script to check if endpoints have system restore point active and if not, activates it for disk c

drive="c:" #Provide the drive which you need to enable Restore Access

ps_content=r'''

​

enable-computerrestore -drive "%s\"

​

​

'''%drive

BAT=r'''

Wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "My Restore Point", 100, 12

'''

restorepoints = r'''

get-computerrestorepoint

'''

import _winreg

import os

import subprocess

​

def ChkSysRestore():

    with _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore", 0, _winreg.KEY_READ | _winreg.KEY_WOW64_64KEY) as key:

        existing_path_value = _winreg.QueryValueEx(key, 'RPSessionInterval')[0]

        return existing_path_value

​

def ecmd(command):   

    from subprocess import Popen, PIPE

    import ctypes

    class disable_file_system_redirection:

        _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection

        _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection

        def __enter__(self):

            self.old_value = ctypes.c_long()

            self.success = self._disable(ctypes.byref(self.old_value))

        def __exit__(self, type, value, traceback):

            if self.success:

                self._revert(self.old_value)

    with disable_file_system_redirection():

        obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)

        out, err = obj.communicate()

        ret=obj.returncode

        if ret==0:

            if out:

                return out.strip()

            else:

                return ret

        else:

            if err:

                return err.strip()

            else:

                return ret

​

result = ChkSysRestore()

if result:

    print ('system restore is already enabled')

    file_name='restorepoints.ps1'

    file_path=os.path.join(os.environ['TEMP'], file_name)

    with open(file_path, 'wb') as wr:

        wr.write(restorepoints)

    ecmd('powershell "Set-ExecutionPolicy RemoteSigned"')

    output = ecmd('powershell "%s"'%file_path)

    if output:

        print(output)

        os.remove(file_path)

    else:

        path=os.environ['programdata']+"\Sample.bat"

        with open(path,"w") as f:

            f.write(BAT)

        process = subprocess.Popen([path],stdout=subprocess.PIPE)

        stdout = process.communicate()[0]

        print("system restore point is successfully created")

        os.remove(file_path)

        os.remove(path)

else:

    file_name='powershell_file.ps1'

    file_path=os.path.join(os.environ['TEMP'], file_name)

    with open(file_path, 'wb') as wr:

        wr.write(ps_content)

    path=os.environ['programdata']+"\Sample.bat"

    with open(path,"w") as f:

        f.write(BAT)

​

    ecmd('powershell "Set-ExecutionPolicy RemoteSigned"')

    print ecmd('powershell "%s"'%file_path)

    print "System Restore Enabled on your endpoint..."

    process = subprocess.Popen([path],stdout=subprocess.PIPE)

    stdout = process.communicate()[0]

    print("system restore point is successfully created")

    os.remove(file_path)

    os.remove(path)