|
|
|
 |
System Restore Frequently Asked Questions (FAQ)
Summary
General Questions
| Q. |
|
|
|
| A. |
System Restore enables administrators to restore their computers to a previous state without losing personal data files (e.g. Word documents, graphic files, e-mail). System Restore actively monitors system file changes and some application file changes to record or store previous versions before the changes occurred. Users never have to think about taking system snapshots as System Restore automatically creates easily identifiable restore points, which the users can use to revert to a previous time. Restore points are created at the time of significant system events (such as application or driver install) and periodically (each day). Additionally, users can create and name their own restore points at any time. For more information, please see the System Restore document on TechNet. |
| Q. |
|
|
|
| A. |
System Restore is available in Microsoft® Windows® Millennium (Me) and the Microsoft Windows XP (Home and Professional) operating systems. However, this FAQ addresses questions and issues with System Restore in Windows XP only. |
| Q. |
|
|
|
| A. |
System Restore monitors only a core set of specified system and application file types (e.g. .exe, .dll etc), while Backup Utility typically backs up all files including users personal data files, ensuring a safe copy stored either on the local disk or to another medium. System Restore does not monitor changes to or recover users' personal data files such as documents, graphics, e-mail, and so on. While system data contained in restore points are available to restore to for only a limited period (restore points older than 90 days are deleted by default), backups made by the Backup Utility can be recovered at any time. |
| Q. |
|
|
|
| A. |
System Restore is enabled by default and runs after the successful completion of either the Windows XP Professional or Personal x86-version installation. It requires a minimum of 200 MB of free space available on the system partition. If 200 MB is not available, System Restore will install disabled and will enable itself automatically once the required disk space is available.
With System Restore, you also never have to worry about taking system snapshots, as it will automatically create easily identifiable restore points, which allows you to revert to a previous time. Restore points are created at the time of significant system events (such as application or driver install) and periodically (each day). Additionally, you can create and name your own restore points at any time. You also never have to worry about System Restore filling up your hard drive with these restore points. By default, it only uses a maximum of 12% disk capacity and has an automatic restore point space management feature that purges the oldest restore points to make room for new ones, enabling recovery from any recent undesirable changes. |
| Q. |
|
|
|
| A. |
System Restore does not cause any noticeable performance impact when monitoring your computer. The creation of a Restore point also is a very fast process and usually takes only a few seconds. Scheduled System Checkpoints (every 24 hours by default) are created only at system idle time to avoid interfering with a computer during use. |
| Q. |
|
|
|
| A. |
Only users with administrative rights can use System Restore to restore and adjust System Restore settings. However, the creation of automatic restore points (system checkpoints or event-driven restore points) on the computer takes place regardless of which user is logged onto the computer. If a non-admin user is logged on, system checkpoints or event driven checkpoints will still be created on that computer to ensure protection. However, only a user with admin privileges will be able to restore the computer. |
| Q. |
|
|
|
| A. |
System Restore does not monitor changes to or recover personal data files such as Word documents, graphics, e-mail, etc. |
| Q. |
|
|
|
| A. |
System Restore monitors only a core set of specified system and application file types (e.g. .exe, .dll etc), archiving the states of these files before system changes are made. System Restore does not monitor any user/personal data files. To view the included files specified in System Restore, see Monitored File Extensions in the System Restore section of the Platform SDK. Modifications to this list from sources other than Microsoft are not supported. |
| Q. |
|
|
|
| A. |
See below.
Passwords Not Restored
| • |
Windows XP passwords. This is by design to prevent confusion and the risk of becoming locked out of your computer if the restore point includes an unfamiliar or old password |
| • |
Microsoft Internet Explorer and Content Advisor passwords and hints. This is by design to prevent problems that could occur when browsing the Internet, in the event that you restore your system to a point with an unfamiliar or old password |
|
Restored Passwords
| • |
Windows Messenger, AOL Messenger, Yahoo! Messenger, and other Web server-based program passwords. The programs simply cache these passwords on the computer; the actual passwords are stored on a Web server. System Restore does not actually change the password, but it changes the password retained locally by the program. You still need to use the current password for the program to log on to the server |
| • |
Domain and computer passwords. As System Restore only rolls back the local computer state and part of the joining domains data resides in Active Directory (not rolled back) the restored cached password will be updated to the current password as soon as the computer reconnects to the domain |
|
|
| Q. |
|
|
|
| A. |
System Restore does not completely uninstall any program if restoring to a point prior to the program installation. As System Restore is based on an inclusionary model, any files added or modified by the installation (which is not monitored by System Restore) or added to or modified in a non-monitored drive will not be tracked. To remove all changes an installation may have made to the system, the user should first use the Add/Remove option in the control panel to remove the application prior to using System Restore. System Restore will undo all recorded changes made to the registry and monitored files caused by the application install, including:
| • |
Deleted or monitored files added to the system from the program installation |
| • |
Undo modifications to monitored files made by the installation |
| • |
Replacement of the current registry with the registry snapshot taken at the chosen restore point (some current values may persist) |
|
|
| Q. |
|
|
|
| A. |
Please see below.
Restored:
| • |
Registry |
| • |
Profiles (local only; roaming user profiles are not affected by restore) |
| • |
COM+ DB |
| • |
WFP.dll cache |
| • |
WMI DB |
| • |
IIS Metabase |
| • |
File types monitored by System Restore as specified in the SDK document Monitored File Extensions |
|
Not restored:
| • |
DRM settings |
| • |
Passwords in the SAM hive |
| • |
WPA settings (Windows authentication information is not restored) |
| • |
Specific directories/files listed in the Monitored File Extensions list in the System Restore section of the Platform SDK e.g. 'My Documents' folder |
| • |
Any file types not monitored by System Restore (.doc, .jpg, etc.) |
| • |
Items listed in both Filesnottobackup and KeysnottoRestore (hklm->system->controlset001->control->backuprestore->filesnottobackup and keysnottorestore) in the registry |
| • |
User-created data stored in the user profile |
| • |
Contents of redirected folders |
|
|
| Q. |
|
|
|
| A. |
As System Restore monitors a core set of specified system and application file types, any downloaded or saved file which has an extension type monitored by System Restore (e.g. .exe, .dlls) and stored on a monitored drive will be lost if restoring to a point prior to the download or save. If you do not want to lose files with a monitored extension due to a restore, you should move these files to the My Documents folder or to a non-monitored partition not restored during a restore process. If you have unknowingly deleted some files due to a restore on your system, you can always recover them by undoing the restore process in question. |
| Q. |
|
|
|
| A. |
The user can manually create a restore point at any time on their computer using the System Restore Wizard. Restore Points are also automatically created on your computer when:
| • |
Installing an unsigned device driver |
| • |
Installing System Restore compliant applications (Installing an application that uses Windows Installer, or Install Shield Pro version 7.0 or later, causes System Restore to create a restore point) |
| • |
Installing an update by using Automatic Updates |
| • |
Performing a System Restore operation so the user can undo that restore operation if needed |
| • |
Restoring data from backup media using the Backup tool |
| • |
Creating daily restore points (System Restore creates a restore point every 24 hours if the computer is on or 24 hours have passed since the last restore point was created) |
|
|
| Q. |
|
|
|
| A. |
No. System Restore is change base tracking tool, not an imaging or backup tool. Each restore point only stores changes to the system since the creation of the previous restore point to minimize space usage and improve performance, and all restore points are associated. Therefore, restoring the computer from the current state to a previous state requires the availability of all restore points. For example, if a user wants to restore the computer from point D to point A, System Restore will evaluate the system change logs for points C, B, and A.
If a restore point is permanent, space usage for storing the complete chain of restore points since the creation of the permanent restore point would become very large and impractical. System Restore also provides a space management feature to purge old restore points to make room for new ones, creating a rolling safety net. Restore points over 90 days are purged automatically by default. |
| Q. |
|
|
|
| A. |
If an improper shutdown occurs, there is a small possibility that a restore could fail because System Restore may not have logged some file operations properly at the time of shutdown. If the restore fails, the system will be in the same state as before the restore was initiated. |
| Q. |
|
|
|
| A. |
Disk space used by System Restore by default:
| • |
For drives greater than 4 GB, System Restore uses up to 12% of the disk space |
| • |
For drives less than 4 GB, System Restore by default only uses up to 400 MB of disk space |
|
The data store size is not a reserved space on the disk and the maximum size (to the max values defined above) is limited at any time by the amount of free space available on disk. Therefore, if disk space use encroaches on the data store size, System Restore always yields its data store space to the system. For example, if the data store size is configured to 500 MB, of which 200 MB is already used, and the current free hard-disk space is only 150 MB, the effective size of the data store is 350 MB (200 + 150), not 500 MB. Note that disk space usage can be adjusted at any time. |
| Q. |
|
|
|
| A. |
Yes. System Restore parameters are configurable remotely or locally by using a Windows Management Instrumentation (WMI) script. A WMI script can also be used to create restore points, list them, select a restore point to restore to, and view the status of a restore operation. |
| Q. |
|
|
|
| A. |
The service pack provides several security and bug fixes for the Windows XP operating system including those for System Restore. Highlights of the key fixes for System Restore in the service pack include:
| • |
The issue where System Restore does not launch and displays the error "System Restore was unable to start due to a missing Framedyn.dll. Please reinstall the application to fix this problem" |
| • |
The issue where the System Restore tool on a Windows XP-based computer and the calendar on the left side of the "Choose a Restore Point" window is not displayed |
| • |
The restore process issue where users were encountering failed restores. Although some of this is attributed to file corruption in the System Restore data store, in many cases it was due to locked file issues (a file which system restore couldn't access cause it was locked out by another application or process) causing the restore process to fail, notably in situations where fast user switching was used |
| • |
The drive table inconsistency preventing System Restore to create restore points |
| • |
Several Security fixes for System Restore to protect against hackers and viruses |
|
The Microsoft System Restore team supports users in the Microsoft public newsgroups (please visit Public.WindowsXP.perform_maintain and Microsoft.Public.WindowsXP.help_and_support) and encourages user feedback regarding the effectiveness of Windows XP Service Pack 1. |
| Q. |
|
|
|
| A. |
No. All previous restore points can be restored after the installation. |
| Q. |
How do anti-virus utilities and System Restore work together? |
|
|
| A. |
System Restore protects critical system and application files by monitoring, recording, and in some cases copying these files before they are modified. For example, when an upgrade, an inadvertent user change, a driver install, or a virus modifies a critical system or application file, System Restore records and saves a copy of the file before the change occurs. In the event of a problem, a restore operation can replace files with previously saved versions. Anti-virus utilities, through auto-detection or scanning, monitor critical and personal files on the system for signs of infection, and then take action to remove or isolate ("quarantine") files impacted by known virus types. System Restore also tracks an anti-virus utility when it modifies (cleans), moves, or deletes a monitored, critical, system or application file types.
During a restore process, an active anti-virus utility scans for infected files. If any infected files are detected, the anti-virus utility will attempt to modify, move, or delete them. If the files are successfully cleaned, System Restore will restore the files in question. However, if a file cannot be cleaned and is deleted or "quarantined" (isolated), the restore fails as these actions to the file result in an inconsistent restore state. System Restore will then revert to the state immediately prior to the restore operation.
It is important to note that as viruses become known and definition or signature files for anti-virus utilities are dynamically updated, a restore that failed days before could succeed later on, once the anti-virus utility is updated. Conversely, restoring to a point that succeeded before, if undone and attempted again, could possibly fail if a new signature or definition enables the detection of a virus on a backed up file that cannot be cleaned. |
Q.
A. |
|
How-to Guide
| Q. |
How can I enable or disable System Restore? |
|
|
| A. |
Select Start, Control Panel, and double-click the System icon. Next:
| • |
Click the System Restore tab on the System dialog box |
| • |
To enable, clear the Turn off System Restore check box |
| • |
To disable, select the Turn off System Restore check box |
| • |
Click OK when done |
|
|
| Q. |
How can I disable System Restore from monitoring a particular drive? |
|
|
| A. |
To disable monitoring a particular drive, click Start followed by Control Panel and double click the System icon. Then click on the System Restore tab on the System dialog box. Depending on your disk setup, do the following:
| • |
Single partition: Clear the Turn off System Restore check box to disable System Restore. |
| • |
Multiple disks or partitions: To prevent System Restore from monitoring a particular partition, click on the drive to disable and then the settings option. Clear the Turn off System Restore check box to disable monitoring the drive in question. You cannot disable monitoring of the system drive explicitly; you must disable System Restore for the entire system to prevent system drive monitoring. |
|
|
| Q. |
How can I set the amount of space System Restore uses on my disk? |
|
|
| A. |
Select Start, then Control Panel and double-click the System icon. Then click on the System Restore tab on the dialog box. Depending on your disk setup, do the following:
| • |
Single partition: Adjust the space system restore uses on the disk by moving the slider left to decrease space usage, or right to increase space usage. The default maximum space usage is 12%. |
| • |
Multiple partitions or multiple disks: Click on the drive you want to adjust in the available drives section on the System Restore page and then click the settings option. You can then adjust the space system restore uses on that drive by moving the slider to the left to decrease space usage, or right to increase space usage. The default maximum space usage is 12%. Repeat for each drive as necessary. |
|
|
| Q. |
How do I determine the amount of space System Restore uses for restore points? |
|
|
| A. |
To determine the amount of space System Restore is using:
1. |
Click on Start, then My Computer |
2. |
Select the Tools pull-down menu, click on Folder Options, and then select the View tab |
3. |
In the Advanced settings option under Hidden files and folders, select Show hidden files and folders and clear the Hide protected operating system files check box, then click OK |
4. |
Refer to the system drive where Windows is installed (C: for most users) |
5. |
Double-click the System Volume Information folder |
6. |
Right-click the _restore directory and select Properties |
7. |
The Size on Disk value is the amount of space System Restore is using for restore points |
8. |
Repeat as necessary for other drives monitored by System Restore |
9. |
If the computer is part of a domain and you do not have access to the System Volume Information folder, perform these additional steps following Step 4 above:
| • |
Right-click the System Volume Information folder and click the Properties option. |
| • |
Select the Security tab and add your username to the user/group list with access to this folder. |
| • |
Click OK and continue with Step 5 above. |
|
|
|
|
| Q. |
How do I delete restore points in System Restore? |
|
|
| A. |
You can either delete all restore points except the latest one, or all the restore points.
| • |
To delete all restore points except the latest one, use the Disk Cleanup utility. Click Start, All Programs, Accessories, System Tools, and then Disk Cleanup. Click on the More Options tab and then select Clean up in the System Restore dialog box. |
| • |
To delete all the restore points on your computer, disable and re-enable System Restore on the system. Click Start, Control Panel, and then the System icon. Click on the System Restore tab in the dialog box, select the Turn off System Restore check box, and click Apply. Clear the check box again to re-enable System Restore and then click OK. |
| • |
You can reduce the number of restore points saved by decreasing the total amount of disk space available to System Restore. Note that less available disk space will decrease the relative number of restore points. |
|
|
| Q. |
How do I use scripts with System Restore? |
|
|
| A. |
Windows Management Instrumentation (WMI) scripts can be used to locally or remotely create or list restore points, select a restore point to restore to, view the status of a restore operation, and adjust system restore parameters.
Please refer to the System Restore Scripting Samples document, which lists functions and parameter descriptions along with script samples provided as a guide to administrators who need local or remote access to the System Restore features and settings. |
| Q. |
How do I remotely perform a system restore? |
|
|
| A. |
You can perform a remote system restore using Windows Management Instrumentation (WMI) scripts. |
Q.
A. |
|
Troubleshooting
| Q. |
What should I do if System Restore does not work? |
|
|
| A. |
Try the following steps:
| • |
Ensure the Windows Management Instrumentation service is running. For instructions on how to do this, see "How can I verify that the Windows Management Instrumentation (WMI) services are running on my machine?" in this section. |
| • |
Ensure the Task Scheduler is running. For instructions on how do to this, see "How can I verify that the Task Scheduler is running on my machine?" in this section. |
| • |
Verify that you have enough free space on all your drives as required by System Restore. If the free space on any partition system restore is monitoring falls below 50 MB, System Restore will suspend and purge out all restore points to free up disk space. It will automatically reactivate when 200 MB+ free space is available. |
| • |
Examine event logs for any system restore-related errors that could help you identify the problem |
|
|
| Q. |
Why is System Restore suspended when there is plenty of free disk space? |
|
|
| A. |
Suspension can occur if:
| • |
A non-system drive with System Restore enabled has less than 50 MB of free disk space |
| • |
A copy, delete, modify operation was made to a file monitored by System Restore. This typically causes System Restore to suspend across the system |
|
|
| Q. |
When using System Restore, I receive the following message: "System restore was unable to start due to a missing Framedyn.dll. Please reinstall the application to fix this problem." How do I fix this? |
|
|
| A. |
This event usually occurs when the Windows path is corrupt. To resolve this issue, begin by installing Windows XP Service Pack 1. Alternatively, you can temporarily address this issue by copying the framedyn.dll file from the \windows\system32\wbem directory to the \windows\system32 directory. |
| Q. |
Why isn't System Restore creating automatic system checkpoints? |
|
|
| A. |
Typical reasons why checkpoints are not being created:
| • |
System Restore requires Task Scheduler to create system checkpoints. If Task Scheduler is disabled it will prevent System Restore from creating system checkpoints on a scheduled basis. |
| • |
System Restore requires the computer to be in an idle state to create system checkpoints. This is by design so that System Restore does not interrupt a user by taking processing power. If computer is never idle, system checkpoints cannot be created. Also, check for any applications that run on the computer during idle periods, such as a virus scanner. |
| • |
The computer has been in use for limited periods and then shut down or put into hibernation, preventing System Restore from creating restore points. |
|
|
| Q. |
Why are my restore points missing or deleted? |
|
|
| A. |
If no free disk space on monitored system drive or on any of the available non-system drives exists, System Restore will purge restore points consistently across all monitored partitions to free disk space. If the free disk space falls below 50 MB on any monitored partition, System Restore will stop monitoring and suspend.
Note: Some users have reported that using the Real Player One utility has deleted restore points. Please review your System Event Viewer log for System Restore events for a volume error event. For more information, please visit the Microsoft.Public.WindowsXP.perform_maintain and Microsoft.Public.WindowsXP.help_and_support. |
| Q. |
Why does System Restore display a blank calendar in Windows XP if no restore points exist? |
|
|
| A. |
This can occur if the file association for Hypertext Markup Language (HTML) component (.htc) files is not in the registry. Please see Windows XP Service Pack 1 for more information. |
| Q. |
Why does the System Restore Wizard lockup when trying to create a restore point? |
|
|
| A. |
This can occur if the event log service is disabled on the computer. The user should enable the event log service and then try to create the restore point. To verify that the service is working:
| • |
Click Start, Control Panel, then Performance and Maintenance |
| • |
Click Administrative Tools, Computer Management, then Services and Applications |
| • |
Click Services, then Event Log Services. Ensure this service is set to Automatic and the status is 'started' |
|
|
| Q. |
Why do I lose my Remote Assistance session after using System Restore? |
|
|
| A. |
If you restore to a point before the Remote Assistance Ticket creation, the HelpAssistant account password is automatically reset. The HelpAssistant account is the account that an administrator uses to log on and connect to a computer. This issue has been resolved in Windows XP Service Pack 1. If the service pack is unavailable, use Remote Assistance to create another ticket. |
| Q. |
When I attempt to restore to any restore point, I receive a "restore failed" message, although my system has not changed. I created many restore points, although none appear to function. How do I resolve this problem? |
|
|
| A. |
First, run SRDiag.exe found in Windows XP Service Pack 1 to capture the System Restore change, restore logs, and create a .cab file. This is a precautionary step, and you can e-mail the logs in a .cab file to a monitored alias to Microsoft for troubleshooting if one of the suggestions listed below does not resolve the issue.
Possible causes for restore point failures:
| • |
Corrupt restore point. Inconsistencies between file entries in the System Restore file change log and files backed up or tracked by System Restore can occur, most often from an improper shutdown or power outage while System Restore was adding a log entry during change tracking. Similarly, an entry for the file exists in the change log but the file itself may be corrupt or missing. This can also occur when System Restore pre-change file copies are deleted from the system volume information directory to clean the system. By design, System Restore prevents a successful restore to an inconsistent point — it will fail and then revert to a previous restore with unsynchronized file copies and log entries. To remove corrupt restore points, disable and re-enable System Restore. |
| • |
Low free disk space on a System Restore monitored partition. Every restore process involves System Restore creating a restore point prior to the restore operation so that the user can undo the restore process. If you are experiencing failed restores, ensure that there is sufficient free disk space available on all the System Restore monitored partitions. |
| • |
Changes occurred to System Restore monitored files on one operating system through another operating system (OS) on another partition or removable drive. System Restore can only restore changes for the instance of the operating system it was originally associated. Therefore, restoring changes made by another OS or alternative partition is not supported, as those changes are not tracked. Resulting restore will fail as log entries and files on the current state will be out of synchronization. |
| • |
A required service is not running. Restoring requires System Restore, Windows Management Instrumentation (WMI), and task scheduler to be running concurrently. For step-by-step instructions to verify that these services are active, click on each service or scheduler link. |
| • |
During the restore process, files to be replaced, moved, or deleted by System Restore were locked by the system or an application is causing the restore to fail. Please refer to Windows XP Service Pack 1 for more information. |
| • |
Behavior between anti-virus software and System Restore. Interaction between System Restore and anti-virus utilities can affect restoration to a previous point containing infected files. For example, if a file used for restoration is infected and cannot be cleaned by the anti-virus utility, System Restore will not recover the computer to a partial or compromised state. How your anti-virus utility is configured, the point selected to restore to, and action taken by the utility on
a restored infected file (for example, whether the anti-virus utility successfully cleans, deletes, or quarantines a file), also affects restoration results. |
|
|
| Q. |
What can I do to remove un-cleanable infected files in the System Restore data archive and be able to restore to uncompromised restore points? |
|
|
| A. |
Be sure signature/definitions are current. Ensure your AV utility is configured to exclude the SVI directory
| • |
If you suspect previous restore points contain copies of infected monitored files which your anti-virus utility was unable to clean, you can remove these, and all related restore points from the System Restore archive by disabling than re-enabling System Restore. Caution: Disabling System Restore will remove all restore points; Enabling System Restore again will resume the creation of new restore points as schedule and events require. To disable System Restore: Start=>Control Panel=>Performance & Maintenance=>System Applet=>
1. |
On the System Applet, Click the System Restore tab, |
2. |
Check the Turn off System Restore box, |
3. |
Click OK, then click Yes. This will initiate the restore point purging process. |
4. |
To re-enable System Restore, clear the Turn-Off System Restore check box from the same location |
|
|
| • |
By disabling your AV utility, it is possible to successfully restore your system to a previously infected point, and once the restore is complete, re-enable the AV utility to detect and take action on the restored state. * Warning* turning off Anti-Virus protection is not recommended and should be done only temporarily to restore the system.* PSS to validate warning and steps* It is recommended before disabling an AV utility on any system it is first removed from any network to prevent the risk of infection. Steps:
1. |
Disconnect any system network connectivity |
2. |
Disable-Turn off AV protection |
3. |
Use System Restore to restore to desired point |
4. |
On reboot, Restore Success screen, validate optimal state achieved—problem resolved |
5. |
Re-enable or turn on the AV protection |
6. |
Immediately run a manual scan of all drives monitored by System Restore to ensure all files modified by the restore are inspected by the AV utility. |
|
|
|
| Q. |
What should I do if my anti-virus scanner cannot access the System Volume Information folder to remove a virus? |
|
|
| A. |
If the System Volume Information (SVI) folder is on a FAT partition and a virus infected file has been detected or copied to the data store before it was cleaned, the data store needs to be purged to remove the Restore Point with the infected file.
To do this, the user should disable and then re-enable System Restore monitoring on that particular drive as specified in a previous entry in this FAQ, "How can I disable System Restore from monitoring a particular drive?" under the How-to Guide section.
If the System Volume Information Folder is on an NTFS partition, the SVI directory can be accessed by a virus utility to clean an infected file as any other part of the file system. |
| Q. |
Microsoft support is asking me to generate a .cab file for system restore. How do I do this? |
|
|
| A. |
To generate a system restore Cab file:
| • |
Click Start, then Run |
| • |
Type or paste: %windir%\system32\restore\srdiag.exe and click OK |
| • |
A command window will open while the Srdiag.exe runs. The command session will automatically close when complete, and the .cab file will be created in your Windows\system32\restore directory. This can take several minutes. |
|
|
| Q. |
How do I look at the event logs to investigate any system restore errors? |
|
|
| A. |
To check event logs:
| • |
Click Start, Control Panel, then Performance and Maintenance. |
| • |
Click Administrative Tools, Computer Management, double-click Event Viewer, and then click System. |
| • |
Click the Source tab to sort by name, and then type for "sr" or "srservice". Double-click each of these services, and then evaluate the event description for the cause of the problem. |
|
|
| Q. |
Why is System Restore displaying duplicate drives with an offline status? |
|
|
| A. |
This problem often occurs if you convert the disk from a basic disk to a dynamic disk. |
| Q. |
Why isn't desktop wallpaper restored when using System Restore? |
|
|
| A. |
The image displayed on the desktop is a common image file and therefore not monitored by System Restore. System Restore does not restore common image files, as they could compromise the security of personal data. |
| Q. |
Why isn't the compression on files or folders restored when using System Restore? |
|
|
| A. |
By design, System Restore does not record changes in compression, nor does it undo them, as changes in compression do not cause the system to fail. |
| Q. |
Why aren't System Restore settings preserved during a reinstallation or upgrade? |
|
|
| A. |
Setup overwrites the existing settings so that System Restore is enabled after installation. In operating systems in which System Restore is not included, such as Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows NT Workstation, or Microsoft Windows 2000 Professional, System Restore will also be enabled by default on all drives. |
| Q. |
How can I verify that System Restore services are running on my computer? |
|
|
| A. |
To verify that System Restore services are running:
1. |
Click Start, Control Panel, then Performance and Maintenance |
2. |
Click Administrative Tools, Computer Management, then Services and Applications. |
3. |
Click Services, and then click System Restore Services. Ensure the service is set to Automatic and the status is 'started'. |
|
|
| Q. |
How can I verify that the Windows Management Instrumentation (WMI) service is running on my computer? |
|
|
| A. |
To verify that Windows Management Instrumentation Service is running:
1. |
Click Start, Control Panel, then Performance and Maintenance |
2. |
Click Administrative Tools, Computer Management, then expand Services and Applications. |
3. |
Click Services (not WMI Control), then click Windows Management Instrumentation (be sure you select this service and not the WMI driver extensions). Ensure the service is set to Automatic and the status is 'started'. |
|
|
| Q. |
How can I verify that the Task Scheduler is running on my computer? |
|
|
| A. |
To verify that Task Scheduler is running:
1. |
Click Start, Control Panel, then Performance and Maintenance. |
2. |
Click Administrative Tools, Computer Management, then Services and Applications. |
3. |
Click Services and then the Task Scheduler service to ensure the service is set to Automatic and the status is 'started'. |
|
|
| Q. |
Microsoft Support requested that I generate a .cab file after a restore has failed. How do I create a .cab file and where do I send it? |
|
|
| A. |
To generate a System Restore Services .cab file:
1. |
Click Start, and then Run. |
2. |
Type or paste %windir%\system32\restore\srdiag.exe in the text field, and then click OK. |
3. |
A command window will open while the Srdiag.exe runs. The command session will automatically close when complete, and the .cab file will be created in your Windows\system32\restore directory. This can take several minutes. |
4. |
Send an e-mail with the .cab file attached to srcomcab@microsoft.com. A support technician will then review the file and get back to you as soon as possible. |
|
|
| Q. |
Why can't I see system files such as .dll or .inf in Windows? |
|
|
| A. |
Windows hides all system files and files marked hidden by default. To view these files:
| • |
Click Start, then My Computer |
| • |
From the toolbar open the Tools menu, select Folder Options, and then click the View tab |
| • |
In the Advanced settings option for Hidden files and folders, ensure the Show hidden files and folders option is selected and Hide protected operating system files is unchecked |
| • |
Click OK |
| • |
You should now be able to see hidden and system files |
|
|
| Q. |
How can I remove permanently infected files in the System Restore data archive and restore to uncompromised restore points? |
|
|
| A. |
First, confirm that all signature/definitions are current and ensure your anti-virus utility is configured to exclude the Smart Virtual Instruments (SVI) directory. If you suspect previous restore points contain copies of infected monitored files that your anti-virus utility was unable to clean, you can remove these, and all related restore points from the System Restore archive by disabling than re-enabling System Restore. (Note: Disabling System Restore will remove all restore points. Enabling System Restore will resume the creation of new restore points as schedule and events require).
To disable System Restore, click on Start, Control Panel, Performance and Maintenance, and then System Applet, and follow the steps below:
1. |
On the System Applet, Click the System Restore tab |
2. |
Select Turn off System Restore |
3. |
Click OK, then click Yes to initiate the restore point purging process. |
4. |
To re-enable System Restore, clear the Turn-Off System Restore check box from the same location |
|
It is possible to restore a computer to a previously infected point by disabling the associated anti-virus utility, and once the restore is complete, re-enabling the utility to detect and take action on the restored state to remove infected files. (Note: turning off anti-virus protection is not recommended under most conditions, and should be done only temporarily to restore the system). Before disabling an anti-virus utility on a computer, it should be disconnected from any network to prevent the risk of infection.
To restore a computer to a previously infected restore point:
1. |
Disconnect any system network connectivity |
2. |
Disable-Turn off AV protection |
3. |
Use System Restore to restore to desired point |
4. |
On reboot, Restore Success screen, validate optimal state achieved—problem resolved |
5. |
Re-enable anti-virus protection |
6. |
Run a manual scan of all drives monitored by System Restore to ensure all files modified by the restore are inspected by the anti-virus utility |
|
|
Q.
A. |
|
Additional Information
|
|
 |
|
