Rem: Disabling System Restore

By default, Windows XP's System Restore feature is enabled. Users don't have the ability to install or remove software on our systems, so the System Restore data is taking up unnecessary disk space. Is there a way to disable it from the command line or a script?

Microsoft doesn't provide a tool for directly managing System Restore from the command line, but fortunately there's a Windows Management Instrumentation (WMI) class named SystemRestore that provides an interface for controlling it. In

XP, there are two primary ways to work with WMI: through the Windows Management Instrumentation Command-line (WMIC) tool or a scripting language, such as VBScript.

Disabling System Restore with WMIC. In XP, you can view SystemRestore restore points by using the basic wmic command, which follows the format

wmic /node:computer /namespace:\rootdefault path SystemRestore

(Although this command appears on several lines here, you would enter it on one line in the command-shell window. The same holds true for the other multiline commands in this article.) In this command, computer can be one or more remote computer names, separated by commas. You can omit the /node option, in which case WMIC checks the restore points on the current computer.

As Figure 1 shows, this basic command lists the restore points, or checkpoints, on a computer. When System Restore is first enabled, it creates an initial restore point that has the description System Checkpoint. So, you should look for System Checkpoint in the Description column. If WMIC responds with No Instance(s) Available, then System Restore isn't enabled on that computer.

To disable System Restore on a computer, you can use the SystemRestore class's Disable method. The wmic command to disable System Restore for the system drive follows the format

wmic /node:computer /namespace:\rootdefault path SystemRestore call Disable drive:

where drive is the Windows system drive on the computer. The trailing backslash () after the drive letter is required. For example, to disable System Restore on the local computer, you'd run the command

wmic /namespace:\rootdefault path SystemRestore call Disable %SystemDrive%

To disable System Restore on computer3 (assuming Windows is installed on the C drive), you'd run the command

wmic /node:computer3 /namespace:\rootdefault path SystemRestore call Disable C:

If all goes well, you should see output like that in Figure 2. If WMIC reports a ReturnValue of 1717, SystemRestore is already disabled on the computer. If you see the message Invalid class, you're attempting to connect to a computer that doesn't have the System Restore feature (e.g., a Windows Server 2003 or Windows 2000 machine).

If you're experienced with using WMI's SystemRestore class, you might know that you can use an empty string ("") as a parameter with the Disable method, which tells WMI to disable System Restore for all drives. Unfortunately, there's no way you can use an empty string as a parameter when using the WMIC tool, so you must explicitly specify the system drive. If you're uncertain of the drives, you can use WMIC to retrieve the system drive letters for one or more computers. Simply run the command

wmic /node:computer os get CSName, SystemDrive

where computer is one or more remote computer names, separated by commas.

Disabling System Restore with a script. DisableSystemRestore.vbs, which Listing 1 shows, demonstrates how to use a script to disable System Restore. This script begins by using the Option Explicit statement to enforce variable declaration, then declares the variables it will use. Next, the script checks for command-line arguments. If there are none, the script assumes you want to check the local computer; otherwise, the script assumes the first command-line argument is a computer name.

As callout A in Listing 1 shows, the script checks to see whether there are any restore points on the computer by using WMI's InstancesOf method to retrieve any instances of the SystemRestore class. If any exist, the blnEnabled variable will contain a value of True, which means that System Restore is enabled. When there are no SystemRestore instances, the code doesn't enter the For Each...Next statement, and therefore the blnEnabled variable will continue to contain a value of False.

If System Restore is enabled, the script uses the SystemRestore class's Disable method on the specified computer, as callout B in Listing 1 shows. The empty string passed to the Disable method turns off System Restore for all drives. The result of this operation is stored in the lngRC variable. The script displays a success message when the Disable method succeeds or an error message when it fails.

For more information about the SystemRestore class, go to http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sr/sr/systemrestore.asp. For more information about System Restore, see the "Frequently Asked Questions Regarding System Restore in Windows XP" Web page at http://www.microsoft.com/technet/prodtechnol/winxppro/plan/faqsrwxp.mspx.