You’ve used regedit thousands of times and you know it inside and out, right? Wanna bet? I’ve got ten advanced tips that you probably didn’t know. And if you’re like most of the engineers I’ve taught your reaction to the first one will be audible.
Launch regedit and look at the menu bar – notice the Favorites menu? No, it’s not new. It’s been there since at least XP (August 2001) and probably longer. Browse to a key, hit Favorites / Add To Favorites (or Alt+A,A), and give it a name. No more remembering long, obscure CurrentControlSet paths.
You’re welcome. That’s one.
Two. Your favorites are portable. They only work with the local registy but you can export and import them as they’re stored in the registry. Add a favorite and check for it under:
Three. Select any value and under View choose Display Binary Data to get alternate binary views of the data.
Four. Under the Edit menu or right-click a value and choose Modify Binary Data to change the values. This works for all types, including SZ and MULTI_SZ values. Be careful.
Five. Under the Edit menu you can change Permissions. (Less well-known is that every value also has a last-written time, but it’s not exposed in Regedit.)
Six. Choose a reg key and under the File menu Export. Go to Save As Type and click the drop down arrow. You’ll notice that in addition to the .reg file type you can export as a .txt or a hive. Hives have no standard file extension but you’ll commonly see .hiv or .dat or no extension at all (such as ntuser.dat or SYSTEM and SOFTWARE). The hive is the native binary registry file format.
Seven. If you Import a hive it will delete and overwrite the current registry key.
Eight. If you select HKLM or HKU you’ll have the option to Load Hive, in which case you can mount and unmout a hive underneath that key. This is just a temporary measure and you’re not overwriting anything, unlike importing a hive – when the system reboots the mounted hive won’t be reloaded. While the hive is mounted you’ll be able to edit the contents just like any other key. A hive is a much more compact and reliable method for transferring an entire registry tree. (This is the method that Server Cluster/Failover Cluster has used since it’s initial release to maintain a uniform configuration across nodes.) The other top level keys – HKCR, HKCU, and HKCC are either redirects (first two) or dynamically generated (HKCC) and don’t support nested hives.
That’s all for the GUI, but there are two more points.
Nine. SysInternals has a command-line tool named regjump that automates opening a given reg key. It does this by launching regedit and issuing Windows messages to tell the UI to browse to the correct path, much as if you’d done it yourself manually.
And ten – the undocumented switch. Regedit is a “singleton” app, much like Windows Media Player – if you launch a second instance it will detect and set the focus on the first instance then exit. If, however, you specify “regedit /m” it tells it to ignore the singleton functionality and launches a second instance. You’re now able to do side-by-side registry comparisons. It doesn’t change the functionality of the registry – it’s still last-writer-wins – so you may need to do the extra occasional F5 refresh just to make sure. This is particularly handy if you’re comparing against a remote registry or inside versus outside of the bubble with App-V.
Cheers and happy regging.