Board index » cppbuilder » Expert Help - System Restore

Expert Help - System Restore


2007-04-13 11:36:33 PM
cppbuilder6
Hi all, thought i'd ask the experts since the Microsoft guys didn't seem to
have an answer.
We've got a problem with system restore on clients computers. We have a
parental control product and currently the kids can remove it by using
system restore.
I've found that if i use the windows interface GUI
(MyComputer->Properties->System Restore) and turn of System Restore,
previouse restoration points are deleted. So basically i want to turn off
system restore before i install our product and then turn it back on again,
thereby creating a fresh restoration point after installation. The user is
prompted to this effect but i can't seem to determine how to diable System
Restore without having to reboot the computer. Since the insatller must
also install some drivers, this means a second reboot which looks sloppy.
I have read many posts on google about using the registry to disable SR and
also stopping the srservice service but nether seems to turn off SR without
a reboot. I've also looked at the only two api's - SRSetRestorePoint() &
SRRemoveRestorePoint(); My thought was that i could use the remove restore
point to delete existing restore points. However, there does not seem to be
ANY way to enumerate restore points without using WMI and the MS scripting
ActiveX.
Any help or pointers would be excellent
Mike Collins
 
 

Re:Expert Help - System Restore

Hi Mike,
I'm confused. If you leave ANY restore points
that exist previous to your installation won't
the kids be able to bypass your program? Pretty
sure you will have to remove them all...
So if I'm right you will have to remove them all
and the system will create one when you install so
have the first run of your program take out the one
that the system does during your install...
Of course this is fraught with peril, but what else
can you do?
BTW, if you can ever secure such a program from
the kids I would be quite amazed. I suspect the CIA
will be interested as well... B)
HTH,
Bruce
 

Re:Expert Help - System Restore

You might investigate having them run while logged in under an account which
does not have Administrator or Power User privileges.
. Ed
Quote
Mike Collins wrote in message
news:461f8fac$ XXXX@XXXXX.COM ...
 

{smallsort}

Re:Expert Help - System Restore

Hay Bruce, thanks for your pointers.
As it happens, System Restore works by activating a file system driver which
monitors changes to the OS. So by disabling and stopping System Restore,
you / it destroys all its restore points. As for the kids protection, its
done and dusted - see thinkgeek.com in the next few months.
Regards Mike
"Bruce Larrabee" < XXXX@XXXXX.COM >wrote in message
Quote

Hi Mike,

I'm confused. If you leave ANY restore points
that exist previous to your installation won't
the kids be able to bypass your program? Pretty
sure you will have to remove them all...

So if I'm right you will have to remove them all
and the system will create one when you install so
have the first run of your program take out the one
that the system does during your install...

Of course this is fraught with peril, but what else
can you do?

BTW, if you can ever secure such a program from
the kids I would be quite amazed. I suspect the CIA
will be interested as well... B)

HTH,

Bruce
 

Re:Expert Help - System Restore

"Mike Collins" <its@TheBottomOfThePost>wrote:
Quote

[...] As for the kids protection, its done and dusted - see
thinkgeek.com in the next few months.
Think again because all of the new systems now have the full
restore in a hidden partition on the hard drive that is
accessed on startup with any key press and takes about 10
minutes and it's been that way for nearly a year now.
The best that you can do is educate your users and provide
options like uninstalling the ISP software so that yours
is installed first. If they roll it back, they will also
uninstall their connection.
Even then, they could just reinstall the ISP software and even
if the CD is secured from the kid, they'll just get a copy
from a friend. If the kids is determined enough, you can't stop
them all.
~ JD
 

Re:Expert Help - System Restore

Thanks for the advice, as it happens i have a system restore prevention
system working now.
Thanks again
Mike
"JD" < XXXX@XXXXX.COM >wrote in message
 

Re:Expert Help - System Restore

"Mike Collins" <its@TheBottomOfThePost>wrote:
Quote

as it happens i have a system restore prevention system
working now.
I don't see how you could possibly prevent it (as I described
the hidden partition) without destroying it (the hidden
partition).
~ JD
 

Re:Expert Help - System Restore

JD. what i was talking about was windows xp system restore. Regardless of
where the restore function stores it's information, by stopping or disabling
system restore, it destroys its restoration points and information itself.
this is a specific design function of system restore, based on the way it
works. System Restore uses a file system driver / hook to monitor what is
happening within the system, specifically file modifcations and registry
changes. If System Restore is stopped or disabled, it can no longer montor
the system so the information it has previously stored becomes null and
void. Missing any changes means that the previouse restoration point become
invalid - therefor SR will destory them it's self.
"JD" < XXXX@XXXXX.COM >wrote in message
Quote

"Mike Collins" <its@TheBottomOfThePost>wrote:
>
>as it happens i have a system restore prevention system
>working now.

I don't see how you could possibly prevent it (as I described
the hidden partition) without destroying it (the hidden
partition).

~ JD