Editing the Registry – Using the Command Line (Add, Delete & Modify)

Editing the Registry – Using the Command Line
(Add, Delete & Modify)

What We'll Learn:

Welcome!
This guide is all about the windows registry and how to edit it form the windows command line (CMD).

  • We are going to learn what the windows registry is and how data is structured within it.
  • How to create and delete keys and entries (values) using the REG Command
  • As well as how to add, edit and delete values (entries) Once again using the REG Command.

Before we get started however you need to know that making changes to the registry can be dangerous.

The wrong command can very easily break your computer, so pay attention and look at everything twice before executing a command.
With the disclaimer out of the way, let’s get started.

The Windows Registry.

If you are a system administrator or a poweruser you have probably used the windows registry to add, edit or delete entries.
But what is this “Windows Registry” I hear you ask?
The windows registry is a database that stores settings for the operating system as all as its applications.
Everything from application settings or preferences to operating system configurations.
For example, when a program is installed, entries are created in the windows registry that define where the program files are located, or which settings are used.
Simple enough right?

Registry Structure.

Before we learn how to use the command line (CMD) to modify our registry we must first learn how information within registry itself is structured.
The registry stores items in the following structure:
Hives -> Keys -> Values
Let’s start with Registry Hives.

Editing the Registry – Using the Command Line (Add, Delete & Modify)

Hives:

The windows registry contains several root locations that store various entries.
These locations are called registry hives.
Registry hives are separated based on the values they contain.
Here is a list of some of the most commonly used registry hives along with a brief description about each one:
Name (Abbreviation) – Description

  • HKEY_LOCAL_MACHINE (HKLM) – Contains keys and information related to the entire computer, such as windows configurations or other system wide settings.
  • HKEY_CURRENT_USER (HKCU) – Contains keys and information related to the current computer user, such as preferences or settings.

While there are several more registry hives these are the one you will likely be using almost exclusively, so do not stress too much about the rest.

Keys:

Within these hives there are several sub-entries or keys, which categorize our values even further into several groups.
For example, the Software key which is located with the HKEY_LOCAL_MACHINE registry hive contains information and settings related to every application in your computer.
Basically, think of keys like containers or folders.

Values:

Within these keys we have various values, that our applications or windows have created.
Sort of like files within a folder.
These values are also called entries and will be using the two names interchangeably.
Entries, store data using several distinct data types, in the following list I have included the name of each value in human-readable format, the name that they are listed as in the registry(within parenthesis) along with a brief description.

  • String (REG-SZ) – A combination of numbers, letters and symbols.
  • Binary ( REG_RESOURCE_LIST) – Basically a bunch of zeros and ones.
  • DWORD (REG_DWORD) – A 32 bit integer number. 

Can be expressed in either binary or hexadecimal format.
There is no way I can explain this using plain English and fit it into a sentence, instead, if you want to learn more, you would have to go here
While these are not all the data types, they are the ones which you will likely use most.

Since this article is more about the command line itself and its relation to the registry, I wont dive any deeper into the registry itself.
If you would like to, you can find more information about the registry by clicking here.
With that said you should now have the basics down and be ready for the following sections.

Adding Keys – Using CMD

Instead of using the windows GUI to edit your registry values, as you might have done in the past (like a little b*tch), you can use the command line (CMD) to do just that.
To do so, we will make use of the REG command.
To edit the windows registry, you need a command prompt with administrator privileges.
Let’s start by learning how to create keys.
Like we said before a key is like a folder or container that is used to store many entries.
To create a key named MyKey type the following:

REG ADD HKLM\Software\MyKey

Right after our ADD parameter we have the location in which we want our key to be created, In this case I created my key within the Software key which usually contains values for user-installed programs.

Adding Entries/Values – Using CMD

Now that we have created our key lets create a value within it.
To add a DWORD entry named MyEntry with a value of 0 to our local software path type the following:

REG ADD HKLM\Software\MyKey /v MyEntry /t REG_DWORD /d 0

Let’s break it down:

  • /v – Specifies the name of our value.
  • /t – Specifies the data type of our entry, in this case a DWORD, which is the type you will be creating almost exclusively.
  • /d – Specifies the data of our entry.

Let’s check if our value was added successfully by using the QUERY parameter followed by the location and name of our entry:

REG Query HKLM\Software\MyKey /v MyEntry
Editing the Registry – Using the Command Line (Add, Delete & Modify)

The 0x before our value denotes that this is hexadecimal value.
An entry with the correct value has indeed been created.
Good Job, Bob! Or whatever your name is.

Modifying/Changing Entries – Using CMD

Changing registry data is what you will be doing mostly, so lets learn how to, by changing the data of the entry we created in the previous section.
We can change the data within an entry by once again using the ADD parameter, this time however we need to use the /F parameter as well, which tells the REG command to overwrite any existing entries.
Let’s try changing the data within our entry to 1.
Here is the command we are going to use:

REG ADD HKLM\Software\MyKey /v MyEntry /t REG_DWORD /d 1 /F

Pretty easy right?
If you do not use the /F parameter and an existing entry is found the command line will ask you if you want to overwrite it, simply type “Yes” to confirm.
Once again let’s use the QUERY parameter to verify that the value of our entry has been changed.

REG Query HKLM\Software\MyKey /v MyEntry
Editing the Registry – Using the Command Line (Add, Delete & Modify)

And indeed, it is!
Awesome!

Deleting Keys & Values - Using CMD

Deleting items within the registry can be a bit risky, and by risky, I mean it can ruin your computer.
But that is no cause for concern, for as long as you are extremely careful and double check every command, you will probably be fine.
With that said, let’s delete the value we previously created.
To delete an entry simply use the DELETE parameter followed by the location and name of your entry.

REG Delete HKLM\Software\MyKey /v MyEntry
Editing the Registry – Using the Command Line (Add, Delete & Modify)

Press Y to confirm the operation.
Similarly, to delete an entire key use the /va parameter which tells the REG command to also delete any values within this key.

REG Delete HKLM\Software\MyKey /va

There are several more parameters with which you can use to perform several operations to your registry and will learn about them later on.

Example #1: Change Title Bar Colors

Now that you know the basics lets look at a few ways you can use that wealth of knowledge.
How about something simple, like specifying a security descriptor and editing the associated access control list.
What’s that, I hear you ask? That doesn’t sound simple?
Nevermind, how about changing the color of your title bars. You like colors, don’t you?
We can change the title bar color for every application and make windows look just a little bit better with just a few simple registry tweaks (the word simple is used loosely here).

 

 

To do so, we have to create two DWORD entries in the following location: HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM
One entry for the color we want our title bar to have when our applications are active (focused), and one for when they are inactive (unfocused).
Before we create our values however, we need to decide on the colors we want our tile bars to have and convert them into the appropriate format.
I will go with a dark turquoise for when my applications are active and black for when they are not.

 

 

Now we need to figure out the hex codes that correspond to our desired colors.
You can use an online converter, such as this one: HexColorTool
Or use an application with a color picker such as Paint or Photoshop.

Editing the Registry – Using the Command Line (Add, Delete & Modify)

In my case they are as follows:

  • 00ced1 – Dark Turquoise
  • 000000 – Back

You can find exactly what Hex codes (when referring to colors) are and how they work by clicking here
These hex codes are in the RGB Format, which means that the first two letters or numbers refer to the red component, the next two the green component and so on.
Windows however uses the BGR format (for some reason), which means that if we want windows to interpret our colors correctly, we need to convert them.
All we have to do is to switch the red and blue components around simply by switching the first and last two numbers or letters around.
Here is what my colors look like in the BGR format:

  • d1ce00 – Dark Turquoise
  • 000000 – Back

Now that we have our colors lets create our first entry named AccentColor, which will specify the title bar color for active applications:
Here is what the command would look like:

REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM /v AccentColor /t REG_DWORD /d 0xd1ce00

The /d parameter requires the 0x prefix when specifying hexadecimal values.
Replace its value with the color of your choice.
The tile bar color of your command prompt should immediately change!

Editing the Registry – Using the Command Line (Add, Delete & Modify)

Lest create a second entry named AccentColorInactive for our inactive applications.

REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM /v AccentColorInactive /t REG_DWORD /d 0x000000

Once again Replace the value of the /d parameter with the color of your choice while retaining the 0x prefix.
The title bar color of your active and inactive applications should now be changed into your desired colors.


Success! You not only know how to change the color of your title bar, but have learned a bit of computer color science as well!
You are welcome.

Example #2: Disabling Windows Defender

Whether you opt for a third party a anti-virus solution or you simply find Windows defender (and anti-viruses in general) annoying, you might chose to have it disabled.
Windows being windows does not give us an easy way to do this, however we can disable windows defender by creating a simple entry within our registry.
Simply create a DWORD entry named DisableAntiSpyware, with a data value of 1, in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
Here is what our command would look like:

REG ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender” /v DisableAntiSpyware /t REG_DWORD /d 1

Pretty simple right?
Windows Defender should be disabled after a restart.
If you are wondering why we used quotation marks to specify our location, that is because it contains a space within it.
The quotes tell the command line that the spaces separating the words do not constitute an additional parameter and that they are simply part of our path or location.

Example #3: Disabling Automatic Updates

Speaking of annoying windows features, automatic updates.
We have all experienced the supreme irritation of finding our computers unexpectedly deciding to spend a few hours updating themselves, just when you have an important project to finish.
No more of that! Lets disable automatic updates.
Once again this is pretty simple.
Create a DWORD entry named NoAutoUpdate with a data value of 1 within the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows


Now this is usually the point where I give you the complete command, and all you have to do is copy and paste it into your command line.
Not this time, call me cruel all you like, but you will have to do this one on your own.
This shouldn’t be hard, you might even learn something!
Thank me later!

 

 

P.S Be careful now, try not to break your computer (I take no responsibility).

Useful Parameters:

You are still here! All has gone well then.
Here is your reward:
A list of the most useful parameters for the reg command along with a brief description (not much of a reward but whatever).

 

  • QUERY – Displays the contents of a location within the registry or the value of an entry.
  • ADD – Creates or Edits entries.
  • DELETE – You can probably guess this one.
    COPY – Copies a specified registry entry from one location to another.
  • SAVE – Saves Keys and values into a specified file.
  • RESTORE – Writes entries and keys into the registry from a saved file.
  • LOAD – Writes entries and keys from a saved file into a different specified key.
  • UNLOAD – Removes entries and keys that where loaded with the Load parameter.
  • COMPARE – Compares two or more specified keys or values.
  • EXPORT – Writes entries and keys into the registry from a saved file, for use in a different computer.
  • IMPORT – imports the keys and values form a file that was created using the export parameter.

Examples Summarized:

For your convenience, here is a list of some of the examples we used, along with a brief description.


Creates a key named MyKey within theHKLM\Software Key.

REG ADD HKLM\Software\MyKey

Creates a DWORD Entry with a data value of zero named MyEntry, within the HKLM\Software Key.

REG ADD HKLM\Software\MyKey /v MyEntry /t REG_DWORD /d 0

Displays the data value of the MyEntry entry, which is located within the HKLM\Software Key.

REG Query HKLM\Software\MyKey /v MyEntry

Deletes the MyEntry entry, which is located within the HKLM\Software Key.

REG Delete HKLM\Software\MyKey /v MyEntry

Deletes the entire MyKey Key, which is located within the HKLM\Software Key.

REG Delete HKLM\Software\MyKey /va

Summary:

If only an article of this size could be summarized perfectly into three bullet points. Anyway, here goes:

 

  • The windows registry is a database that stores settings for the operating system as all as its applications.
  • Use the REG command and the QUERY parameter to view your registry.
  • Create or delete entries or sub entries using the REG command and the Add or Delete parameters.

That’s it:

That was a big article, I know, but you made it! So congratulations are in order.
You now know what the windows registry is and how to modify it from the command line.


If you liked this short guide take a look at a few of our other posts related to the windows command line, or if you really liked it consider enrolling in our video course where you will learn the ins and outs of the Windows command Line.

Read Next:

No more searching or memorizing commands!

This course has everything you need!

Enroll Now