Programming Field

Reg Unload - DOS/Command Prompt Reference

[Windows NT series/XP or later] Unloads the loaded ‘hive data’ on the registry tree. This is one of the operations of Reg command.

* The execution of the command requires backup privileges (SeBackupPrivilege) and restore privileges (SeRestorePrivilege) (usually both are granted to the Backup Operators group). If you are running the command from the Command Prompt and it doesn't have ‘Administrator’ in the window title, you may need to open Command Prompt with elevation, such as by selecting ‘Run as Administrator’.

Syntax

reg[.exe] unload <key>

オプション一覧

<key>

Specifies the key name where the hive data has been loaded. For specific instructions on how to specify the key name, please refer to ‘About specifying key names’.

The key name specified here is limited to only the root keys HKEY_LOCAL_MACHINE or HKEY_USERS. Additionally, only subkeys directly under HKEY_LOCAL_MACHINE or HKEY_USERS can be specified, and generally, only the registry keys that the current user has loaded the hive for can be specified.

Details

The ‘UNLOAD’ command in Reg is literally the counterpart of ‘REG LOAD’ command, unloading the loaded hive data. The loaded hive data file is locked by the system, making it inaccessible to other programs. Therefore, if you want to move or copy the hive data file after completing certain operations on the registry, you need to use Reg Unload first to unload it.

Samples

Sample

reg load HKLM\TempRegKey X:\Users\Somebody\NTUSER.DAT
reg delete HKLM\TempRegKey\Software\Microsoft\Windows\CurrentVersion\Run /va /f
reg unload HKLM\TempRegKey

Deletes all values under the ‘Software\Microsoft\Windows\CurrentVersion\Run’ key in the registry data contained in the hive data file ‘X:\Users\Somebody\NTUSER.DAT’. This loads the data to ‘HKEY_LOCAL_MACHINE\TempRegKey’ by using Reg Load, performs the deletion of values, and then unloads to release the file lock (not unloading can prevent normal disk removal, etc.). Since it is loaded under ‘HKEY_LOCAL_MACHINE\TempRegKey’, operations on the registry within the hive data are performed on keys and values under ‘HKEY_LOCAL_MACHINE\TempRegKey’.

This example is designed for maintenance operations where an external disk drive with another installation of Windows is connected. It aims to delete all startup programs in the registry settings of a specific user (‘deleting all as a potential cause of malfunction’). With the appropriate file access rights, maintenance operations on another device's Windows at the registry level can be performed using hive load and unload operations. As mentioned in the notes in Reg Load's ‘Details’, careless operations can have fatal consequences. Therefore, when performing such operations, it is crucial to exercise extreme caution.