Windows XP: Restore Windows XP

Typically, Microsoft's operating systems include utilities designed to facilitate recovery of the system in case of unstable operation or crash, but the Windows XP System Restore utility is something more. System Restore restores the registry, local profiles, the COM + database, the Windows File Protection (WFP) protection cache (wfp.dll), the Windows Management Instrumentation (WMI) database, the Microsoft IIS metabase, and the files it copies by default to the Archive Restore. At the same time, it is impossible to single out one or the other component - either everything or nothing is subject to restoration.

The first introduction to System Restore

The purpose of System Restore is to restore the system to a working state without having to completely re-install the OS and data files. The utility runs in the background and automatically creates a restore point when an initiating event occurs. These events include installing applications, installing AutoUpdate, running the recovery procedure using the Microsoft Backup Utility, installing unsigned drivers, and creating manual restore points. Additionally, the System Restore utility creates restore points by default every day.

To use System Restore, you need to have 200 MB of free space on your disk, designed to create a data store. If the required volume is not present, System Restore remains disabled until the disk space is freed, after which the utility activates itself. The System Restore utility uses the First In / First Out (FIFO) storage scheme: removes old archives, freeing up space for new data when a certain amount of data is reached in the storage. In the "System Restore in the registry" sidebar, you can learn how to adjust the size of the data store and how to change the FIFO algorithm settings for the System Restore program.

System Restore monitors various types of files, among them most of the extensions that are included in the installed software (.cat, .com, .dll, .exe, .inf, .ini, .msi, .ole, .sys). It should be borne in mind that the initiating event for creating a recovery point when installing new software occurs only when the application setup program uses calls to System Restore - restorept.api.

Typically, the recovery of the system does not cause problems if it is known (or it seems to be known) what the problem is caused by (for example, a failure occurred due to the recent installation of a new device driver). However, not always System Restore is the best recovery tool. This utility changes many different files and entries in the registry, and sometimes it performs so many changes, which causes even greater problems. For example, when you installed Office XP, which was accompanied by the creation of a recovery point, the programs worked without any complaints. After a while, the video driver was downloaded and installed, and since the driver was signed, its installation did not result in the creation of a System Restore restore point. The system began to periodically hang, and we can conclude that the fault is a faulty driver. In this case, it would be more correct to use the Device Driver Rollback utility, because it was specially developed to fix problems with drivers, and does not change anything else in the system. And System Restore will drop the computer back to the state before the installation of Office XP, and after solving problems with the driver will have to install Office XP again.

Create a recovery point

Windows XP usually automatically creates restore points when you need to do it. However, it may happen that the user will need to generate the object himself. This may be necessary when an application is installed and there are concerns that the XP installation may be unstable after installation, or the installer does not use the System Restore API calls (restorept.api), or after making such changes to the system that may Adversely affect its performance.

For example, I needed to install Crystal Reports Professional 7, but since this version of the program was released several years ago, I was not sure that it would work correctly under Windows XP. I decided to create a restore point right before installing new software. Called Start, All Programs, Accessories, System Tools, System Restore. The Welcome screen appeared, and the System Restore utility asked if I want to start the restore procedure or intend to create a recovery point. I chose Create a restore point and click Next. I then assigned a new point to the Before Crystal Reports name and clicked Create. Recovery points should be called so that they can then be easily identified. After the utility has collected all the necessary information, the Restore Point Created screen appeared (see Screen 1). After that I closed the System Restore program.

System Restore

Having created a restore point, I installed Crystal Reports on my computer with Windows XP, with the idea that if necessary I can always restore the system to its original state. During the installation, there were error messages - the system could not find this or that dll file. The installation was completed, the Crystal Reports program did not start, and I was glad of my own foresight.

Before I started the recovery process, I ran the Crystal Reports uninstaller program in the hope that application modules and registry entries would be deleted, but one entry in the registry was nevertheless missed. Instead of deleting it manually, I decided to use the System Restore features to ensure that registry entries are restored correctly.

So, I started the System Restore utility. The Welcome screen appeared, I selected Restore my computer to an earlier time and click Next. The utility offered me a choice of several options, grouped by day (see Screen 2). This format allows you to scroll through the dates and watch the created restore points. These objects generated by the System Restore utility appear in the window as System Checkpoint.

I clicked on the July 23rd date and saw the Before Crystal Reports restore point created earlier. I chose this point, clicked Next, and the screen prompted you to confirm the selected point. After confirming (Next), System Restore closed all running programs and started the recovery process. After that, the system rebooted. After the registration was completed, the System Restore window appeared on the screen, informing you that the restore process was completed successfully (see Screen 3).

After that, I ran a hard disk and registry check and found no trace of Crystal Reports. In addition, all files created in the interval between software installation and recovery, remained in the system. The data files did not change, and the system worked stably.

If the operating system stops loading for any reason, you should start the computer and press the F8 key when the Windows startup starts. When the Windows Advanced Options menu appears on the screen, select Last Known Good Configuration and press Enter. If the destruction was not too large, the boot menu should appear, and you can select Microsoft Windows XP, and then press Enter. Windows XP will recover from the latest recovery point.

If there are still problems after this, System Restore gives you the option to select another restore point or refuse the restore results. Therefore, if an incorrect recovery point was specified during recovery, the error can be corrected. Running the restore procedure is one of those events that are accompanied by the creation of a restore point. Now it is clear why this is done.

troubleshooting

We can say that System Restore is a stable and reliable utility. However, from time to time and when using System Restore, various problems can arise. If you wish, you can disable System Restore.

But first you need to try and find the fault:

• Read the error message carefully and find everything related to the context of the message;
• Check if there is enough free disk space. There must be at least 200 MB of free disk space on each drive that is subject to System Restore. If necessary, use the Disk Cleanup utility to free up disk space. If necessary, using the same utility, you can delete all recovery points, except the last;
• Ensure that the System Restore service is running;
• Try to run the utility in Safe mode;
• Check the system log (System Log) for errors related to the sr or srservice objects.

If none of the above works, start srdiag.exe to continue troubleshooting. The Srdiag utility creates a .cab file that by default is placed in the \% windir% \ system32 \ restore directory. You can double-click on this file or open its context menu and select Extract. Then you should check the 14 extracted files to find the cause of the System Restore failure.

The breadth of coverage, ease of use and reliability of System Restore is amazing. This is a very useful utility, especially for advanced users, support services and administrators. With System Restore, you can significantly reduce administrator work and system downtime.

System Restore registry settings

The sections and parameters of System Restore are stored in the registry in three places. If necessary, you can change these settings to further configure System Restore, but I highly recommend using the graphical interface to configure the utility. Using Registry Editor can make the system unstable.

Information about System Restore in the registry can be found in the following sections:

* HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Sr;
* HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ SrService;
* HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows. NT \ CurrentVersion \ SystemRestore
The first section is responsible for the System Restore filter, its parameter should not be changed. The second section manages the System Restore service, and it's also best not to touch it. If either of the first two sections is changed, the normal functioning of the system is likely to be violated.

In the third section there are parameters to be changed. For example, the value of the DiskPercent parameter can be increased, then more disk space will be allocated to store recovery points. By default, they are allocated 12% of the disk space, although the actual volume used may be different. For disks with a capacity of less than 4 GB, the actual capacity is 400 MB. For drives larger than 4 GB, you can reduce this setting and not provide 12% of the disk space for the System Restore. To configure System Restore through the graphical user interface, you need to open the Control Panel, click the System Restore tab, select the hard drive from the list of available hard drives, click Settings and use the slider to select the desired Disk space to use parameter.

You can also change the RPGlobalInterval parameter to specify the interval between the points of automatic creation of recovery points. For example, to change the frequency of creating restore points from once a day to once a week, change the default parameter value (86,400 s) to 604,800.

If for security reasons you do not want to store recovery points for a long time, you need to change the value of the RPLifeInterval parameter. By default, the recovery point lifetime is 7,776,000 sec (90 days). To set the value of this parameter to two weeks, set 1 209 600.

I want to emphasize once again: if there is no certainty that the changes were correctly set, nothing should be changed in the System Restore settings. For more information, see Microsoft's The Registry Keys and Values ​​for the System Restore Utility (http://support.microsoft.com/default.aspx?scid=kb; en-us; q295659).

Disabling the System Restore utility

To prevent users from changing the System Restore settings, you can use the Group Policy Editor (GPE) or the registry editor to disable the System Restore user interface. If GPE is used to disable the user interface for System Restore, you must run the policy editor and click Computer Configuration, Administrative Templates, System, System Restore. Double-clicking Turn off System Restore, select the Setting tab and select the Disable check box. Now you need to double-click Turn off Configuration, go to the Setting tab and select the Enable check box, and then click Apply and OK.

From this point on, the System Restore tab in the Systems Properties window will not appear.

If you use the Registry Editor to disable the System Restore user interface, run regedit.exe and open the HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows NT partition. You must create a new subkey named SystemRestore and a new DisableConfig parameter (DWORD data type) in it, which should be set to 1. At the end, click OK.