Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Virtualization Community Blog

SWV And Windows System Restore

Created: 20 Mar 2009 • Updated: 29 Jul 2010
Jordan's picture
+3 3 Votes
Login to vote

Windows System Restore is a feature that's saved my PC, as well as many family members, on more then one occasion.  When you have SWV installed and have to restore back to a previous point, where SWV is still installed, interesting things happen to your layers.  If you're familiar with Windows System Restore what's going on may be a no-brainier but I'm going to cover what happens to a layer when you restore to a previous point when  that layer wasn't installed.

SWV keeps files for layers, by default, in C:\fslrdr and registry info in SOFTWARE -> fslrdr and SYSTEM -> Altiris -> FSL.  So in our scenario we've got Layer1 imported into our system and then we create a restore point.  We then capture Layer2 and then realize something is jacked up for some reason and have to restore back to the point right before Layer2 was captured.  What would you expect to happen?

When you launch SVSadmin you'll see that Layer1 is still imported and ready to use but Layer2 is missing.  If you're like most SVS users you may not check and just assume Layer2 is gone, but it's not entirely missing.  If you go to C:\fslrdr you'll notices that there are four directories but only one layer so the files for Layer2 are still there so why doesn't SVS say Layer2 exists?

Well Windows System Restore will delete registry entries out of System and Software, so if you navigate to the two registry areas I mentioned above you'll see that there are only 2 keys which are for Layer1, this is something we called an Orphaned Layer (where one or both of the registry keys are gone for a layer).  If only the SYSTEM -> Altiris -> FSL keys were missing you could probably restore the layer, since all that's stored there is the Layer Info that SVS uses, but with SYSTEM ->fslrdr keys missing the layer is dead and unrecoverable.  What's stored at that location is all the virtualized keys the application in the layer, so not having those means your app has nothing in the registry to use and it's best to just delete the files under C:\FSLRDR for the orphaned layer so they don't take up any system space.

If you need to restore back to a previous point on Windows and don't want to loose your layers remember to back them up first by exporting them.