Real sys admins know this pain (rm suffers no fools) and accept the consequences of recovering from backups as pennance. No backups? Then you aren’t really a sys admin then, are you?
Once I had to restore an entire organization from shadow copies because the IT director didn’t believe in off-site backups or using endpoint protection. The whole network got a ransomware that included the backups, but did not include the shadow copies on the main file server.
At least I got to help them build a disaster recovery procedure, and pick out a new EDR.
Yes, they are essentially file snapshots. Shadow copies in a Microsoft environment at least are basically file history without using file history. So when you modify a file when it’s enabled, it makes a copy of the last version of the file.
But since it’s not meant to be a actual backup solution, it’s meant to be on a file-by-file basis. I think that means they had to go through and manual restore n a file by file basis
If I remember correctly, we were able to restore folders from the shadow copies. I certainly didn’t go file by file. I might have used a tool to do it. But as you pointed out, it’s not a proper backup so we had to do quite a bit of reconciliation to make sure we restored everything and document anything we couldn’t restore.
Yeah, shadow copies on Windows servers are snapshots of files. They allow users to see previous versions of a file.
It’s not really intended as a backup solution on its own, but some backup software does use the volume shadow copy service (VSS) to perform backups on Windows servers.
Next time I’m about to criticize the judgement of a video game boss for having an exposed weak point with a neon orange glow, I’ll think about a sysadmin with no backups. Stupidity adds realism.
Real sys admins know this pain (rm suffers no fools) and accept the consequences of recovering from backups as pennance. No backups? Then you aren’t really a sys admin then, are you?
Once I had to restore an entire organization from shadow copies because the IT director didn’t believe in off-site backups or using endpoint protection. The whole network got a ransomware that included the backups, but did not include the shadow copies on the main file server.
At least I got to help them build a disaster recovery procedure, and pick out a new EDR.
Are shadow copies like snapshots?
Yes, they are essentially file snapshots. Shadow copies in a Microsoft environment at least are basically file history without using file history. So when you modify a file when it’s enabled, it makes a copy of the last version of the file.
But since it’s not meant to be a actual backup solution, it’s meant to be on a file-by-file basis. I think that means they had to go through and manual restore n a file by file basis
If I remember correctly, we were able to restore folders from the shadow copies. I certainly didn’t go file by file. I might have used a tool to do it. But as you pointed out, it’s not a proper backup so we had to do quite a bit of reconciliation to make sure we restored everything and document anything we couldn’t restore.
That sounds unpleasant. I’ve been through similar myself.
So it was long, manual, and painful. That sounds horrid.
Yeah, shadow copies on Windows servers are snapshots of files. They allow users to see previous versions of a file.
It’s not really intended as a backup solution on its own, but some backup software does use the volume shadow copy service (VSS) to perform backups on Windows servers.
I was basically restoring files from this prompt in Windows.
Thanx
Next time I’m about to criticize the judgement of a video game boss for having an exposed weak point with a neon orange glow, I’ll think about a sysadmin with no backups. Stupidity adds realism.
The best part is when you do something like
rm path/to/dir/*and after pressing enter you notice there is actually space before the*.And you realize that it’s taking a while to delete that small handful of files.
trash-cliis your friend.