Windows 10 Restore Points

I am trying to create some relevance to see if a Windows 10 Restore Point exists. Are there any inspectors for Restore Point? There is a powershell command “Get-ComputerRestorePoint” that returns restore points.

Here is what I have so far.

Fixlet to Turn on Recovery

action uses wow64 redirection {not x64 of operating system}

parameter "PowerShellExe"="{ pathname of file ((it as string) of value "Path" of key 
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native 
registry) }"

delete __createfile
delete powershell.ps1
createfile until _end_

Enable-ComputerRestore -Drive "C:\"

_end_

 move __createfile powershell.ps1
waithidden "{parameter "PowershellExe"}" -ExecutionPolicy Bypass -File powershell.ps1

Fixlet to Create Restore Point and Leave Status

action uses wow64 redirection {not x64 of operating system}

parameter "PowerShellExe"="{ pathname of file ((it as string) of value "Path" of key 
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native 
registry) }"

delete __createfile
delete powershell.ps1
createfile until _end_

Checkpoint-Computer -Description "ChangeNetSettings" -RestorePointType MODIFY_SETTINGS
Get-ComputerRestorePoint > "c:\Windows\RestorePoint.txt"

_end_

move __createfile powershell.ps1
waithidden "{parameter "PowershellExe"}" -ExecutionPolicy Bypass -File powershell.ps1

Analysis to Report Last Restore Point

if exists file "c:\Windows\RestorePoint.txt" then if number of lines of file "c:\Windows\RestorePoint.txt" > 0 
then ((preceding text of first " " of it) of line (maximum of line numbers of lines containing "/" of it) of file 
"c:\Windows\RestorePoint.txt") else "NoRestorePoint" else "NoRestorePoint"

Here is some additional information on restore points. We had a number of machines where the restore points were missing. It turns out that Druva inSync backup software may be the cause of restore points disappearing. This seems to be a general problem with backup software that uses Volume Shadow Copy (VSS). It is not really the fault of the backup software, they are just using VSS that Microsoft has made available. My thinking is that restore points should be protected, and a system should always have a restore point if system recovery is turned on, assuming available disk space.

I have opened a case with Microsoft. We have taken a lot of traces that have been sent to engineering.

I don’t know of any native SystemRestore inspectors but you may be able to use a WMI query to check for some aspects of SystemRestore existence.

selects "* from SystemRestore" of wmis "root/default"

4 Likes

Thanks SLB for the great suggestion.