Wednesday, June 8, 2011

Disable system protection and system restore in Windows 7 by Group Policy

Assuming the domain controller is installed Windows Server 2008 R2.

1. At Domain Controller, log in as Domain Administrator.
2. Launch "Group Policy Management Console".
3. Right-click a group policy which is assigned to the workstations, select "Edit".
4. Expand "Computer Configuration > Policies > Administrative Templates > System > System Restore".
5. At right pane, double-click "Turn off Configuration".
6. Select "Enabled".


7. Click "OK".
8. Double-click "Turn off System Restore".
9. Select "Enabled".


10. Click "OK".
11. At a workstation which updated the Group Policy, log in as administrator.
12. Launch "System Properties", select "System Protection" tab.


Because the system protection was turned on, the protection of protection settings is ON. This setting can be modified by registry.



13. Back to Group Policy Management Editor of Domain Controller, expand "Preferences > Windows Settings > Registry".
14. Right-click "Registry", select "Registry Item".
15. Next to "Action", select "Delete".
16. Next to "Hive", select "HKEY_LOCAL_MACHINE".
17. Next to "Key Path", type "SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP\Clients".
18. Under "Value name", type "{09F7EDC5-294E-4180-AF6A-FB0E6A0E9513}".


19. Select "Common" tab, check "Apply once and do not reapply".
20. Check "Item-level targeting", click "Targeting".
21. Click "New Item > Operating System".
22. Leave the default settings.


23. Click "OK".


24. Click "OK".
25. Right-click "Registry", select "Registry Item".
26. Next to "Action", select "Delete".
27. Next to "Hive", select "HKEY_LOCAL_MACHINE".
28. Next to "Key Path", type "SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP\Clients".
29. Under "Value name", type "{3E7F07C9-6BC3-11DC-A033-0019B92BB8B1}".
30. Select "Common" tab, check "Apply once and do note reapply".
31. Check "Item-level targeting", click "Targeting".
32. Click "New Item > Operating System".
33. Leave the default settings.
34. Click "OK".


35. Close "Group Policy Management Editor".

As a result, the protection of protection settings is OFF.


Reference:

This posting is provided “AS IS” with no warranties, and confers no rights!

5 comments:

  1. Nice fix and well documented. I just deleted the Client folder but that's like a surgeon with a butchers knife. So I'm using your solution now...

    ReplyDelete
  2. It worked. Thanks much. Trying this to hopefully fix "The trust relationship between this workstation and the primary domain failed" issue we are experiencing with our Win7 computers.

    ReplyDelete
  3. This method don't delete system restore backup file in system volume information.
    You can use system restore explorer to delete backup file.

    ReplyDelete