Time Traveling
See how three scripts allow for dealing with restore points remotely.
- By Chris Brooke
- September 01, 2003
A couple of months ago, I received a Critical Update notification for Windows XP. I reviewed the update documentation and, sure enough, it was critical. A weakness had been found that could potentially allow an attacker to gain complete control of my system. In the fine print, I noticed something else: Once installed, this update couldn’t be removed. So, being the cautious fellow that I am, I created a System Restore point, just in case. Boy, am I glad I did! This particular update caused a tremendous system slowdown—particularly in Internet Explorer and Outlook. We reported it to Microsoft, who soon took the update off the “Critical” list and placed it on the “Recommended” list. I was able to restore my system back to its previous state, and all was right with the world (except that the initial weakness was still there). Since then, Microsoft has revised the update and put it back on the “Critical” list. I downloaded this newer version, and everything’s all right.
This adventure got me thinking about what a powerful tool the System
Restore Utility really is. It also got me thinking about how easy it is
to forget to save a restore point—particularly when installing software
remotely via scripting. Well fear not, fair readers, there is hope.
<package>
<comment>
RemoteSysRestore.wsf
Enumerate, Create, and Restore
</comment>
<job id="List">
<runtime>
<description>
Script listing available restore
points
</description>
<example>
cscript RemoteSysRestore.wsf
//Job:List /Computer: computername
</example>
<named
name="Computer"
helpstring="the name
of the computer ('.' or omit for local)"
type="string"
required="false"
/>
</runtime>
<script language="VBScript">
' List available
restore points
Option Explicit
Dim
objWMI, clsPoint, strComputer
If
Wscript.Arguments.Named.Exists("Computer") Then
strComputer=WScript.Arguments.Named.Item("Computer")
Else
strComputer="."
End
If
Set
objWMI = getobject("winmgmts:\\" & strComputer & "\root\default").InstancesOf
("systemrestore")
For
Each clsPoint In objWMI
WScript.Echo
clsPoint.creationtime
WScript.Echo
clsPoint.description
WScript.Echo
"Sequence Number=" & clsPoint.sequencenumber
Next
</script>
</job>
<job
id="Create">
<runtime>
<description>
Create a system restore point
</description>
<example>
cscript RemoteSysRestore.wsf
//Job:Create /Computer:
computername /RPName:name
</example>
<named
name="Computer"
helpstring="The name of the computer"
type="string"
required="false"
/>
<named
name="RPName"
helpstring="A name for the restore point"
type="string"
required="false"
/>
</runtime>
<script language="VBScript">
'Create restore point
Option Explicit
Dim objWMI, bCreated, strComputer, strRPName
If WScript.Arguments.Named.Exists("Computer")
Then
strComputer=WScript.Arguments.Named.Item("Computer")
Else
strComputer="."
End If
If WScript.Arguments.Named.Exists("RPName")
Then
strRPName=WScript.Arguments.Named.Item("RPName")
Else
strRPName="RestorePoint " & Now
End If
Set objWMI = getobject("winmgmts:\\"
& strComputer &
“\root\default:Systemrestore")
bCreated = objWMI.createrestorepoint (strRPName, 0, 100)
</script>
</job>
<job id="Restore">
<runtime>
<description>
Restore to a previous system
restore point
</description>
<example>
cscript RemoteSysRestore.wsf
//Job:Restore /Computer:
computername /SeqNum:sequencenumber
</example>
<named
name="Computer"
helpstring="The name of the computer"
type="string"
required="true"
/>
<named
name="SeqNum"
helpstring="The sequence number of the restore
point"
type="string"
required="true"
/>
</runtime>
<script language="VBScript">
'Restore a saved
restore point
Dim objWMI, iSeqNum,
bSuccess, strComputer
If
WScript.Arguments.Named.Exists("Computer") Then
strComputer=WScript.Arguments.Named.Item("Computer")
Else
WScript.Echo
"You must specify a computer"
WScript.Quit
End If
If WScript.Arguments.Named.Exists("SeqNum")
Then
iSeqNum=WScript.Arguments.Named.Item("SeqNum")
Else
WScript.Echo
"You must specify a sequence number"
WScript.Quit
End If
Set objWMI = getobject("winmgmts:\\"
& strComputer & "\root\Default:SystemRestore")
bSuccess
= objWMI.Restore(iSeqNum)
</script>
</job>
</package>
The Power of WMI
The Windows Management Instrumentation (WMI) SystemRestore namespace allows
connection to a remote computer and management of system restore features,
including setting restore points, configuring System Restore settings,
enumerating saved restore points and restoring the computer to a saved
point.
In the script above, I’ve created three jobs: one to list the available
restore points (also the default job), one to create a restore point,
and another to restore a saved restore point. Although this script listing
is a bit longer than usual, don’t be intimidated. It’s actually three
separate scripts, each using the tag.
Time Travel
The System Restore Utility doesn’t actually open up a wormhole through
the space-time continuum, allowing you to travel back to the point just
before the software that brought your system down was installed, but it
does the next best thing: It restores your system files to the state when
the restore point was set. It doesn’t affect user files, so there’s no
worry about losing that big document you’ve been working on. For more
on how System Restore works and the files it affects, see “Understanding
System Restore” in the XP help area, or search TechNet, www.microsoft.com/technet,
for “System Restore.” There are many Knowledge Base articles on this topic,
as well.
Remember that System Restore only works on Windows XP/2003 and ME, so
you won’t be able to remotely set restore points for NT/2000/9x machines.
If you haven’t upgraded all the workstations in your organization to XP,
you’ll need to be careful when installing software on the computers that
don’t have System Restore.
Lessons Learned
Just about everyone in my office is running XP, so we take full advantage
of System Restore. It’s saved my hide many times when a driver update
caused a failure to boot, or a critical update (that couldn’t be removed)
caused unpredictable behavior.
The thing to remember about System Restore is that you have to create the restore points in order to “revert to saved.” Windows creates them automatically, but not as often as you might think. I create restore points before installing just about anything on the computers in my office (it only took me three complete system rebuilds and half a dozen application reinstalls before I finally got wise). And I do it all from the comfort of my desk.
I’ve just received another Critical Update notification. Hmm…let’s see. Ah, here it is: “Install Now.” Click! Now I’m getting, “This update cannot be uninstalled.” Doh!