We ran into situation recently where we discovered two different issues with System Restore on some of our devices. On our XP devices, System Restore had not been disabled correctly so it got in this weird state. The OS thought it was disabled so it didn’t regulate System Restore, but it was actually still creating regular restore points. This was discovered because the issue caused these devices to eventually run out of disk space.
On our Win7 devices it was a slightly different issue. Again, it was thought that System Restore had been disabled, but there is a built in Windows scheduled task for System Restore to create regular restore points that was missed. This was discovered when an application got restored back to an older version and caused incompatibility issues with a related application.
We have since fixed the image but I needed to remediate all the existing devices in the field. Since some of our devices have PowerShell but some don’t, I added some code in the actionscript to use PowerShell by default or vbs as an alternative.
The solution for XP is fairly straightforward and has the nice side benefit that disabling System Restore also deletes any existing restore points. Win7+ devices need a few more things done - disable the ability to use System Restore, disable the scheduled task, remove the drives as System Restore “clients”, and delete any existing restore points aka “shadow copies”.
The code ended up a bit lengthy so I’m not posting it here. The bigfix.me link is https://bigfix.me/fixlet/details/20643. Hopefully this will help someone who gets in a similar situation where they need to disable and clean up System Restore. Let me know if you run into any issues or have any questions about the code.