System Restore Points

PowerShell 2.0 supplies 4 cmdlets for working with system restore points. 

Disable-ComputerRestore
Enable-ComputerRestore
Get-ComputerRestorePoint
Restore-Computer

This is great but they only work with the local machine. You can test this easily by either looking at the help for each one or use

get-help * -Parameter computer*

to view all of the cmdlets with a computer related parameter.

YOU HAVE TO BE RUNNING POWERSHELL WITH ELEVATED PRIVILEGES FOR THIS TO WORK

Let’s start with Get-ComputerRestorePoint. We can perform this task using

Get-WmiObject -Namespace ‘root\default’ -Class SystemRestore

This starts the display with the oldest restore point. I want it the other way up. 

Get-WmiObject -Namespace ‘root\default’ -Class SystemRestore |
sort SequenceNumber -Descending

I also only want the CreationTime, Sequence number and description

Get-WmiObject -Namespace ‘root\default’ -Class SystemRestore |
sort SequenceNumber -Descending |
Format-Table SequenceNumber, CreationTime, Description –AutoSize

At this point we loose the formatting on the date and it reverts to WMI format.  Well, we know how to deal with that.

Get-WmiObject -Namespace ‘root\default’ -Class SystemRestore |
sort SequenceNumber -Descending |
Format-Table SequenceNumber,
@{Name="Date"; Expression={$($_.ConvertToDateTime($_.CreationTime))}},
Description –AutoSize

Now I want to wrap this into a function

I can use this to access the system restore points on remote machines.  This becomes the first function in a new PAM module.  I’ll develop the rest over a series of posts.