1. How do I open System Restore? |
| How do I open System Restore? Updated! 9/9/06 |
| 1. Go to Start - All Programs - Accessories - System Tools - System Restore. 2. Go to Start - Run and paste the following command then press enter. %systemroot%\system32\restore\rstrui.exe 3. Go to Start - Run and type msconfig and press enter. Click on Launch System Restore. 4. Go to Start - Help and support, "Undo changes to your computer with System Restore" 5. Press Ctrl+Alt+ %systemroot%\system32\restore\rstrui.exe 6. From Safe Mode, and from the Command Prompt. See the next two FAQs. |
| How do I Start the System Restore from the command prompt? |
1. Boot the system and start tapping the F8 key as BIOS information goes by. At the Windows Advanced Options Menu select Safe Mode with a command prompt. For additional information about the Safe mode with a command prompt, click the following article in the Microsoft Knowledge Base: A description of the Safe mode boot options in Windows XP 2. Log on to your computer with an administrator account or with an account that has administrator credentials. 3. Type the following command at a command prompt, and then press ENTER: %systemroot%\system32\restore\rstrui.exe 4. Follow the instructions to restore your computer to an earlier state, or undo the last restore if available. Note: When restoring a system from the command prompt, a automatic “UNDO” restore point will NOT be created and will not allow a restoration to the current state. |
| How do I test System Restore? |
Create a new restore point named TEST. Create a new shortcut on the desktop and point it to My Computer or any other file of your choice and name it TEST. Now restore to the Test restore point. The system will now reboot, and you will receive a message if the restore was successful, and the Test shortcut on the desktop will be gone. If not, follow these troubleshooting tips. Note: This should be conducted on a regular basis. Once a month should do. Or if the system has been subject to virus or malware/spyware infection but only after the system has been fully cleaned. |
| How do I disable the Indexing Service? New! 10/11/06 |
Go to Start - Run – and type the following command then press OK. services.msc Scroll down to and double click: Indexing Service Click the Stop button In the Startup Type field select Manual of Disabled, then click Apply then OK After you restart your machine it will stay disabled. |
| Can I use System Restore to uninstall applications? |
NO! System Restore does not completely uninstall applications when restoring to a point prior to the applications installation. What happens is, System Restore only removes the monitored files for the installed applications and the remaining non-monitored files are left behind. Any registry entries made by the installation of the application will also be gone. This will cause the application not to function. And in some cases, cause the uninstall and reinstall process of the partially removed application to fail. This is why it is recommended to uninstall any applications installed after the restore point you will be restoring to. If the uninstall and reinstall fail, try to undo the restore point, uninstall the application in question, then perform the restore again. The only other option would be to manually remove (for advanced users) leftover files, folders, shortcuts, and registry entries. |
| Can I use System Restore to reinstall deleted or uninstalled applications? |
For the most part, NO. System Restore will not restore uninstalled applications. It was not designed to do so. System Restore monitors a core set of system files and most of the registry. In a typical application installation there are file types that System Restore does not monitor, and therefore will not restore. This would cause the application to fail to run. An exception to this would be if an application consisted of only monitored file types. Such as just an EXE file. |
| Can I permanently save a restore point for later use? |
By designed and under normal conditions System Restore will automatically create a new restore point every 24 hours. When the allotted disk space is reached, the oldest restore point will be purged on a first in first out (FIFO) basis. Otherwise, restore points over 90 days are purged automatically by default. Each one of these restore points are chained (or linked) together with previous restore points. When a restore point is chosen, all restore point created prior to that restore point are also required to complete the restoration. While all of this is going on, in real time, a log is being created or updated that tracks the consistency between the files System Restore is monitoring, and the files that are actually backed up. If an inconsistency is found between the log file and the files located in the System Volume Information folder, restore point corruption can occur. In turn this causes the chain to become broken and any prior restore points to become useless, thus causing System Restore to fail at a restore. At this point all restore points would have to be purged to remove the corruption. So you can see, backing up and restoring restore points would cause an inconsistency in the restore log thus causing corruption and the loss of all restore points. Note: Any changes made within the System Volume Information folder (where System Restore stores restore information) will almost certainly cause the same corruption. |
| Can I delete individual restore points from the system volume information folder? |
No, and here why. Each restore points is chained (or linked) together with previous restore points. When you choose to restore a system all the previous restore point are required to complete the restore, thus if one is missing the chain will be broken and cause all existing restore points become corrupt. At this point all restore points will need to purged to correct the corruption. So the best advise is to NOT touch the contents of the System Volume Information folder. |
| Can I use System Restore to remove virus or malware infection? |
NO. System Restore was not designed to be a virus or spyware removal tool and should not be depended on to do so. Click here for more information on virus and spyware removal. |
| Should I purge all my restore point BEFORE removing virus & malware infection? |
| No, and here’s why. If something goes wrong in the virus/malware removal process you will have no way to reverse your actions. Sometimes the removal process can be more damaging to the system than the infection. Two examples would be if the system became unbootable, or if the ability to connect to the internet to retrieve additional cleaning utilities is lost. So it is a good practice to leave System Restore restore points intact until the cleaning process is over and the system is otherwise clean of infection. Virus and malware infection residing within restore points are dormant, unless the system is restored to an infected restore point. Warning: Just don't forget to purge all existing restore points after the cleaning is complete. |
| Should I let System Restore monitor my external drive? Updated! 7/22/07 |
| It is a bad practice to let System Restore monitor an external drive. By design most external drives are monitored by System Restore. If any changes are made to the external drives files while it is not connected to the system, the next time it’s connected System Restore will find an inconsistency in the SR log and cause all existing restore points to become corrupt and require there deletion. The same can be true if the external drive is powered off while the system is running. A possible work around is to assign a permanent drive letter (the higher in the alphabet the better) to the external drive via Disk Management. To access Disk Management, go to Start - Run and type diskmgmt.msc then press enter. Right-click a partition, logical drive, or volume, and then click Change Drive Letter and Paths. Do one of the following: 1. To assign a drive letter, click Add, click the drive letter you want to use, and then click OK. 2. To modify a drive letter, click it, click Change, click the drive letter you want to use, and then click OK. Reboot the system. Open System Restore and stop monitoring that drive. This should keep System Restore from monitoring that drive, but not always. Related article: USB drive letter manager - USBDLM |
| What should I do before running System Restore? |
Any application installed after the restore point you are reverting to may not function. What happens is, System Restore only removes monitored files for the installed applications and the remaining files are left behind. This can cause the application not to function. And in some cases, can also cause the uninstall and reinstall process of the partially removed application to fail. It is recommended to uninstall any applications that were installed after the restore point you will be restoring to. |
| What should I do after restoring my system to an earlier date? Updated! 9/8/06 |
| Initial System checkpoints: This restore point is created the first time you start your computer after you upgrade it to Windows XP or when you first start a new computer. System checkpoints: System Restore creates restore points on a regular basis even if you have not made any changes to the system. System Restore automatically creates these restore points every 24 hours of calendar time, or every 24 hours your computer is turned on. If your computer is turned off for more than 24 hours, System Restore creates a restore point the next time you start the computer. The computer must be idle for a few minutes before System Restore creates a scheduled restore point. Program name installation restore points: When you install a application and provided the application utilizes an installer that is System Restore compliant this restore point will be created. Selecting this restore point removes installed files and registry settings made to the system during and after the install process. Files not monitored by System Restore will remain. Automatic update restore points: If you use Windows XP automatic updates to receive downloaded updates, System Restore creates a restore point before installing the updating software. Software Distribution Service 2.0 restore points: When Windows Update installs updates this restore point will be created prior to installing. Manually created restore points: You can manually create your own restore points in the System Restore Wizard. When a created restore point is listed in the Select a restore point screen, it includes the name you gave it and is prefaced with the day, date and time it was created. You can create a restore point when you like the way your computer is functioning or before you make changes on your computer, like installing programs, hardware, changing system or registry settings that might make your computer function in an unexpected way. Restore operation restore points: Each time you perform a restoration, System Restore creates a restore points that will allow you to UNDO the restoration. On option to “Undo my last restoration” will be displayed when opening System Restore for a period of time. Unsigned device driver restore points: System Restore immediately creates a restore point if it detects that you are installing a driver to your computer that has not been signed or certified by Windows Hardware Quality Labs (WHQL). If the installation of the driver makes undesirable changes to your computer, you can select these restore points in the System Restore Wizard to undo the changes and restore your computer to the state that existed before the driver was installed. Microsoft Backup utility recovery restore points: When you perform a recovery using the Backup utility, System Restore immediately creates a restore point before the process starts. If the recovery puts your computer in an undesirable state, you can select these restore points in the Select a restore point screen in the System Restore Wizard to undo the changes and restore your computer to the state that existed before you performed the recovery. |
| Where are the System Restore files located on the drive? Updated! 10/17-06 |
System Restore holds it’s restore points in a in a Super Hidden folder named “System Volume Information” on root of every drive, partition or volume, including most external drives, and some USB flash drives. On drives or partitions that are not monitored by System Restore this folder will be very small in size or completely empty, unless Encrypting File System is in use or the Indexing Service is turned on. Note: If the System Volume Information folder is deleted, it will be recreated automatically. For Windows XP using the NTFS File System on a Workgroup or Standalone Computer 1. Click Start then My Computer. 2. On the Tools menu Then Folder Options. 3. On the View tab, click “Show hidden files and folders”. 4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change. 5. Uncheck to clear the “Use simple file sharing (Recommended)” check box. This option is not available in Windows XP Home Edition. Warning This may have negative effects on system connected to a network, and possibility the network itself. 6. Click OK. 7. Right-click the System Volume Information folder in the root folder, and then click Properties. 8. Click the Security tab. Note: Windows XP Home users will have to boot into Safe Mode then logon to the default “Administrator” account to access the Security tab. 9. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again. 10. Double-click the System Volume Information folder in the root folder to open it. Warning: Remember to hide the hidden System Files when done. More information: Warning: Making changes to these files and folders can cause all restore points to become corrupt and useless, requiring them to be purged. |
| What is the System Volume Information folder used for? Updated! 10/17-06 |
The System Volume Information (SVI) folder is a super hidden system folder, and for good reason. There will be a SVI folder on each partition or volume that Windows sees. This includes external drives and some flash or thumb drives connected to the system. The SVI folder can not be permanently deleted, if so it will be recreated automatically. If a particular partition or volume is set to not be monitored by System Restore, the Indexing Service is turned off, and EFS is not in use, the SVI should be nearly empty or empty. System Restore uses the SVI folder to store it’s information and hold restore points. If the Indexing Service is turned on it will use the SVI folder to store files. This will be evident by the existence of a folder named catalog.wci or by typing cmd /k net start in the Start - Run box and looking for Indexing Service. Keep in mind that having the Indexing Service turned on can cause the SVI folder to grow very large. It's useful if you have a lot of Office documents or text files and want to do searches of them based on Content. Otherwise it's best turned off. If Encrypting File System (EFS) is in use, it will use the SVI folder to store the log file that is generated during the encryption and decryption process. Also see the warning below for Zone Alarm version 6.5 users. |
| Why is the System Volume Information folder so large? |
The (SVI) System Volume Information folder is where System Restores holds it’s restore points and other information. There will be a SVI folder on every partition Windows sees. Normally the size of the SVI will be slightly larger than the of the amount of disk space allocated to hold restore points. Where are the System Restore files located on the drive? Encrypting File System (EFS) also uses the System Volume Information folder on each partition to store the log file that is generated during the encryption and decryption process. If the Indexing Service has been turned on it will store files in the SVI folders. The peasants of the catalog.wci within the SVI folder would indicate that the Indexing Service started. To avoid this, disable the Indexing Service, reboot, and delete the catalog.wci folder. The catalog.wci should not be recreated. To confirm that the “Indexing Service” is running, click Start, click Run, and then type cmd /k net start then press enter. If Indexing Service is present, then Indexing is turned on. Encrypting File System (EFS) and the Indexing Service can cause the SVI folder to become very large. Zone Alarm version 6.5 has a bug that creates very large .rdb files within the system. These .rdb files are monitored by System Restore and thus end up in the restore points located in the System Volume Information folder, along with other locations on the system. The best advise is to revert to an earlier version of Zone Alarm. Then disable System Restore which will purge all existing restore points, then turn it back on. For more information on this subject please visit the Zone Labs User Forum. |
| What happens to User Accounts in the restore process? New! 9/8/06 |
| After restoring there are programs listed in add/remove that can not be uninstalled |
When a system is restored, all monitored files and registry settings of any program installed after that restore point was was created will be lost, and the non monitored files will be left behind. This will cause the application not to function. And in some cases, can also cause the uninstall and reinstall process of the partially removed application to fail. This is why it is recommended to uninstall any applications installed after the restore point you will be restoring to. Attempt to reinstall the program and then uninstall it via the add/remove programs utility, that is as long as that was not the program that prompted the restore. A restore point created before that program was installed could also be used, but this will depend on how long ago it was installed and what other programs and setting would be affected by the restore. Another option is to UNDO the restore, uninstall the program in question via add/remove programs then restore the system. Otherwise you would have to manually remove the files and registry settings. That is of course after creating another restore point in case the manual removal causes more problems. To manually remove entries from the add/remove utility follow the instruction from Kelly's site. Add and Remove -Removing Invalid Entries in the Add/Remove Programs Tool A good practice is to create a restore point before installing any new hardware or software. |
| In the restore process, what's restored and what's not! |
| A drive letter(s) are missing or mismatched on the System Properties - Restore Tab? |
| This is often caused by, but not limited to the install of a new physical drive to the system. There are two known solutions to this problem. The available drive letters may look like THIS. The first solutions was discovered by MVP Ramesh Srinivasan. This is the recommended, and least destructive method. Drive letter missing in System Restore settings page? The second is to Reinstall System Restore. Warning, all restore points will be lost in this process. |
| System Restore opens to a blank window? |
Go to Start -> Run and type or paste each of the following commands, one at a time while pressing enter after each one. regsvr32 jscript regsvr32 vbscript regsvr32 /i mshtml Related articles and fixes: Installing Windows security update KB896688 (MS05-052) can be responsible for a blank page The System Restore window relies on Internet Explorer (IE) to display correctly. It may be necessary to reinstall or repair IE to repair the blank window. How to reinstall or repair Internet Explorer and Outlook Express in Windows XP If “AnalogX DLL Archive” was run recently to remove .DLL files, restore the .DLL files using DLL Archive and then open System Restore. A reboot may be required. Note: If you are not EXACTLY SURE what a particular .DLL file does, DO NOT REMOVE IT! |
| Microsoft support is asking me to generate a .cab file to troubleshoot System Restore? |
| To generate a system restore Cab file please use the following procedure: 1. Click Start, click Run. 2. Type or paste the following: "%windir%\system32\restore\srdiag.exe" (without the quotation marks) and either press Enter or click OK. 3. A CMD window will open while the Srdiag.exe runs. The CMD session will automatically close when complete, and the .CAB file will be created as desired in your 'Windows\system32\restore' directory. Please be patient as this could take several minutes. |
No comments:
Post a Comment