The Windows Registry is a hierarchical database that stores configuration settings for the operating system, applications, and hardware. Knowing how to read, write, and delete registry entries is essential for system administration, troubleshooting, and application configuration. This guide covers multiple methods including the GUI editor, command-line tools, and PowerShell.
Understanding the Registry Structure
The registry is organized into five root keys (hives):
| Hive | Abbreviation | Purpose |
|---|---|---|
| HKEY_LOCAL_MACHINE | HKLM | Computer-wide settings (hardware, software, system) |
| HKEY_CURRENT_USER | HKCU | Settings for the currently logged-in user |
| HKEY_CLASSES_ROOT | HKCR | File associations and COM object registrations |
| HKEY_USERS | HKU | Settings for all user profiles on the machine |
| HKEY_CURRENT_CONFIG | HKCC | Current hardware profile information |
Each hive contains keys (like folders) and values (like files). Values have a name, type, and data.
Common Value Types
| Type | Description | Example |
|---|---|---|
| REG_SZ | String | C:\Program Files\MyApp |
| REG_DWORD | 32-bit integer | 1 (often used for on/off) |
| REG_QWORD | 64-bit integer | 4294967296 |
| REG_BINARY | Binary data | 01 00 00 00 |
| REG_EXPAND_SZ | Expandable string (environment variables) | %SystemRoot%\System32 |
| REG_MULTI_SZ | Multi-string (array of strings) | String1\0String2\0 |
Method 1: Registry Editor (Regedit)
The graphical Registry Editor is the most common way to browse and edit the registry.
Opening Regedit
- Press Win + R, type
regedit, and press Enter. - Accept the UAC prompt (administrator privileges are needed for HKLM changes).
Reading Values
- Navigate to the desired key in the left pane using the tree structure.
- Values for the selected key appear in the right pane showing the name, type, and data.
Writing (Creating or Modifying) Values
To create a new value:
- Navigate to the target key.
- Right-click in the right pane and select New > choose the value type (String Value, DWORD, etc.).
- Type the value name and press Enter.
- Double-click the new value to set its data.
To modify an existing value:
- Double-click the value in the right pane.
- Change the data and click OK.
Deleting Values or Keys
- Right-click the value or key.
- Select Delete.
- Confirm the deletion.
Backing Up Before Changes
Always export a backup before making changes:
- Right-click the key you are about to modify.
- Select Export.
- Save the
.regfile to a safe location.
To restore, double-click the .reg file and confirm the import.
Method 2: reg.exe Command-Line Tool
The reg command is built into Windows and is useful for scripting and batch files.
Reading Values
:: Read a specific value
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion" /v ProgramFilesDir
:: List all values under a key
reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
:: Recursive query
reg query "HKLM\SOFTWARE\MyApp" /sWriting Values
:: Create or modify a string value (REG_SZ)
reg add "HKCU\SOFTWARE\MyApp" /v SettingName /t REG_SZ /d "SettingValue" /f
:: Create a DWORD value
reg add "HKCU\SOFTWARE\MyApp" /v EnableFeature /t REG_DWORD /d 1 /f
:: Create a QWORD value
reg add "HKCU\SOFTWARE\MyApp" /v LargeNumber /t REG_QWORD /d 8589934592 /f
:: Create an expandable string value
reg add "HKLM\SOFTWARE\MyApp" /v InstallPath /t REG_EXPAND_SZ /d "%ProgramFiles%\MyApp" /fThe /f flag forces the operation without prompting for confirmation.
Deleting Values and Keys
:: Delete a specific value
reg delete "HKCU\SOFTWARE\MyApp" /v SettingName /f
:: Delete an entire key and all its values and subkeys
reg delete "HKCU\SOFTWARE\MyApp" /fExporting and Importing
:: Export a key to a .reg file
reg export "HKCU\SOFTWARE\MyApp" C:\backup\myapp_settings.reg
:: Import a .reg file
reg import C:\backup\myapp_settings.regMethod 3: PowerShell
PowerShell provides the most flexible approach to registry management, using cmdlets that treat the registry like a file system.
Navigating the Registry
PowerShell maps registry hives as PSDrives:
# List available registry drives
Get-PSDrive -PSProvider Registry
# Navigate to HKLM
Set-Location HKLM:\SOFTWARE\Microsoft
# List subkeys
Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersionReading Values
# Read all values in a key
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion"
# Read a specific value
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion" -Name "ProgramFilesDir"
# Get just the value data
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion").ProgramFilesDir
# Check if a value exists
$value = Get-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "Setting" -ErrorAction SilentlyContinue
if ($value) {
Write-Host "Value exists: $($value.Setting)"
} else {
Write-Host "Value does not exist"
}Writing Values
# Create a new key
New-Item -Path "HKCU:\SOFTWARE\MyApp" -Force
# Create or modify a string value
Set-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "AppName" -Value "My Application"
# Create a DWORD value
New-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "EnableFeature" `
-Value 1 -PropertyType DWORD -Force
# Create a multi-string value
New-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "ServerList" `
-Value @("Server01", "Server02", "Server03") -PropertyType MultiString -Force
# Create a binary value
New-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "BinaryData" `
-Value ([byte[]](0x01, 0x02, 0x03, 0x04)) -PropertyType Binary -Force
# Create an expandable string value
New-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "LogPath" `
-Value "%USERPROFILE%\Logs" -PropertyType ExpandString -ForceDeleting Values and Keys
# Delete a specific value
Remove-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "EnableFeature"
# Delete an entire key and all its contents
Remove-Item -Path "HKCU:\SOFTWARE\MyApp" -Recurse -Force
# Delete a value only if it exists
if (Get-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "Setting" -ErrorAction SilentlyContinue) {
Remove-ItemProperty -Path "HKCU:\SOFTWARE\MyApp" -Name "Setting"
}Querying the Remote Registry
# Read registry on a remote computer
Invoke-Command -ComputerName "Server01" -ScriptBlock {
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion" -Name "ProgramFilesDir"
}Method 4: Group Policy Preferences
For enterprise environments, Group Policy Preferences (GPP) is the recommended way to deploy registry changes to multiple computers.
Steps
- Open Group Policy Management Console and edit a GPO.
- Navigate to Computer Configuration (or User Configuration) > Preferences > Windows Settings > Registry.
- Right-click and select New > Registry Item.
- Configure the registry item:
- Action: Create, Replace, Update, or Delete
- Hive: Select the root key
- Key Path: Enter the full path
- Value name: The name of the value
- Value type: REG_SZ, REG_DWORD, etc.
- Value data: The data to set
- Click OK.
Actions Explained
| Action | Behavior |
|---|---|
| Create | Creates the value only if it does not already exist |
| Replace | Deletes and recreates the value (removes it first if it exists, then creates it) |
| Update | Creates the value if it does not exist, or modifies it if it does |
| Delete | Removes the value |
Update is the most commonly used action because it handles both creation and modification.
Common Registry Paths
Here are frequently accessed registry locations:
| Path | Purpose |
|---|---|
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Current user startup programs |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | All users startup programs |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | Installed programs list |
HKLM\SYSTEM\CurrentControlSet\Services | Windows services configuration |
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer | Explorer shell settings |
HKLM\SOFTWARE\Policies | Computer Group Policy settings |
HKCU\SOFTWARE\Policies | User Group Policy settings |
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | Windows version information |
Safety Best Practices
- Always back up before making changes. Export the key or create a System Restore point.
- Never delete keys you do not understand, especially under HKLM\SYSTEM or HKLM\SOFTWARE\Microsoft\Windows NT.
- Test changes on a single machine before deploying to multiple computers via GPO.
- Use Group Policy Preferences for enterprise deployment instead of manual editing or login scripts.
- Document all changes so they can be reverted if problems arise.
- Use the /f flag carefully with reg.exe, as it bypasses confirmation prompts.
Summary
Windows registry entries can be read, written, and deleted through multiple methods. Regedit provides a graphical interface for interactive browsing and editing. The reg.exe command-line tool is ideal for scripts and batch files. PowerShell cmdlets (Get-ItemProperty, Set-ItemProperty, New-ItemProperty, Remove-ItemProperty) offer the most flexible and scriptable approach. For enterprise environments, Group Policy Preferences provides centralized, manageable deployment of registry changes across domain-joined computers. Regardless of the method, always create a backup before modifying the registry and test changes in a controlled environment first.