? Using Regedit.exe with external hive files from the command line

[Alec S.]

Hi,

Does anyone know how to use regedit to work with external registry file
from the command line? In 9x based OSes you use the /R and /L command line
switches to specify where USER.DAT and SYSTEM.DAT are, but in NT based OSes
those files do not exist; instead you have separate files for software,
system, default, etc. as well as a separate NTUSER.DAT file for each user.

I'm in Windows XP in a command prompt, I have extracted the required
NTUSER.DAT file from a backup image of my hard drive, and I want to extract
a key from that but have no idea how to specify it as the source rather than
the active registry.

I've looked around everywhere but cannot find any info on using an
external file from the command line. I've tried doing

regedit /r:g:\software /e t.reg "HKEY_CURRENT_USER\BLAH*>|<"

But that does not work, no file is created and regedit returns an
errorcode of 0.


Any ideas? Thanks.

 

[Torgeir Bakken \(MVP\)]

Does anyone know how to use regedit to work with external registry file
from the command line? In 9x based OSes you use the /R and /L command line
switches to specify where USER.DAT and SYSTEM.DAT are, but in NT based OSes
those files do not exist; instead you have separate files for software,
system, default, etc. as well as a separate NTUSER.DAT file for each user.

I'm in Windows XP in a command prompt, I have extracted the required
NTUSER.DAT file from a backup image of my hard drive, and I want to extract
a key from that but have no idea how to specify it as the source rather than
the active registry.

I've looked around everywhere but cannot find any info on using an
external file from the command line. I've tried doing

regedit /r:g:\software /e t.reg "HKEY_CURRENT_USER\BLAH*>|<"

But that does not work, no file is created and regedit returns an
errorcode of 0.

Hi

Use reg.exe instead (it comes builtin with WinXP).

Example on how to load an external hive file:

reg.exe load HKLM\TmpHive "C:\Documents and Settings\Administrator\NTUSER.DAT"


Then you can use "reg.exe query" to do a query on the key in question
(or "reg.exe export" if you want to export the key to an ordinary
registry file)

Run "reg.exe /?" in a command prompt for more help.

 

[Torgeir Bakken \(MVP\)]

Does anyone know how to use regedit to work with external registry file
from the command line? In 9x based OSes you use the /R and /L command line
switches to specify where USER.DAT and SYSTEM.DAT are, but in NT based OSes
those files do not exist; instead you have separate files for software,
system, default, etc. as well as a separate NTUSER.DAT file for each user.

I'm in Windows XP in a command prompt, I have extracted the required
NTUSER.DAT file from a backup image of my hard drive, and I want to extract
a key from that but have no idea how to specify it as the source rather than
the active registry.

I've looked around everywhere but cannot find any info on using an
external file from the command line. I've tried doing

regedit /r:g:\software /e t.reg "HKEY_CURRENT_USER\BLAH*>|<"

But that does not work, no file is created and regedit returns an
errorcode of 0.

Hi

Use reg.exe instead (it comes builtin with WinXP).

Example on how to load an external hive file:

reg.exe load HKLM\TmpHive "C:\Documents and Settings\Administrator\NTUSER.DAT"


Then you can use "reg.exe query" to do a query on the key in question
(or "reg.exe export" if you want to export the key to an ordinary
registry file)

Run "reg.exe /?" in a command prompt for more help.

 

[Alec S.]

I actually looked at REG earlier but it did not look to be right. I
tried it again thanks to you example and while it was more complicated than
I hoped (I had to temporarily import it into the registry) it did work.

However, is there a way to do it in pure DOS mode?

 

[Alec S.]

I actually looked at REG earlier but it did not look to be right. I
tried it again thanks to you example and while it was more complicated than
I hoped (I had to temporarily import it into the registry) it did work.

However, is there a way to do it in pure DOS mode?

 

[Mark V]

Alec S.
alec <@> synetech <.> cjb <.> net

I actually looked at REG earlier but it did not look to be
right. I
tried it again thanks to you example and while it was more
complicated than I hoped (I had to temporarily import it into the
registry) it did work.

However, is there a way to do it in pure DOS mode?

We don't say "DOS mode" <G> since there is no DOS in NTx. Command-
line, CLI, text interface, blah blah... <G>

Torgeir's brief instruction (I feel) was intended to allow you to
work entirely from a CLI or batchfile. "export" was mentioned in
passing as a REG.exe capability. This step is not required.

(assuming cmd and W2K and reg.exe version 2 or greater.
=== screen cap ======
C:\temp3>reg load HKU\$TEMPORARY c:\temp3\ntuser.dat

The operation completed successfully

C:\temp3>reg query "HKEY_USERS\$TEMPORARY\Control Panel\Current"

! REG.EXE VERSION 2.0

HKEY_USERS\$TEMPORARY\Control Panel\Current
Color Schemes REG_SZ Windows Standard

C:\temp3>reg unload HKU\$TEMPORARY

The operation completed successfully
================================

Hope that helps.

 

[Mark V]

Alec S.
alec <@> synetech <.> cjb <.> net

I actually looked at REG earlier but it did not look to be
right. I
tried it again thanks to you example and while it was more
complicated than I hoped (I had to temporarily import it into the
registry) it did work.

However, is there a way to do it in pure DOS mode?

We don't say "DOS mode" <G> since there is no DOS in NTx. Command-
line, CLI, text interface, blah blah... <G>

Torgeir's brief instruction (I feel) was intended to allow you to
work entirely from a CLI or batchfile. "export" was mentioned in
passing as a REG.exe capability. This step is not required.

(assuming cmd and W2K and reg.exe version 2 or greater.
=== screen cap ======
C:\temp3>reg load HKU\$TEMPORARY c:\temp3\ntuser.dat

The operation completed successfully

C:\temp3>reg query "HKEY_USERS\$TEMPORARY\Control Panel\Current"

! REG.EXE VERSION 2.0

HKEY_USERS\$TEMPORARY\Control Panel\Current
Color Schemes REG_SZ Windows Standard

C:\temp3>reg unload HKU\$TEMPORARY

The operation completed successfully
================================

Hope that helps.

 

[Alec S.]

What I meant was pure DOS mode from a boot disc. You can use
regedit.exe in dos mode to do stuff with the registry, and that's why you
need to specify where the files are located. But that only works for 9x
registries. How can you do stuff with the NT registries when you boot to
DOS?

Also, I used the method and it worked, but there was a problem. I
loaded the registry file into a temporary hive, and exported from that. The
problem was that the resulting .REG file I got had the temporary root key in
it:

I used these commands (in a command prompt window):

REG load "HKU\ttt" "g:\ntuser.dat"
REG export "HKU\ttt\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager" "g:\tm.reg"
REG unload "HKU\ttt"

Which gave me a file called tm.reg which had what I wanted in it, but the
key listed in the .REG file was this:

[HKEY_USERS\ttt\Software\Microsoft\Windows NT\CurrentVersion\TaskManager]

instead of this:

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager]


I manually changed the key and it works fine, but if I wanted to
automate it, it would not have worked.

 

[Alec S.]

What I meant was pure DOS mode from a boot disc. You can use
regedit.exe in dos mode to do stuff with the registry, and that's why you
need to specify where the files are located. But that only works for 9x
registries. How can you do stuff with the NT registries when you boot to
DOS?

Also, I used the method and it worked, but there was a problem. I
loaded the registry file into a temporary hive, and exported from that. The
problem was that the resulting .REG file I got had the temporary root key in
it:

I used these commands (in a command prompt window):

REG load "HKU\ttt" "g:\ntuser.dat"
REG export "HKU\ttt\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager" "g:\tm.reg"
REG unload "HKU\ttt"

Which gave me a file called tm.reg which had what I wanted in it, but the
key listed in the .REG file was this:

[HKEY_USERS\ttt\Software\Microsoft\Windows NT\CurrentVersion\TaskManager]

instead of this:

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager]


I manually changed the key and it works fine, but if I wanted to
automate it, it would not have worked.

 

[Mark V]

What I meant was pure DOS mode from a boot disc. You can use
regedit.exe in dos mode to do stuff with the registry, and that's
why you need to specify where the files are located. But that
only works for 9x registries. How can you do stuff with the NT
registries when you boot to DOS?

You can't. Sorry.
It may be possible to use a "PE"-like bootable CD to get an
environment where reg.exe or other tools can operate. Recovery
Console is also will not work for registry editing.

Or you can "load hive" with reg.exe (or regedt32.exe) on another
machine. (but don't try to change any registry ACLs).

Also, I used the method and it worked, but there was a
problem. I
loaded the registry file into a temporary hive, and exported from
that. The problem was that the resulting .REG file I got had the
temporary root key in it:

I used these commands (in a command prompt window):

REG load "HKU\ttt" "g:\ntuser.dat"
REG export "HKU\ttt\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager" "g:\tm.reg"
REG unload "HKU\ttt"

Which gave me a file called tm.reg which had what I wanted in it,
but the key listed in the .REG file was this:

[HKEY_USERS\ttt\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager]

instead of this:


[HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager]
I manually changed the key and it works fine, but if I wanted
to
automate it, it would not have worked.

It you wanted to "automate" (script) the change you would just do so
with reg.exe "live". reg.exe add /?
or reg.exe from a batchfile.

Example (data is not included. Line will wrap)
reg add "HKU\ttt\Software\Microsoft\Windows NT\CurrentVersion
\TaskManager" /v Preferences /t REG_BINARY /d <long string of digits
here> /f

I'm afraid I've lost the definition of your task. Without quoting I
thought it was something like,
Read a key from a static ntuser.dat file and do it from a command
prompt (eg cmd.exe).

 

[Mark V]

What I meant was pure DOS mode from a boot disc. You can use
regedit.exe in dos mode to do stuff with the registry, and that's
why you need to specify where the files are located. But that
only works for 9x registries. How can you do stuff with the NT
registries when you boot to DOS?

You can't. Sorry.
It may be possible to use a "PE"-like bootable CD to get an
environment where reg.exe or other tools can operate. Recovery
Console is also will not work for registry editing.

Or you can "load hive" with reg.exe (or regedt32.exe) on another
machine. (but don't try to change any registry ACLs).

Also, I used the method and it worked, but there was a
problem. I
loaded the registry file into a temporary hive, and exported from
that. The problem was that the resulting .REG file I got had the
temporary root key in it:

I used these commands (in a command prompt window):

REG load "HKU\ttt" "g:\ntuser.dat"
REG export "HKU\ttt\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager" "g:\tm.reg"
REG unload "HKU\ttt"

Which gave me a file called tm.reg which had what I wanted in it,
but the key listed in the .REG file was this:

[HKEY_USERS\ttt\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager]

instead of this:


[HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\TaskManager]
I manually changed the key and it works fine, but if I wanted
to
automate it, it would not have worked.

It you wanted to "automate" (script) the change you would just do so
with reg.exe "live". reg.exe add /?
or reg.exe from a batchfile.

Example (data is not included. Line will wrap)
reg add "HKU\ttt\Software\Microsoft\Windows NT\CurrentVersion
\TaskManager" /v Preferences /t REG_BINARY /d <long string of digits
here> /f

I'm afraid I've lost the definition of your task. Without quoting I
thought it was something like,
Read a key from a static ntuser.dat file and do it from a command
prompt (eg cmd.exe).

 

[Calvin]

Hi Mark and Alec,

You can actually edit the registry of a NT system whilst it is 'not running' -
using the tools and procedures supplied here:

http://home.eunet.no/~pnordahl/ntpasswd/

Although officially created to allow 'offline' password editing, many other
tasks like registry editing can be performed. (which is basically what a
password change is anyway - a change to the SAM hive) With a bit of skill and
testing you may even be able to write 'scripts' to accomplish things
automatically for you, although I have never looked into this. Be advised that
Peter's software actually puts you into a 'cut-down' version of Linux (NOT DOS),
but that shouldn't be a major consideration.

hope this info helps.

Calvin.

 

[Calvin]

Hi Mark and Alec,

You can actually edit the registry of a NT system whilst it is 'not running' -
using the tools and procedures supplied here:

http://home.eunet.no/~pnordahl/ntpasswd/

Although officially created to allow 'offline' password editing, many other
tasks like registry editing can be performed. (which is basically what a
password change is anyway - a change to the SAM hive) With a bit of skill and
testing you may even be able to write 'scripts' to accomplish things
automatically for you, although I have never looked into this. Be advised that
Peter's software actually puts you into a 'cut-down' version of Linux (NOT DOS),
but that shouldn't be a major consideration.

hope this info helps.

Calvin.

 

[Alec S.]

I can accept that you cannot edit the NT registry in DOS, but how can
you get around the temporary key name in the .REG file? Is that not
possible either?

 

[Alec S.]

I can accept that you cannot edit the NT registry in DOS, but how can
you get around the temporary key name in the .REG file? Is that not
possible either?

 

[Mark V]

I can accept that you cannot edit the NT registry in DOS, but
how can
you get around the temporary key name in the .REG file? Is that
not possible either?

Not possible since the exported .reg file is literaly including the
exact registry path as it exists. For REG files a GUI or CLI Search
and Replace tool is the only solution I know of to "fix" the path
text.

 

[Mark V]

I can accept that you cannot edit the NT registry in DOS, but
how can
you get around the temporary key name in the .REG file? Is that
not possible either?

Not possible since the exported .reg file is literaly including the
exact registry path as it exists. For REG files a GUI or CLI Search
and Replace tool is the only solution I know of to "fix" the path
text.

 

[Alec S.]

Okay, if necessary, I can do that. Thanks.

 

[Alec S.]

Okay, if necessary, I can do that. Thanks.