Integrity of System Restore maintenance

[Augeas]

Another thread has sparked a few brain cells off as usual, this time on the way that CC's system restore maintenance facility operates. What are the consequences of removing restore points out of sequence, or just at will? Is this a valid option, and does it affect System Restore's capability to complete a system restore, should one be needed?

 

It's actually quite difficult to discover what sys restore does, at a very low level. We know that Windows lets us either disable system restore completely, limit the space allocated to restore points, or remove all restore points except the latest. What Windows doesn't let us do is remove any individual restore point. Googling this stuff brings up a great many posts and articles concerning removing individual restore points. Most of them recite a version of the following mantra, I believe originally from Bert Kinney.

 

Each restore point is chained (or linked) together with previous restore points. When you choose to restore a system all the previous restore points are required to complete the restore, thus if one is missing the chain will be broken and cause all existing restore points to become corrupt.

 

A log is created or updated that tracks the consistency between the files System Restore is monitoring and the files that are actually backed up. If an inconsistency is found between the log file and the files located in the System Volume Information folder, restore point corruption can occur.

 

So that pretty well puts the kybosh on removing individual restore points. But is this another Gutmann myth? After all restore points are dropped after 90 days, or when the allocated space is filled. How does that correspond with requiring all previous restore points to do a restore?

 

I have found this from Microsoft. It's tantalisingly not quite specific, but gives some idea of the process. UI, by the way, is presumably User Interface and there are five restore points (RP) in the example.

 

1) UI queries data stores for list of restore points

2) Restore points displayed in UI - user makes selection of RP2

3) Restore point created for restore operation via service

4) UI calls Restore Module to start restore

5) Restore Module extracts all file changes recorded in change logs up to RP2

6) Restore Module reverts the system based on recorded changes logged and replaces RP2 registry

 

The vital point is number 5 - all file changes recorded in change logs up to RP2. Does that mean that you need all previous restore points? I find it hard to grasp that you should need any information prior to the time of the restore point at all.

 

So what is the validity of removing an individual restore point? Can a system restore be done subsequently from a point before or after the missing point? I'm sure Piriform would have tested this. And if Piriform is correct then that's another myth nailed to the floor. I like that.

 

Long post I'm afraid. The inelegantly named Britain's Got Talent (Talent?) is on the box so I'm out of it.

[DennisD]

I intended adding a reply here a while back, but the old memory cells are still jumping ship, but better late than never.

 

These are really interesting points about System Restore, and for someone who's System Restore has failed regularly, yours truly, even more interesting.

 

The points raised are worth thinking about.

[Augeas]

Thanks Dennis. I didn't mention why anyone would want to remove a restore point out of sequence, or really why one would want to remove any at all, unless desperate for space. But as there's the option to do so then someone will. In fact I did when the option came out. Meddling fingers.

[Andavari]

In fact I did when the option came out. Meddling fingers.

Same here just out of curiosity. However this thread had me really thinking back when you originally posted it, and I stopped using that new feature.