oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
Windows Server Hacks

Windows Server Hacks: Hacking System Restore

by Mitch Tulloch, author of Windows Server Hacks

System Restore is a new feature in Windows XP that lets you easily recover your system to a previous state. This is helpful when a poorly designed program causes problems after installation, your Registry becomes corrupted, you've made an incorrect configuration change you can't easily undo, or other instabilities arise that cause Windows to hang or crash.

How It Works

System Restore works by taking snapshots of your system configuration and saving them as restore points. Then, if your system becomes unstable for some reason, all you need to do is revert your system to the most recent restore point at which everything was working properly. Restore points are created in two ways: automatically by the operating system and manually when you feel you need to create one. To create a restore point manually, first select Start -> All Programs -> Accessories -> System Tools -> System Restore. Then select the "Create a restore point" option and follow the remaining steps of the wizard:

Click for a larger view
(Click on the screenshot to open a full-size view.)

Automatic restore points (called system checkpoints) are created every 24 hours, provided your machine is turned on. If the machine is off, the scheduled checkpoint is created the next time you boot. Additionally, restore points are created when you initiate any of the following actions:

Related Reading

Windows Server Hacks
100 Industrial-Strength Tips & Tools
By Mitch Tulloch

  • using Windows Backup to create a backup of your system
  • choosing to install a device driver that is unsigned and therefore may be unstable
  • installing an update or patch you've downloaded using Windows Update or Automatic Updates
  • installing Microsoft Office 2000 or later
  • using System Restore to restore your system to an earlier restore point

System Restore isn't perfect, though. Here's a list of what is restored when you use the feature to restore your system to a previous point in time:

  • the Registry
  • local user profiles
  • Windows File Protection DLL cache
  • COM+ database
  • WMI database
  • IIS Metabase

And here are some things that System Restore does not restore:

  • any user-created data stored in local user profiles on the machine
  • passwords stored in the SAM hive
  • Windows Product Activation status
  • file types not monitored by System Restore (here is a list of all file types System Restore monitors by default)
  • any items listed in the FilesNotToBackup and KeysNotToRestore keys under the HKLM\SYSTEM\ControlSet001\Control\BackupRestore Registry key
  • DRM settings

Configuring System Restore

You can customize System Restore in several ways. First, you can designate how much disk space the feature uses for storing restore points. To do this, use the System Restore tab of the System utility in Control Panel:

The System Restore tab of the System utility

Select a drive and click on Settings to configure the allotment of disk space that System Restore uses:

Configuring the amount of disk space that System Restore uses

By default, the feature allocates 12 percent on every drive, which can be a huge waste of space if you rarely install new programs on your machine or reconfigure its settings. Be aware, however, that once the allocated space for System Restore becomes 90 percent full, Windows purges the oldest restore points until the availability drops back down to 75 percent.

Even if you leave lots of room for restore points, Windows still purges old restore points once they age beyond a certain value (90 days by default). If you want to keep your restore points longer for safety reasons or shorter to consume less disk space, you can edit the Registry to do this. Open regedit.exe and navigate to the following key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore

There you'll find a value named RPLifeInterval, which by default is 7776000 seconds (90 days); you can adjust it to change how long your restore points are saved before they're purged:

Click for a larger view
(Click on the screenshot to open a full-size view.)

There are other Registry settings you can modify for System Restore, but RPLifeInterval is probably the most useful. For a full list of System Restore Registry keys and values, see article 295659 in the Microsoft Knowledge Base.

While we're at it, the Script Center on Microsoft TechNet has a couple of useful scripts for managing System Restore that you should check out.

If you want to disable only System Restore's automatic system checkpoints in order to make it easier to display a list of restore points with their name, date, and time, you can disable the Task Scheduler service on your XP machine. Doing this will prevent you from scheduling other tasks to run, of course, but on a desktop machine this may be a useful approach.

Finally, if you're proficient with VBScript, you can also use the Windows Management Instrumentation (WMI) to create, enumerate, or reinstate previous restore points. For some examples of how to do this, see article 259299 in the Knowledge Base.

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

Return to