When XP Pro (sp3) system is joined to domain, System Restore TAB is missing RRS feed

  • General discussion

  • By default, the System Restore feature in created when XP Pro is installed, right?

    Even after the system is completely patched beyond sp3, the System Restore TAB is present under any local admin account created.

    This is verified by RIGHT click on My Computer, left click on Properties, see and click on System Restore TAB.

    After the system is joined to the 2008 domain and restarted, and one logs into a local admin account OR the domain account (with Administrators Group privileges), the  System Restore TAB is not present.

    The 2008 Group policy (for System Restore) has not been edited. It has been left at the default setting which is 'not configured'

    I have tested this with freshly formatted system and the results are the same.

    Joining the system to the domain seems to affect whether the SR will be present. When I place the system back into a WORKGROUP (ie. "un-join" it from the domain), the SR is now present.

    I have tried everything listed on the google search page results of "System Restore Tab Missing in XP-Pro!"

    Any fresh ideas as to why this is happening (with proof,  not speculation) ??



    Monday, March 5, 2012 10:31 PM

All replies

  • If it only occurs when you join to the domain, then it has to be some policy that is taking effect. Have you tried combing through a gpresult log using the verbose settings?

    Tuesday, March 6, 2012 2:49 AM
  • Yes, it was a group policy, but not one that you would expect.

    Gpresults did not help.

    Without the SR and trying to access it, I received the error message "You do not have sufficient security privileges to restore your system". (Others reported this error message as well.)

    When I attempted to check the properties of the security event logs, I would frequently, but not always, receive an access denied or security log corrupt message.

    I was looking for something unusual in the policies now.

    Under the User Rights Assignment policy, I found a security setting that listed several top IT staff members instead of the default setting.

    The policy with the explanation was:

    "Manage auditing and security log

    This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.

    This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be enabled, the Audit object access setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policies must be configured.

    You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.

    Default: Administrators."

    We changed it to the Default: Administrators and the System Restore returned after a few reboots or running gpupdate at the command line.

    Who would have thought that this policy would effect the System Restore in any way?

    I didn't nor did anybody else make the exact connection.


    Monday, March 12, 2012 3:26 PM