| Q. |
|
|
|
| A. |
System Restore enables administrators to restore their computers to a previous state without losing personal data files (e.g. Word documents, graphic files, e-mail). System Restore actively monitors system file changes and some application file changes to record or store previous versions before the changes occurred. Users never have to think about taking system snapshots as System Restore automatically creates easily identifiable restore points, which the users can use to revert to a previous time. Restore points are created at the time of significant system events (such as application or driver install) and periodically (each day). Additionally, users can create and name their own restore points at any time. For more information, please see the System Restore document on TechNet. |
| Q. |
|
|
|
| A. |
System Restore is available in Microsoft® Windows® Millennium (Me) and the Microsoft Windows XP (Home and Professional) operating systems. However, this FAQ addresses questions and issues with System Restore in Windows XP only. |
| Q. |
|
|
|
| A. |
System Restore monitors only a core set of specified system and application file types (e.g. .exe, .dll etc), while Backup Utility typically backs up all files including users personal data files, ensuring a safe copy stored either on the local disk or to another medium. System Restore does not monitor changes to or recover users' personal data files such as documents, graphics, e-mail, and so on. While system data contained in restore points are available to restore to for only a limited period (restore points older than 90 days are deleted by default), backups made by the Backup Utility can be recovered at any time. |
| Q. |
|
|
|
| A. |
System Restore is enabled by default and runs after the successful completion of either the Windows XP Professional or Personal x86-version installation. It requires a minimum of 200 MB of free space available on the system partition. If 200 MB is not available, System Restore will install disabled and will enable itself automatically once the required disk space is available.
With System Restore, you also never have to worry about taking system snapshots, as it will automatically create easily identifiable restore points, which allows you to revert to a previous time. Restore points are created at the time of significant system events (such as application or driver install) and periodically (each day). Additionally, you can create and name your own restore points at any time. You also never have to worry about System Restore filling up your hard drive with these restore points. By default, it only uses a maximum of 12% disk capacity and has an automatic restore point space management feature that purges the oldest restore points to make room for new ones, enabling recovery from any recent undesirable changes. |
| Q. |
|
|
|
| A. |
System Restore does not cause any noticeable performance impact when monitoring your computer. The creation of a Restore point also is a very fast process and usually takes only a few seconds. Scheduled System Checkpoints (every 24 hours by default) are created only at system idle time to avoid interfering with a computer during use. |
| Q. |
|
|
|
| A. |
Only users with administrative rights can use System Restore to restore and adjust System Restore settings. However, the creation of automatic restore points (system checkpoints or event-driven restore points) on the computer takes place regardless of which user is logged onto the computer. If a non-admin user is logged on, system checkpoints or event driven checkpoints will still be created on that computer to ensure protection. However, only a user with admin privileges will be able to restore the computer. |
| Q. |
|
|
|
| A. |
System Restore does not monitor changes to or recover personal data files such as Word documents, graphics, e-mail, etc. |
| Q. |
|
|
|
| A. |
System Restore monitors only a core set of specified system and application file types (e.g. .exe, .dll etc), archiving the states of these files before system changes are made. System Restore does not monitor any user/personal data files. To view the included files specified in System Restore, see Monitored File Extensions in the System Restore section of the Platform SDK. Modifications to this list from sources other than Microsoft are not supported. |
| Q. |
|
|
|
| A. |
See below.
Passwords Not Restored
| • |
Windows XP passwords. This is by design to prevent confusion and the risk of becoming locked out of your computer if the restore point includes an unfamiliar or old password |
| • |
Microsoft Internet Explorer and Content Advisor passwords and hints. This is by design to prevent problems that could occur when browsing the Internet, in the event that you restore your system to a point with an unfamiliar or old password |
|
Restored Passwords
| • |
Windows Messenger, AOL Messenger, Yahoo! Messenger, and other Web server-based program passwords. The programs simply cache these passwords on the computer; the actual passwords are stored on a Web server. System Restore does not actually change the password, but it changes the password retained locally by the program. You still need to use the current password for the program to log on to the server |
| • |
Domain and computer passwords. As System Restore only rolls back the local computer state and part of the joining domains data resides in Active Directory (not rolled back) the restored cached password will be updated to the current password as soon as the computer reconnects to the domain |
|
|
| Q. |
|
|
|
| A. |
System Restore does not completely uninstall any program if restoring to a point prior to the program installation. As System Restore is based on an inclusionary model, any files added or modified by the installation (which is not monitored by System Restore) or added to or modified in a non-monitored drive will not be tracked. To remove all changes an installation may have made to the system, the user should first use the Add/Remove option in the control panel to remove the application prior to using System Restore. System Restore will undo all recorded changes made to the registry and monitored files caused by the application install, including:
| • |
Deleted or monitored files added to the system from the program installation |
| • |
Undo modifications to monitored files made by the installation |
| • |
Replacement of the current registry with the registry snapshot taken at the chosen restore point (some current values may persist) |
|
|
| Q. |
|
|
|
| A. |
Please see below.
Restored:
| • |
Registry |
| • |
Profiles (local only; roaming user profiles are not affected by restore) |
| • |
COM+ DB |
| • |
WFP.dll cache |
| • |
WMI DB |
| • |
IIS Metabase |
| • |
File types monitored by System Restore as specified in the SDK document Monitored File Extensions |
|
Not restored:
| • |
DRM settings |
| • |
Passwords in the SAM hive |
| • |
WPA settings (Windows authentication information is not restored) |
| • |
Specific directories/files listed in the Monitored File Extensions list in the System Restore section of the Platform SDK e.g. 'My Documents' folder |
| • |
Any file types not monitored by System Restore (.doc, .jpg, etc.) |
| • |
Items listed in both Filesnottobackup and KeysnottoRestore (hklm->system->controlset001->control->backuprestore->filesnottobackup and keysnottorestore) in the registry |
| • |
User-created data stored in the user profile |
| • |
Contents of redirected folders |
|
|
| Q. |
|
|
|
| A. |
As System Restore monitors a core set of specified system and application file types, any downloaded or saved file which has an extension type monitored by System Restore (e.g. .exe, .dlls) and stored on a monitored drive will be lost if restoring to a point prior to the download or save. If you do not want to lose files with a monitored extension due to a restore, you should move these files to the My Documents folder or to a non-monitored partition not restored during a restore process. If you have unknowingly deleted some files due to a restore on your system, you can always recover them by undoing the restore process in question. |
| Q. |
|
|
|
| A. |
The user can manually create a restore point at any time on their computer using the System Restore Wizard. Restore Points are also automatically created on your computer when:
| • |
Installing an unsigned device driver |
| • |
Installing System Restore compliant applications (Installing an application that uses Windows Installer, or Install Shield Pro version 7.0 or later, causes System Restore to create a restore point) |
| • |
Installing an update by using Automatic Updates |
| • |
Performing a System Restore operation so the user can undo that restore operation if needed |
| • |
Restoring data from backup media using the Backup tool |
| • |
Creating daily restore points (System Restore creates a restore point every 24 hours if the computer is on or 24 hours have passed since the last restore point was created) |
|
|
| Q. |
|
|
|
| A. |
No. System Restore is change base tracking tool, not an imaging or backup tool. Each restore point only stores changes to the system since the creation of the previous restore point to minimize space usage and improve performance, and all restore points are associated. Therefore, restoring the computer from the current state to a previous state requires the availability of all restore points. For example, if a user wants to restore the computer from point D to point A, System Restore will evaluate the system change logs for points C, B, and A.
If a restore point is permanent, space usage for storing the complete chain of restore points since the creation of the permanent restore point would become very large and impractical. System Restore also provides a space management feature to purge old restore points to make room for new ones, creating a rolling safety net. Restore points over 90 days are purged automatically by default. |
| Q. |
|
|
|
| A. |
If an improper shutdown occurs, there is a small possibility that a restore could fail because System Restore may not have logged some file operations properly at the time of shutdown. If the restore fails, the system will be in the same state as before the restore was initiated. |
| Q. |
|
|
|
| A. |
Disk space used by System Restore by default:
| • |
For drives greater than 4 GB, System Restore uses up to 12% of the disk space |
| • |
For drives less than 4 GB, System Restore by default only uses up to 400 MB of disk space |
|
The data store size is not a reserved space on the disk and the maximum size (to the max values defined above) is limited at any time by the amount of free space available on disk. Therefore, if disk space use encroaches on the data store size, System Restore always yields its data store space to the system. For example, if the data store size is configured to 500 MB, of which 200 MB is already used, and the current free hard-disk space is only 150 MB, the effective size of the data store is 350 MB (200 + 150), not 500 MB. Note that disk space usage can be adjusted at any time. |
| Q. |
|
|
|
| A. |
Yes. System Restore parameters are configurable remotely or locally by using a Windows Management Instrumentation (WMI) script. A WMI script can also be used to create restore points, list them, select a restore point to restore to, and view the status of a restore operation. |
| Q. |
|
|
|
| A. |
The service pack provides several security and bug fixes for the Windows XP operating system including those for System Restore. Highlights of the key fixes for System Restore in the service pack include:
| • |
The issue where System Restore does not launch and displays the error "System Restore was unable to start due to a missing Framedyn.dll. Please reinstall the application to fix this problem" |
| • |
The issue where the System Restore tool on a Windows XP-based computer and the calendar on the left side of the "Choose a Restore Point" window is not displayed |
| • |
The restore process issue where users were encountering failed restores. Although some of this is attributed to file corruption in the System Restore data store, in many cases it was due to locked file issues (a file which system restore couldn't access cause it was locked out by another application or process) causing the restore process to fail, notably in situations where fast user switching was used |
| • |
The drive table inconsistency preventing System Restore to create restore points |
| • |
Several Security fixes for System Restore to protect against hackers and viruses |
|
The Microsoft System Restore team supports users in the Microsoft public newsgroups (please visit Public.WindowsXP.perform_maintain and Microsoft.Public.WindowsXP.help_and_support) and encourages user feedback regarding the effectiveness of Windows XP Service Pack 1. |
| Q. |
|
|
|
| A. |
No. All previous restore points can be restored after the installation. |
| Q. |
How do anti-virus utilities and System Restore work together? |
|
|
| A. |
System Restore protects critical system and application files by monitoring, recording, and in some cases copying these files before they are modified. For example, when an upgrade, an inadvertent user change, a driver install, or a virus modifies a critical system or application file, System Restore records and saves a copy of the file before the change occurs. In the event of a problem, a restore operation can replace files with previously saved versions. Anti-virus utilities, through auto-detection or scanning, monitor critical and personal files on the system for signs of infection, and then take action to remove or isolate ("quarantine") files impacted by known virus types. System Restore also tracks an anti-virus utility when it modifies (cleans), moves, or deletes a monitored, critical, system or application file types.
During a restore process, an active anti-virus utility scans for infected files. If any infected files are detected, the anti-virus utility will attempt to modify, move, or delete them. If the files are successfully cleaned, System Restore will restore the files in question. However, if a file cannot be cleaned and is deleted or "quarantined" (isolated), the restore fails as these actions to the file result in an inconsistent restore state. System Restore will then revert to the state immediately prior to the restore operation.
It is important to note that as viruses become known and definition or signature files for anti-virus utilities are dynamically updated, a restore that failed days before could succeed later on, once the anti-virus utility is updated. Conversely, restoring to a point that succeeded before, if undone and attempted again, could possibly fail if a new signature or definition enables the detection of a virus on a backed up file that cannot be cleaned. |
Q.
A. |
|
| Q. |
How can I enable or disable System Restore? |
|
|
| A. |
Select Start, Control Panel, and double-click the System icon. Next:
| • |
Click the System Restore tab on the System dialog box |
| • |
To enable, clear the Turn off System Restore check box |
| • |
To disable, select the Turn off System Restore check box |
| • |
Click OK when done |
|
|
| Q. |
How can I disable System Restore from monitoring a particular drive? |
|
|
| A. |
To disable monitoring a particular drive, click Start followed by Control Panel and double click the System icon. Then click on the System Restore tab on the System dialog box. Depending on your disk setup, do the following:
| • |
Single partition: Clear the Turn off System Restore check box to disable System Restore. |
| • |
Multiple disks or partitions: To prevent System Restore from monitoring a particular partition, click on the drive to disable and then the settings option. Clear the Turn off System Restore check box to disable monitoring the drive in question. You cannot disable monitoring of the system drive explicitly; you must disable System Restore for the entire system to prevent system drive monitoring. |
|
|
| Q. |
How can I set the amount of space System Restore uses on my disk? |
|
|
| A. |
Select Start, then Control Panel and double-click the System icon. Then click on the System Restore tab on the dialog box. Depending on your disk setup, do the following:
| • |
Single partition: Adjust the space system restore uses on the disk by moving the slider left to decrease space usage, or right to increase space usage. The default maximum space usage is 12%. |
| • |
Multiple partitions or multiple disks: Click on the drive you want to adjust in the available drives section on the System Restore page and then click the settings option. You can then adjust the space system restore uses on that drive by moving the slider to the left to decrease space usage, or right to increase space usage. The default maximum space usage is 12%. Repeat for each drive as necessary. |
|
|
| Q. |
How do I determine the amount of space System Restore uses for restore points? |
|
|
| A. |
To determine the amount of space System Restore is using:
1. |
Click on Start, then My Computer |
2. |
Select the Tools pull-down menu, click on Folder Options, and then select the View tab |
3. |
In the Advanced settings option under Hidden files and folders, select Show hidden files and folders and clear the Hide protected operating system files check box, then click OK |
4. |
Refer to the system drive where Windows is installed (C: for most users) |
5. |
Double-click the System Volume Information folder |
6. |
Right-click the _restore directory and select Properties |
7. |
The Size on Disk value is the amount of space System Restore is using for restore points |
8. |
Repeat as necessary for other drives monitored by System Restore |
9. |
If the computer is part of a domain and you do not have access to the System Volume Information folder, perform these additional steps following Step 4 above:
| • |
Right-click the System Volume Information folder and click the Properties option. |
| • |
Select the Security tab and add your username to the user/group list with access to this folder. |
| • |
Click OK and continue with Step 5 above. |
|
|
|
|
| Q. |
How do I delete restore points in System Restore? |
|
|
| A. |
You can either delete all restore points except the latest one, or all the restore points.
| • |
To delete all restore points except the latest one, use the Disk Cleanup utility. Click Start, All Programs, Accessories, System Tools, and then Disk Cleanup. Click on the More Options tab and then select Clean up in the System Restore dialog box. |
| • |
To delete all the restore points on your computer, disable and re-enable System Restore on the system. Click Start, Control Panel, and then the System icon. Click on the System Restore tab in the dialog box, select the Turn off System Restore check box, and click Apply. Clear the check box again to re-enable System Restore and then click OK. |
| • |
You can reduce the number of restore points saved by decreasing the total amount of disk space available to System Restore. Note that less available disk space will decrease the relative number of restore points. |
|
|
| Q. |
How do I use scripts with System Restore? |
|
|
| A. |
Windows Management Instrumentation (WMI) scripts can be used to locally or remotely create or list restore points, select a restore point to restore to, view the status of a restore operation, and adjust system restore parameters.
Please refer to the System Restore Scripting Samples document, which lists functions and parameter descriptions along with script samples provided as a guide to administrators who need local or remote access to the System Restore features and settings. |
| Q. |
How do I remotely perform a system restore? |
|
|
| A. |
You can perform a remote system restore using Windows Management Instrumentation (WMI) scripts. |
Q.
A. |
|
| Q. |
What should I do if System Restore does not work? |
|
|
| A. |
Try the following steps:
| • |
Ensure the Windows Management Instrumentation service is running. For instructions on how to do this, see "How can I verify that the Windows Management Instrumentation (WMI) services are running on my machine?" in this section. |
| • |
Ensure the Task Scheduler is running. For instructions on how do to this, see "How can I verify that the Task Scheduler is running on my machine?" in this section. |
| • |
Verify that you have enough free space on all your drives as required by System Restore. If the free space on any partition system restore is monitoring falls below 50 MB, System Restore will suspend and purge out all restore points to free up disk space. It will automatically reactivate when 200 MB+ free space is available. |
| • |
Examine event logs for any system restore-related errors that could help you identify the problem |
|
|
| Q. |
Why is System Restore suspended when there is plenty of free disk space? |
|
|
| A. |
Suspension can occur if:
| • |
A non-system drive with System Restore enabled has less than 50 MB of free disk space |
| • |
A copy, delete, modify operation was made to a file monitored by System Restore. This typically causes System Restore to suspend across the system |
|
|
| Q. |
When using System Restore, I receive the following message: "System restore was unable to start due to a missing Framedyn.dll. Please reinstall the application to fix this problem." How do I fix this? |
|
|
| A. |
This event usually occurs when the Windows path is corrupt. To resolve this issue, begin by installing Windows XP Service Pack 1. Alternatively, you can temporarily address this issue by copying the framedyn.dll file from the \windows\system32\wbem directory to the \windows\system32 directory. |
| Q. |
Why isn't System Restore creating automatic system checkpoints? |
|
|
| A. |
Typical reasons why checkpoints are not being created:
| • |
System Restore requires Task Scheduler to create system checkpoints. If Task Scheduler is disabled it will prevent System Restore from creating system checkpoints on a scheduled basis. |
| • |
System Restore requires the computer to be in an idle state to create system checkpoints. This is by design so that System Restore does not interrupt a user by taking processing power. If computer is never idle, system checkpoints cannot be created. Also, check for any applications that run on the comput | | |
