Understanding .REG files

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Windows NT Registry Tip: Understanding .REG files. Waynes NT Resources is Windows NT support site with an extensive Windows NT Registry Index, Tips for Windows NT Administrators, Tips for Windows NT workstation users, book recommendations for nt admins and nt users on topics such as administration, nt domain, remote access, security, integration, backup and restore, basics, dns, event logging, logon administration, iis, mcse, routers, intrusion detection, hacking, windows2000, nt2000, performance tuning and monitor, windows scripting, perl, windows resource kits, troubleshooting problems, server and tcp/ip. There is also an extensive set of links to Windows NT resource sites found elsewhere on web with a focus on Windows NT Security Guidelines, security scanners, newletters, windows nt faqs, windows nt tutorials, windows nt whitepapers, windows nt security sites, windows nt software - freeware and shareware sites.

.REG files can be used to automate registry changes. The REGEDIT4 scripts run by regedit.exe will modify or update your registry. They work because the .REG extension is associated with regedit.exe. When you run the .reg file (double-click in Explorer or run from commandline like a program), you see a popup window stating

Information in c:\winnt\regscripts\yourscript.REG has been successfully entered into the registry.

As you can see above, I recommend that you create a \winnt\regscripts directory to store all .REG files you apply to your system. It makes a record of all changes made to your system and the scripts can be modified to undo the changes (in many cases by changing yes to no, 1 to 0 or whatever. It goes without saying the any registry change is dangerous. Unfortunately there is little choice in too many cases. Be sure to have a good backup BEFORE applying any registry hack.

The syntax of a .REG file:

REGEDIT4

[HKEY_HIVE\KEY\KEY] @="keyvalue"

In the examples I give, I will always use the following form:

REGEDIT4
BLANK LINE GOES HERE
[HKEY_HIVE\KEY\KEY] @="keyvalue"
BLANK LINE GOES HERE

Replace the BLANK LINE GOES HERE with a blank line. The last character in a .REG file needs to be a carrage control. Just insert a blank line and press enter and then save the .REG file. Other examples:

REGEDIT4
BLANK LINE GOES HERE
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}] @="Trash"
BLANK LINE GOES HERE

REGEDIT4
BLANK LINE GOES HERE
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoStartBanner"="1"

BLANK LINE GOES HERE

On/Off keys are enabled with "1". Such keys are disabled by "0". Others are enabled with "yes", disabled with "no". Be careful, some keys are worded negatively and some positively - that is, "yes" or '1" can mean ON or it can mean OFF. Some keys have sliding numeric scale values 0-xxxx. Others have string values. No one rule.

If you are in a corporate environment, the .REG association may have been disabled to prevent you from accidentally or purposefully changing your PCs functionality. Organizations vary tremendously in how much power over the PC configuration they allow their employees to have. There is a tension between such personal options and support policies. Its not a simple issue. Such modifications may allow the owner of the PC to get his/her work done much more effectively. Or it may make the PC unworkable. I have mostly worked in organizations where the equation is tilted towards allowing maximum user choice. But as a long-term systems support person, I understand that there is a cost to be paid. Given that the real novices are unaware and very unlikely to get into these deep waters, ... Then there are those putzes you always hate to hear from. OK, lock down their PCs. Enough preaching.

See Also

Featured Links