none
Windows 7: Disable System State restore from Startup Repair.

    Question

  • We are deploying Windows 7 Machines, with SCCM R2.

    A user came to me, that he couldn't logon to the domain.
    The error message he was experiencing was that the client could not initiate a trusted relationship with the primary domain controller.

    He told me that the first time he started windows, his machine couldn't boot into windows.
    After he reset the machine, he got the Startup Repair wizard, and after a while this Wizard asked him if he wanted to Restore to a previous version.

    After he accepted this, the computer restored itself to a previous state, but in the process has broken the relation between the client and the domain.

    We have disabled all systemrestore functionality in the policies, but my feeling says that the startup repair procedure from Windows 7 doesn't do anything with those policy settings.

    To be sure, i have reproced this problem in a virtual machine as well. I have reset it numerous of times while it tries to boot up, and indeed when i do
    the startup repair, and a systemstate restore, it loses the relationship with the domain.

    Why is that, i ask myself. Anyway, i want to disable this systemstate restore anyway, so i haven't put much time in this question.

    I have looked on the internet, and found a way to fully disable the Startup Repair functionality from Windows 7

    By performing this commandline i can remove the Startup Repair completely.
    bcdedit /set {default} bootstatuspolicy ignoreallfailures

    I am thinking, that this isn't the best solution out there. When files are corrupt, and/or other things are happening on the machine, it cannot do a startup repair.

    What i'd like, is to have startup repair enabled, but it not be able to do a systemstate restore.

    So far all my google searches have been futile, and i'm afraid this simply isn't possible.

    Anyone have experience with this, and/or knows how to disable this in the startup repair?

    Wednesday, March 09, 2011 3:22 PM

Answers

  • Your suggestion is fine, if you disable startup repair you will prevent this issue and a few other, with the trade off that users will not be able to auto-fix their startup. You can always use a Win 7 media to do the restore, or DaRT if you have Software Assurance.


    David Nudelman
    MVP: Windows Desktop Experience
    MCSE, MCTS: Vista, Windows 7, Exchange 2007
    MCITP: Windows Server 2008
    Web: http://geeks.ms/blogs/dnudelman

    Wednesday, March 09, 2011 4:06 PM

All replies

  • Your suggestion is fine, if you disable startup repair you will prevent this issue and a few other, with the trade off that users will not be able to auto-fix their startup. You can always use a Win 7 media to do the restore, or DaRT if you have Software Assurance.


    David Nudelman
    MVP: Windows Desktop Experience
    MCSE, MCTS: Vista, Windows 7, Exchange 2007
    MCITP: Windows Server 2008
    Web: http://geeks.ms/blogs/dnudelman

    Wednesday, March 09, 2011 4:06 PM
  • I didn't know of the existence of DaRT, and i think it's awesome.

    We have software assurance, so i'm sure i will implement this.
    This solves everything, as i can now safely switch off the startup repair

    Thanks!

    Thursday, March 10, 2011 7:59 AM