SOLVED Win X System volume information- Would like copy to stop restore pts being deleted.

[gazzaplus]

Hi,
just joined to ask this question and hopping for an answer.

The loss of restore points has annoyed me since xp and there is still the same problem in win x.
I have, using hiren's made a copy of the sysvolinfo folder and renamed the original to copy 2 and then renamed the first copy back to the original name of system volume information and rebooted.
Created another restore point and repeated the above process with hiren's, no matter what sysvolinfo I used after renaming back all of the restore points had gone.

Has anybody got a clue as to why? I'm guessing that win x writes the sector address of the original sysvolinfo folder into a file and the copy with a new sector will not match where the original sector was stored in a file on the disk.

Apart from doing an image, why can't the restore points be saved provided you have not done any win x updates as an old restore point is better then nothing.

An partition copy when restored to another drive the restore points are intact, how does the software manage this and it's not a sector copy.

Any help would be appreciated.

gazza

 

[Wargamer]

Can you explain how you have system restore configured and the time interval between the creation of restore points and how long it takes newly created restore points to disappear and/or under what unique circumstances (if applicable)?

 

[Regedit32]

Hi gazzaplus,

Welcome to the Forum.

The Windows Operating System creates restore points if any of the following scenarios are true:

• New updates are installed
• A new software product is installed
• A non-signed driver is installed.
• The User manually chooses to create a restore point

When a new restore point is created, the System checks there is enough allocated space available to store this restore point. If there is insufficient space, the oldest currently stored restore point is deleted, and then the next oldest restore point, etcetera, until there is sufficient space for the new restore point to be stored safely in the System Volume Information directory. This directory is located on the root of the Windows operating system, so for most people will be located at C:\System Volume Information

It is possible to backup older restore points before they are deleted, however, that involved working your way around to built in obstacles:

• The default status of the System Volume Information directory is that its attributes are set to hidden. Thus in order to be able to view the folder in your root directory, you'd first need to remove the check next to Hide protected operating system files (Recommended). To do that simply:
  • Open File Explorer and navigate to C:\ (your root directory)
  • Now in top ribbon click on View tab and check the box next to Hidden items.
  • Next click the Options drop arrow, and select Change folder and search options
  • In the window that opens select the View tab
  • Remove the check next to Hide protected operating system files (Recommended)
  • Click OK

• The second built-in obstacle (and for good reason) is the Permissions of the System Volume Information directory. You will not have authority to open this directory, or to modify it in any way.

You could choose to change those permissions manually, however, in my opinion that is not wise, as if you make any mistakes or run into any trouble attempting this, you will create a situation where when you actually need to run a restore point, it may not initialize and leave you with a never-ending loop, forcing you to shut the computer down by holding your power button in, only to see the failure notice when you next reboot.

Thus the safer way, in this instance, would be to activate the built-in Administrator account and access the System Information Volume that way instead. To activate this special profile:

In your search/Cortana field type Command then in search results, right-click on Command Prompt and select Run as administrator.

The User Account Control will prompt you; click Yes.

Now in the Administrator: Command Prompt console type or copy & paste the following:

net user administrator /active:yes

Press Enter key

If you want this Profile to have a password then continue:

net user Administrator *

Press Enter key

You'll now be prompted to enter a password, and upon doing so and pressing Enter key, you'll be prompted to re-enter the password.

If you now left-click on Start, then left-click the Account icon you can now select Administrator and sign-in so you can open and view your C:\System Volume Information directory.

Sample image

​

Now that you have set up the built-in Administrator, you simply need to sign-in to that account, and within File Explorer, check to view hidden items, and remove that check in the folder options as stated already.

When you finally gain access to the System Volume Information directory, you'll see a series of sub-folders and some other files listed. The alphanumeric files surrounded by { } are your restore points.

Sample image

You can right-click on the restore points you wish to backup and select copy

Now just paste anywhere else you plan on saving these backups to.

Note: In order to use these at a later date you will need to copy them back into the original C:\System Volume Information directory when needed. Make sure there is sufficient space for this first! You may need to delete more current restore points before copying older backups back into the C:\System Volume Information directory.


Hopefully, that explains things for you enough. If you still have questions, let us know.


Regards,

Regedit32

​

 

[gazzaplus]

Hi gazzaplus,

Welcome to the Forum.

The Windows Operating System creates restore points if any of the following scenarios are true:

• New updates are installed
• A new software product is installed
• A non-signed driver is installed.
• The User manually chooses to create a restore point

When a new restore point is created, the System checks there is enough allocated space available to store this restore point. If there is insufficient space, the oldest currently stored restore point is deleted, and then the next oldest restore point, etcetera, until there is sufficient space for the new restore point to be stored safely in the System Volume Information directory. This directory is located on the root of the Windows operating system, so for most people will be located at C:\System Volume Information

It is possible to backup older restore points before they are deleted, however, that involved working your way around to built in obstacles:

• The default status of the System Volume Information directory is that its attributes are set to hidden. Thus in order to be able to view the folder in your root directory, you'd first need to remove the check next to Hide protected operating system files (Recommended). To do that simply:
  • Open File Explorer and navigate to C:\ (your root directory)
  • Now in top ribbon click on View tab and check the box next to Hidden items.
  • Next click the Options drop arrow, and select Change folder and search options
  • In the window that opens select the View tab
  • Remove the check next to Hide protected operating system files (Recommended)
  • Click OK

• The second built-in obstacle (and for good reason) is the Permissions of the System Volume Information directory. You will not have authority to open this directory, or to modify it in any way.

You could choose to change those permissions manually, however, in my opinion that is not wise, as if you make any mistakes or run into any trouble attempting this, you will create a situation where when you actually need to run a restore point, it may not initialize and leave you with a never-ending loop, forcing you to shut the computer down by holding your power button in, only to see the failure notice when you next reboot.

Thus the safer way, in this instance, would be to activate the built-in Administrator account and access the System Information Volume that way instead. To activate this special profile:

In your search/Cortana field type Command then in search results, right-click on Command Prompt and select Run as administrator.

The User Account Control will prompt you; click Yes.

Now in the Administrator: Command Prompt console type or copy & paste the following:

net user administrator /active:yes

Press Enter key

If you want this Profile to have a password then continue:

net user Administrator *

Press Enter key

You'll now be prompted to enter a password, and upon doing so and pressing Enter key, you'll be prompted to re-enter the password.

If you now left-click on Start, then left-click the Account icon you can now select Administrator and sign-in so you can open and view your C:\System Volume Information directory.

Sample image

View attachment 5907
​

Now that you have set up the built-in Administrator, you simply need to sign-in to that account, and within File Explorer, check to view hidden items, and remove that check in the folder options as stated already.

When you finally gain access to the System Volume Information directory, you'll see a series of sub-folders and some other files listed. The alphanumeric files surrounded by { } are your restore points.

Sample image

View attachment 5908

You can right-click on the restore points you wish to backup and select copy

Now just paste anywhere else you plan on saving these backups to.

Note: In order to use these at a later date you will need to copy them back into the original C:\System Volume Information directory when needed. Make sure there is sufficient space for this first! You may need to delete more current restore points before copying older backups back into the C:\System Volume Information directory.


Hopefully, that explains things for you enough. If you still have questions, let us know.


Regards,

Regedit32

​

 

[gazzaplus]

Hi all
The response from regedit32 is very good and I thank you except I have, via different means, done exactly what you have suggested.

Yes I have copies of the restore point entries but you need to take your suggestion one step further and say delete one of them and then to copy the saved restore point file back to the system volume information folder.

You will find that ALL your restore points have now gone, you touch the system volume information folder and windows will make you pay dearly.

Why I started this post was that I did a restore of a point taken back on 2nd May {I keep a log of why I create a restore point] and it worked { My start menu went stupid hence the restore]}.

What I should of done was to immediately taken a another restore point which would be the same system and the same point as the 2nd May because the restore I just did wipes out the old points including the 2nd MAY and all others and I have now lost all of them and I'm left with points that I don't want.

My question in my post is how does win x know you have fooled with the sysvolinfo folder, my guess is that it knows the absolute sector address on the disk where the points are written and the copy no longer matches this address as the copy will be written at a new sector address, now the integrity of the folder has been compromised and can now longer be used.

gazza

 

[Regedit32]

Ahh I see what you mean.

Restore points are in effect snap shots of your current Registry settings, User Profile settings, and any protection files such as critical updates, definitions for your antivirus programs etcetera.

The point they are literally stored on your Disk is kept in the Registry and any access to this or the System Volume Information directory is logged in the Windows Event Viewer.

Thus when you access the System Volume Information directory and delete a record, the Registry is immediately updated to reflect that change as that information is used in the SYSTEM algorithm that determines whether you can create a new restore point without the need to delete an older one (i.e. is there sufficient space for the new restore point).

As the directory is by default both hidden and protected by SYSTEM which owns it, and has full permissions, any attempt to access this is logged and generally blocked unless you have either using the built-in Administrator, or taken permissions over [ not recommended ].

I'm glad though you have managed to find a way that works for you in terms of having the option to use a older snap shot of your System. Thank you for sharing your comments; it's always nice to learn from others trials and errors per se.

Regards,

Regedit32

 

[gazzaplus]

Thanks for your help, In future I'll be more mind full and create another restore point straight after a restore, also have a closer look at my diary of restore points as my housekeeping method is now flawed.
Restore points are great and have always served me well, but my foolproof way of backups are partition copies and I use the grandmother,mother daughter principle with three ssd drives.

Just takes longer to do a partition copy and you must be aware of what app writes what into the user directory and to copy it out.

Many Thanks

gazza