Deleting XP System Restore points remotely
Posted on 2006-06-13
Due to virus issues, we are going to try and push out a disable and delete of all system restore points and functionality over our network. We have found a registry key that should be easy enough to implement via GPOs (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR=1). However, deleting the restore points themselves seems to be an issue, since just doing the regedit does not delete the prior points created. The folder that the points reside in is restricted to SYSTEM access only (easy enough to implement in GPOs, since those authenticate as SYSTEM), however having an exact script to run is stumping us, as deleting the wrong thing could cause huge issues.
ANybody have experience with this problem?