Tech Team: In the Trenches

April 2006 Volume 4 Issue 4

Table of Contents


Understanding System Restore

System Restore is a utility included with Windows ME and XP. It lets you restore your PC (in the event of a problem) to its previous state without losing personal data files (Word documents, Excel files, html, pdfs, drawings or e-mail). Restore points can be created automatically or manually. The information is compressed and stored in the Restore folder, located on the system partition in a hidden system location. It can only be accessed using System Restore. System Restore does not backup your computer. The user must backup data files.

System Restore requires 200 MB of disk space and can use up to 12 percent of your total disk space. If the hard drive does not have 200 MB of disk space available, System Restore will be disabled until space is available. Restore points can accumulate up to 90 days, after which time the oldest points are removed to make room for a new restore point. It’s the first in, first out (FIFO) scenario. In a multiple-drive environment, System Restore uses the FIFO process consistently across drives and deletes full restore points on all drives. This will decrease the size of the data store to approximately 75 percent of its maximum size when the data store reaches 90 percent of maximum size. When partitioning a hard drive, allow sufficient space on the system partition for the restore points.

Disk Cleanup can also delete restore points. In Disk Cleanup, click the “More Options” tab, and then click “Clean up” under System Restore. All restore points except the current one are deleted.

To create a restore point, System Restore takes a full snapshot of the registry and some dynamic system files, profiles (local only—roaming user profiles are not impacted by restore) and files with extensions listed in the portion of the Monitored File Extensions list in the System Restore section of the Platform SDK. For a list of file extension types which are included (monitored and restored), refer to the Monitored File Extensions list in the System Restore section of the Platform SDK.

System Restore usually backs up COM and EXE files, however, older programs may not have their executable files backed up. The installer being used by an application must call the System Restore PT.API so that the applications install/uninstall creates a meaningful restore point. For example, if you have a program that you purchased prior to the year 2000, its executable files may not be included in the restore point. NOTE: Viruses attack COM and EXE files. It’s possible that a virus can be saved in a restore point. Therefore, anti-virus programs advise users to turn off System Restore if they suspect they have a virus. By turning off System Restore, you lose all previous restore points. System Restore protects your personal files by not restoring any files in the My Documents folder or files that use common data file names such as .doc, .xls, PDF, etc.

System Restore will automatically create a restore point before the following events:

  1. Application installations (provided the application uses a current installer that is System Restore PT.API compliant)
  2. Auto Update installation
  3. Restore operation
  4. Microsoft Backup Utility Recovery
  5. Unsigned driver installation
  6. Manual Restore points
  7. In addition to creating restore points before certain events, System Restore provides users with the ability to restore to other specific days and times in the System Restore Wizard (Start, All Programs, Accessories, System Tools, System Restore). It does this by creating a restore point every 24 hours of calendar time. By default, System Restore will create a restore point every day the machine is running. If the computer is turned off for more than 24 hours, a restore point will be created during idle time the next time the computer is turned on.
Going back to a previous restore point: If it becomes necessary to go back to a previous restore point, any programs installed after that restore point will not run. The data may still be available (if the data is in your My Documents folder or is excluded in the Monitored File Extensions list [see the System Restore section of the Platform SDK]). After restoring to a previous date, it may be necessary to reinstall the program. The program can be removed in the Control Panel’s Add and Remove Programs and then installed. It‘s critical that you backup all important data to removable media such as CD or an external hard drive.

To manually create a restore point or to restore, follow this path:

  • Click “Start,” “All Programs,” “Accessories,” “System Tools” and then “System Restore.”

To Turn off System Restore:

  • Click on “System Restore” (left page of the System Restore [see above]) or Start, Control Panel, System, System Restore tab.

Windows XP HELP
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/windowsxpsystemrestore.asp

http://www.trendmicro.com/en/security/advisories/win_me_clean.htm

Copyright © 2006 Real Estate Industry Solutions LLC. All rights reserved