Time Traveling

See how three scripts allow for dealing with restore points remotely.

A couple of months ago, I received a Critical Update notification for Windows XP. I reviewed the update documentation and, sure enough, it was critical. A weakness had been found that could potentially allow an attacker to gain complete control of my system. In the fine print, I noticed something else: Once installed, this update couldn’t be removed. So, being the cautious fellow that I am, I created a System Restore point, just in case. Boy, am I glad I did! This particular update caused a tremendous system slowdown—particularly in Internet Explorer and Outlook. We reported it to Microsoft, who soon took the update off the “Critical” list and placed it on the “Recommended” list. I was able to restore my system back to its previous state, and all was right with the world (except that the initial weakness was still there). Since then, Microsoft has revised the update and put it back on the “Critical” list. I downloaded this newer version, and everything’s all right.

This adventure got me thinking about what a powerful tool the System Restore Utility really is. It also got me thinking about how easy it is to forget to save a restore point—particularly when installing software remotely via scripting. Well fear not, fair readers, there is hope.

<package>
<comment>
RemoteSysRestore.wsf
Enumerate, Create, and Restore
</comment>
 
<job id="List">
  <runtime>
   <description>
   Script listing available restore points
   </description>

   <example>
   cscript RemoteSysRestore.wsf //Job:List /Computer:     computername
   </example>    

   <named
   name="
Computer"
   helpstring="the name of the computer ('.' or omit for local)"
   type="string"
   required="false"
   />
  </runtime>   

  <script language="VBScript">
  ' List available restore points

  Option Explicit
  Dim objWMI, clsPoint, strComputer

  If Wscript.Arguments.Named.Exists("Computer") Then
   strComputer=WScript.Arguments.Named.Item("Computer")
  Else
   strComputer="."
  End If
  Set objWMI = getobject("winmgmts:\\" & strComputer &    "\root\default").InstancesOf ("systemrestore")
  For Each clsPoint In objWMI
   WScript.Echo clsPoint.creationtime
   WScript.Echo clsPoint.description
   WScript.Echo "Sequence Number=" & clsPoint.sequencenumber
  Next
  </script>
 </job>

 <job id="Create">
  <runtime>
   
<description>
   Create a system restore point
   </description>

   <example>
   cscript RemoteSysRestore.wsf //Job:Create /Computer:
    computername /RPName:name
   </example>    

   <named
   name="
Computer"
   helpstring="
The name of the computer"
   type="
string"
   required="
false"
   />    

   <named
   name="
RPName"
   helpstring="
A name for the restore point"
   type="
string"
   required="
false"
   />
 </runtime>
 <script language="
VBScript">
 'Create restore point
 Option Explicit
 Dim objWMI, bCreated, strComputer, strRPName

 If WScript.Arguments.Named.Exists("Computer") Then
  strComputer=WScript.Arguments.Named.Item("Computer")
 Else
  strComputer="."
 End If

 If WScript.Arguments.Named.Exists("RPName") Then
  strRPName=WScript.Arguments.Named.Item("RPName")
 Else
  strRPName="RestorePoint " & Now
 End If  

 Set objWMI = getobject("winmgmts:\\" & strComputer &
  “\root\default:Systemrestore")
  bCreated = objWMI.createrestorepoint (strRPName, 0, 100)

  </script>
 </job>  

 <job id="Restore">
  <runtime>
   <description>

   Restore to a previous system restore point
   </description>

   <example>
   cscript RemoteSysRestore.wsf //Job:Restore /Computer:
   computername /SeqNum:sequencenumber
   </example>

   <named
   name="
Computer"
   helpstring="
The name of the computer"
   type="
string"
   required="
true"
   />

   <named
   name="
SeqNum"
   helpstring="
The sequence number of the restore point"
   type="
string"
   required="
true"
   />
  </runtime>
  <script language="
VBScript">
  'Restore a saved restore point
  Dim objWMI, iSeqNum, bSuccess, strComputer

  If WScript.Arguments.Named.Exists("Computer") Then
   strComputer=WScript.Arguments.Named.Item("Computer")
  Else
   WScript.Echo "You must specify a computer"
   WScript.Quit
  End If

  If WScript.Arguments.Named.Exists("SeqNum") Then
   iSeqNum=WScript.Arguments.Named.Item("SeqNum")
  Else
   WScript.Echo "You must specify a sequence number"
   WScript.Quit
  End If

  Set objWMI = getobject("winmgmts:\\" & strComputer &    "\root\Default:SystemRestore")
   bSuccess = objWMI.Restore(iSeqNum)
   </script>
  </job>
</package>

The Power of WMI
The Windows Management Instrumentation (WMI) SystemRestore namespace allows connection to a remote computer and management of system restore features, including setting restore points, configuring System Restore settings, enumerating saved restore points and restoring the computer to a saved point.

In the script above, I’ve created three jobs: one to list the available restore points (also the default job), one to create a restore point, and another to restore a saved restore point. Although this script listing is a bit longer than usual, don’t be intimidated. It’s actually three separate scripts, each using the tag.

Time Travel
The System Restore Utility doesn’t actually open up a wormhole through the space-time continuum, allowing you to travel back to the point just before the software that brought your system down was installed, but it does the next best thing: It restores your system files to the state when the restore point was set. It doesn’t affect user files, so there’s no worry about losing that big document you’ve been working on. For more on how System Restore works and the files it affects, see “Understanding System Restore” in the XP help area, or search TechNet, www.microsoft.com/technet, for “System Restore.” There are many Knowledge Base articles on this topic, as well.

Remember that System Restore only works on Windows XP/2003 and ME, so you won’t be able to remotely set restore points for NT/2000/9x machines. If you haven’t upgraded all the workstations in your organization to XP, you’ll need to be careful when installing software on the computers that don’t have System Restore.

Lessons Learned
Just about everyone in my office is running XP, so we take full advantage of System Restore. It’s saved my hide many times when a driver update caused a failure to boot, or a critical update (that couldn’t be removed) caused unpredictable behavior.

The thing to remember about System Restore is that you have to create the restore points in order to “revert to saved.” Windows creates them automatically, but not as often as you might think. I create restore points before installing just about anything on the computers in my office (it only took me three complete system rebuilds and half a dozen application reinstalls before I finally got wise). And I do it all from the comfort of my desk.

I’ve just received another Critical Update notification. Hmm…let’s see. Ah, here it is: “Install Now.” Click! Now I’m getting, “This update cannot be uninstalled.” Doh!

Featured