NOTE :
Run as Local System User.
drive="c:" #Provide the drive which you need to enable Restore Access
ps_content=r'''
enable-computerrestore -drive "%s\"
'''%drive
BAT=r'''
Wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "My Restore Point", 100, 12
'''
restorepoints = r'''
get-computerrestorepoint
'''
import _winreg
import os
import subprocess
def ChkSysRestore():
with _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore", 0, _winreg.KEY_READ | _winreg.KEY_WOW64_64KEY) as key:
existing_path_value = _winreg.QueryValueEx(key, 'RPSessionInterval')[0]
return existing_path_value
def ecmd(command):
from subprocess import Popen, PIPE
import ctypes
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
with disable_file_system_redirection():
obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)
out, err = obj.communicate()
ret=obj.returncode
if ret==0:
if out:
return out.strip()
else:
return ret
else:
if err:
return err.strip()
else:
return ret
result = ChkSysRestore()
if result:
print ('system restore is already enabled')
file_name='restorepoints.ps1'
file_path=os.path.join(os.environ['TEMP'], file_name)
with open(file_path, 'wb') as wr:
wr.write(restorepoints)
ecmd('powershell "Set-ExecutionPolicy RemoteSigned"')
output = ecmd('powershell "%s"'%file_path)
if output:
print(output)
os.remove(file_path)
else:
path=os.environ['programdata']+"\Sample.bat"
with open(path,"w") as f:
f.write(BAT)
process = subprocess.Popen([path],stdout=subprocess.PIPE)
stdout = process.communicate()[0]
print("system restore point is successfully created")
os.remove(file_path)
os.remove(path)
else:
file_name='powershell_file.ps1'
file_path=os.path.join(os.environ['TEMP'], file_name)
with open(file_path, 'wb') as wr:
wr.write(ps_content)
path=os.environ['programdata']+"\Sample.bat"
with open(path,"w") as f:
f.write(BAT)
ecmd('powershell "Set-ExecutionPolicy RemoteSigned"')
print ecmd('powershell "%s"'%file_path)
print "System Restore Enabled on your endpoint..."
process = subprocess.Popen([path],stdout=subprocess.PIPE)
stdout = process.communicate()[0]
print("system restore point is successfully created")
os.remove(file_path)
os.remove(path)