SCRIPT to automatically create System restore points for Winodws devices

Content

  • Scripts to enable system restore or system protection
  • Script to add a registry value that allows creation of multiple restore points in a 24 hour period
  • Script to add a task schedule that creates a restore point automatically

Scripts To Enable System Restore Or System Protection

  • This can be done into ways; one is to wrap the powershell script in a batch script and the other is to use WMIC.exe to create a batch script
  • Powershell wrapped in batch script: PowerShell.exe -ExecutionPolicy Bypass -Command “Enable-ComputerRestore -Drive ‘C:'”
  • WMIC.exe batch script: C:\Windows\System32\wbem\WMIC.exe /namespace:\root\default Path SystemRestore Call enable “C:\”

Script To Add A Registry Value That Allows Creation of Multiple Restore Points In A 24 Hour Period

  • By default Windows operating system does not allow more than one restore point to be created within a 24 hour period. To overcome this limitation, you can use this batch script to add a registry value that allows more than one restore point to be created in a 24 hour period; reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore” /v SystemRestorePointFrequency /t REG_DWORD /d 0 /f

Script To Add A Task Schedule That Creates A Restore Point Automatically

  • Monthly Schedule: schtasks.exe /create /tn “Monthly Restore Point” /sc MONTHLY /d TUE /mo FIRST /st 10:00 /rl HIGHEST /ru “NT AUTHORITY\SYSTEM” /tr “PowerShell.exe -ExecutionPolicy Bypass -Command \”Checkpoint-Computer\” -Description \”AUTOMATIC-$(Get-Date -Format \”yyyyMMddHHmmss\”)\” -RestorePointType \”MODIFY_SETTINGS\””
  • Weekly Schedule: schtasks.exe /create /tn “Weekly Restore Point” /sc WEEKLY /d TUE /st 10:00 /rl HIGHEST /ru “NT AUTHORITY\SYSTEM” /tr “PowerShell.exe -ExecutionPolicy Bypass -Command \”Checkpoint-Computer\” -Description \”Weekly System Restore\” -RestorePointType \”MODIFY_SETTINGS\””
  • Daily Schedule: schtasks.exe /create /tn “Daily System Restore” /sc DAILY /st 09:00 /rl HIGHEST /ru “NT AUTHORITY\SYSTEM” /tr “PowerShell.exe -ExecutionPolicy Bypass -Command \”Checkpoint-Computer\” -Description \”AUTOMATIC-$(Get-Date -Format \”yyyyMMddHHmmss\”)\” -RestorePointType \”MODIFY_SETTINGS\””
  • tn=Task name; sc=schedule; d=Day; mo= st=Schedule time; rl=Run Level; ru=Run User; tr=Trigger

Combined Script for Daily Restore Point

@echo off

REM Enable System Protection or System Restore start /wait PowerShell.exe -ExecutionPolicy Bypass -Command “Enable-ComputerRestore -Drive ‘C:'”

REM Create Daily Restore Point
start /wait schtasks.exe /create /tn “Daily System Restore” /sc DAILY /st 09:00 /rl HIGHEST /ru “NT AUTHORITY\SYSTEM” /tr “PowerShell.exe -ExecutionPolicy Bypass -Command \”Checkpoint-Computer\” -Description \”AUTOMATIC-$(Get-Date -Format \”yyyyMMddHHmmss\”)\” -RestorePointType \”MODIFY_SETTINGS\””

REM Allow creation of multiple restore points in a 24 hour period
start /wait reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore” /v SystemRestorePointFrequency /t REG_DWORD /d 0 /f

Exit

  • If you are packaging this as a WIN32 app in Intune, you can set the detection rule using the presence of the “SystemRestorePointFrequency“registry value.