Problem solve Get help with specific problems with your technologies, process and projects.

If XP crashes, consider Device Driver Rollback as restore option

When it comes to restoring a faulty Windows XP system, many admins instinctively reach for System Restore. Maybe they should look at the Device Driver Rollback utility instead.

When it comes to restoring a faulty Windows XP system (as opposed to recovering a single file), many admins instinctively reach for the Windows utility System Restore.

System Restore makes copies of all the meta data on the system at least once a day, and archives copies for days or weeks. So this handy utility is able to roll back the Registry and the local profiles to a point in time when the system was healthy.

For most admins, System Restore is a robust tool for restoring a damaged system. Maybe a little too robust. One problem is that it restores everything it saves. By rolling the system back to a fixed point in time, System Restore undoes any system changes since then, including automatic updates or security patches.

For admins, the real problem comes when the system becomes unstable, and needs to be restored to a functioning state. At this point an admin has several choices: 1) System Restore; 2) performing a bare metal reinstall (a last resort); and 3) restoring from the last available backup. The problem with the last option is that it's time-consuming, especially when dealing with a time bomb that's lain dormant and now the poor admin has to do multiple restores (with the attendant data loss) to get one that works.

Wouldn't the source of the problem be obvious if a new application was installed just before the system flaked out? Not necessarily (because of the aforementioned potential time-bomb). But if you just updated the system (or it was automatically updated) when things went bonkers, the culprit may be a device driver.

It's hard to protect against a faulty device driver, because they pose so many potential problems.

  • Although some are built into Windows, most are supplied by third parties.
  • They require intimate contact with the guts of the system.
  • They can interact in odd ways, and a faulty one can cause problems at a point far removed from the applications it services.

In short, like DLLs, device drivers don't just affect the application they are intended for. They can affect many other applications that are performing quite different tasks but occasionally use the services of the particular device driver in question.

Device Driver Rollback option

If you do suspect the problem is a bad device driver, using the Device Driver Rollback (DDR) utility available from the boot menu will be more efficient than System Restore. DDR lets an administrator remove any recently added device drivers without affecting anything else.

To use the Device Driver Rollback, go to Properties under Device Manager. (Start>Control Panel>Performance and Maintenance>See basic information about your computer>Hardware>Device Manager.) Now right-click the problem device, click on Driver and then Roll Back Driver.

Microsoft discusses this and other driver issues on its site.

By the way, device drivers come in two flavors -- signed and unsigned -- and System Restore handles them differently. Signed drivers have a digital signature from the driver provider; Microsoft considers these more trustworthy than unsigned drivers, which have no digital signature. When you load an unsigned driver, System Restore automatically sets a restore point. With a signed driver, System Restore doesn't bother. Of course, just because a device driver is more trusted doesn't mean it can't do bad things to your system by accident.

About the author: Rick Cook specializes in writing about issues related to storage and storage management.

More information on this topic:

Dig Deeper on Windows Server storage management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.