Search From the Command Line – FIND Command (Windows, CMD, DOS)
You can use the find command to search for a file based on the contents inside it or to find where a string is located within a single or multiple files.
Welcome!
This guide is all about the windows registry and how to edit it form the windows command line (CMD).
Before we get started however you need to know that making changes to the registry can be dangerous.
The wrong command can very easily break your computer, so pay attention and look at everything twice before executing a command.
With the disclaimer out of the way, let’s get started.
If you are a system administrator or a poweruser you have probably used the windows registry to add, edit or delete entries.
But what is this “Windows Registry” I hear you ask?
The windows registry is a database that stores settings for the operating system as all as its applications.
Everything from application settings or preferences to operating system configurations.
For example, when a program is installed, entries are created in the windows registry that define where the program files are located, or which settings are used.
Simple enough right?
Before we learn how to use the command line (CMD) to modify our registry we must first learn how information within registry itself is structured.
The registry stores items in the following structure:
Hives -> Keys -> Values
Let’s start with Registry Hives.
The windows registry contains several root locations that store various entries.
These locations are called registry hives.
Registry hives are separated based on the values they contain.
Here is a list of some of the most commonly used registry hives along with a brief description about each one:
Name (Abbreviation) – Description
While there are several more registry hives these are the one you will likely be using almost exclusively, so do not stress too much about the rest.
Within these hives there are several sub-entries or keys, which categorize our values even further into several groups.
For example, the Software key which is located with the HKEY_LOCAL_MACHINE registry hive contains information and settings related to every application in your computer.
Basically, think of keys like containers or folders.
Within these keys we have various values, that our applications or windows have created.
Sort of like files within a folder.
These values are also called entries and will be using the two names interchangeably.
Entries, store data using several distinct data types, in the following list I have included the name of each value in human-readable format, the name that they are listed as in the registry(within parenthesis) along with a brief description.
There is no way I can explain this using plain English and fit it into a sentence, instead, if you want to learn more, you would have to go here.
While these are not all the data types, they are the ones which you will likely use most.
Since this article is more about the command line itself and its relation to the registry, I wont dive any deeper into the registry itself.
If you would like to, you can find more information about the registry by clicking here.
With that said you should now have the basics down and be ready for the following sections.
Instead of using the windows GUI to edit your registry values, as you might have done in the past (like a little b*tch), you can use the command line (CMD) to do just that.
To do so, we will make use of the REG command.
To edit the windows registry, you need a command prompt with administrator privileges.
Let’s start by learning how to create keys.
Like we said before a key is like a folder or container that is used to store many entries.
To create a key named MyKey type the following:
REG ADD HKLM\Software\MyKey
Right after our ADD parameter we have the location in which we want our key to be created, In this case I created my key within the Software key which usually contains values for user-installed programs.
Now that we have created our key lets create a value within it.
To add a DWORD entry named MyEntry with a value of 0 to our local software path type the following:
REG ADD HKLM\Software\MyKey /v MyEntry /t REG_DWORD /d 0
Let’s break it down:
Let’s check if our value was added successfully by using the QUERYparameter followed by the location and name of our entry:
REG Query HKLM\Software\MyKey /v MyEntry
The 0x before our value denotes that this is hexadecimal value.
An entry with the correct value has indeed been created.
Good Job, Bob! Or whatever your name is.
Changing registry data is what you will be doing mostly, so lets learn how to, by changing the data of the entry we created in the previous section.
We can change the data within an entry by once again using the ADD parameter, this time however we need to use the /F parameter as well, which tells the REG command to overwrite any existing entries.
Let’s try changing the data within our entry to 1.
Here is the command we are going to use:
REG ADD HKLM\Software\MyKey /v MyEntry /t REG_DWORD /d 1 /F
Pretty easy right?
If you do not use the /F parameter and an existing entry is found the command line will ask you if you want to overwrite it, simply type “Yes” to confirm.
Once again let’s use the QUERY parameter to verify that the value of our entry has been changed.
REG Query HKLM\Software\MyKey /v MyEntry
And indeed, it is!
Awesome!
Deleting items within the registry can be a bit risky, and by risky, I mean it can ruin your computer.
But that is no cause for concern, for as long as you are extremely careful and double check every command, you will probably be fine.
With that said, let’s delete the value we previously created.
To delete an entry simply use the DELETE parameter followed by the location and name of your entry.
REG Delete HKLM\Software\MyKey /v MyEntry
Press Y to confirm the operation.
Similarly, to delete an entire key use the /va parameter which tells the REG command to also delete any values within this key.
REG Delete HKLM\Software\MyKey /va
There are several more parameters with which you can use to perform several operations to your registry and will learn about them later on.
Now that you know the basics lets look at a few ways you can use that wealth of knowledge.
How about something simple, like specifying a security descriptor and editing the associated access control list.
What’s that, I hear you ask? That doesn’t sound simple?
Nevermind, how about changing the color of your title bars. You like colors, don’t you?
We can change the title bar color for every application and make windows look just a little bit better with just a few simple registry tweaks (the word simple is used loosely here).
To do so, we have to create two DWORD entries in the following location: HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM
One entry for the color we want our title bar to have when our applications are active (focused), and one for when they are inactive (unfocused).
Before we create our values however, we need to decide on the colors we want our tile bars to have and convert them into the appropriate format.
I will go with a dark turquoise for when my applications are active and black for when they are not.
Now we need to figure out the hex codes that correspond to our desired colors.
You can use an online converter, such as this one: HexColorTool Or use an application with a color picker such as Paint or Photoshop.
In my case they are as follows:
You can find exactly what Hex codes (when referring to colors) are and how they work by clicking here.
These hex codes are in the RGB Format, which means that the first two letters or numbers refer to the red component, the next two the green component and so on.
Windows however uses the BGR format (for some reason), which means that if we want windows to interpret our colors correctly, we need to convert them.
All we have to do is to switch the red and blue components around simply by switching the first and last two numbers or letters around.
Here is what my colors look like in the BGR format:
Now that we have our colors lets create our first entry named AccentColor, which will specify the title bar color for active applications:
Here is what the command would look like:
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM /v AccentColor /t REG_DWORD /d 0xd1ce00
The /d parameter requires the 0x prefix when specifying hexadecimal values.
Replace its value with the color of your choice.
The tile bar color of your command prompt should immediately change!
Lest create a second entry named AccentColorInactive for our inactive applications.
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM /v AccentColorInactive /t REG_DWORD /d 0x000000
Once again Replace the value of the /d parameter with the color of your choice while retaining the 0x prefix.
The title bar color of your active and inactive applications should now be changed into your desired colors.
Success! You not only know how to change the color of your title bar, but have learned a bit of computer color science as well!
You are welcome.
Whether you opt for a third party anti-virus solution or you simply find Windows defender (and anti-viruses in general) annoying, you might choose to have it disabled.
Windows being windows does not give us an easy way to do this, however we can disable windows defender by creating a simple entry within our registry.
Simply create a DWORD entry named DisableAntiSpyware, with a data value of 1, in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
Here is what our command would look like:
REG ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender” /v DisableAntiSpyware /t REG_DWORD /d 1
Pretty simple right?
Windows Defender should be disabled after a restart.
If you are wondering why we used quotation marks to specify our location, that is because it contains a space within it.
The quotes tell the command line that the spaces separating the words do not constitute an additional parameter and that they are simply part of our path or location.
Speaking of annoying windows features, automatic updates.
We have all experienced the supreme irritation of finding our computers unexpectedly deciding to spend a few hours updating themselves, just when you have an important project to finish.
No more of that! Lets disable automatic updates.
Once again this is pretty simple.
Create a DWORD entry named NoAutoUpdate with a data value of 1 within the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
Now this is usually the point where I give you the complete command, and all you have to do is copy and paste it into your command line.
Not this time, call me cruel all you like, but you will have to do this one on your own.
This shouldn’t be hard, you might even learn something!
Thank me later!
P.S Be careful now, try not to break your computer (I take no responsibility).
You are still here! All has gone well then.
Here is your reward:
A list of the most useful parameters for the reg command along with a brief description (not much of a reward but whatever).
For your convenience, here is a list of some of the examples we used, along with a brief description.
Creates a key named MyKey within theHKLM\Software Key.
REG ADD HKLM\Software\MyKey
Creates a DWORD Entry with a data value of zero named MyEntry, within the HKLM\Software Key.
REG ADD HKLM\Software\MyKey /v MyEntry /t REG_DWORD /d 0
Displays the data value of the MyEntry entry, which is located within the HKLM\Software Key.
REG Query HKLM\Software\MyKey /v MyEntry
Deletes the MyEntry entry, which is located within the HKLM\Software Key.
REG Delete HKLM\Software\MyKey /v MyEntry
Deletes the entire MyKey Key, which is located within the HKLM\Software Key.
REG Delete HKLM\Software\MyKey /va
If only an article of this size could be summarized perfectly into three bullet points. Anyway, here goes:
That was a big article, I know, but you made it! So congratulations are in order.
You now know what the windows registry is and how to modify it from the command line.
If you liked this short guide take a look at a few of our other posts related to the windows command line, or if you really liked it consider enrolling in our video course where you will learn the ins and outs of the Windows command Line.
This course has everything you need to start learning about the windows command line along with batch scripting.
You can use the find command to search for a file based on the contents inside it or to find where a string is located within a single or multiple files.
Easily create files or folders from the command prompt (cmd), with just a few simple commands in your current as well as different directories.
The cipher command is a built in security tool, that can be used to encrypt or decrypt files and folders as well as wipe or overwrite deleted data.
Learn the Windows command line And Become an Expert!
