Purpose:Monitor Windows Registry keys

 

Format:REGMONITOR [/C [key]]

REGMONITOR key NAME ATTRIBUTES VALUE SECURITY n command

 

keyKey name
NAMESubkey added or deleted
ATTRIBUTESChanges to the key attributes (such as the security descriptor information)
VALUEChanges to the value of a key
SECURITYChanges to the security descriptor
nNumber of repetitions (or FOREVER)
commandCommand to execute when condition is triggered

 

/C(lear)

 

Usage:

 

The command line will be parsed and expanded before REGMONITOR is executed, so if you want to pass redirection characters or variables to command you will need to protect them (by enclosing in single back quotes, doubling the %'s, or using command grouping).

 

If the last argument on the line is a single (, it is interpreted as the beginning of a command group. REGMONITOR will append the following lines (in a batch file) or prompt you for more input (at the command line) until it gets a closing ).

 

If you don't enter any arguments, REGMONITOR will display the registry keys it is currently monitoring.

 

The key must begin with either the full root key or the short name:

 

Full root keyShort
HKEY_CLASSES_ROOTHKCR        
HKEY_CURRENT_USERHKCU        
HKEY_LOCAL_MACHINEHKLM        
HKEY_USERSHKU        
HKEY_CURRENT_CONFIGHKCC        

 

If you append a \* to the key, REGMONITOR will monitor the specified key and all of its subkeys.

 

The monitoring runs asynchronously in a separate thread. When the condition is triggered, the command will be executed immediately. This may cause problems if you try to write to the display or access files while the main TCC thread is also performing I/O. You may need to use START or DETACH in command to avoid conflicts.

 

Example:

 

regmonitor "HKCU\Software\JP Software\Take Command 20.0\*" name value forever echo Windows Registry updated!

 

Options:

 

/CIf name is specified, remove the monitor for that registry key. Otherwise, remove all registry monitors.