Making a major change—such as installing a new program or changing the registry—on your Windows XP Professional Edition client systems always involves an element of risk. Fortunately, XP Pro includes the System Restore feature, which lets you return the OS to an earlier state (called a restore point or system checkpoint). Furthermore, System Restore lets you maintain changes that have taken place or personal files that have been created since the restore point, and any restore that you perform through System Restore is completely reversible.
XP Pro automatically creates a restore point every 24 hours, and many installation processes request the creation of restore points immediately before and after application installations. You can also create restore points at any time by using the System Restore wizard or a Windows Management Instrumentation (WMI) script. Let's examine the WMI features that support System Restore and a script that creates and manages restore points from the command line.
System Restore 101
When a restore point is created, System Restore takes a full snapshot of the registry and certain dynamic system files to archive the current state of a core set of system and application files. System Restore compresses the registry and makes any necessary file copies when it detects that the XP system isn't in use. The list of files that System Restore monitors and excludes is stored in a hidden XML file called filelist.xml (in the %windir%\system32\restore folder).
To function properly, System Restore requires a minimum of 200MB of free disk space on the system drive. If the free disk space falls below 50MB on any drive, System Restore switches to standby mode and stops creating restore points. When you recover at least 200MB of free disk space, System Restore resumes. For more details about the underlying System Restore architecture, read the Microsoft article "Windows System Restore" (http://msdn.microsoft.com/library/en-us/dnsetup/html/winmesr.asp).
The System Restore WMI Provider
You can use the System Restore wizard, which you access through Start, All Programs, Accessories, System Tools, to create or restore system checkpoints on the local system. You can also script these processes by exploiting the System Restore WMI provider. This provider resides in the Common Information Model (CIM) repository under the root\default namespace and supports two WMI classes: the SystemRestore class and the SystemRestoreConfig class. The SystemRestore class exposes five methods that implement the typical System Restore operations (i.e., creating restore points, disabling and enabling System Restore, retrieving the status of the most recent restore, and restoring a system). The SystemRestoreConfig class provides properties for controlling the frequency of restore-point creation and the amount of disk space that each disk dedicates to System Restore. (See "System Restore WMI Classes" at http://msdn.microsoft.com/library/en-us/sr/sr/system_restore_wmi_classes.asp for more information about the classes and the methods and properties that they expose.)
Scripting System Restore
To illustrate how to work with the SystemRestore and SystemRestoreConfig classes, I'll walk you through a script I wrote that executes most of the features that come with the WMI System Restore provider. This script, written in JScript and called WMISystemRestore.wsf, exposes a set of command-line parameters that correspond to the methods and properties exposed by the provider's classes. When you launch the script from the command line, you use the /Action switch in combination with a mandatory keyword to tell the script which action you want to perform. The supported keywords are List, Disable, Enable, CreateRestorePoint, LastRestoreStatus, and Update. Before digging into the code, I'll explain the various command-line parameters you can use to execute the script.
The simplest operation uses the List keyword to view existing restore points:
WMISystemRestore.wsf /Action:List
Web Figure 1 shows sample output from this command. The output displays three restore points and five properties for each restore point.
The first two properties, CreationTime and Description, are self-explanatory. The EventType property, which System Restore records as an integer, defines the type of event that prompted the creation of the restore point and can help you determine, for example, whether the restore point corresponds to the system's state before or after a change took place. (Web Table 1 lists the possible values for this property.) The RestorePointType property, which System Restore also records as an integer, defines the restore point's type, letting you determine, for example, whether the restore point corresponds to an application installation, a system modification, or a device-driver installation. (Web Table 2 describes the possible values.) The SequenceNumber property is an integer that defines the restore point's sequence number in the index of all existing restore points.
Use the Disable or Enable keyword to disable or enable System Restore. To perform these operations on a specific volume, you must specify a drive letter. For example, to disable System Restore on volume D, use the command
WMISystemRestore.wsf /Action:
Disable /Volume:D:\
To disable or enable System Restore on all disks, replace the drive letter with the wildcard (*) character.
To create a restore point, use the CreateRestorePoint keyword, followed by the /Description switch combined with a descriptive name for the restore point (enclosed within quotation marks):
WMISystemRestore.wsf /Action:
CreateRestorePoint /Description:
"My System Restore"
The name you provide will be displayed in the restore point's Description property.
To request the status of the most recent restore operation, use the LastRestoreStatus keyword. The script doesn't require any parameters in combination with this keyword:
WMISystemRestore.wsf /Action:
LastRestoreStatus
To restore a system checkpoint, use the Restore keyword, followed by the /RestoreSequence switch and the sequence number of the checkpoint you want to restore. You can locate the correct sequence number by using the List keyword to list all restore points, then examining each restore point's SequenceNumber property. For example, to restore system checkpoint 28, use the command
WMISystemRestore.wsf /Action:
Restore /RestoreSequence:28
To change the System Restore property that defines the percentage of disk space dedicated to System Restore information, use the Update keyword, followed by the /DiskPercentage switch and a value that represents the percentage of disk space you want to dedicate. For example, to dedicate 12 percent total disk space, use the command
WMISystemRestore.wsf /Action:
Update /DiskPercentage:12
To modify the schedule for creating restore points, use the Update keyword, followed by a series of switches—the /GlobalInterval switch, the /LifeInterval switch, and the /SessionInterval switch—each of which is combined with a value that specifies a time interval. The /GlobalInterval switch corresponds to the SystemRestoreConfig class's RPGlobalInterval property and determines the absolute time interval (in seconds) at which System Restore will create scheduled system checkpoints. The default value is 86,400 seconds (i.e., 24 hours). The /LifeInterval switch corresponds to the SystemRestoreConfig class's RPLifeInterval property and defines the length of time (in seconds) for which System Restore will preserve restore points. When a restore point becomes older than the specified interval, System Restore deletes the restore point. The default value is 7,776,000 seconds (i.e., 90 days). The /SessionInterval switch corresponds to the SystemRestoreConfig class's RPSessionInterval property and determines the time interval (in seconds) at which System Restore creates scheduled system checkpoints during an interactive session. The default value is 0, meaning that no checkpoints are created during interactive sessions. Note that although the SystemRestoreConfig class exposes these properties in seconds, the script accepts the scheduling parameters in hours, as the following command shows:
WMISystemRestore.wsf /Action:
Update /GlobalInterval:72
/LifeInterval:120
/SessionInterval:120
Now that you understand the various command-line parameters and the methods or properties that they relate to, let's look at the script. To download the full version of WMISystemRestore.wsf and its related subfunctions, go to http://www.winnet mag.com/windowsscripting, enter 42738 in the InstantDoc ID text box, then click the 42738.zip hotlink. (You must have Administrative privileges to execute the script.) For purposes of explaining the code, I'll highlight code excerpts that carry out the script's primary purposes.
Previous
Register
luke.roberts November 11, 2004 (Article Rating: