1

Currently I am investigating how to schedule an automatic initiation of a system restore point for all of the workstations in my office. It seems that Task Scheduler already has some nice defaults (screenshots below). Even the history for this task verifies that it is running successfully. However, when I go to Recovery in the Control Panel it only lists the System Restore Points one for every previous for only 3 weeks back even if I check the show more restore points box. Why don't the additional ones appear?

Would there be a better way to implement a solution, like via group policy or a script? Is there any documentation on this online? I've been having a hard time tracking anything down except how to subvert group policy disabling this feature.

Event Triggers in Task Scheduler

History Showing that the task successfully ran today

Abbreviated list of System Restore Points....

Ross Lordon
  • 71
  • 1
  • 2
  • 7
  • 1
    Alright, *why* are you trying to do this? It's not a good idea, as the best case scenario is that it gives your users the false impression that their systems are backed up. Spend your time more productively and put a good imaging solution together so you can re-image the boxes effortlessly next time the users eff them up. – HopelessN00b Nov 27 '12 at 22:48
  • We've already got fantastic data retention/redundancy systems in place. The goal is to have this run everyday so in the event a user has a virus get into their system, we can roll back to the previous days restore point if an malware scrubber can't remove it. We're trying to avoid re-imaging systems. – Ross Lordon Nov 27 '12 at 22:55
  • 1
    That won't work: http://superuser.com/questions/201468/can-system-restore-remove-virus-from-the-computer – Jay Nov 27 '12 at 23:56
  • 2
    @RossLordon Well, it's an awful idea. PC gets virus -> re-image PC. Really the only way to be sure... but I guess I can post an answer with a disclaimer. – HopelessN00b Nov 27 '12 at 23:57

1 Answers1

0

It's a nice idea in theory, but you're going about this fundamentally the wrong way.

Instead of spending your time (which is effectively money), invest in a decent imaging system. Clonezilla can do it with some scripting, or Altiris can do it with less scripting and more investment.

I think I'd be going down the supported commercial software route, and striving for an easier life.

It's a bit naïve to presume that a virus can't infect the System Restore data.. Or rather, whilst a current virus might not be able to, there's no way to guarantee a future virus won't. At that point, you'll end up with a system restore partition full of virus.

The only way to repair a compromised PC is to nuke it from orbit. It really is the only way to be sure.

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148