Windows Server 2003 can take you back in time
If you are running Windows Server 2003, you owe it to yourself to enable the Volume Shadow Copy service. What this service does is periodically (according to a schedule you set) capture a snapshot of the files you specify so they can be recovered later. The copies are lazy: If a file doesn’t change between snapshots, a new copy isn’t made. Up to 64 versions of a file can be recorded in the snapshot database. Bear this in mind when setting your snapshot schedule. If you take a snapshot twice a day, you’re good for a month, but if you take a snapshot every minute, you get only an hour’s worth of snapshots. You are trading off snapshot quality against quantity.
Although I can count on my hand the number of times the Volume Shadow Copy service has saved my bacon, each time I needed it, it saved me at least a day’s work. Typically, it’s because I wasn’t paying attention and deleted the wrong file. Once it was because I make some changes to a file and ended up making a bigger mess of things and would have been better off just returning to the version I had the previous day.
I just click on “View previous versions of this folder” in the Tasks Pane, pick the snapshot from yesterday, and drag yesterday’s version of the file to my desktop. Then I can take that file and compare it to the version I have now and reconcile the changes. In the case of a deleted file, I just click the “Restore” button and back to life it comes. (Be careful about using “Restore” for a file that still exists, however, because that will overwrite the current version with the snapshot version.)
One tricky bit about viewing snapshots is that it works only on network drives. If you want to restore a file from a local hard drive, you’ll need to either connect to the drive from another computer or (what I do) create a loopback connection and restore it via the loopback.
Note that the Volume Shadow Copy service is not a replacement for backups. The shadow copies are kept on the drive itself, so if you lose the drive, you lose the shadow copies too.
Given the ability of the Volume Shadow Copy service to go back in time and recover previous versions of a file, you’re probably not surprised that the code name for the feature was “Timewarp”.
John, a colleague in security, points out that shadow copies provide a curious backdoor to the quota system. Although you have access to shadow copies of your file, they do not count against your quota. Counting them against your quota would be unfair since it is the system that created these files, not you. (Of course, this isn’t a very useful way to circumvent quota, because the system will also delete shadow copies whenever it feels the urge.)
Light
Dark
0 comments