Enabling System Restore on a Dead Windows 7 System

[x-guest]

After booting into repair-mode and attempting to use System-Restore from within it, I was met with a peculiar situation. There were myriad Restore Points available but no way to use any of them due to a warning about System-Restore needing to be enabled!

So the question now is: How can I manually flick that switch that turns System Restore *ON* so that I can actually use repair-mode to bring back the system using one of the many available restore points!? I searched around for a while and found some nonsense about PowerShell.. Of course this information was useless to me in this particular situation.

I'll accept answers that have to do with:

1. Booting from a windows disc OR launching "windows repair" on bootup and going from there...

2. Using a some 3rd party utility (maybe MSDarT?) to edit the [likely damaged] registry to properly switch restore-mode to enabled.

Otherwise I will have to man-up and do this the hard way by launching sysinternals process-monitor on a working system and playing with SR to determine what is being touched on the system so I can then mimic that behavior on the dead system. bleh!

[TonyT]

First of all, why do you need a restore point, what's wrong with the system?

Boot from the windows 7 dvd and access a command prompt. Enter this command to enable system restore in the registry:

Code: Select all

Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 0 /f

(that's a zero prior to \f)
Reboot for changes to take effect.

reference:
http://www.windows-commandline.com/enab ... e-service/

However, I believe there must be other major problems with the system because when system restore is disabled, all restore points get deleted by Windows. Reenabling system restore creates the 1st new restore point.

[x-guest]

Thanks, i'll give that a shot on Monday. Well the system simply won't boot. After a very light "surface" investigation, I've come to suspect one of our employees may have been using bull$hit registry cleaning and "tweaking" utilities on the system. It immediately BOSD's after the Windows logo goes away. Blue screens on Safe Mode too.

[YeOldeStonecat]

Any recent dates of reg backup files in C:\windows\system32\config\regback\ ?
Manual restore.

[x-guest]

I tried the recent ones but no go, it may simply be that the OS isn't salvageable. But i Guess I'm OK with that, at least I have the actual employee data on the hard-drive, and likely backed up as well. We'll give it another shot on Monday, and thanks fellas.

[RaisinCain]

Why do you not have policies in place to prevent this? Just asking.

[RaisinCain]

BTW I wouldn't rely on System Restore. It isn't a viable solution when problems arise.

[x-guest]

It's a software company, we develop an MMO, and this is one of the testing departments, unfortunately due to the nature of internal game-testing/patching in this particular department, all guys in that section need full local administrative access to their machines... At least I've made sure their blunders are isolated from the rest of us. I've also been thinking about various "reboot & restore" solutions like DeepFreeze, and parity cards etc.. but that's still on the back-burner. Needless to say now that this has happened (and once I verify it was actually an employee mistake through the logs etc.) it most certainly won't happen again.

[YeOldeStonecat]

StorageCraft desktop backup for each desktop.

Anyways...can you hit up safe mode w/command prompt...and clean up stuff in the startup, temp, various other temp 'n app data directories of the users profile? Or boot from your favorite utility disk that allows you to go browse the users profile and pluck out the junk that is loading with their profile. Crack open the registry and hit the run sections of hklm and hkcu and clean up.

Also remote disk, slave to good machine with lots of malware tools on it...scan 'n clean, also use a rootkit checker.

[x-guest]

Safe mode blue-screens as well (that's when you know something is reliably screwed up), but indeed I'll be doing exactly that, using a 3rd party boot-disk to do some manual explore/repair and if it all fails, just copy the user data etc. to another partition or a backup share and just rock a format once and for all. Formatting however, has always been a last resort for me, and that "need to know" behavior over the years has actually benefited me greatly. I typically don't run when glitches in the matrix occur, but on this occasion I may just have to "reset this sector on the grid". =)

[YeOldeStonecat]

Yeah I saw you mention it blue screens with safe mode...but safe mode with command prompt is a different option, many times malware that blue screens with standard safe mode will not dump in safe mode w/command prompt...as the user profile doesn't load as much.

'Course you can usually navigate via pure command prompt also...although with todays GUI based utility CD's those are even easier.

[TonyT]

BSODs when booting to Safe Mode: 99.99% of the time is due to malware that loads disguised as a driver (rootkit), malware infected MBR, or internal hardware problem (MB short, heat buildup, etc.). The other .01% of the time this issue is caused by corrupted system files.

Are the BSODs varying or does it spit out the same BSOD each time?

[x-guest]

Well, it turns out that this weeks workload is significantly larger than I expected, and therefore I formatted the thing and Bob became my uncle. Job done. It should interest many of you detectives out there to know that on Tuesday when I got in (Monday was a national holiday in Greece), YET another machine in that same section mysteriously started having similar permanent BSOD's.. So in reality I wound up just wholesale formatting *2* machines instead of one and now they're both fine. Hmm looks like I will always be left to wonder what the true origins of these possibly occult BSOD's actually were......

Thank's for the input men.