Windows Server Hacks: Hacking System Restoreby Mitch Tulloch, author of Windows Server Hacks
System Restore is a new feature in Windows XP that lets you easily recover your system to a previous state. This is helpful when a poorly designed program causes problems after installation, your Registry becomes corrupted, you've made an incorrect configuration change you can't easily undo, or other instabilities arise that cause Windows to hang or crash.
How It Works
System Restore works by taking snapshots of your system configuration and saving them as restore points. Then, if your system becomes unstable for some reason, all you need to do is revert your system to the most recent restore point at which everything was working properly. Restore points are created in two ways: automatically by the operating system and manually when you feel you need to create one. To create a restore point manually, first select Start -> All Programs -> Accessories -> System Tools -> System Restore. Then select the "Create a restore point" option and follow the remaining steps of the wizard:
Automatic restore points (called system checkpoints) are created every 24 hours, provided your machine is turned on. If the machine is off, the scheduled checkpoint is created the next time you boot. Additionally, restore points are created when you initiate any of the following actions:
- using Windows Backup to create a backup of your system
- choosing to install a device driver that is unsigned and therefore may be unstable
- installing an update or patch you've downloaded using Windows Update or Automatic Updates
- installing Microsoft Office 2000 or later
- using System Restore to restore your system to an earlier restore point
System Restore isn't perfect, though. Here's a list of what is restored when you use the feature to restore your system to a previous point in time:
- the Registry
- local user profiles
- Windows File Protection DLL cache
- COM+ database
- WMI database
- IIS Metabase
And here are some things that System Restore does not restore:
- any user-created data stored in local user profiles on the machine
- passwords stored in the SAM hive
- Windows Product Activation status
- file types not monitored by System Restore (here is a list of all file types System Restore monitors by default)
- any items listed in the
KeysNotToRestorekeys under the HKLM\SYSTEM\ControlSet001\Control\BackupRestore Registry key
- DRM settings
Configuring System Restore
You can customize System Restore in several ways. First, you can designate how much disk space the feature uses for storing restore points. To do this, use the System Restore tab of the System utility in Control Panel:
Select a drive and click on Settings to configure the allotment of disk space that System Restore uses:
By default, the feature allocates 12 percent on every drive, which can be a huge waste of space if you rarely install new programs on your machine or reconfigure its settings. Be aware, however, that once the allocated space for System Restore becomes 90 percent full, Windows purges the oldest restore points until the availability drops back down to 75 percent.
Even if you leave lots of room for restore points, Windows still purges old restore points once they age beyond a certain value (90 days by default). If you want to keep your restore points longer for safety reasons or shorter to consume less disk space, you can edit the Registry to do this. Open regedit.exe and navigate to the following key:
There you'll find a value named
RPLifeInterval, which by default is
7776000 seconds (90 days); you can adjust it to change how long your restore points are saved before they're purged:
There are other Registry settings you can modify for System Restore, but RPLifeInterval is probably the most useful. For a full list of System Restore Registry keys and values, see article 295659 in the Microsoft Knowledge Base.
While we're at it, the Script Center on Microsoft TechNet has a couple of useful scripts for managing System Restore that you should check out.
If you want to disable only System Restore's automatic system checkpoints in order to make it easier to display a list of restore points with their name, date, and time, you can disable the Task Scheduler service on your XP machine. Doing this will prevent you from scheduling other tasks to run, of course, but on a desktop machine this may be a useful approach.
Finally, if you're proficient with VBScript, you can also use the Windows Management Instrumentation (WMI) to create, enumerate, or reinstate previous restore points. For some examples of how to do this, see article 259299 in the Knowledge Base.
Return to WindowsDevCenter.com.