{"id":9491,"date":"2012-05-08T00:01:00","date_gmt":"2012-05-08T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2012\/05\/08\/use-powershell-to-back-up-system-state-prior-to-making-changes\/"},"modified":"2012-05-08T00:01:00","modified_gmt":"2012-05-08T00:01:00","slug":"use-powershell-to-back-up-system-state-prior-to-making-changes","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-back-up-system-state-prior-to-making-changes\/","title":{"rendered":"Use PowerShell to Back Up System State Prior to Making Changes"},"content":{"rendered":"

Summary<\/b>: Learn how to use Windows PowerShell to back up system state prior to making changes to the registry.<\/p>\n

\"Hey, Hey, Scripting Guy! I am interested in using Windows PowerShell to work with the registry, but everything I see talks about backing up the registry first. Is it possible to use Windows PowerShell to back up the registry?<\/p>\n

—CG<\/p>\n

\"Hey, Hello CG,<\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. Things are really becoming exciting around here. I have been in contact with the two winners from the 2012 Scripting Games<\/a>, Rohn Edwards and Lido Paglia, and they are both coming to Microsoft TechEd 2012<\/a>. I will later announce a time when they will be at the Scripting Guys booth, so if you are in Orlando at TechEd 2012, make sure that you can stop by. In addition, I have been talking to my good friend, Blaine Barton, who does the IT Time TechNet Radio podcast, and we will be doing a live broadcast from the TechEd floor as we talk to Rohn and Lido. This is not all— I will make sure to announce any other cool things we come up with.<\/p>\n

Note<\/b>   This is the second blog in a series of Hey, Scripting Guy! Blogs that discuss using the Registry provider. The first blog, Using the Registry Provider to Simply Registry Access<\/a> published on Monday. For additional information about working with the registry via Windows PowerShell, see this collection of blogs<\/a>.<\/p>\n

Understanding the Computer Restore cmdlets<\/h2>\n

One of the easiest ways to ensure system reliability is to create a restore point prior to making potentially damaging changes. In this way, if a problem arises, it is rather simple to roll back the changes. In Windows PowerShell, the easy way to create a restore point is to use the Windows PowerShell cmdlets. These cmdlets require administrator rights (due to access to protected registry keys and other vital configuration files). Therefore, you need to right-click the Windows PowerShell icon and select Run As Administrator<\/b> <\/i>from the Action menu. Keep in mind that these cmdlets only work on client systems later than Windows XP. These cmdlets do not work on server versions of the operating system. There are several cmdlets that you can use to work with system restore. These cmdlets and their associated descriptions are listed here.<\/p>\n<\/p>\n\n\n\n\n\n\n\n\n
\n

Name<\/b><\/p>\n<\/td>\n

\n

                     Synopsis<\/b><\/p>\n<\/td>\n<\/tr>\n

\n

Enable-ComputerRestore<\/p>\n<\/td>\n

\n

Enables the System Restore feature on the specified file system drive.<\/p>\n<\/td>\n<\/tr>\n

\n

Disable-ComputerRestore<\/p>\n<\/td>\n

\n

Disables the System Restore feature on the specified file system drive.<\/p>\n<\/td>\n<\/tr>\n

\n

Get-ComputerRestorePoint<\/p>\n<\/td>\n

\n

Gets the restore points on the local computer.<\/p>\n<\/td>\n<\/tr>\n

\n

Restore-Computer       <\/p>\n<\/td>\n

\n

Starts a system restore on the local computer.<\/p>\n<\/td>\n<\/tr>\n

\n

Checkpoint-Computer  <\/p>\n<\/td>\n

\n

Creates a system restore point on the local computer.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Note<\/b>   The following command retrieved the information in the previous table:<\/p>\n

“*restore*”,”checkpoint*” | % {get-help $_ }| select name, synopsis | ft -AutoSize –Wrap<\/p>\n

The good thing is that the *restore* cmdlets use a standard WMI class: the SystemRestore WMI class<\/a>. This class has documentation on MSDN, so MSDN is a great place to find additional information about the Windows PowerShell cmdlets.<\/p>\n

Use CheckPoint-Computer to create a restore point<\/h2>\n

To create a new restore point, you use the CheckPoint-Computer<\/b> cmdlet. If the name of this cmdlet bothers you, you can create an alias to New-ComputerRestorePoint<\/b> by using the New-Alias<\/b> cmdlet as shown here.<\/p>\n

new-alias -Name New-ComputerRestorePoint -Value Checkpoint-Computer<\/p>\n

When creating a new restore point via the CheckPoint-Computer<\/b> cmdlet, you can specify one of five values for the RestorePointType <\/i>parameter. The values are shown here.<\/p>\n<\/p>\n\n\n\n\n\n\n\n\n
\n

Name<\/b><\/p>\n<\/td>\n

\n

Value<\/b><\/p>\n<\/td>\n

\n

Meaning<\/b><\/p>\n<\/td>\n<\/tr>\n

\n

APPLICATION_INSTALL<\/p>\n<\/td>\n

\n

0<\/p>\n<\/td>\n

\n

An application has been installed.<\/p>\n<\/td>\n<\/tr>\n

\n

APPLICATION_UNINSTALL<\/p>\n<\/td>\n

\n

1<\/p>\n<\/td>\n

\n

An application has been uninstalled.<\/p>\n<\/td>\n<\/tr>\n

\n

CANCELLED_OPERATION<\/p>\n<\/td>\n

\n

13<\/p>\n<\/td>\n

\n

An application needs to delete the restore point it created. For example, an application would use this flag when a user cancels an installation.<\/p>\n<\/td>\n<\/tr>\n

\n

DEVICE_DRIVER_INSTALL<\/p>\n<\/td>\n

\n

10<\/p>\n<\/td>\n

\n

A device driver has been installed.<\/p>\n<\/td>\n<\/tr>\n

\n

MODIFY_SETTINGS<\/p>\n<\/td>\n

\n

12<\/p>\n<\/td>\n

\n

An application has had features added or removed.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

The default value for the RestorePointType <\/i>parameter is APPLICATION_INSTALL. Therefore, leaving the RestorePointType <\/i>parameter out of the command causes the cmdlet to create this type of restore point.<\/p>\n

Because you are getting ready to modify the registry, you can use the default RestorePointType <\/i>value. This command is shown here.<\/p>\n

Checkpoint-Computer -Description “prior to adding registry key”<\/p>\n

You can use the Get-ComputerRestorePoint<\/b> cmdlet to obtain a list of the most recent computer restore points. This command is shown here.<\/p>\n

PS C:\\> Get-ComputerRestorePoint<\/p>\n

Warning<\/b>   Column “RestorePointType” does not fit into the display and it was removed.<\/p>\n

 <\/p>\n

CreationTime           Description                    SequenceNumber    EventType<\/p>\n

————           ———–                    ————–    ———<\/p>\n

4\/17\/2012 4:51:37 PM   Windows Update                 38                BEGIN_SYS…<\/p>\n

4\/19\/2012 3:53:55 PM   Windows Update                 39                BEGIN_SYS…<\/p>\n

4\/19\/2012 3:57:07 PM   Windows Live Essentials        40                BEGIN_SYS…<\/p>\n

4\/19\/2012 3:57:19 PM   Installed DirectX              41                BEGIN_SYS…<\/p>\n

4\/19\/2012 3:57:24 PM   Installed DirectX              42                BEGIN_SYS…<\/p>\n

4\/19\/2012 3:57:48 PM   WLSetup                        43                BEGIN_SYS…<\/p>\n

4\/24\/2012 9:11:12 AM   Windows Update                 44                BEGIN_SYS…<\/p>\n

4\/25\/2012 1:48:52 PM   Windows Update                 45                BEGIN_SYS…<\/p>\n

4\/29\/2012 9:43:11 AM   Windows Update                 46                BEGIN_SYS…<\/p>\n

4\/30\/2012 11:27:01 AM  Installed Microsoft  File T… 47                BEGIN_SYS…<\/p>\n

5\/2\/2012 10:51:17 AM   Installed Intel(R) PROSet\/W… 48                BEGIN_SYS…<\/p>\n

5\/2\/2012 10:04:24 PM   Windows Update                 50                BEGIN_SYS…<\/p>\n

5\/4\/2012 10:22:41 AM   Windows Update                 51                BEGIN_SYS…<\/p>\n

5\/7\/2012 12:01:48 PM   Windows Update                 52                BEGIN_SYS…<\/p>\n

5\/7\/2012 2:02:12 PM    prior to adding registry key   53                BEGIN_SYS…<\/p>\n

Verifying the status of the last restore point<\/h2>\n

Unfortunately, this command provides no information about the success of the last attempt to create a restore point for the computer. Selecting the most recent checkpoint and sending the output to the Format-List<\/b> cmdlet with the Force <\/i>parameter, displays additional information, but it does not provide any information about the success or failure of the checkpoint. This command and associated output are shown here.<\/p>\n

PS C:\\> Get-ComputerRestorePoint -RestorePoint 53 | fl * -Force<\/p>\n

__GENUS          : 2<\/p>\n

__CLASS          : SystemRestore<\/p>\n

__SUPERCLASS     :<\/p>\n

__DYNASTY        : SystemRestore<\/p>\n

__RELPATH        : SystemRestore.SequenceNumber=53<\/p>\n

__PROPERTY_COUNT : 5<\/p>\n

__DERIVATION     : {}<\/p>\n

__SERVER         : EDLT<\/p>\n

__NAMESPACE      : root\\default<\/p>\n

__PATH           : \\\\EDLT\\root\\default:SystemRestore.SequenceNumber=53<\/p>\n

CreationTime     : 20120507180212.613222-000<\/p>\n

Description      : prior to adding registry key<\/p>\n

EventType        : 100<\/p>\n

RestorePointType : 0<\/p>\n

SequenceNumber   : 53<\/p>\n

Scope            : System.Management.ManagementScope<\/p>\n

Path             : \\\\EDLT\\root\\default:SystemRestore.SequenceNumber=53<\/p>\n

Options          : System.Management.ObjectGetOptions<\/p>\n

ClassPath        : \\\\EDLT\\root\\default:SystemRestore<\/p>\n

Properties       : {CreationTime, Description, EventType, RestorePointType…}<\/p>\n

SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY…}<\/p>\n

Qualifiers       : {dynamic}<\/p>\n

Site             :<\/p>\n

Container        :<\/p>\n

The Get-ComputerRestorePoint<\/b> cmdlet does have a LastStatus <\/i>switched parameter, which according to Help, “Gets the status of the most recent system restore operation.” Unfortunately, the parameter provides only cryptic information such as shown here.<\/p>\n

PS C:\\> Get-ComputerRestorePoint -LastStatus | fl *<\/p>\n

The last attempt to restore the computer failed.<\/p>\n

Without any dates, operation IDs or other detailed information, the LastStatus <\/i>parameter cannot be relied on to make a decision in relation to the success or failure of the computer’s system restore point.<\/p>\n

See the Event Log for restore point status<\/h2>\n

The best place to determine the success (or failure) of the attempt to create a restore point for the computer is the Application <\/i>Event Log. The pertinent event (event ID 8194) is shown here.<\/p>\n

\"Image<\/a><\/p>\n

Because you already have Windows PowerShell open, it is much faster to use the Get-EventLog<\/b> cmdlet to obtain this information than to open the Event Viewer utility, navigate to the Windows Logs, select the Application log, and find the 8194 events in the log viewer. The command to find the latest 8194 event from the application log is shown here.<\/p>\n

Get-EventLog -LogName application -InstanceId 8194 -Newest 1 | fl *<\/p>\n

The command and the associated output are shown in the image that follows.<\/p>\n

\"Image<\/a><\/p>\n

CG, that is all there is to using the CheckPoint-Computer<\/b> cmdlet to create a system restore point and back up the registry. Registry Week will continue tomorrow when I will talk about creating new Registry keys and property values via the Windows PowerShell Registry provider.<\/p>\n

I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

Ed Wilson, Microsoft Scripting Guy<\/b> <\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Learn how to use Windows PowerShell to back up system state prior to making changes to the registry.  Hey, Scripting Guy! I am interested in using Windows PowerShell to work with the registry, but everything I see talks about backing up the registry first. Is it possible to use Windows PowerShell to back up […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[51,31,26,3,4,45],"class_list":["post-9491","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-getting-started","tag-operating-system","tag-registry","tag-scripting-guy","tag-scripting-techniques","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Learn how to use Windows PowerShell to back up system state prior to making changes to the registry.  Hey, Scripting Guy! I am interested in using Windows PowerShell to work with the registry, but everything I see talks about backing up the registry first. Is it possible to use Windows PowerShell to back up […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/9491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=9491"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/9491\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=9491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=9491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=9491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}