Regdiff is a tool that allows you to snapshot the registry, compare the snapshot to the current state, look at what the differences are using the registry editor, save the differences to a file, and later merge or unmerge the changes back into/from the registry. Such a tool is useful for quick resetup of applications you frequently have to reload after updating your NT system. Its also useful for simply finding out what any particular operation changes in the registry. Here's how you would use regdiff to help you quickly reinstall excel: 1) load your new NT with fresh hives. 2) run regdiff -s c:\cleansnp this will save the current registry state into c:\cleansnp 3) now do your typical excel installation routine 4) Now that excel is all set run regdiff -d c:\cleansnp this finds out what differences there are between the current registry contents and your snapshot file c:\cleansnp. 5) Now, check out your changes using regedt32.exe and look at the HKEY_LOCAL_MACHINE\regdiff node. You will probably find "Add" and "Del" subkeys off of this node. The "Add" node shows all keys and values that were added to the registry since your snapshot and the "Del" node shows what has been removed. If the same value or key is in both nodes it means these parts have changed. At this point you may notice some random changes that took place in the registry since you last took your snapshot that have nothing to do with your installation actions. You can use regedt32.exe to edit the regdiff tree as needed so your diff information just contains what is pertinent. 6) Now save the diff information to a file. run: regdiff -w c:\exceldif 7) You may notice that you cannot delete this file. This is because it is loaded into the registry at this time. To unload it from the registry run: regdiff -r 8) Now you have a record of the exact changes that were made to the registry during your installation. Lets say you want to remove these changes from the registry. Run: regdiff -l c:\exceldif -u -r This just loaded the c:\exceldif diff info from the file into the registry and used that information to unmerge the changes from the registry. regdiff then removed/unloaded the diff information from the registry. An inspection of the registry will show all changes you made during installation have been removed. You may also see the progman group it created disappear. 9) Lets say you have now picked up a new NT with clean hives and you need to use excel via your email. You have the excel files on your disk but the registry is not set up so your double click on an email excel spreadsheet doesn't work. Run: regdiff -l c:\exceldif -m -r This replaces the changes referenced in the c:\exceldif file into the registry and then removes the diff information from the registry. 10)At this point you might want to install other apps. To get an accurate diff that is not dependent on your previous install do this: regdiff -l c:\exceldif -u // to remove your excel instalation changes install another app (say VC++) regdiff -d c:\cleansnp -w c:\vcppdif regdiff -l c:\exceldif -m // restores the excel changes. 11) Using this tool you can literally build up a batch file of all the diffs you want to have installed into your registry each time you pick up a new NT build. 12) If you want a little feedback from regdiff on what its doing during operation, you can specify the -v flag. If you think there is a bug, you can use the -@ flag to get extensive information on what regdiff is doing. 13) regdiff employs an inclusion and exclusion list to allow finer control over its operation. The default lists are set up to work well for general use but you may have some particular things you want to explore. To alter these lists create a text file that lists all the keys or values you want included or excluded and reference them on the command line along with the -i or -x flags. BE CAREFUL here. For instance, maybe you only want to snapshot a tiny part of the registry so your snapshot file is smaller. YOU SHOULD USE THE SAME INCLUSION LIST WITH YOUR DIFFS THAT YOU USED WITH YOUR SNAPSHOT! If your lists change between your snapshots, diffs, and merges, you may come up with erroneous results. Your lists can contain '?' characters for wild character matching. (Useful for \ControlSet005 type nodes.) regdiff usage: -s save current registry contents to snapfile. -d create diff information from current registry state and . -l load diff information into registry from . -w write diff information to from registry when done. -e erase input file(s) after done. -m merge diff information into current registry. -u unmerge diff information from current registry. -r remove diff information from registry when done. -x use to bypass diff, merge or unmerge on certain keys. -i use to snap or diff only certain keys. -v verbose output on. -@ Debug mode. -b break on errors. -n neuter - don't really do merges/unmerges. (for safe testing) and should not have extensions on FAT partitions. diff information is kept in HKEY_LOCAL_MACHINE\regdiff The default inclusions list is: HKEY_LOCAL_MACHINE\SYSTEM HKEY_LOCAL_MACHINE\SOFTWARE HKEY_CURRENT_USER The default exceptions list is: HKEY_LOCAL_MACHINE\SYSTEM\Clone HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CacheLastUpdate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet HKEY_LOCAL_MACHINE\SYSTEM\ControlSet???