Four tips to using System Restore on Windows XP
The System Restore feature of Windows XP is designed to help when things break. Learn to get the most out of it.
System Restore is a feature of Windows XP that periodically backs up the Windows system folders. It does this in case some piece of software is not doing something today that it was doing yesterday. In that event, you can restore the latest System Restore backup and hopefully fix things.
Microsoft refers to System Restore backups as "restore points". They reside on the C disk in a folder Windows tries to keep hidden.
System Restore runs silently in the background, thus, you can use a Windows XP machine for years and not be aware of its existence - which is both good and bad.
Tip One
The bad part leads to the first tip - every now and then make a restore point manually, just to be sure you can (instructions for doing so are below). There are three reasons for this.
First, under some conditions, System Restore will purposely turn itself off and not tell you that it's no longer running. Therefore, just before you manually make a restore point, check that System Restore has made some recent restore points. You do this by starting the restore procedure, then browsing the calendar of previous restore points without actually restoring anything. I would feel reasonably safe with one restore point a week.
Second, the rules for when System Restore makes a restore point are numerous and confusing. Thus it can be functioning within normal parameters but still go weeks without making a restore point.
Finally, I've seen System Restore break (as opposed to turning itself off by design). That is, when I tried to manually make a restore point it failed. It's better to know that this has happened than not know.
There is no one right answer for how often to manually make a restore point. I'd suggest monthly as a starting point, more often if the computer is very important, less often if not. The process of making a restore point takes about 10 seconds.
Tip Two
Always make a restore point before installing new software. Some software makes restore points as part of the installation process, but not all. Better safe than sorry. In addition to new software, also make a restore point before installing a new version of existing software and prior to installing bug fixes (a.k.a. patches, updates). And, leading to the next tip, make a restore point before letting antivirus or antispyware software remove something malicious.
Tip Three
Once upon a time I was working on a Windows XP machine that was infected with lots of malicious software (viruses, trojans, adware, spyware, etc.). When I got the machine, infected though it was, Windows was able to boot. At some point though, the cleanup process got too aggressive.
Something I did in removing the malware prevented Windows from fully booting. It got to the point of displaying the desktop wallpaper, but that was about it. The desktop icons never appeared and none of the auto-started applications ran. Even in safe mode, Windows got to the same halfway point in the boot process and stopped. I had followed my own advice and made a recent restore point, but how to restore to it?
The third tip is that System Restore can be used even in this case. Start the machine and use the F8 key to invoke the "Windows Advanced Options menu" just as if you were going into safe mode. Then chose the option to boot to "Safe Mode with Command Prompt". This disables more of Windows than regular Safe Mode does. In my case, it disabled the broken part of Windows and the machine was able to boot to a command prompt.
From the command prompt, you can run System Restore with this command:
c:\windows\system32\restore\rstrui.exe
This invokes the normal System Restore application (not a text mode version), except there is no option to make a restore point. All you can do in Safe Mode or Safe Mode with Command Prompt is restore previously taken restore points. Pick the most recent restore point and hopefully your problem will disappear. In my case it did, Windows was able to boot after restoring the latest restore point. If not, try an earlier restore point.
Tip Four
The last tip is simply to try booting to "Safe Mode with Command Prompt" now, while everything is working correctly. Consider it a dress rehearsal.
Invoking
With Windows XP running, System Restore is invoked from the Start button with:
Start -> Programs -> Accessories -> System Tools -> System Restore
You can make System Restore easier to find by creating a shortcut to it on the desktop. When hovering over System Restore in the last step above, right click instead of left clicking and then "Send To" -> "Desktop (create shortcut)". Another way is to navigate to this folder:
c:\windows\system32\restore\
and right click on file rstrui.exe. Here too, send it to the desktop.
Note: The directory where file rstrui.exe lives is, technically speaking, the system root folder. Normally the system root is "c:\windows", but this is not mandatory. To be 100% sure, do Start -> Run and in the box enter "%SystemRoot%" this will open Windows Explorer at the system root folder.
Sometimes when invoking "Safe Mode with Command Prompt" Windows asks you to log in, sometimes not. If prompted, log in as as a user that is a member of the Administrators group. The Windows userid you normally use may work fine. If not, try logging in as user Administrator with a blank password.
Update: For more on System Restore see No Restore Point for you December 28, 2007.
See a summary of all my Defensive Computing postings.