0

Alright so I was trying to delete the shell data in the registry. I can get to it and get all of the information right, but I want to automate it for all users. The one I can use right now only targets a specific file.

reg delete "HKEY_USERS\S-1-5-21-3793956547-500355711-2568367668-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags" /f

What I wanted to do was skip the input for S-1-5-21 and have it target all of the keys within HKEY_USERS. This way I can get all of the shell data deleted with the press of a button.

I am not sure if there is a variable for this, or maybe I am going in the wrong direction here. Any input is appreciated and I will attempt to answer any questions I can.

Improve this question
8
  • 1
    Are you asking, is there a way to enumerate all the subkeys of HKEY_USERS automatically within a batch file? Commented Jan 20, 2017 at 23:03
  • the registry for shellbags differs depending on OS version and 32/64 bit; can you provide this information? Commented Jan 20, 2017 at 23:11
  • I think that is what I am asking Govind, sorry I am new to this and still learning the vocab. But I am looking to write it out so it includes all of the subkeys in HKEY_USERS. So if we had: S-1-5-1, S-1-5-2, S-1-5-3, F-2-6-1 I want to be able to have those files all included without actually typing in all of the file names. This way I can run it on multiple systems. I am not sure what a wildcard would be though. Commented Jan 20, 2017 at 23:14
  • Right now I am working with a windows 8 64-bit system Commented Jan 20, 2017 at 23:16
  • 1
    I think that is what I'm asking...sorry I am new to this. Wait. You're automating deleting a bunch of keys from the registry, where if you make a mistake it can brick your computer because you bork the OS, and you don't understand what you're asking? And you're new to scripting? I hope this is your home computer. Commented Jan 20, 2017 at 23:48

2 Answers 2

Reset to default
1

To enumerate the HKEY_USERS you can Reg Query within a For /f

@Echo off
Set "Hive=HKEY_USERS"
For /F "delims=" %%A in (
  'Reg Query "%Hive%" ^|findstr "%Hive%\S-1-5-21" '
) Do Echo %%A

Replace Echo with any cmd you like to execute.

Sample scrambled output:

> SO_41773670.cmd
HKEY_USERS\S-1-5-21-2140113576-3579786329-1990256020-1001
HKEY_USERS\S-1-5-21-2140113576-3579786329-1990256020-1001_Classes
HKEY_USERS\S-1-5-21-2140113576-3579786329-1990256020-1005
HKEY_USERS\S-1-5-21-2140113576-3579786329-1990256020-1006
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Ah, so another way to do things. I will look for a way to utilize this too. Thanks Lot!
0

Something like this may very well suit your needs, it is very likely language dependent, and blind automated removal of registry subkeys is not my recommendation.

@Echo Off
For /F "EOL=E Delims=" %%A In ('Reg Query HKU /S /F Bags /K'
) Do Echo=Reg Delete "%%A" /F&&Echo=Reg Add "%%A"
Timeout -1

remove the two instances of Echo= and the last line if you're happy with the output and wish to continue.

Improve this answer

1 Comment

Yes, this is exactly what I was looking for. Thank You! I understand what you mean, I am just going after ShellBags files. That give info of when a file was last modified. I do like how you also added add for me as well. Looking at the echo it shows the right places for this system at, and nothing that seems in the wrong area.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.