POSTED BY
on 2:58 pm
under
The following is from the Windows Secrets Newsletter
www.windowssecrets.com
and is written by Woody Leonard
How to restore with confidence
Scoping out the System Restore function
Windows XP includes a remarkably capable subsystem known as System Restore. You've probably bumped into it.
Unfortunately, there's a lot of hogwash about System Restore floating around the Internet. The truth is that System Restore doesn't take a snapshot of your entire system; it isn't anything like a full backup. Instead, System Restore allows you, the programs you run, and Windows itself to store away copies of key system files, all of the Windows Registry, and various user settings.
The resulting restore point, as it's called, consists of a bundle of files that are named and stored together. This makes it easy for you to retrieve those settings and roll Windows back to an earlier state.
System Restore doesn't back up your files. It doesn't store most application settings. In fact, if you create a system restore point, install a program, then roll back to the earlier restore point, the program probably won't work. Any settings the program stuck into the Registry get obliterated by the rollback. The program may find itself floating in the Windows Primordial Ooze with no way to connect to Windows itself. Think "Lost" at 2.4 GHz.
To be a bit more precise, a restore point contains the contents of the Registry, the Windows File Protection files that are stored in \dllcache, all of the COM+ add-in database, the IIS configuration files, the Windows Management Instrumentation Database, some weird system files with filename extensions from a long list of "monitored extensions," and local user profiles.
None of your passwords make it into the restore point. Nor do any normal files, such as application programs and data files. If a file has a filename extension that isn't on the "monitored" list, it just doesn't make the cut.
Setting restore points
You can create your own restore point any time you like: click Start, All Programs, Accessories, System Tools, System Restore. Click the button marked Create a restore point, then click Next. The System Restore Wizard asks you to type in a name for the restore point.
Don't bother typing the date or time — Windows always brands the restore point with that information. Instead, pick a descriptive name, like, oh, "Before Installing the HP Drivers for the 17th time." Click Create. The Wizard creates a new restore point and files it away, so you can retrieve it any time you like. Click Close and you're out of the Wizard, back in Windows.
Restore points are created automatically in a number of different situations. Most good applications will create a restore point before installing themselves. Windows runs a restore point before installing security patches or updates. It also creates a restore point before installing an unsigned driver. But, surprisingly, it doesn't bother to make a restore point if you install a signed driver. (In Windows XP Timesaving Techniques For Dummies, I explain why and how you might want to set a manual restore point before installing a signed driver. Yes, signed drivers screw up.)
Windows also creates a restore point immediately before restoring to an old restore point. This is kind of like leaving a trail of crumbs behind when the forest is in flames. Windows also creates a restore point every 24 hours, automatically, by default. (It's smart enough to wait until there hasn't been any activity on the PC for a while.) If you start your computer and it's been more than 24 hours since the last restore point was created, Windows makes a new restore point automatically.
Restoring your PC: back to the future
You probably know (or could guess if you've been following along in the System Restore Wizard) that you can restore your system to any specific restore point with a few clicks: Start, All Programs, Accessories, System Tools, System Restore. Choose the button marked Restore my computer to an earlier time, then click Next. The System Restore Wizard offers you a choice of all available restore points, neatly presented in a calendar format.
If you want to restore, simply close any running programs, click on the restore point that you like, then click Next. The Wizard creates a restore point, performs the restore, then restarts Windows. As I explain below, it's important to note here that you get another restore point set before Windows "rolls back," whether or not you want another restore point.
As soon as Windows restarts, you can "undo" the restore by clicking Start, All Programs, Accessories, System Tools, System Restore. The Wizard sports a new button that says Undo my last restoration. It's easy, and it's relatively foolproof.
You might not realize that System Restore also appears in a different guise: as an alternative to Safe Mode. When you can't get your computer to boot — or if you press the F8 key while booting — Windows shows you the Advanced Boot Options screen, which lets you choose Safe Mode. On that screen, there's an option to boot with Last Known Good Configuration (your most recent settings that worked). Booting to your last good configuration this way, in fact, runs a System Restore using the most recent restore point.
When you boot to the Last Known Good Configuration, Windows makes a system restore point, whether you want it or not, rolls back to the last system restore point, then boots Windows. While that may seem like a very clever idea, there's one gotcha: if you boot to the Last Known Good Configuration two times in a row, Windows "rolls back" to the system restore point that it saved during your prior boot.
This probably won't work at all. Think of it like changing a flat tire. If a tire blows and you put on the spare, it's cool. But if the spare blows, and you haven't fixed the old tire, you're in for some very bumpy times. That's why it's never a good idea to use boot into the Last Known Good Configuration twice in a row.
Managing your various restore points
Restore-point data gets stored in folders named:
C:\System Volume Information\_restore {7AC41853-D197-43DD-A331-D376ADD98AC2}\RPXXX
The XXX at the end of that string is a sequential number incremented with each new restore point. Don't bother trying to look for the files, by the way: Windows goes to great lengths to hide them from you; you can't even get into the \System Volume Information folder.
This is for good reason. There's absolutely nothing in there that you should ever change by hand. Moreover, by blocking those files from your prying eyes, Microsoft is also keeping Trojans (and worms and viruses, oh my!) from using your privileged security level to clobber your system restore points.
(Yes, I know that it is, in fact, possible to get in there. No, you shouldn't do it. No, I won't show you how.)
If you really want to see a list of files that contain your restore points, navigate to C:\Windows\system32\Restore and run the program Srdiag.exe. You can then look at the SR-RP.log file to see a list of all available restore points, and SR-RstrLog.txt to see details about the files.
The fundamental problem with restore points? They can take up a whole lot of room. By default, Windows XP keeps 90 days' worth of restore points. By my standards, that's about 80 days too many. (C'mon, can you remember the state of your system on November 16, 2005? As opposed to November 17, 2005?) Also by default, Windows allows itself to use up to 12% of your hard drive to store restore points (if the Windows partition is greater than 4 GB). That's outrageous.
Fortunately, it's easy to put System Restore on a diet. Click Start, right-click My Computer, choose Properties, then click System Restore. Click your main drive, then click Settings. Drag the slider down to 3% or less and click OK twice. On my main production machine, reducing System Restore down to 3% reduced the number of system restore points so I had only six weeks' worth. I won't lose any sleep over it.
Oh. While you're playing with the System Restore settings dialog box, be careful not to turn off System Restore. While it's easy enough to turn System Restore off and back on again, every time you turn it off, you wipe out all existing restore points — and you can't get them back.
-----------------------------------------
Contact Information
This email is brought to you on behalf of the Mulligrubs - Milton Ulladulla Internet & Computers Users Group
http://mulligrubs.shoalhaven.info/
The Mulligrubs meet on the last Thursday of each month at the Ulladulla CTC - Top of the Town Complex, Ulladulla NSW 2539
Send comments, suggestions, or questions about this newsletter to mulligroup@miltonulladulla.com
You can subscribe or unsubscribe from this discussion group at any time.
Simply send a request to mulligroup@miltonulladulla.com
All names and addresses will be kept confidential and will never be sold or used for any other purpose than forwarding of this newsletter
www.windowssecrets.com
and is written by Woody Leonard
How to restore with confidence
| Windows XP's System Restore can save your bacon. But it wallows in disk space like a hog. If you understand the secrets of System Restore, you can save yourself untold headaches when things inevitably go bump in the night. And you can reclaim a few zillion megabytes of pure Windows pork while you're at it. |
Scoping out the System Restore function
Windows XP includes a remarkably capable subsystem known as System Restore. You've probably bumped into it.
Unfortunately, there's a lot of hogwash about System Restore floating around the Internet. The truth is that System Restore doesn't take a snapshot of your entire system; it isn't anything like a full backup. Instead, System Restore allows you, the programs you run, and Windows itself to store away copies of key system files, all of the Windows Registry, and various user settings.
The resulting restore point, as it's called, consists of a bundle of files that are named and stored together. This makes it easy for you to retrieve those settings and roll Windows back to an earlier state.
System Restore doesn't back up your files. It doesn't store most application settings. In fact, if you create a system restore point, install a program, then roll back to the earlier restore point, the program probably won't work. Any settings the program stuck into the Registry get obliterated by the rollback. The program may find itself floating in the Windows Primordial Ooze with no way to connect to Windows itself. Think "Lost" at 2.4 GHz.
To be a bit more precise, a restore point contains the contents of the Registry, the Windows File Protection files that are stored in \dllcache, all of the COM+ add-in database, the IIS configuration files, the Windows Management Instrumentation Database, some weird system files with filename extensions from a long list of "monitored extensions," and local user profiles.
None of your passwords make it into the restore point. Nor do any normal files, such as application programs and data files. If a file has a filename extension that isn't on the "monitored" list, it just doesn't make the cut.
Setting restore points
You can create your own restore point any time you like: click Start, All Programs, Accessories, System Tools, System Restore. Click the button marked Create a restore point, then click Next. The System Restore Wizard asks you to type in a name for the restore point.
Don't bother typing the date or time — Windows always brands the restore point with that information. Instead, pick a descriptive name, like, oh, "Before Installing the HP Drivers for the 17th time." Click Create. The Wizard creates a new restore point and files it away, so you can retrieve it any time you like. Click Close and you're out of the Wizard, back in Windows.
Restore points are created automatically in a number of different situations. Most good applications will create a restore point before installing themselves. Windows runs a restore point before installing security patches or updates. It also creates a restore point before installing an unsigned driver. But, surprisingly, it doesn't bother to make a restore point if you install a signed driver. (In Windows XP Timesaving Techniques For Dummies, I explain why and how you might want to set a manual restore point before installing a signed driver. Yes, signed drivers screw up.)
Windows also creates a restore point immediately before restoring to an old restore point. This is kind of like leaving a trail of crumbs behind when the forest is in flames. Windows also creates a restore point every 24 hours, automatically, by default. (It's smart enough to wait until there hasn't been any activity on the PC for a while.) If you start your computer and it's been more than 24 hours since the last restore point was created, Windows makes a new restore point automatically.
Restoring your PC: back to the future
You probably know (or could guess if you've been following along in the System Restore Wizard) that you can restore your system to any specific restore point with a few clicks: Start, All Programs, Accessories, System Tools, System Restore. Choose the button marked Restore my computer to an earlier time, then click Next. The System Restore Wizard offers you a choice of all available restore points, neatly presented in a calendar format.
If you want to restore, simply close any running programs, click on the restore point that you like, then click Next. The Wizard creates a restore point, performs the restore, then restarts Windows. As I explain below, it's important to note here that you get another restore point set before Windows "rolls back," whether or not you want another restore point.
As soon as Windows restarts, you can "undo" the restore by clicking Start, All Programs, Accessories, System Tools, System Restore. The Wizard sports a new button that says Undo my last restoration. It's easy, and it's relatively foolproof.
You might not realize that System Restore also appears in a different guise: as an alternative to Safe Mode. When you can't get your computer to boot — or if you press the F8 key while booting — Windows shows you the Advanced Boot Options screen, which lets you choose Safe Mode. On that screen, there's an option to boot with Last Known Good Configuration (your most recent settings that worked). Booting to your last good configuration this way, in fact, runs a System Restore using the most recent restore point.
When you boot to the Last Known Good Configuration, Windows makes a system restore point, whether you want it or not, rolls back to the last system restore point, then boots Windows. While that may seem like a very clever idea, there's one gotcha: if you boot to the Last Known Good Configuration two times in a row, Windows "rolls back" to the system restore point that it saved during your prior boot.
This probably won't work at all. Think of it like changing a flat tire. If a tire blows and you put on the spare, it's cool. But if the spare blows, and you haven't fixed the old tire, you're in for some very bumpy times. That's why it's never a good idea to use boot into the Last Known Good Configuration twice in a row.
Managing your various restore points
Restore-point data gets stored in folders named:
C:\System Volume Information\_restore {7AC41853-D197-43DD-A331-D376ADD98AC2}\RPXXX
The XXX at the end of that string is a sequential number incremented with each new restore point. Don't bother trying to look for the files, by the way: Windows goes to great lengths to hide them from you; you can't even get into the \System Volume Information folder.
This is for good reason. There's absolutely nothing in there that you should ever change by hand. Moreover, by blocking those files from your prying eyes, Microsoft is also keeping Trojans (and worms and viruses, oh my!) from using your privileged security level to clobber your system restore points.
(Yes, I know that it is, in fact, possible to get in there. No, you shouldn't do it. No, I won't show you how.)
If you really want to see a list of files that contain your restore points, navigate to C:\Windows\system32\Restore and run the program Srdiag.exe. You can then look at the SR-RP.log file to see a list of all available restore points, and SR-RstrLog.txt to see details about the files.
The fundamental problem with restore points? They can take up a whole lot of room. By default, Windows XP keeps 90 days' worth of restore points. By my standards, that's about 80 days too many. (C'mon, can you remember the state of your system on November 16, 2005? As opposed to November 17, 2005?) Also by default, Windows allows itself to use up to 12% of your hard drive to store restore points (if the Windows partition is greater than 4 GB). That's outrageous.
Fortunately, it's easy to put System Restore on a diet. Click Start, right-click My Computer, choose Properties, then click System Restore. Click your main drive, then click Settings. Drag the slider down to 3% or less and click OK twice. On my main production machine, reducing System Restore down to 3% reduced the number of system restore points so I had only six weeks' worth. I won't lose any sleep over it.
Oh. While you're playing with the System Restore settings dialog box, be careful not to turn off System Restore. While it's easy enough to turn System Restore off and back on again, every time you turn it off, you wipe out all existing restore points — and you can't get them back.
-----------------------------------------
Contact Information
This email is brought to you on behalf of the Mulligrubs - Milton Ulladulla Internet & Computers Users Group
http://mulligrubs.shoalhaven.info/
The Mulligrubs meet on the last Thursday of each month at the Ulladulla CTC - Top of the Town Complex, Ulladulla NSW 2539
Send comments, suggestions, or questions about this newsletter to mulligroup@miltonulladulla.com
You can subscribe or unsubscribe from this discussion group at any time.
Simply send a request to mulligroup@miltonulladulla.com
All names and addresses will be kept confidential and will never be sold or used for any other purpose than forwarding of this newsletter
Comments for this post
