Note: This article is also available as a download.
Windows XP’s System Restore lets you restore your computer
to a previous time if a problem occurs. To accomplish this feat, System Restore
continuously monitors your system looking for significant changes to the
operating system, such as an application or driver installation procedure,
automatically creating a restore point when it detects an impending change.
System Restore will also create restore points every 24 hours.
Restore points are essentially snapshots of your system state, which comprises crucial system
files including certain parts of the registry. System Restore maintains
multiple restore points, which gives you the choice of restoring your computer
to any number of previously saved states. Here are 10 things you should know
about getting the most from Windows XP’s System Restore tool.
#1: Data files and System Restore
Because System Restore is described as a tool that allows
you to restore your computer to a previous
time, many people mistakenly assume that they will lose any data files
they’ve created since the restore point was created. However, System Restore
doesn’t monitor or save the contents of the My Documents folder, any files that
use common data filename extensions, such as .doc or .xls, e-mail message
stores, browsing history, or even password files. Those files will remain
intact when you restore your system.
However, keep in mind that the Desktop is not a protected
folder, and any files that exist there could be lost during a restore
operation. So before you perform a restore operation, you should move any
crucial files you have saved on the Desktop to the My Documents folder.
#2: Undoing a restore operation
If you perform a restore operation and then determine that
the problem still exists, you can undo the operation. To do so, you must
immediately run System Restore. When you see the Welcome To System Restore screen,
select the Undo My Last Restoration option and click Next. On the Confirm
Restoration Undo screen, click Next. System Restore will restore the previous
system state and restart the computer. When the system restarts and you log on,
you’ll see System Restore’s Undo Complete screen, which lets you know the
operation was successful.
If you perform a restore operation and then determine that
you selected the wrong restore point date, simply run System Restore again and
select the restore point date you wanted.
If you perform a successful restore operation and discover
that your computer won’t boot Windows normally, you can still undo the restore
operation. First, boot the system into Safe Mode. After you log on, a Warning
dialog box will appear, allowing you to launch System Restore and select the
Undo My Last Restoration option.
If the restore operations fails, the Restoration Was
Unsuccessful screen will appear, and your computer will automatically return to
the same state it was in when you activated the restore operation. In other
words, no changes will be made to your computer.
#3: Running System Restore from a command prompt
If your computer won’t boot Windows normally and won’t boot
into the Safe Mode GUI, you can still access System Restore. Start by booting the
system using the Safe Mode With Command Prompt option. After you log on, type
the following command line at the command prompt:
Press [Enter], and System Restore will run as it normally
does. You can follow the steps in the wizard to perform a restore operation.
#4: Purging restore points
System Restore by default claims a maximum of 12 percent of
the available hard disk space to save the restore points. (The amount of
storage space will depend on the size of your hard disk.) Once the 12 percent
mark is reached, System Restore will purge the oldest restore points in its database
to make room for new ones. However, there may be situations where you need or
want to purge restore points to free up disk space. Fortunately, the Disk
Cleanup utility will allow you to delete all but the most recent restore point.
You can launch Disk Cleanup from the Start | All Programs |
Accessories | System Tools menu. Once Disk Cleanup is up and running, select
the More Options tab and click the Cleanup button in the System Restore panel.
You’ll then be prompted to confirm the delete operation.
#5: Reining in System Restore’s disk space usage
To perform its operations, System Restore requires at least
200 MB of available hard disk space. However, if more disk space is available,
System Restore will claim up to 12 percent of it to save the restore points. Although
System Restore can use that full 12 percent if it’s available, this chunk of
disk space is not reserved. System Restore will yield disk space back to the
system if it’s needed. Furthermore, restore points more than 90 days old are
automatically purged by default.
If you want to see how much hard disk space System Restore
has potentially set aside on your system, press [Windows][Break] to bring up the
System Properties dialog box and then choose the System Restore tab. Next, select your hard disk from the Available
Drive list and click the Settings button. When the Drive Settings dialog box
appears, you’ll see a number in the Disk Space Usage panel that represents the amount
of space in MB that System Restore is using to amass restore points.
For example, on a
system with an 80GB hard disk, System Restore’s 12% amounts to nearly 9
GB. If you feel that System Restore has
the potential to take up too much disk space, move the slider to the left to specify
a more reasonable amount of hard disk space for System Restore to store its
multiple restore points.
#6: Manually creating a restore point
System Restore will automatically create restore points, but
you can manually create one anytime you want. To do so, launch System Restore
and then follow along with the wizard. If want to save yourself a few steps,
you can simplify the launching process by copying the System Restore shortcut
from the Start | All Programs | Accessories | System Tools menu to the desktop
#7: Bypassing the System Restore Wizard
If you want to be able to manually create a restore point
without having to go through the wizard, you can create a simple two-line
VBScript file that uses WMI (Windows Management Instrumentation) to instantly
create a restore point. Just launch Notepad and type these two lines:
Set IRP =
MYRP = IRP.createrestorepoint (“My Restore Point”, 0, 100)
Then, save the file as MyRestorePoint.vbs. Now, you can easily
create an restore point by double-clicking the script’s icon. When you do,
System Restore will run in the background without displaying its interface and
will create a restore point called My
#8: Steps to
avoid restoring viruses
If you know that your system is infected by a virus, you
should temporarily turn off System Restore. Otherwise, the virus could be saved
along with other system files in a restore point and reintroduced to your
system during a restore operation at a later date.
To turn off System Restore, press [Windows][Break] to bring
up the System Properties dialog box. Then, choose the System Restore tab, select the Turn Off System Restore check
box, and click OK. As soon as you do, you’ll see a confirmation dialog box warning
you that turning off System Restore will delete all existing restore points.
Click Yes to continue.
You can now use your antivirus software to clean up your
system. When the virus has been eradicated, access the System Restore tab again and clear the Turn Off System Restore
check box. Click OK to re-enable System
#9: Disabling System Restore for data drives
If you have additional hard disks connected to your
computer, System Restore will automatically add them to its list of monitored
drives. If these additional drives just store data or data backups, there’s no
reason to have System Restore monitor them.
To disable System Restore for data drives, press [Windows][Break]
to bring up the System Properties dialog box. Then, choose the System Restore tab. Next, select your
hard disk from the Available Drive list and click the Settings button. When the
Drive Settings dialog box appears, select the Turn Off System Restore On
This Drive check box and click OK. You’ll see a confirmation dialog box warning
that by turning off System Restore on this drive, you won’t be able to track or
undo harmful changes on it. Click Yes to continue. Then, click OK to close the
System Properties dialog box.
#10: Determining the actual amount of space System Restore is using
You can easily determine how much disk space System Restore
can potentially use, but you may also want to determine how much disk space
System Restore is actually using. If you’re running Windows XP Professional and the hard disk is using NTFS, you can find
You’ll begin by making a few configuration changes from an
Administrator account that will allow you to investigate the hidden and
protected folder called System Volume Information, located in the root
directory of your hard disk. Keep in mind that this information is meant only
for investigative purposes. Making any changes to the files in the System
Volume Information folder will disrupt or otherwise damage System Restore’s
ability to do its job.
From within Windows Explorer, access the View tab of the
Folder Options dialog box. Then, select the Show Hidden Files And Folders
option, deselect the Hide Protected Operating System Files check box, and click
Yes in the Warning dialog box. (If the system is in a workgroup, you’ll need to
deselect the Use Simple File Sharing check box as well.) Click OK to close the
Folder Options dialog box.
Now, access the root directory of the hard disk, right-click
on the System Volume Information folder, select Properties, and access the
Security tab. Then, click the Add button, enter your user account name in the
Select Users or Groups dialog box, and click OK twice to close both dialog
At this point, you can open the System Volume Information
folder, right-click on the _restore folder, and select Properties. Once Windows
XP finishes tallying, check the Size On Disk value to see the exact amount of
space System Restore is using for restore points. To ensure the security of the
restore point files, you should remove your user account from the System Volume
Information folder once you finish your investigation.