You should always turn off System Restore on Windows client computers in the enterprise. The reason is that if a user restores his machine far back enough, the machine password for the computer will be wrong and as a result the computer will no longer be functional on the domain.
When we published the above tip in our newsletter WServerNews, one of our readers asked “Doesn’t that also kill the file version support (shadow copies)? I haven’t run into a case of a user using System Restore to restore back. Maybe I’m just lucky.”
I asked my contacts on the Windows team at Microsoft if there was any to configure Windows 7 so that users could use Shadow Copies to roll back file changes when needed but not be able to use System Restore to roll back their computers. The response I received was to not disable System Restore using Group Policy but to instead use Group Policy to push out the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\RPSessionInterval=0
However, since this change is outside the normal test matrix it would be best if you test it thoroughly before implementing it in your production environment.
The above tip was previously published in an issue of WServerNews, a weekly newsletter from TechGenix that focuses on the administration, management and security of the Windows Server platform in particular and cloud solutions in general. Subscribe to WServerNews today by going to http://www.wservernews.com/subscribe.htm and join almost 100,000 other IT professionals around the world who read our newsletter!
Mitch Tulloch is an eleven-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows Server and cloud computing technologies. Mitch is also Senior Editor of WServerNews. For more information about him see http://www.mtit.com.
