How to Iterate Through All Subkeys Under a Key in a Batch Script
A common task in advanced scripting, especially for system audits or cleanup, is to "walk" or "iterate" through the registry. You might need to find all the user profiles listed under HKEY_USERS or list all the installed applications under the Uninstall key. This requires a script that can enumerate all the subkeys directly under a parent key.
This guide will teach you the standard and most effective method for iterating through registry subkeys using a FOR /F loop combined with the REG QUERY command. You will learn the correct syntax to capture the list of keys and how to process each one in a loop, enabling you to build powerful registry automation scripts.
CRITICAL NOTE: This is an administrative task. To access and enumerate system-wide keys (like those in HKEY_LOCAL_MACHINE), your script must be run with full administrator privileges.
The Challenge: No FOR EACH KEY Command
The batch FOR loop has no native switch for the registry. You cannot simply write FOR /Registry %%K IN (...). Instead, you must use a command that can generate a text-based list of the subkeys and then use the FOR /F command to parse that text output, line by line.
The Core Method: REG QUERY and FOR /F
The solution is a powerful combination of two commands:
REG QUERY "KeyName": When run without any value switches (/v), this command lists all the subkeys and values directly underKeyName. Crucially for us, the subkeys are listed as full paths.FOR /F: This loop can execute theREG QUERYcommand, capture its text output, and then iterate over that output one line at a time.
Syntax: FOR /F "delims=" %%K IN ('REG QUERY "ParentKey"') DO (command)
'REG QUERY "ParentKey"': The command to execute. It must be in single quotes."delims=": This option is important. It ensures that the entire line fromREG QUERY(which may contain spaces) is captured into the loop variable.%%K: The loop variable that will hold the full path of each subkey on each iteration.
Basic Example: Listing All User Profiles
The HKEY_USERS (HKU) hive contains a subkey for each user profile currently loaded on the system, identified by their Security ID (SID). Let's list them.
For example:
@ECHO OFF
REM This script is best run as an Administrator.
SET "ParentKey=HKEY_USERS"
ECHO --- Listing all subkeys under %ParentKey% ---
ECHO.
FOR /F "delims=" %%K IN ('REG QUERY "%ParentKey%"') DO (
ECHO Found subkey: "%%K"
)
The REG QUERY command's output includes the parent key itself, which the FOR /F loop also captures.
--- Listing all subkeys under HKEY_USERS ---
Found subkey: "HKEY_USERS\.DEFAULT"
Found subkey: "HKEY_USERS\S-1-5-18"
Found subkey: "HKEY_USERS\S-1-5-19"
Found subkey: "HKEY_USERS\S-1-5-20"
Found subkey: "HKEY_USERS\S-1-5-21-..."
Found subkey: "HKEY_USERS\S-1-5-21-..._Classes"
How the Script Works
When the FOR /F loop runs the REG QUERY "HKEY_USERS" command, it receives a block of text. The loop then processes this text line by line. For each line that contains a subkey path, it assigns that full path to the %%K variable and then executes the DO block.
This pattern is simple, powerful, and the standard way to enumerate registry keys.
Common Pitfalls and How to Solve Them
-
Administrator Rights: The most common cause of failure is a lack of permissions. If you try to query a protected key (like most of
HKEY_LOCAL_MACHINE) as a standard user, you will get an "Access is denied" error. Solution: You must run the script as an Administrator. -
Parsing the Output: The
REG QUERYcommand lists both subkeys and values. If you only want to process the subkeys, you need to be aware that the values will be listed as well. For the simple task of iterating subkeys, this is often not a problem, but in more complex scripts, you might need to filter the output further. The example below shows one way to do this. -
Using Abbreviations (
HKLM): TheREG QUERYcommand requires the full hive name (HKEY_LOCAL_MACHINE). The common abbreviations (HKLM,HKCU) will not work and will result in an error.
Practical Example: A Script to List All Installed Software
This is a perfect real-world use case. The script iterates through all the subkeys under the Uninstall registry key. Each subkey represents an installed application. The script then queries the DisplayName from within each of those subkeys.
@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
REM This script MUST be run as an Administrator.
SET "UninstallKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
ECHO --- Listing Installed 64-bit Software ---
ECHO.
FOR /F "delims=" %%K IN ('REG QUERY "%UninstallKey%"') DO (
REM Query the "DisplayName" value from within each subkey "%%K"
FOR /F "tokens=2,*" %%A IN ('REG QUERY "%%K" /v DisplayName 2^>NUL') DO (
REM The value is in %%B. We echo it.
ECHO -> %%B
)
)
ENDLOCAL
How this advanced script works:
- The outer loop (
FOR /F ... %%K) gets the list of all subkeys (e.g.,HKLM\...\Uninstall\{GUID}). - The inner loop (
FOR /F ... %%A) runs for each of those subkeys. It executesREG QUERYagain, but this time on the specific subkey ("%%K") to get theDisplayNamevalue (/v DisplayName). 2^>NUL: This is crucial. It suppresses errors for keys that do not have aDisplayNamevalue, keeping the output clean.tokens=2,*: This parses theDisplayName REG_SZ Application Nameline, and%%Bcontains the actual application name.
Conclusion
The combination of REG QUERY and a FOR /F loop is the standard and most effective method for iterating through registry subkeys in a batch script.
For reliable results:
- Always run your script as an Administrator to avoid access errors.
- Use the core syntax:
FOR /F "delims=" %%K IN ('REG QUERY "ParentKey"') DO .... - Remember to use the full hive names (
HKEY_LOCAL_MACHINE), not abbreviations. - For advanced tasks, you can nest
FOR /Floops to first find a key and then query values inside it.