Create Restore Point Frequently (If Already Created Within 24 Hours)

Purushothaman · January 11, 2017, 6:07pm

Please use the script to Create Restore Point if Restore Point is already created within 24 hours

Note:
Please run the Script as System User

def ExecuteCMD(CMD, OUT = False): import ctypes class disable_file_system_redirection: _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection def __enter__(self): self.old_value = ctypes.c_long() self.success = self._disable(ctypes.byref(self.old_value)) def __exit__(self, type, value, traceback): if self.success: self._revert(self.old_value) from subprocess import PIPE, Popen with disable_file_system_redirection(): OBJ = Popen(CMD, shell = True, stdout = PIPE, stderr = PIPE) out, err = OBJ.communicate() RET = OBJ.returncode if RET == 0: if OUT == True: if out != '': return out.strip() else: return True else: return True else: return False ExecuteCMD(r'reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v SystemRestorePointCreationFrequency /t REG_DWORD /d 0 /f') print ExecuteCMD(r'WMIC /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "BY COMODO ITSM %DATE% %TIME%", 100, 12', True) ExecuteCMD(r'reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v SystemRestorePointCreationFrequency /f') ##print ExecuteCMD(r'POWERSHELL Get-ComputerRestorePoint', True)

Sample Output:

Script file to Import:
20170111-Create-Restore-Point-Frequently.json

20170111-Create-Restore-Point-Frequently.json (2.21 KB)

aghiad · May 23, 2017, 10:49pm

hi i run this script and it’s Finished success
Executing (SystemRestore)->CreateRestorePoint() Method execution successful. Out Parameters: instance of __PARAMETERS { ReturnValue = 0; }; but still there is no restore point created thanks

Purushothaman · May 24, 2017, 5:21am

Hi @aghiad,

Please run the command as an Administrator on the endpoint you have tried the script
POWERSHELL Get-ComputerRestorePoint

And check you have the entry starts with
BY COMODO ITSM ******

Still, you don’t find the entry for restore point then please share me the output of the command along with the Windows OS information (Version of Windows machine).

Thank you.

aghiad · May 24, 2017, 3:53pm

Hi i did not find any entry start with
this is the output


CreationTime           Description                    SequenceNumber    EventType         RestorePointType
------------           -----------                    --------------    ---------         ----------------
5/15/2017 11:29:47 AM  Installed Brackets             58                BEGIN_SYSTEM_C... APPLICATION_INSTALL
5/19/2017 11:03:41 AM  Installed RMM Administratio... 59                BEGIN_SYSTEM_C... APPLICATION_INSTALL
5/19/2017 2:17:09 PM   fresh                          60                BEGIN_SYSTEM_C... 16
5/23/2017 8:20:49 AM   Windows Update                 61                BEGIN_SYSTEM_C... 18

OS = Windows 10 pro 64 bit

Thanks

Purushothaman · May 24, 2017, 5:45pm

Hi @aghiad,

Thanks for sharing the information, we will analyze and get back to you as soon as possible.

aghiad · May 24, 2017, 7:22pm

@Purushothaman
Thank you .

Purushothaman · May 27, 2017, 3:48pm

Hi @aghiad,

As we have checked and observed the script on Windows 10 Pro 64 bit - It creates the restore point successfully but it takes 3 to 5 mins time to get updated on the restore points list on the endpoint.

So please run the script again as a System User and after getting successful in the execution log, wait for 3 to 5 mins and then check the Restore Points List by the command.

POWERSHELL Get-ComputerRestorePoint

Please let us know your feedback

Thank you.

aghiad · May 29, 2017, 4:04pm

@Purushothaman
Hi
i run the script and it Finished success then i wait 10 min
after that i run POWERSHELL command and still no result for restore point .


CreationTime           Description                    SequenceNumber    EventType         RestorePointType
------------           -----------                    --------------    ---------         ----------------
5/19/2017 11:03:41 AM  Installed RMM Administratio... 59                BEGIN_SYSTEM_C... APPLICATION_INSTALL
5/19/2017 2:17:09 PM   fresh                          60                BEGIN_SYSTEM_C... 16
5/23/2017 8:20:49 AM   Windows Update                 61                BEGIN_SYSTEM_C... 18

Purushothaman · June 16, 2017, 7:42am

aghiad:

@Purushothaman
Hi
i run the script and it Finished success then i wait 10 min
after that i run POWERSHELL command and still no result for restore point .


CreationTime Description SequenceNumber EventType RestorePointType
------------ ----------- -------------- --------- ----------------
5/19/2017 11:03:41 AM Installed RMM Administratio... 59 BEGIN_SYSTEM_C... APPLICATION_INSTALL
5/19/2017 2:17:09 PM fresh 60 BEGIN_SYSTEM_C... 16
5/23/2017 8:20:49 AM Windows Update 61 BEGIN_SYSTEM_C... 18

Hi @aghiad,

I hope you remember that we have arranged remote session and solved the same at the time. But we would like to confirm you whether you need more assistance on the same?

Thank you.

aghiad · June 16, 2017, 3:16pm

@Purushothaman
Yes you fix it , we are good now
Thank you .

Purushothaman · June 16, 2017, 3:26pm

Hi @aghiad,

Thank you for the feedback