanced Security Settings For dialog box.

Permissions

The currently selected object is displayed along with the current permissions granted. Default permissions are typically, but not always, ones that everyone can read; the Administrator accounts and the system both have full control. The Permissions tab lists the object's name in the dialog box's title bar. To allow the current object to include its parent's permissions, select the check box that says, "Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here." To allow changing permissions for both the selected item and any subkeys it contains, select the check box that says, "Replace permission entries on all child objects with entries shown here that apply to child objects.". You set detailed permissions by clicking the Edit button in the Permissions tab of the Advanced Security Settings For dialog box. This displays the Permission Entry For dialog box. The list box shows the current permissions, organized by name. Select one name (each may be modified separately, or all entries may be cleared using the Clear All button) and set the type of access. The selections include the following:

Full Control Allows the selected user to have complete, unrestricted access

Query Value Allows the selected user to have read access

Set Value Allows the selected user to have write access

Create Subkey Allows the selected user to create a subkey

Enumerate Subkeys Allows the selected user to obtain a list of subkeys contained within the object

Notify Tells Windows XP to notify the owner when the object is modified

Create Link Allows the selected user to create a link to the object from another object

Delete Allows the selected user to delete the object

Write DAC Allows the selected user to modify Discretionary Access Control information

Write Owner Allows the selected user to modify the owner record information

Read Control Combines the standard read, Query Value, Enumerate Subkeys, and Notify permissions

Warning Of course, the standard warnings apply: Do not grant more permission than is necessary to do the job. Understand which permissions are being granted (see the above list) and consider granting permissions temporarily, removing anything granted as soon as it is not necessary.

Auditing

The word auditing, when mentioned with the words government and taxes, generally gets us weak in the knees and starts us sweating profusely. However, auditing registry interaction can be somewhat less troublesome and very beneficial to the user. Auditing, like permissions, is based on users. You set up auditing in the Auditing tab of the Advanced Security Settings For dialog box. For an object that has not had any auditing set, the list will be blank. The first thing to do is to check "Inherit from parent the auditing entries that apply to child objects. Include these with entries explicitly defined here." Next, click the Add button to add new users to the list. In the Select User, Computer, or Group dialog box, you can select both groups and individual users. Select one name in the list box and click the Add button to add that name to the list of names to be audited. Once all names to be audited have been added, click OK. This dialog box also has an Advanced button that provides additional features for specifying an object name.

Set specific permissions in the Auditing Entry For dialog box. The following events may be audited:

Full Control Used to set auditing events (you may select Successful, Failed, or both)

Query Value Audited whenever the user or group in the name list reads the object

Set Value Audited whenever the user or group in the name list writes to the object

Create Subkey Audited whenever the user or group in the name list creates a key

Enumerate Subkeys Audited whenever the user or group in the name list enumerates a list of keys contained within the object

Notify Audited whenever the user or group in the name list does anything that generates a notification to the owner

Create Link Audited whenever the user or group in the name list creates a link to the object from another object Delete Audited whenever the user or group in the name list deletes the object Write DAC Audited whenever the user or group in the name list modifies the Discretionary Access Control information Write Owner Audited whenever the user or group in the name list modifies the owner record information Read Control Audited whenever the user or group in the name list does anything that includes the standard read, Query Value, Enumerate Subkeys, or Notify permissions You can audit for success and/or failure. Either or both may be selected if desired: Successful Whenever a successful operation is done, auditing information is saved. This mode is useful when creating a log of information about changes to the registry. Success auditing can help you go back and determine what changes were made to the registry to try to fix the problem. Failed Whenever an unsuccessful operation is done, auditing information is saved. Whenever security is an issue (any time there is more than one user), failure auditing can help point to attempts to compromise system security. Tip Select audit success for critical objects that shouldn't be changed often. Select audit failure for any object that is security related. Owner I own things; you own things. To keep the records straight, we have titles for cars, deeds for property, and other documents that trace ownership of anything that is nontrivial. With computers, especially Windows XP, ownership is an important thing. I "own" my computer, and probably I don't want you messing with it. When using NTFS, ownership may be set for files. In addition, objects in the registry may have ownership, too. Ownership implies ultimate control: the owner can restrict access, audit, and do whatever he or she wants. In the Registry Editor, the Owner tab in the Advanced Security Settings For dialog box allows you to take "ownership" of a registry object. An object may have more than one owner, and if there are multiple owners, then they each share owner privilege.

The owner of any object may allow or disallow another user from taking ownership; however, once another user has ownership, the original owner's rights are terminated. Note Both the current owner and the system administrator may assign ownership of the object to a user or to the system administrator.