System Restore

Infobox Software
name = System Restore



caption = System Restore in Windows Vista SP1
collapsible =
author =
developer = Microsoft
released =
latest release version = 6.0.6001
latest release date = February 4, 2008
latest preview version =
latest preview date =
frequently updated =
programming language =
operating system = Microsoft Windows
platform =
size =
language =
status =
genre = Disk defragmenter
license = Microsoft EULA
website =

System Restore is a component of Microsoft's Windows Me, Windows XP and Windows Vista operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure.

The Windows Server operating system family does not include System Restore. The System Restore built into Windows XP can be installed on a Windows Server 2003 machine, [ [http://www.neowin.net/forum/?showtopic=91476 How to install System restore on server 2003] ] although this is not supported by Microsoft.

In Windows Vista, System Restore features an improved interface and is based on Shadow Copy technology. In prior Windows versions, it was based on a file filter that watched changes for a certain set of file extensions, and then copied files before they were overwritten. [ [http://www.microsoft.com/middleeast/windowsvista/features/foreveryone/backup.mspx System Restore in Windows Vista and other backup features] ] The advantage of using Shadow Copy is that block-level changes in files located in any directory on the volume can be monitored and backed up regardless of their location. [http://technet.microsoft.com/en-us/magazine/cc137798.aspx A Guide to Windows Vista Backup Technologies] ]

Overview

In System Restore, the user may create a new "restore point" manually, rollback to an existing restore point, or change the System Restore configuration. Moreover, the restore itself can be undone. Old restore points are discarded in order to keep the volume's usage within the specified amount. For many users, this can provide restore points covering the past several weeks. Users concerned with performance or space usage may also opt to disable System Restore entirely. Files stored on volumes not monitored by System Restore are never backed up or restored.

System Restore backs up system files of certain extensions (.exe, .dll, etc.) and saves them for later recovery and use. [http://msdn.microsoft.com/en-us/library/aa378870.aspx MSDN System Restore Reference: Monitored File Extensions] ] . It also backs up the registry and most drivers.

Resources monitored

The following resources are backed up:
* Registry
* Files in the Windows File Protection ("Dllcache") folder
* Local user profile
* COM+ and WMI Databases
* IIS Metabase
* Specific file types monitored

Restore points

Restore points are created:
* When software is installed using the Windows Installer, "Package Installer" or other installers which are aware of System Restore. [http://technet2.microsoft.com/WindowsVista/en/library/4ac505e6-dd8b-4ae7-80fa-b9d77cd8104d1033.mspx?mfr=true Selected Scenarios for Maintaining Data Integrity with Windows Vista] ]
* When Windows Update installs new updates to Windows.
* When the user installs a driver that is not digitally signed by Windows Hardware Quality Labs.
* Every 24 hours of computer use (10 hours in Windows Me), or every 24 hours of calendar time, whichever happens first. This setting is configurable through the registry or using the deployment tools. Such a restore point is known as a "system checkpoint". System Restore requires Task Scheduler to create system checkpoints. Moreover, system checkpoints are only created if the system is idle for a certain amount of time. [http://technet.microsoft.com/en-us/windowsxp/bb264753.aspx#EUAAC Frequently Asked Questions Regarding System Restore in Windows XP] ]
* When the operating system starts after being off for more than 24 hours.
* When the user requests it. On Windows Vista, shadow copies created during File Backup and Complete PC Backup can also be used as restore points.

Older restore points are deleted as per the configured space constraint on a First In, First Out basis.

Implementation

There are considerable differences between how System Restore works under Windows XP and Windows Vista. In Windows XP, System Restore can be configured to use up to a maximum of 12% of the volume's space for most disk sizes , however this may be less depending on the volume's size. In Windows Vista, System Restore is designed for larger volumes and cannot be enabled on volumes smaller than 1 GB. [http://windowshelp.microsoft.com/Windows/en-US/help/517d3b8e-3379-46c1-b479-05b30d6fb3f01033.mspx Windows Vista Help: System Restore FAQs] ] By default, it uses 15% of the volume's space. Using the command-line tool Vssadmin.exe, the space reserved can be adjusted.

Up to Windows XP, files are backed up only from certain directories. On Windows Vista, this set of files is defined by monitored extensions outside of the Windows folder, and everything under the Windows folder. [ [http://bertk.mvps.org/html/q_a.html#16 Windows Vista System Restore FAQs: Bert Kinney - System Restore MVP] ]

Up to Windows XP, it excludes "any" file types used for users' personal data files, such as documents, digital photographs, media files, e-mail, etc. It also excludes the monitored set of file types (.DLL, .EXE etc.) from folders such as My Documents. Microsoft recommends that if a user is unsure as to whether certain files will be modified by a rollback, they should keep those files under "My Documents". When a rollback is performed, the files that were being monitored by System Restore are restored and newly created folders are removed. On Windows Vista however, it excludes only document file types; it does not exclude any file monitored type whatsoever of its location and operates on the entire volume.

Restoring the system

Up to Windows XP, the system can be restored as long as Windows boots normally or from "Safe mode". It is not possible to restore the system if Windows is unbootable. Under Windows Vista, the Windows Recovery Environment can be used to launch System Restore and restore the system, in case the Windows installation is unbootable.

Limitations & complications

A limitation which applies to System Restore in Windows versions prior to Windows Vista is that only certain file types and files in certain locations on the volume are monitored, therefore unwanted software installations and especially in-place software upgrades may be incompletely reverted by System Restore. Fact|date=May 2008 [http://www.windowsdevcenter.com/pub/a/windows/2004/10/19/SystemRestore.html] As a result, there may be little or no practical impact (aside from wasted disk space). Certain issues may arise when attempting to run or remove that application. In contrast, various other utilities have been designed to provide much more complete reversal of system changes including software upgrades. For example, by tracking all changes, Norton's GoBack or Horizon DataSys's Rollback Rx allows complete restoration of the file system's state to the way it was at any of hundreds of available restore points per day. Frequent or continuous monitoring may also adversely affect system performance, whereas System Restore's restore points are generally created quickly and sparingly. Or|date=May 2008

If there is no adequate free space, System Restore fails to create restore points, so a user may discover that there is not a single restore point available when trying to restore the system.

There is no way to make a permanent restore point that will not get deleted after a few days when automatic restore points need the disk space. So if one does not notice a new problem for a few days or a couple weeks, when one does discover it, it may already be too late to restore to a configuration from before the problem arose.

System Restore by default does not allow other applications or users, permission to modify or delete files in the directory where the restore points are saved for data integrity purposes. Since its method of backup is fairly simplistic, it may end up archiving malicious software such as a virus, worm or other types of malware. In this case, the anti-virus software may be unable to remove the infected files. [cite web | url=http://support.microsoft.com/kb/263455/en-us | title=Antivirus Tools Cannot Clean Infected Files in the _Restore Folder | work=Microsoft Corporation] The only way to delete the infection is to disable System Restore, which will result in losing all saved restore points, or simply wait until Windows deletes the restore points to make room for new restore points. Moreover, if an infected set of files is restored, the virus may end up getting restored too.

On Windows Vista, System Restore does not work on FAT32 disks and cannot be enabled on disks smaller than 1 GB.

Changes made to a volume from another OS (in case of dual-boot OS scenarios) cannot be monitored. Also, a compatibility issue exists with System Restore when dual-booting Windows XP/Windows Server 2003 and Windows Vista or later operating systems. Specifically, the shadow copies on the volume are deleted when the older operating system accesses (and therefore mounts) that NTFS volume. This happens because the older operating system does not recognize the newer format of persistent shadow copies. [cite web | url=http://blogs.technet.com/filecab/archive/2006/07/14/441829.aspx | title=How restore points and other recovery features in Windows Vista are affected when you dual-boot with Windows XP | author=cfsbloggers | date=July 14, 2006 | work=The Filing Cabinet | accessdate=2007-03-21 ]

ee also

*Backup

References

External links

* [http://support.microsoft.com/kb/290700 Important update that fixes a problem with Windows Me's version of System Restore when restoring a checkpoint after September 8, 2001.]
* [http://www.wikinfo.org/index.php/System_Restore:_Limitations_and_Complications System Restore: Limitations and Complications]