Remove a Registry Key

  • Hello FOG;

    I’m trying to remove a Registry key from Windows after the image has been deployed.
    I am aware of the REGED utility, however, this one only imports .reg files and I must say that I do not now how to remove a reg key.

    Is this even possible?

    Love to hear,


  • Developer

    @abos_systemax OHH, okay, I get you! sorry for the misunderstanding there.

    I don’t have any experience with this yet, but I will get to playing “working” and see if I can’t figure something out in my free time!

  • The RegKey works perfect in Windows, it appears that the REGED program in FogOS is the one having issues with the notation.
    I was looking for any documentation on the subject, but Google refuses to think that I really do not wish results for REGEDIT, but for REGED.

    That is why I wanted to boot to FogOS without actually deploying an image, so I could actually try to find a manual for REGED :)

  • Developer


    I know this method works, I have used it in the past. I would start by troubleshooting the script on a client machine that is already imaged, tweaking the script to work, then leaving the script in the drive someplace and calling it through a snapin or some how (first time log in, (There is a registry value for the default user hive that is labeled as “run once” you could try including your script in the user hive))

    just a quick question, in your reg file you didn’t write the code like this did you? “<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Elements>”

    you can probably still use your script above, but you will need to look at the reg file. The easiest way to solve this is to export the reg key from another machine and edit the .reg file by adding the - after the first bracket [

    Deleting Registry Keys and Values

    To delete a registry key with a .reg file, put a hyphen (-) in front of the RegistryPath in the .reg file. For example, to delete the Test subkey from the following registry key:
    put a hyphen in front of the following registry key in the .reg file:
    The following example has a .reg file that can perform this task.
    To delete a registry value with a .reg file, put a hyphen (-) after the equals sign following the DataItemName in the .reg file. For example, to delete the TestValue registry value from the following registry key:
    put a hyphen after the “TestValue”= in the .reg file. The following example has a .reg file that can perform this task.
    To create the .reg file, use Regedit.exe to export the registry key that you want to delete, and then use Notepad to edit the .reg file and insert the hyphen.


  • hmm, sadly REGED doesn’t seem to like it.

    The error:

    import_reg: WARNING: found key <-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments> not matching prefix <HKEY_LOCAL_MACHINE\SOFTWARE>
    Customer.Script: Line 24: 17695 Aborted reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey

    The code:

    mkdir /WinC #create folder to mount C dir to
    ntfs-3g -o -force,rw /dev/mmcblk0p3 /WinC #mount windows disk
    cd /WinC/Windows/System32/config #here is where the registry is kept
    RegKey="RemoveElements.reg" #file that will remove a regkey
    touch $RegKey
    echo "Windows Registry Editor Version 5.00" >> $RegKey
    echo "[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments]" >> $RegKey #notice: The - in front of "HKEY..." is to remove the entry.
    reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey #change the registry (notice the \\ instead of \)
    rm $RegKey
    umount -l /WinC

    Is there something I’m doing wrong? Importing a key this way does work
    also: importing this key in Windows does also remove the key; so this might be a REGED related issue?

    – On another note:
    How can I stop the Script execution and intervene in FOS? (if at all possible), this image takes > 60 minutes to deploy; making troubleshooting quite the struggle

  • To expand further:

    Windows Registry Editor Version 5.00
    ; delete a registry key
    ; delete a registry value
    ; delete only the value data of a value

    A great starting point

  • I did not know about the ‘-’ in front of the key… if that works that’d be great!..

    I’m trying to remove a regkey during postdeployment; because recreating the image because of one key is kind of ambiguous. I’ll check out your advice, will post back later!

  • Developer

    Since you are trying to remove a key. You can use the command line to do so.
    reg delete "HKCU\The\Registry\To\Delete" /f

    OR if you have a .reg file open the file and put a - before the HKEY portion…
    like so and do a reg import for that file.

    I use a hidden flag.txt and a script that will look for the flag.txt file, if not found, it will run some scripts similar to what you have described and then the next time the user logs in, if the flag.txt is present (which it should be, the script copies the file to where it needs to be.) then the script won’t run again.
    I do this in cases where I need to update the registry values for that user only one time. I.E. I set the taskbar, and Start menu to a specific layout. I don’t want to do this on every log in, and it requires registry edits. So I do it once per user when flag.txt isn’t present.

    Another option would be to create the script, use a snap in as a deployment after imaging completes. I don’t know exactly what you are trying to accomplish, but I am certain it can be done.

    Hope this helps!

  • Senior Developer

    Of course it’s possible. I couldn’t tell you how to do it, but I know it can be done.