I loved writing this article. It tought me so much about power of good old batch commands. Amazing!
Say, I am trying to resolve a problem in a registry. To isolate the problem, I need to delete hundreds of branches from an externally loaded Registry hive QQ\Classes from a parallel instance.
For example, I need to delete all branches that start with letter “M”. Doing it manually means hours of tedious clicking and possibility of disastrous “user” errors. Can I do this with a batch file and REG DELETE?
This article shows the way to do that. Here is a plan of action:
First, I saw a quiet lonely post here:
http://serverfault.com/questions/61507/delete-registry-key-using-wildcards
Instead of being enshrined and worshiped, this post was very hard to find. Plus, it has one error, just like any truly ancient holy text:
@echo off set TEMPFILE=%TEMP%\%RANDOM%.REG set TODELETE=%TEMP%\%RANDOM%.REG regedit /e "%TEMPFILE%" HKEY_CLASSES_ROOT\Installer find "HKEY_CLASSES_ROOT\Installer\Products" "%TEMPFILE%" | find "C]" > "%TODELETE%" find "HKEY_CLASSES_ROOT\Installer\UpgradeCodes" "%TEMPFILE%" | find "C]" >> "%TODELETE%" find "HKEY_CLASSES_ROOT\Installer\Win32Assemblies" "%TEMPFILE%" | find "C]" >> "%TODELETE%" for /f "delims=[]" %%i in (%TODELETE%) do reg delete /f "%%i" del "%TEMPFILE%" del "%TODELETE%" :end
I develop my own script based on an idea expressed in the last reply for that thread.
First, we need to load a SOFTWARE hive from a parallel instance into the registry. Open REGEDIT, highlight HKEY_LOCAL_MACHINE and load required hive. In this example we name a new hive QQQQ.
Let’s review each step in detail.
Let’s forget for a second, what is done here with %RANDOM%. Environment Variable %RANDOM% returns a random number between 0 and 32767.
(for a complete list see http://vlaurie.com/computers2/Articles/environment.htm)
Let’s start with this command:
REGEDIT /E "C:\T\STORE.TXT" HKEY_LOCAL_MACHINE\QQQQ\Classes
This command will export a content of loaded QQQQ\Classes registry branch into a file C:\T\STORE.TXT. As a result, you will get a large 15MB text file that is ready to be processed further.
Next command will search for all lines, where string QQQQ\Classes\M occurs and it will put the results into a file STR-TO-DEL.TXT. Please note that this Classes\M is as close as we will get to a wildcards. We have to create a list of “M” with the first command and then append (>>) to the list all “m” with a second command.
FIND "HKEY_LOCAL_MACHINE\QQQQ\Classes\M" "C:\T\STORE.TXT" > "C:\T\TO-DEL.TXT" FIND "HKEY_LOCAL_MACHINE\QQQQ\Classes\m" "C:\T\STORE.TXT" >> "C:\T\TO-DEL.TXT"
These 2 commands will create a 136 KB list, a guidance for the next command to go and methodically delete all the branches in the list. A little problem with this list are duplicates. For example, our list will contain lines like these:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailFileAtt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MailFileAtt\CLSID]
but I can’t think of an easy way to exclude this types of duplicates.
Finally, let’s consider the last line – FOR command. This command allows to repeat a command multiple times and extract parameters for a command from a text file. Caution! This command will delete multiple entries from your registry. You need to understand exaclty, what are you doing here and why.
Get to know the powerful FOR command first. You can generate your own little manual by using:
FOR /? > C:\T\FOR-HELP.TXTAlso search Internet for good and clear examples for FOR command. Noteworthy options for handling “Instructions File” are:
– number of lines to skip at the top of the file (for headers), and
– set a character marking comments lines to skip.
Use %% for a batch file situation, or a single % for a Command Prompt:
FOR /F " DELIMS=[]" %%a IN (C:\T\TO-DEL.TXT) DO REG DELETE "%%a" /F
FOR /F "DELIMS=[]" %a IN (C:\T\TO-DEL.TXT) DO REG DELETE "%a" /F
/F “DELIMS=[]”
You specify options with switch /F and enclose all options in double quotation marks ” “. In this case, command stated that each line is enclosed (delimited) with square brackets.
%%a or %a
Use double %, if you will place your FOR command in a batch file. If you run your command from a Command Prompt, use a single %. Entire line from the text file will be used as a parameter for the command.
IN (“C:\T\TO-DEL.TXT”)
This tells, where to look for a text file with a list of commands. In this case, we are referring to a file we just created with a list of registry branches to delete.
DO REG DELETE “%%a” /F
Last thing is a command to execute multiple times. In this case, execute command REG DELETE with a switch /F – force and use a parameter from our text file.
Result is a beautiful clean empty space in the registry, where it used to be thousands of entries, that your would have to otherwise delete manually. Perfect! Thank you “Thigh Master”!
Note:
This article doesn’t address the problem of registry permissions. You would not be able to delete massive registry branches if Administrator doesn’t have a permission. Let me address this topic in a separate article. Search this blog for “subinacl.exe“.
Be the first to comment