Once I had to restore an entire organization from shadow copies because the IT director didn’t believe in off-site backups or using endpoint protection. The whole network got a ransomware that included the backups, but did not include the shadow copies on the main file server.
At least I got to help them build a disaster recovery procedure, and pick out a new EDR.
Yes, they are essentially file snapshots. Shadow copies in a Microsoft environment at least are basically file history without using file history. So when you modify a file when it’s enabled, it makes a copy of the last version of the file.
But since it’s not meant to be a actual backup solution, it’s meant to be on a file-by-file basis. I think that means they had to go through and manual restore n a file by file basis
If I remember correctly, we were able to restore folders from the shadow copies. I certainly didn’t go file by file. I might have used a tool to do it. But as you pointed out, it’s not a proper backup so we had to do quite a bit of reconciliation to make sure we restored everything and document anything we couldn’t restore.
Yeah, shadow copies on Windows servers are snapshots of files. They allow users to see previous versions of a file.
It’s not really intended as a backup solution on its own, but some backup software does use the volume shadow copy service (VSS) to perform backups on Windows servers.
Once I had to restore an entire organization from shadow copies because the IT director didn’t believe in off-site backups or using endpoint protection. The whole network got a ransomware that included the backups, but did not include the shadow copies on the main file server.
At least I got to help them build a disaster recovery procedure, and pick out a new EDR.
Are shadow copies like snapshots?
Yes, they are essentially file snapshots. Shadow copies in a Microsoft environment at least are basically file history without using file history. So when you modify a file when it’s enabled, it makes a copy of the last version of the file.
But since it’s not meant to be a actual backup solution, it’s meant to be on a file-by-file basis. I think that means they had to go through and manual restore n a file by file basis
If I remember correctly, we were able to restore folders from the shadow copies. I certainly didn’t go file by file. I might have used a tool to do it. But as you pointed out, it’s not a proper backup so we had to do quite a bit of reconciliation to make sure we restored everything and document anything we couldn’t restore.
That sounds unpleasant. I’ve been through similar myself.
So it was long, manual, and painful. That sounds horrid.
Yeah, shadow copies on Windows servers are snapshots of files. They allow users to see previous versions of a file.
It’s not really intended as a backup solution on its own, but some backup software does use the volume shadow copy service (VSS) to perform backups on Windows servers.
I was basically restoring files from this prompt in Windows.
Thanx