System Restore


Sometimes, installing a device driver causes such severe instability that you need to restore your system to a previously known good state. In the old days, the only way to do this was to restore your system from a backup. Today, however, Windows XP has a System Restore application that can be used to restore a previous configuration of Windows XP. Windows keeps a list of restore points , backup files containing critical system information and driver files, that you can use to take a step back in time.

What Restore Points Actually Restore

A Restore Point is actually a .CAB file, a compressed file much like a .ZIP file, that contains driver files, configuration data, and the Registry. A restore point contains

  • The Registry, including all of the per-user Registry sections from the user profiles under \Documents and Setting , but excluding the security (SAM) sections that contain user passwords

  • The COM+ database

  • File system configuration data

  • The Windows File Protection .DLL cache

  • The WMI database

  • The IIS Metabase (if IIS is installed)

  • Files with extensions in the Monitored File Extensions list, which is listed in Table 5.10.

    Table 5.10. File Types Protected by System Restore

    Protected File Types

    ~~C

    ~~D

    12A

    1PA

    1st

    386

    8BA

    8BY

    8LI

    A2A

    AAS

    AAX

    ABM

    ABR

    ACF

    ACG

    ACO

    ACS

    ADK

    ADW

    ADX

    AFM

    AID

    AIP

    ALT

    AM

    AMB

    APL

    APM

    APP

    APV

    AR

    ARX

    AS

    AT

    ATC

    ATL

    ATM

    ATN

    AW

    AWE

    AWX

    AX

    B0

    BAT

    BCF

    BD

    BDR

    BE

    BGB

    BGR

    BID

    BIT

    BK1

    BLD

    BM

    BMA

    BND

    BNF

    BOF

    BPP

    BPT

    BPX

    BT

    BTN

    BUC

    CAG

    CAO

    CAT

    CBS

    CC

    CF

    CFG

    CHA

    CIK

    CL

    CLW

    CLX

    CLY

    CMD

    CNT

    CNV

    COL

    COM

    CPB

    CPL

    CQM

    CR

    CRL

    CRS

    CRV

    CS

    CSB

    CSI

    CSL

    CSW

    CTB

    CTG

    CTY

    CUS

    CW_

    D01

    D02

    D03

    D04

    D05

    D32

    DATA

    DB0

    DB1

    DB2

    DC2

    DCA

    DCF

    DCI

    DCL

    DDB

    DDD

    DEP

    DES

    DESKLINK

    DET

    DGM

    DIALOG

    DID

    DIR

    DISABLED

    DIX

    DLL

    DOB

    DOS

    DRC

    DRS

    DRV

    DS

    DSC

    DSK

    DSN

    DSR

    DSX

    DT

    DTT

    DUN

    DVB

    DWT

    DXT

    DYNCMD

    ECF

    EFF

    EFM

    EID

    EL

    ELM

    END

    ENU

    ENV

    EOT

    EPF

    ET

    EX_

    EXA

    EXCLUDE

    EXE

    EXL

    F32

    FAE

    FAM

    FAS

    FFP

    FIN

    FIO

    FLL

    FLW

    FMC

    FMP

    FNT

    FON

    FSG

    FSS

    GCS

    GDB

    GI_

    GMS

    GNG

    GPD

    GS

    GSF

    GST

    GUIATN

    GUICMD

    GVT

    GWD

    H16

    HCT

    HDC

    HDI

    HDP

    HFX

    HGD

    HHC

    HHK

    HK0

    HK1

    HK2

    HK3

    HLP

    HM

    HTA

    HTC

    HTZ

    HU

    HWL

    HYP

    IAT

    IBD

    ICD

    ICM

    ICO

    ICR

    ICW

    ID

    IDS

    IFA

    ILF

    ILG

    ILM

    IN_

    INCL

    INF

    INI

    INK

    INL

    INO

    INS

    INV

    IP

    IRS

    ISA

    ISS

    ISU

    ITF

    J0

    JA

    JBR

    JCM

    JGD

    K01

    K02

    K03

    KBD

    KNN

    KO

    L0

    L2L

    L2P

    LAB

    LAM

    LAST

    LCA

    LCK

    LDA

    LEX

    LGC

    LGD

    LGE

    LGF

    LIC

    LID

    LIM

    LIVEREG

    LLI

    LMC

    LMG

    LMP

    LNK

    LO~

    LRD

    LRS

    LSM

    LSO

    LSQ

    LSS

    LSX

    LT

    LTS

    LV

    M20

    MANIFEST

    MAPIMAIL

    MC

    MCD

    MCM

    MD2

    MDM

    MDP

    ME

    MFL

    MHK

    MIL

    MLN

    MMC

    MMM

    MMX

    MNC

    MNL

    MNR

    MNS

    MOF

    MOR

    MP

    MPD

    MPT

    MSB

    MSC

    MSE

    MSI

    MST

    MSK

    MSO

    MXT

    MYDOCS

    N0

    NAM

    NAME

    NDX

    NEW

    NFO

    NIB

    NMD

    NOD

    NPM

    NQM

    NQV

    NSI

    NSW

    NTE

    NU4

    NUM

    NUS

    NV

    OBE

    OCM

    OCX

    ODE

    ODL

    OLB

    OLD

    OLE

    OP

    OPG

    OR5

    OSD

    OUT

    P2A

    PAG

    PBC

    PBK

    PBV

    PC3

    PCI

    PDI

    PDR

    PEN

    PER

    PFB

    PFM

    PFR

    PH

    PHO

    PHX

    PID

    PIF

    PL3

    PLY

    PMT

    PNF

    POC

    POF

    POL

    PPD

    PR4

    PROPERTIES

    PRX

    PSC

    PSF

    PSP

    PT

    PTH

    PTX

    PV

    Q0

    Q32

    Q3X

    QDAT

    QJF

    QRS

    QTC

    QTD

    QTW

    QUE

    QUF

    QUT

    R0

    R98

    RAD

    RAT

    RC2

    RCP

    RCT

    RDB

    RDC

    REF

    REG

    RGS

    RH

    RI

    RJS

    RO

    ROB

    RPR

    RPS

    RSD

    RSP

    RSRC

    RTA

    RTR

    RU

    S98

    SAM

    SAX

    SCK

    SCR

    SCS

    SECURITY

    SELFREG

    SFP

    SG

    SG0

    SG1

    SHARED

    SHR

    SHX

    SIF

    SK

    SLL

    SMC

    SMM

    SNP

    SOF

    SPC

    SPE

    SPM

    SPT

    SPX

    SR

    SRC

    SRG

    SRT

    SSM

    SST

    ST4

    STB

    STD

    STF

    STP

    SWB

    SYM

    SYN

    SYS

    T32

    TAG

    TB

    TDF

    TH

    THE

    THK

    THS

    TID

    TIE

    TIP

    TLB

    TLD

    TLF

    TLT

    TLU

    TLX

    TMC

    TNL

    TOL

    TPA

    TR

    TRE

    TRG

    TRO

    TSK

    TSP

    TTF

    TTS

    TUB

    TUM

    TUW

    TV

    TVC

    TWD

    TXR

    TYM

    TZD

    UBM

    UCM

    UCP

    UCT

    UDC

    UDI

    UDL

    UDT

    UID

    UIL

    UK

    ULG

    ULK

    UNT

    US

    USA

    USERPROFILE

    USP

    USR

    UTX

    V10

    VBS

    VBX

    VBZ

    VCPREF

    VDB

    VER

    VFM

    VFX

    VIL

    VLX

    VM

    VOF

    VPH

    VPX

    VQA

    VQM

    VSC

    VSH

    VWP

    VXD

    W32

    W98

    WA_

    WBD

    WBM

    WCD

    WDL

    WDS

    WINSYS

    WIPEINFO

    WIPESLACK

    WMZ

    WPC

    WPX

    WRF

    WSL

    WTB

    WTR

    XLL

    XMX

    XRS

    XTU

    ZFSENDTOTARGET

    ZH

    ZH_TW

    ZRW

     

It does not include

  • Digital Rights Management settings

  • SAM Registry hives (System Restores does not restore passwords)

  • Windows Product Activation data

  • Documents or other user files in user profile folders

  • Files with extensions not listed in the Monitored File Extensions list

  • Files listed under the Registry keys FilesNotToBackUp , and Registry keys listed in under the key KeysNotToRestore , both under HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\BackupRestore . The FilesNotToBackUp list is also excluded when you use the NTBackup utility to perform backups , as discussed earlier in the chapter.

  • Contents of redirected (network) folders

  • Settings stored in Roaming User Profiles

The list of file types monitored is amazingly long. The default entries are listed in Table 5.10. Any file on any protected drive with one of the listed extensions is saved in the System Restore database, unless it is also listed in the FilesNotToBackUp Registry key. The default categories of files under FilesNotToBackup were listed in Table 5.9; the actual filenames and paths will vary from system to system.

All system and user-specific Registry keys are backed up as well. During a restore operation, Registry keys that describe the current hardware environment are not restored, as they are re-created every time Windows boots, nor is the SAM security database. This prevents System Restore from restoring an old password that you've already forgotten. The default list of KeysNotToRestore is listed in Table 5.11.

Table 5.11. Default KeysNotToRestore Entries

File Categories

Active Directory Restore

Automated System Recover information

Disk fault tolerance (RAID) configuration

Installed Services

Disk Manager boot information

Mounted Devices

File rename operations pending until next reboot

Plug and Play discovery data

Removable Storage import database

Session Manager Allow Protected Renames entries

Certain Windows Setup file location data


Note

In KeysNotToRestore, if a key name ends with \ , the key's subkeys are also excluded from the restore. If a key name ends with \* , its subkeys are merged into existing keys. This assumes that the keys specify service and device drivers, and the merging is controlled by the entry's Start value. A subkey is restored only if it has a lower Start value.


By default, all hard drives are protected by System Restore. If you have extra disk drives that that don't contain Windows components or application programs, you can disable System Restore on those drives to save disk space. To do this, follow these steps:

1.
Log on as a Computer Administrator.

2.
Click Start and right-click My Computer. Select Properties.

3.
Select the System Restore tab.

4.
Select a drive from the Available Drives list and click Settings.

5.
Check Turn Off System Restore on This Drive, or lower the amount of disk space that System Restore is allowed to use for its backups.

Restore point .CAB files are stored in folder \System Volume Information on each monitored drive, and are kept 7 to 90 days, depending on the amount of free disk space and the maximum disk space that System Restore is permitted to use. By default, on an NTFS-formatted disk, these folders are not accessible by any user, not even Administrator, although you can make them readable by typing these commands at the command prompt:

 cd \ cacls "System Volume Information" /E /G Administrator:R 

on Windows XP Professional; for Home Edition you must substitute another Computer Administrator user's name for Administrator. Enable the display of Hidden and System files in Windows Explorer using Tools, Folder Options, View, and then you can browse the folder.

Caution

Do not delete or modify any files in a System Volume Information folder under any circumstances. To save space, unmodified files are not saved in successive .CAB files, so Windows could conceivably need all of the files to perform a successful system restore.


When you are finished poking around, be sure to type the command

 cacls "System Volume Information" /E /R Administrator 

to restore the folder's security settings.

Creating Restore Points

Windows XP automatically creates a restore point when any of the following occurs:

  • You start Windows XP for the first time after its initial installation and setup

  • You install an application that uses the Microsoft Installer or a modern installation program like InstallShield as its setup program

  • Windows is about to install updates received via Automatic Updates, or Windows Update

  • You have restored files using Microsoft Backup (described earlier in this chapter)

  • 24 hours have elapsed since the last restore point was created, whether your computer was turned on or not

If you're concerned that something you're about to do might cause damage, you can also manually create a restore point by following these steps:

Note

It's worth noting that XP's System Restore does not back up documents or user files, only system files. If you want a backup utility that makes it possible to roll back documents and files in the same way that System Restore does with system files, check out GoBack at www. symantec .com/goback.


1.
Open the System Restore application from the System Tools folder located in the Accessories folder on the All Programs menu. The System Restore application, shown in Figure 5.21, will be displayed.

Figure 5.21. The System Restore application.

2.
Select the Create a Restore Point radio button and click the Next button.

3.
Specify a description for the restore point in the Restore point description field; for example, "Just before installing Dangerously Buggy Program."

4.
Click the Create button.

5.
The Restore Point will be created. When finished, click the Close button to close the application.

Restoring a Point

Assuming your computer will boot into Normal mode or Safe mode, and you either manually created a system restore point, or Windows XP created one for you when you installed your now-deprecated device driver, you can restore a previous configuration.

Caution

System Restore protects all files with file types listed earlier in that staggeringly long list of extensions. This means that any file with a protected extension could get rolled back to an earlier version, or even deleted, if it was not present in the restore point. This includes your files, not just files in the Windows folder.


First, you need to get Windows up and running. Often you can use Safe mode; reboot your computer and start tapping the F8 key down as soon as the system BIOS startup message appears. When Windows Advanced Startup Options menu appears, select Safe Mode and press Enter.

Then, follow these steps to restore the system to its previous state.

1.
Open the System Restore application from the System Tools folder located in the Accessories folder on the All Programs menu.

2.
Select the Restore My Computer to an Earlier Time and click the Next button.

3.
Select the desired restore point, as shown in Figure 5.22.

Figure 5.22. Choosing a system restore point to restore.

4.
Click the Next button.

5.
Confirm that you do want to continue with the restore.

6.
Click the Next button to install the system restore point.

7.
If you had added or removed hardware, shut Windows down, and restore your original hardware setup before turning the computer back on. Otherwise, just restart Windows. When Windows is up and running again, find out what went wrong before reinstalling the troublesome hardware. You may need to download and install updated device drivers.

If you are unable to boot your system to Windows or if Windows, once booted , is too unstable to activate System Restore, see "Using the System Restore Tool," in Chapter 12. This section explains how to use System Restore from Safe mode or from a command prompt.

Note

As I mentioned earlier, this chapter has a lot to cover, more than we can fit here. If you want more detail, we have books that dish it out in spades...check out Special Edition Using Microsoft Windows XP Professional, 3rd Edition (or the Home Edition ), both published by Que.





Upgrading and Repairing Microsoft Windows
Upgrading and Repairing Microsoft Windows (2nd Edition)
ISBN: 0789736950
EAN: 2147483647
Year: 2005
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net