This script creates a system restore point. It is intended to be run as a scheduled task. The script is based on the following article: Create a System Restore Point in Windows 10.
Next description assume that your in a PowerShell console with administrator privileges.
Assuming is located at path D:\OneDrive\Documentos\workspace\restore-point-win11\CreateRestorePoint.ps1, change the path accordingly to your environment.
Checkpoint-Computer -Description "Automatic Restore Point"$Action = New-ScheduledTaskAction -Execute "Powershell.exe" -Argument "-NoProfile -WindowStyle Hidden -File `\"D:\OneDrive\Documentos\workspace\restore-point-win11\CreateRestorePoint.ps1`\""
$Trigger = New-ScheduledTaskTrigger -At 11:00pm -Daily
$Principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
Register-ScheduledTask -Action $Action -Trigger $Trigger -Principal $Principal -TaskName "Create System Restore Point" -Description "Creates a system restore point daily at 11:00 PM"Force scheduled task execution:
Start-ScheduledTask -TaskName "Create System Restore Point"Check if the task is registered:
Get-ScheduledTask -TaskName "Create System Restore Point" | Select-Object TaskName, State, LastRunTime, LastTaskResultReturn a list of the last 5 restore points:
Get-ComputerRestorePoint | Sort-Object CreationTime -Descending | Select-Object -First 5Enable task history
wevtutil set-log Microsoft-Windows-TaskScheduler/Operational /enabled:trueCheck if the task history is enabled
wevtutil get-log Microsoft-Windows-TaskScheduler/Operational
# sample output:
name: Microsoft-Windows-TaskScheduler/Operational
enabled: true
type: Operational
owningPublisher: Microsoft-Windows-TaskScheduler
isolation: Application
channelAccess: O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0x2;;;S-1-15-3-1024-3153509613-960666767-3724611135-2725662640-12138253-543910227-1950414635-4190290187)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
logging:
logFileName: %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx
retention: false
autoBackup: false
maxSize: 10485760
publishing:
fileMax: 1Check the task history
Get-WinEvent -LogName "Microsoft-Windows-TaskScheduler/Operational" | Select-Object -First 10 | Format-Table TimeCreated, Id, LevelDisplayName, Message -AutoSize
# sample output:
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
21/11/2023 18:58:42 101 Error Task Scheduler failed to start "\Create System Restore Point" task...
21/11/2023 18:58:42 203 Error Task Scheduler failed to launch action "Powershell.exe" in instanc...
21/11/2023 18:58:42 110 Information Task Scheduler launched "{a07415f2-cc2b-4977-ba35-92ee2e6d783b}" i...
21/11/2023 18:58:42 325 Warning Task Scheduler queued instance "{a07415f2-cc2b-4977-ba35-92ee2e6d7...Check the task history filtered by task name
Get-WinEvent -FilterHashtable @{LogName="Microsoft-Windows-TaskScheduler/Operational"; } | Where-Object { $_.Message -match "Create System Restore Point" } | Select-Object TimeCreated, Id, LevelDisplayName, Message -First 10 | Format-Table -AutoSize
# sample output:
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
21/11/2023 18:58:42 101 Error Task Scheduler failed to start "\Create System Restore Point" task...
21/11/2023 18:58:42 203 Error Task Scheduler failed to launch action "Powershell.exe" in instanc...
21/11/2023 18:58:42 110 Information Task Scheduler launched "{a07415f2-cc2b-4977-ba35-92ee2e6d783b}" i...
21/11/2023 18:58:42 325 Warning Task Scheduler queued instance "{a07415f2-cc2b-4977-ba35-92ee2e6d7...