Reg Flags - DOS/Command Prompt Reference

[Windows Vista or later] Retrieves or sets flags related to registry virtualization. This is one of the operations of Reg command.

Syntax
Details
Samples

Syntax

reg[.exe] flags <key> query [/reg:[32|64]]

reg[.exe] flags <key> set
  [DONT_VIRTUALIZE] [DONT_SILENT_FAIL] [RECURSE_FLAG] [/reg:[32|64]]

Options

<key>	Specifies the key for which to retrieve or set flags. The key must start with HKEY_LOCAL_MACHINE\Software\ (or HKLM\Software\).
query	Outputs the state of flags set on the key. Three states will be output: `REG_KEY_DONT_VIRTUALIZE`, `REG_KEY_DONT_SILENT_FAIL`, and `REG_KEY_RECURSE_FLAG` (refer to Details for descriptions of each type).
set [DONT_VIRTUALIZE] [DONT_SILENT_FAIL] [RECURSE_FLAG]	Sets flags on the key. Choose zero or more from `DONT_VIRTUALIZE`, `DONT_SILENT_FAIL`, and `RECURSE_FLAG` to set (specify if setting flags, leave unspecified if not setting). If none are selected, all flags will be in the CLEAR (unset) state. * The flag names are case-insensitive.
/reg:[32\|64]	If there is an environment with both 64-bit and 32-bit versions (WOW64), specifying ‘/reg:32’ will reference registry data used by 32-bit applications (for example, ‘HKLM\Software\WOW6432Node’ for HKLM), and specifying ‘/reg:64’ will reference registry data used by 64-bit applications. If this option is omitted, the executed Reg.exe will reference the registry corresponding to its bit version. If it is a 64-bit version, it will reference the 64-bit registry; if it is a 32-bit version (located under %SystemRoot%\SysWOW64), it will reference the 32-bit registry. If you want to reference registry data for a specific application and know whether it's 32-bit or 64-bit, you can explicitly specify this option to avoid ambiguity. * Even if Reg.exe is a 32-bit version, you can reference the 64-bit registry by using ‘/reg:64’. * If you are using the 64-bit version of Reg.exe, you can also directly specify keys such as ‘HKLM\Software\WOW6432Node’ when referencing the 32-bit registry.

Details

The "FLAGS" command in Reg is used to manage flags in the context of ‘Registry Virtualization’, introduced in Windows Vista and later. In Registry Virtualization, when a 32-bit application without administrator privileges attempts to write to the ‘HKEY_LOCAL_MACHINE\Software’ key, the write is redirected to the ‘HKEY_USERS\<sid>_Classes\VirtualStore\Machine\Software’ key, which serves as a virtualized store. When reading, the data from the original key and the key under VirtualStore are treated in a merged state (with VirtualStore taking precedence).

In virtualization, each key has flags, and there are three types of flags, each with the following meanings.

* When setting with ‘set’, you must omit the initial ‘REG_KEY_’.

`REG_KEY_DONT_VIRTUALIZE`	Prevents the use of the virtual store and causes the operation to fail if an application attempts to write to the registry (under HKEY_LOCAL_MACHINE\Software) without sufficient permissions. In essence, it ‘disables virtualization’.
`REG_KEY_DONT_SILENT_FAIL`	When an application attempts to open the registry (under HKEY_LOCAL_MACHINE\Software) and fails due to reasons such as insufficient permissions, it typically retries to open it with MAXIMUM_ALLOWED permissions if it is a target for virtualization. Setting this flag prevents such retries and treats it as a failure without attempting to open it again with MAXIMUM_ALLOWED permissions.
`REG_KEY_RECURSE_FLAG`	Propagates the flags of virtualization (including this flag) to child keys. The propagation applies to child keys created after this flag is set, and it does not propagate to keys that have already been created.

Samples

Sample

reg flags HKLM\Software\MyApp set DONT_VIRTUALIZE

Removes the ‘HKEY_LOCAL_MACHINE\Software\MyApp’ key from the scope of virtualization. If an application without sufficient permissions attempts to write keys or values under this key, it will fail.