Disabling the system restore

In a managed environment, System Restore should be used only rarely. In addition, System Restore will not help you find the root cause of a system failure or solve a failure. In managed environments, it is better to have a test environment in which to reproduce the failure and determine the root cause so that the changes can be made in a company-wide scenario.

It can actually be disabled:

  • during the installation using an unattend configuration file: http://technet.microsoft.com/en-us/library/cc722304.aspx
  • by group policy

  • Enabling the 2 above settings will write the following values in the registry into the key: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore

  • afterward with Powershell
  • Although Powershell has a built-in cmdlet named Disable-ComputerRestore

    Disable-ComputerRestore -Drive "C:\" -Verbose

    …the following way of disabling may be prefered:

    try {            
        # Disable SR on all drives            
        # Disable it in the registry            
        Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" -Name DisableSR -Value 1 -Type DWORD -ErrorAction Stop            
        # Also turn off the scheduled task associated with the SR            
        $TaskService = New-Object -com schedule.service            
        $TaskService.GetFolder('\Microsoft\Windows\SystemRestore').GetTask('SR').Enabled = $false            
    } catch {            
        Write-Warning -Message "Failed to turn off the system restore"            

    NB: Administrative rights are required to perform this task.

More on The Registry Keys and Values for the System Restore Utility: http://support.microsoft.com/kb/295659/en-us

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s