Shadow Copy

Last updated

Shadow Copy
Other names
  • Volume Snapshot Service [1]
  • Previous Versions
  • Shadow Copies for Shared Folders8
  • VSS [2]
Developer(s) Microsoft
Operating system Microsoft Windows
Service nameVSS [2]

Shadow Copy (also known as Volume Snapshot Service, [1] Volume Shadow Copy Service [2] or VSS [2] ) is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copy service. A software VSS provider service is also included as part of Windows to be used by Windows applications. Shadow Copy technology requires either the Windows NTFS or ReFS filesystems in order to create and store shadow copies. Shadow Copies can be created on local and external (removable or network) volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.

Contents

Overview

VSS operates at the block level of volumes.

A snapshot is a read-only point-in-time copy of the volume. Snapshots allow the creation of consistent backups of a volume, ensuring that the contents do not change and are not locked while the backup is being made.

The core component of shadow copy is the Volume Shadow Copy service, which initiates and oversees the snapshot creation process. The components that perform all the necessary data transfer are called providers. While Windows comes with a default System Provider, software and hardware vendors can create their own software or hardware providers and register them with Volume Shadow Copy service. Each provider has a maximum of 10 seconds' time to complete the snapshot generation. [3]

Other components that are involved in the snapshot creation process are writers. The aim of Shadow Copy is to create consistent reliable snapshots. But sometimes, this cannot simply be achieved by completing all pending file change operations. Sometimes, it is necessary to complete a series of inter-related changes to several related files. For example, when a database application transfers a piece of data from one file to another, it needs to delete it from the source file and create it in the destination file. Hence, a snapshot must not be between the first deletion and the subsequent creation, or else it is worthless; it must either be before the deletion or after the creation. Enforcing this semantic consistency is the duty of writers. Each writer is application-specific and has 60 seconds to establish a backup-safe state before providers start snapshot creation. If the Volume Shadow Copy service does not receive acknowledgement of success from the corresponding writers within this time-frame, it fails the operation. [3]

By default, snapshots are temporary; they do not survive a reboot. The ability to create persistent snapshots was added in Windows Server 2003 onward. However, Windows 8 removed the GUI portion necessary to browse them. (§ History)

Windows software and services that support VSS include Windows Failover Cluster, [4] Windows Server Backup, [5] Hyper-V, [6] Virtual Server, [7] Active Directory, [8] SQL Server, [9] Exchange Server [10] and SharePoint. [11]

The end result is similar to a versioning file system, allowing any file to be retrieved as it existed at the time any of the snapshots was made. Unlike a true versioning file system, however, users cannot trigger the creation of new versions of an individual file, only the entire volume. As a side-effect, whereas the owner of a file can create new versions in a versioning file system, only a system administrator or a backup operator can create new snapshots (or control when new snapshots are taken), because this requires control of the entire volume rather than an individual file. Also, many versioning file systems (such as the one in VMS) implicitly save a version of files each time they are changed; systems using a snapshotting approach like Windows only capture the state periodically.

History

Windows XP and Server 2003

Volume Snapshot Service was first added to Microsoft Windows in Windows XP. It can only create temporary snapshots, used for accessing stable on-disk version of files that are opened for editing (and therefore locked). This version of VSS is used by NTBackup.

The creation of persistent snapshots (which remain available across reboots until specifically deleted) has been added in Windows Server 2003, allowing up to 512 snapshots to exist simultaneously for the same volume. In Windows Server 2003, VSS is used to create incremental periodic snapshots of data of changed files over time. A maximum of 64 snapshots are stored on the server and are accessible to clients over the network. This feature is known as Shadow Copies for Shared Folders and is designed for a client–server model. [12] Its client component is included with Windows XP SP2 or later, and is available for installation on Windows 2000 SP3 or later, as well as Windows XP RTM or SP1. [13]

vssadmin
Developer(s) Microsoft
Stable release
1.1
Operating system Microsoft Windows
Type Command
License Proprietary commercial software
Website docs.microsoft.com/en-us/windows-server/administration/windows-commands/vssadmin

Windows XP [14] and later include a command line utility called vssadmin that can list, create or delete volume shadow copies and list installed shadow copy writers and providers. [15]

Windows Vista, 7 and Server 2008

Microsoft updated a number of Windows components to make use of Shadow Copy. Backup and Restore in Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 use shadow copies of files in both file-based and sector-by-sector backup. The System Protection component uses VSS when creating and maintaining periodic copies of system and user data on the same local volume (similar to the Shadow Copies for Shared Folders feature in Windows Server); VSS allows such data to be locally accessed by System Restore.

System Restore allows reverting to an entire previous set of shadow copies called a restore point. [16] [17] Prior to Windows Vista, System Restore depended on a file-based filter that watched for changes to files with a certain set of extensions, and then copied files before they were overwritten. [18] [19] [20] In addition, a part of Windows Explorer called Previous Versions allows restoring individual files or folders locally from restore points as they existed at the time of the snapshot, thus retrieving an earlier version of a file or recovering a file deleted by mistake.

diskshadow
Developer(s) Microsoft
Operating system Microsoft Windows
Type Command
License Proprietary commercial software
Website docs.microsoft.com/en-us/windows-server/administration/windows-commands/diskshadow

Finally, Windows Server 2008 introduces the diskshadow utility which exposes VSS functionality through 20 different commands. [21]

The system creates shadow copies automatically once per day, or when triggered by the backup utility or installer applications which create a restore point. [22] [23] The "Previous Versions" feature is available in the Business, Enterprise, and Ultimate editions of Windows Vista [24] and in all Windows 7 editions. The Home Editions of Vista lack the "Previous Versions" feature, even though the Volume Snapshot Service is included and running. Using third-party tools it is still possible to restore previous versions of files on the local volume. [25] Some of these tools also allow users to schedule snapshots at user-defined intervals, configure the storage used by volume-shadow copies and compare files or directories from different points-in-time using snapshots. [26] Windows 7 also adds native support through a GUI to configure the storage used by volume-shadow copies.

Windows 8 and Server 2012

While supporting persistent shadow copies, Windows 8 lacks the GUI portion necessary to browse them; therefore the ability to browse, search or recover older versions of files via the Previous Versions tab of the Properties dialog of files was removed for local volumes. However, using third party tools (such as ShadowExplorer) it is possible to recover that functionality. The feature is fully available in Windows Server 2012. [27]

Windows 10

Windows 10 restored the Previous Versions tab that was removed in Windows 8; however, in earlier builds it depended upon the File History feature instead of Volume Shadow copy. Current builds now allow restoration from both File History and System Protection (System Restore) points, which use Volume Shadow Copy. [28]

Windows 11

Windows 11 retains the same Previous Versions and File History feature introduced in Windows 10, although it is disabled by default. [29]

Samba Server

Samba on Linux is capable of providing Shadow Copy Service on an LVM-backed storage or with an underlying ZFS or btrfs. [30] [31] [32]

Compatibility

While the different NTFS versions have a certain degree of both forward and backward compatibility, there are certain issues when mounting newer NTFS volumes containing persistent shadow copies in older versions of Windows. This affects dual-booting, and external portable hard drives. Specifically, the persistent shadow copies created by Windows Vista on an NTFS volume are deleted when Windows XP or Windows Server 2003 mount that NTFS volume. This happens because the older operating system does not understand the newer format of persistent shadow copies. [33] Likewise, System Restore snapshots created by Windows 8 are deleted if they are exposed to a previous version of Windows. [34]

See also

Related Research Articles

New Technology File System (NTFS) is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT family. It superseded File Allocation Table (FAT) as the preferred filesystem on Windows and is supported in Linux and BSD as well. NTFS reading and writing support is provided using a free and open-source kernel implementation known as NTFS3 in Linux and the NTFS-3G driver in BSD. By using the convert command, Windows can convert FAT32/16/12 into NTFS without the need to rewrite all files. NTFS uses several files typically hidden from the user to store metadata about other files stored on the drive which can help improve speed and performance when reading data. Unlike FAT and High Performance File System (HPFS), NTFS supports access control lists (ACLs), filesystem encryption, transparent compression, sparse files and file system journaling. NTFS also supports shadow copy to allow backups of a system while it is running, but the functionality of the shadow copies varies between different versions of Windows.

In computing, a symbolic link is a file whose purpose is to point to a file or directory by specifying a path thereto.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

In a computer file system, a fork is a set of data associated with a file-system object. File systems without forks only allow a single set of data for the contents, while file systems with forks allow multiple such contents. Every non-empty file must have at least one fork, often of default type, and depending on the file system, a file may have one or more other associated forks, which in turn may contain primary data integral to the file, or just metadata.

<span class="mw-page-title-main">System Restore</span> System recovery feature in Microsoft Windows

System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows Me, it has been included in all following desktop versions of Windows released since, excluding Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.

<span class="mw-page-title-main">Snapshot (computer storage)</span> Recorded state of a computer storage system at a particular point in time

In computer systems, a snapshot is the state of a system at a particular point in time. The term was coined as an analogy to that in photography.

<span class="mw-page-title-main">Windows Server 2008</span> Fourth version of Windows Server, released in 2008

Windows Server 2008, codenamed "Longhorn Server", is the seventh release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2.

Windows Vista introduced a number of new I/O functions to the Microsoft Windows line of operating systems. They are intended to shorten the time taken to boot the system, improve the responsiveness of the system, and improve the reliability of data storage.

Robocopy is a command-line file transfer utility for Microsoft Windows. Robocopy is functionally more comprehensive than the COPY command and XCOPY, but replaces neither. Created by Kevin Allen and first released as part of the Windows NT 4.0 Resource Kit, it has been a standard feature of Windows since Windows Vista and Windows Server 2008.

An NTFS reparse point is a type of NTFS file system object. It is available with the NTFS v3.0 found in Windows 2000 or later versions. Reparse points provide a way to extend the NTFS filesystem. A reparse point contains a reparse tag and data that are interpreted by a filesystem filter driver identified by the tag. Microsoft includes several default tags including NTFS symbolic links, directory junction points, volume mount points and Unix domain sockets. Also, reparse points are used as placeholders for files moved by Windows 2000's Remote Storage Hierarchical Storage System. They also can act as hard links, but are not limited to pointing to files on the same volume: they can point to directories on any local volume. The feature is inherited to ReFS.

The NTFS file system defines various ways to redirect files and folders, e.g., to make a file point to another file or its contents without making a copy of it. The object being pointed to is called the target. Such file is called a hard or symbolic link depending on a way it's stored on the filesystem.

<span class="mw-page-title-main">Windows Home Server</span> Home server operating system by Microsoft released in 2007

Windows Home Server is a home server operating system from Microsoft. It was announced on 7 January 2007 at the Consumer Electronics Show by Bill Gates, released to manufacturing on 16 July 2007 and officially released on 4 November 2007.

In Microsoft Windows, cacls, and its replacement icacls, are native command-line utilities capable of displaying and modifying the security descriptors on folders and files. An access-control list is a list of permissions for securable object, such as a file or folder, that controls who can access it. The cacls command is also available on ReactOS.

Windows Vista has many significant new features compared with previous Microsoft Windows versions, covering most aspects of the operating system.

NTBackup is the first built-in backup utility of the Windows NT family. It was introduced with Windows NT 3.51. NTBackup comprises a GUI (wizard-style) and a command-line utility to create, customize, and manage backups. It takes advantage of Shadow Copy and Task Scheduler. NTBackup stores backups in the BKF file format on external sources, e.g., floppy disks, hard drives, tape drives, and Zip drives. When used with tape drives, NTBackup uses the Microsoft Tape Format (MTF), which is also used by BackupAssist, Backup Exec, and Veeam Backup & Replication and is compatible with BKF.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

<span class="mw-page-title-main">Backup and Restore</span> Primary backup component of Windows Vista and Windows 7

Backup and Restore is the primary backup component of Windows Vista and Windows 7. It can create file and folder backups, as well as system images backups, to be used for recovery in the event of data corruption, hard disk drive failure, or malware infection. It replaces NTBackup, which has been part of Windows since Windows NT 3.51. Unlike its predecessor, it supports CDs, DVDs, and Blu-rays discs as backup media.

In computing, WBAdmin is a command-line utility built into Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 10 and Windows 11 operating systems. The command is used to perform backups and restores of operating systems, drive volumes, computer files, folders, and applications from a command-line interface.

Resilient File System (ReFS), codenamed "Protogon", is a Microsoft proprietary file system introduced with Windows Server 2012 with the intent of becoming the "next generation" file system after NTFS.

References

  1. 1 2 "Volume Snapshot Service (VSS)". Glossary. Symantec. Retrieved 2 May 2013.
  2. 1 2 3 4 "Volume Shadow Copy Service Overview". MSDN Library . Microsoft. 5 November 2012. Retrieved 2 May 2013.
  3. 1 2 "How Volume Shadow Copy Service Works". TechNet . Microsoft. 28 March 2003. Retrieved 4 January 2011.
  4. Archiveddocs. "What's New in Failover Clusters in Windows Server 2008". technet.microsoft.com. Retrieved 18 March 2018.
  5. JasonGerend. "Volume Shadow Copy Service". docs.microsoft.com. Retrieved 11 August 2019.
  6. scooley. "Hyper-V Integration Services". docs.microsoft.com. Retrieved 11 August 2019.
  7. scooley. "Microsoft Virtualization and Virtual Server 2005 R2 SP1". docs.microsoft.com. Retrieved 11 August 2019.
  8. mcleanbyron. "VSS Backup and Restore of the Active Directory - Windows applications". docs.microsoft.com. Retrieved 11 August 2019.
  9. MandiOhlinger. "SQL Server database mirroring, Volume Shadow Copy service and AlwaysOn - BizTalk Server". docs.microsoft.com. Retrieved 11 August 2019.
  10. msdmaguire. "Exchange Server data protection, Exchange disaster recovery, Exchange backup, Exchange VSS Writer, VSS Backup Exchange, Exchange Server data recovery, Exchange data recovery". docs.microsoft.com. Retrieved 11 August 2019.
  11. spdevdocs. "Back up and restore a search service application in SharePoint using VSS". docs.microsoft.com. Retrieved 11 August 2019.
  12. "Shadow Copy Client Download". TechNet . Microsoft . Retrieved 21 October 2014.
  13. Oltean, Adi (17 December 2004). "Tips for deploying Shadow copies[sic] for Shared Folders". Antimail. Microsoft . Retrieved 21 April 2009.
  14. "Windows XP - Volume Shadow Copy Service". MSDN . Microsoft . Retrieved 31 May 2013.
  15. "Vssadmin". Windows Server 2008 and Windows Server 2008 R2 documentations. TechNet Library . Microsoft. 28 September 2007. Windows Server Commands, References, and Tools. Retrieved 27 March 2012.
  16. Compare: "Information about SPP folder in Windows vista". Microsoft Community. Microsoft. 20 August 2010. Retrieved 22 July 2015. SPP stand for Shared Protection Point and is used by windows to store information on restore point.
  17. Compare: Barreto, Jose (16 September 2009). "Diagnosing Failures in Windows Server Backup – Part 1 (VSS/SPP Errors)". Storage at Microsoft: The official blog of the Windows and Windows Server storage engineering teams. Microsoft Corporation. Retrieved 11 September 2017. [...] the origin of the error is in an underlying layer such as Volume Shadow Copy Service (VSS), Shared Protection Point (SPP), or other applications that plug into VSS framework.
  18. Russinovich, Mark E.; Solomon, David A. (2005). Microsoft Windows Internals: Microsoft Windows Server 2003, Windows XP, and Windows 2000 (4 ed.). Redmond, WA: Microsoft Press. pp.  706–711. ISBN   0-7356-1917-4.
  19. "Windows Backup". Windows Vista portal. Microsoft. Archived from the original on 10 May 2007. Retrieved 11 January 2014.
  20. Fok, Christine (September 2007). "A Guide to Windows Vista Backup Technologies". TechNet Magazine. Microsoft . Retrieved 11 January 2014.
  21. "Diskshadow". Windows Server 2008 and Windows Server 2008 R2 documentations. TechNet Library . Microsoft Corporation. 28 September 2007. Windows Server Commands, References, and Tools. Retrieved 27 March 2012.
  22. "Selected Scenarios for Maintaining Data Integrity with Windows Vista". TechNet. Microsoft Corporation.
  23. "A Guide to Windows Vista Backup Technologies". Microsoft.
  24. "Volume Shadow Copy and "Previous Versions" feature in Windows Vista". Microsoft Corporation.
  25. ShadowExplorer allows restoring lost or altered files
  26. TimeTraveler adds a timeline to Windows Explorer allowing the user to open, restore or compare files or directories from points-in-time
  27. "Previous versions UI removed for local volumes (Windows)" . Retrieved 17 November 2012.
  28. Saluste, Margus. "File History in Windows 8, 8.1 and 10". WinHelp.us. Archived from the original on 25 December 2020. Retrieved 18 March 2018.
  29. Huc, Mauro (8 March 2023). "How to enable Previous Versions to recover files on Windows 11 - Pureinfotech". Pureinfotech • Windows 10 & Windows 11 help for humans. Archived from the original on 27 May 2023. Retrieved 19 July 2023.
  30. "Samba HOWTO Collection, Part III. Advanced Configuration" . Retrieved 2 October 2012.
  31. "zfsonlinux/zfs-auto-snapshot". GitHub. Retrieved 18 March 2018.
  32. "[GUIDE] Windows Previous Versions and Samba (Btrfs - Atomic COW - Volume Shadow Copy)". openmediavault.
  33. "How restore points and other recovery features in Windows Vista are affected when you dual-boot with Windows XP". File Cabinet Blog. Microsoft. 14 July 2006. Archived from the original on 18 July 2006. Retrieved 21 March 2007.
  34. "Calling SRSetRestorePoint". MSDN Library . Microsoft . Retrieved 1 February 2015. Snapshots of the boot volume created by System Restore running on Windows 8 may be deleted if the snapshot is subsequently exposed by an earlier version of Windows.

Further reading