After Hours

10 things you should know about Windows XP's System Restore tool

If a crash makes your Windows XP system flaky or unbootable, you can use System Restore to return it to a previous working state. These pointers will show you how to effectively use this safety net.

If a crash makes your Windows XP system flaky or unbootable, you can use System Restore to return it to a previous working state. These pointers will show you how to effectively use this safety net.


Windows XP's System Restore lets you restore your computer to a previous time if a problem occurs. To accomplish this feat, System Restore continuously monitors your system looking for significant changes to the operating system, such as an application or driver installation procedure, automatically creating a restore point when it detects an impending change.

System Restore will also create restore points every 24 hours. Restore points are essentially snapshots of your system state, which comprises crucial system files, including certain parts of the registry. System Restore maintains multiple restore points, which gives you the choice of restoring your computer to any number of previously saved states. Here are 10 things you should know about getting the most from Windows XP's System Restore tool.

Note: This article is also available as a PDF download.

1: Data files and System Restore

Because System Restore is described as a tool that allows you to restore your computer to a previous time, many people mistakenly assume that they will lose any data files they've created since the restore point was created. However, System Restore doesn't monitor or save the contents of the My Documents folder, any files that use common data filename extensions, such as .doc or .xls, e-mail message stores, browsing history, or even password files. Those files will remain intact when you restore your system.

Keep in mind that the Desktop is not a protected folder, and any files that exist there could be lost during a restore operation. So before you perform a restore operation, you should move any crucial files you have saved on the Desktop to the My Documents folder.

2: Undoing a restore operation

If you perform a restore operation and then determine that the problem still exists, you can undo the operation. To do so, you must immediately run System Restore. When you see the Welcome To System Restore screen, select the Undo My Last Restoration option and click Next. On the Confirm Restoration Undo screen, click Next. System Restore will restore the previous system state and restart the computer. When the system restarts and you log on, you'll see System Restore's Undo Complete screen, which lets you know the operation was successful.

If you perform a restore operation and then determine that you selected the wrong restore point date, simply run System Restore again and select the restore point date you wanted.

If you perform a successful restore operation and discover that your computer won't boot Windows normally, you can still undo the restore operation. First, boot the system into Safe Mode. After you log on, a Warning dialog box will appear, allowing you to launch System Restore and select the Undo My Last Restoration option.

If the restore operation fails, the Restoration Was Unsuccessful screen will appear, and your computer will automatically return to the same state it was in when you activated the restore operation. In other words, no changes will be made to your computer.

3: Running System Restore from a command prompt

If your computer won't boot Windows normally and won't boot into the Safe Mode GUI, you can still access System Restore. Start by booting the system using the Safe Mode With Command Prompt option. After you log on, type the following at the command prompt:

%systemroot%\system32\restore\rstrui.exe

Press [Enter], and System Restore will run as it normally does. You can follow the steps in the wizard to perform a restore operation.

4: Purging restore points

System Restore by default claims a maximum of 12 percent of the available hard disk space to save the restore points. (The amount of storage space will depend on the size of your hard disk.) Once the 12 percent mark is reached, System Restore will purge the oldest restore points in its database to make room for new ones. However, there may be situations where you need or want to purge restore points to free up disk space. Fortunately, the Disk Cleanup utility will allow you to delete all but the most recent restore point.

You can launch Disk Cleanup from the Start | All Programs | Accessories | System Tools menu. Once Disk Cleanup is running, select the More Options tab and click the Cleanup button in the System Restore panel. You'll then be prompted to confirm the delete operation.

5: Reining in System Restore's disk space usage

To perform its operations, System Restore requires at least 200 MB of available hard disk space. However, if more disk space is available, System Restore will claim up to 12 percent of it to save the restore points. Although System Restore can use that full 12 percent if it's available, this chunk of disk space is not reserved. System Restore will yield disk space back to the system if it's needed. Furthermore, restore points more than 90 days old are automatically purged by default.

If you want to see how much hard disk space System Restore has potentially set aside on your system, press [Windows][Break] to bring up the System Properties dialog box and then choose the System Restore tab. Next, select your hard disk from the Available Drive list and click the Settings button. When the Drive Settings dialog box appears, you'll see a number in the Disk Space Usage panel that represents the amount of space in MB that System Restore is using to amass restore points.

For example, on a system with an 80GB hard disk, System Restore's 12 percent amounts to nearly 9 GB. If you feel that System Restore has the potential to take up too much disk space, move the slider to the left to specify a more reasonable amount of hard disk space for System Restore to store its multiple restore points.

6: Manually creating a restore point

System Restore will automatically create restore points, but you can manually create one anytime you want. To do so, launch System Restore and then follow along with the wizard. If want to save yourself a few steps, you can simplify the launching process by copying the System Restore shortcut from the Start | All Programs | Accessories | System Tools menu to the desktop

7: Bypassing the System Restore Wizard

If you want to be able to manually create a restore point without having to go through the wizard, you can create a simple two-line VBScript file that uses WMI (Windows Management Instrumentation) to instantly create a restore point. Just launch Notepad and type these two lines:

Set IRP = getobject("winmgmts:\\.\root\default:Systemrestore")
MYRP = IRP.createrestorepoint ("My Restore Point", 0, 100)

Then, save the file as MyRestorePoint.vbs. Now, you can easily create a restore point by double-clicking the script's icon. When you do, System Restore will run in the background without displaying its interface and will create a restore point called My Restore Point.

8: Steps to avoid restoring viruses

If you know that your system is infected by a virus, you should temporarily turn off System Restore. Otherwise, the virus could be saved along with other system files in a restore point and reintroduced to your system during a restore operation at a later date.

To turn off System Restore, press [Windows][Break] to bring up the System Properties dialog box. Then, choose the System Restore tab, select the Turn Off System Restore check box, and click OK. As soon as you do, you'll see a confirmation dialog box warning you that turning off System Restore will delete all existing restore points. Click Yes to continue.

You can now use your antivirus software to clean up your system. When the virus has been eradicated, access the System Restore tab again and clear the Turn Off System Restore check box. Click OK to re-enable System Restore.

9: Disabling System Restore for data drives

If you have additional hard disks connected to your computer, System Restore will automatically add them to its list of monitored drives. If these additional drives just store data or data backups, there's no reason to have System Restore monitor them.

To disable System Restore for data drives, press [Windows][Break] to bring up the System Properties dialog box. Then, choose the System Restore tab. Next, select your hard disk from the Available Drive list and click the Settings button. When the Drive Settings dialog box appears, select the Turn Off System Restore On This Drive check box and click OK. You'll see a confirmation dialog box warning that by turning off System Restore on this drive, you won't be able to track or undo harmful changes on it. Click Yes to continue. Then, click OK to close the System Properties dialog box.

10: Determining the actual amount of space System Restore is using

You can easily determine how much disk space System Restore can potentially use, but you may also want to determine how much disk space System Restore is actually using. If you're running Windows XP Professional and the hard disk is using NTFS, you can find out.

You'll begin by making a few configuration changes from an Administrator account that will allow you to investigate the hidden and protected folder called System Volume Information, located in the root directory of your hard disk. Keep in mind that this information is meant only for investigative purposes. Making any changes to the files in the System Volume Information folder will disrupt or otherwise damage System Restore's ability to do its job.

From within Windows Explorer, access the View tab of the Folder Options dialog box. Then, select the Show Hidden Files And Folders option, deselect the Hide Protected Operating System Files check box, and click Yes in the Warning dialog box. (If the system is in a workgroup, you'll need to deselect the Use Simple File Sharing check box as well.) Click OK to close the Folder Options dialog box.

Now, access the root directory of the hard disk, right-click on the System Volume Information folder, select Properties, and access the Security tab. Then, click the Add button, enter your user account name in the Select Users Or Groups dialog box, and click OK twice to close both dialog boxes.

At this point, you can open the System Volume Information folder, right-click on the _restore folder, and select Properties. Once Windows XP finishes tallying, check the Size On Disk value to see the exact amount of space System Restore is using for restore points. To ensure the security of the restore point files, you should remove your user account from the System Volume Information folder once you finish your investigation.


Finally: 10 Things... the newsletter!

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic's 10 Things newsletter, delivered every Friday. Automatically sign up today.

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

20 comments
blackmaleya41
blackmaleya41

How do you restore XP back to factory condition?

katosm2u
katosm2u

What happens if a virus invade my computer today and i decide to restore my system back two weeks ago before the PC was infected by the virus, will system restore get rid of the virus? After all two weeks ago there was no virus in the system--so if Restore returns the system back before the virus invaded my PC---it should also return it back to the condition before the virus.Is that how it works? Please explain.

smike69
smike69

This Article falls far short of your usual standard. Sounded more loke a Microsoft promotion. Win XP Restore is pretty widely accepted to be poorly featured and more important, completely unreliable. The Web is full of articles on how you can try and get it working if it decides it cannot restore to an earlier restore point. The fact that you may have to try several diferent methode before you find one that works this time sugests that there are a number of seperate bugs in the facility. Worse, Tw of the machines I look after will not respond to any of the posted 'solutions' an are therefore running with no safety net at all. Restore is indeed a very important facility, and usually works well enough. However reliability is vital, and lacking. Microsoft must try harder - after all the complaints have been ongoing for years now. Smike

keithb
keithb

It could be alternatively titled, "10 things you already know about windows restore."

mrynorwood
mrynorwood

I would like to know why System Restore does not work 100% of the time. I've had it fail me many times and friends have had same experience. I had a program on my first computer called go back and it worked 100% all the time and was a life saver. I would never rely on system restore.

psaravind9
psaravind9

System Restore betrayed me when I needed it most. All the SR points were corrupted.

alan
alan

1. I accept the warning that Desktop files will be lost by a restore operation, but disagree with "Keep in mind that the Desktop is NOT a protected folder". System Restore preserves "your system state, which comprises crucial system files". I would have said that what is preserved is protected, therefore the Desktop IS a protected folder. 2. On XP Home SP3 this fails "System Volume Information folder, select Properties, and access the Security tab" - there is no Security Tab. I think I used CACLS last year to let me into System Volume Information. Regards Alan

StealthWiFi
StealthWiFi

An article on XP System Restore. While 7 is being released and Vista is mainstream and Linux is taking market share. What next a article on Windows 98 SE......

syxguns
syxguns

System Restore only monitors and restores certain files in the system. It is said that it restores the registry as well, but from experience I have learned that is not the case. [i]QUOTE: Note: The "Export registry" function in Regedit is USELESS (!) for making a complete backup of the registry. Neither does it export the whole registry (for example, no information from the "SECURITY" hive is saved), nor can the exported file be used later to replace the current registry with the old one. Instead, if you re-import the file, it is merged with the current registry without deleting anything that has been added since the export, leaving you with an absolute mess of old and new entries.[/i] Because of the locations that a virus may be on the system, you may not rely on sys. restore to remove the virus. That is why there are third party applications to help you maintain a clean computer. One of which is ERUNT and NTREGOPT. You may find it here: http://www.larshederer.homepage.t-online.de/erunt/ This program makes a complete backup of your registry, and you may set it to make a complete backup every time you restart the machine. As far as the rest of the system, you need to rely on third party firewalls, such as COMODO, and of course AV systems. I also suggest a couple of other add-ons like the free version of ThreatFire, and InfoProcess Anti-Hook. With the exception of servers, you may have all of these programs for free. A multi-layered defense system is more secure as long as you don't run two AV systems at the same time. Running two AV's may cause false negatives and not give you a clean read of the system. Of course the best and most secure thing to do is have a complete backup of your entire system. You may do this with burning DVD's, but programs like Acronis (which Seagate users get to use for free) or Norton Ghost, as well as a few others allow for a complet system backup on to another HDD. I find Acronis to be the best. I hope that information helps.

jbones39
jbones39

Has anyone ever done a save of a restore point which they can use beyond the 90 day limit. What is the specific file name used by "Restore" to save the data? Would it even be useful to do this? How about a "fresh load" restore point saved on a USB drive to bring back beyond the 90 day point? Would the DOS command be able to find it? Would it be better to image the drive? So-o-o many questions!!

mb96001
mb96001

Go Back. It was a great program back in the day. I had to use System Restore once, and it did what it was supposed to do. If your problem involves a virus, you can forget it. Turn off System Restore and start fixing the OS the old fashioned way.

syxguns
syxguns

What is the point in even having SR on the machine? 9 out of 10 times setting your system back does not even work. Most of the time if I'm doing a repair on a machine that has been infected, I turn off SR, until the machine is clean, and then turn it back on. SR is kind of like Windows Defrag! It does a half baked job, and you really don't see any performance or fixes after using them! It is the responsibility of the techie to make the fix, Windows offers little to know help!!

MGP2
MGP2

In the town where I work, I still have a couple of users on Win2K. One of them refuses to let us upgrade his machine. He said we can replace it when he retires in September.

JodyGilbert
JodyGilbert

We ran a poll last week (http://blogs.techrepublic.com.com/window-on-windows/?p=1259), and of the nearly 12,000 members who responded to the question about their primary OS, 96 percent said they were still using WinXP. 43 percent said they would not upgrade; another 46 percent said they were waiting for Windows 7 -- and the Vista, Linux, and Mac OS camps barely made a ripple. Granted, it's a grass-roots poll, but it would seem like there remains a need for WinXP info for all those people who are still supporting it.

pgit
pgit

After a reinstall, including replacing all applications, data, anti virus etc, I make a complete disk image of the machine. A "bare metal" restore point. I have a lot more confidence in these image than a system restore. That said, yes, you can make a restore point on a known good config and back it up like any file. But you bring up a question I always had; can the 90 day cycle be changed? I've never come by any way to extend the age of the oldest restore...

martin
martin

go back is still available - i still use it. it works so well that norton purchased it and now sells it as a standalone - i recommend it, it's always pulled me back from reinstallation-hell. the only thing that'll stop it is a physical harddrive crash.

Prague
Prague

I've tried about 10 times to recover from some instability, and NEVER has System Restore completed successfully. I Always get an error message no matter how many restore points I try.

syxguns
syxguns

...that still have XP on their machine. I do system repairs all the time, and have used Vista in different varieties and have found it to be too resource hungry. The best way, in my opinion, to run Vista is to strip it down and turn off many of the features that make it pretty. Of course, I run multiple tasks at a time, and I do not like my machine to be bogged down. I ran the Win7 Beta for awhile, and I actually liked it with one exception. DRM!! When you start dealing with this issue, you will find it to be a real burden. I don't know if the final release of Win7 is going to have as much security as the Beta, but I will most likely not even switch to Win7 until it is necessary.

syxguns
syxguns

... said 10 out of 10! Personally, I find it pointless to even have it turned on. [i]10 out of 10 :)[/i] times, I end up having to use the OS disk to run a repair, and or re-install with the current system files intact. Basically, a real pain!! Oh, and did I mention time consuming?

Snak
Snak

and have no interest whatsoever in Vista. I'm not overly worried about 7 either because I'm just about sick of Microsoft telling me what I should be installing and when, compromising my Firefox, and writing software so badly it needs patching every five minutes. XP works, mostly, so any help such as the above is well useful. When I can't use XP any more, I'll be looking at alternatives. Note: we have about 15,000 PC's here and our default OS is XP. We've had to start dealing with Vista laptops as we have thousands of students with bright shiny new ones. It's cost us a small fortune to tweak, alter, change, add to and substract from our infrastructure to cope with this. I abhore Microsofts assumption that when they release a new OS, we will all happily go out and spend money up/downgrading our PC's to run it.

Editor's Picks