Enabling Volume Shadow Copy Using PowerShell

If you’re familiar with the world of Windows administration, you probably know about the hidden gem called Volume Shadow Copy (VSS). Born alongside Windows Server 2003, VSS has been quietly providing a layer of protection for your files and folders. It creates ‘shadow copies’, essentially snapshots, of your data, allowing you to restore previous versions of files or even retrieve deleted ones.

While this feature is invaluable, enabling it can involve a deep dive into the graphical user interface of Windows, which can be tedious. Luckily, for those of us who favor a more streamlined, script-driven approach, we have a perfect tool at our disposal: PowerShell.

Enabling Volume Shadow Copy with PowerShell

Here’s a PowerShell script designed to simplify the process by automating the enabling of the VSS feature for a specific disk drive. To utilize this script, I recommend opening PowerShell ISE as an administrator, pasting the script into it, and then executing it. Be sure to change the drive letter to match your requirements.

# Set your target drive letter
$driveLetter = "C:\"

# Announce the script and its intentions
Write-Host "This script is designed to make the following changes on your system:"
Write-Host "1. Check the start mode of the Volume Shadow Copy (VSS) service."
Write-Host "2. If not already set, change the VSS service to Automatic start with delay."
Write-Host "3. Ensure the VSS service is running."
Write-Host "4. Enable Shadow Copy for the drive $driveLetter."
Write-Host "5. Set up a task to create Shadow Copies daily at 7AM and 12PM for drive $driveLetter."
Write-Host "The target drive for these changes is: $driveLetter"
Write-Host "Please press 'y' to continue with these changes or any other key to cancel."

# Wait for user's confirmation
$input = Read-Host
if ($input -ne 'y') {
    Write-Host "Script cancelled."
    exit
}

# Recap of the changes made
$changesMade = @()

# Check VSS service start type
$vssService = Get-WmiObject -Class Win32_Service -Filter "Name='VSS'"
if ($vssService.StartMode -ne 'Auto') {
    # Change VSS service to auto start with delay
    $vssService.ChangeStartMode('Automatic')
    $changesMade += "Changed VSS service to Automatic start."
}

# Ensure the VSS service is running
Start-Service -Name VSS
$changesMade += "Started VSS service."

# Enable Shadow Copy for the selected drive
(Get-WmiObject -List Win32_ShadowCopy).Create($driveLetter, "ClientAccessible")
$changesMade += "Enabled Shadow Copy for $driveLetter."

# Set the task to create shadow copies every day at 7AM and 12PM
$action = New-ScheduledTaskAction -Execute 'Powershell.exe' `
    -Argument "-command ""(Get-WmiObject -List Win32_ShadowCopy).Create(`"$driveLetter`", `"ClientAccessible`")"""

$trigger1 = New-ScheduledTaskTrigger -Daily -At 7AM
$trigger2 = New-ScheduledTaskTrigger -Daily -At 12PM

Register-ScheduledTask -Action $action -Trigger $trigger1, $trigger2 `
    -TaskName "ShadowCopyCreation" `
    -Description "Task for creating Shadow Copies"

$changesMade += "Scheduled Task for creating Shadow Copies at 7AM and 12PM for drive $driveLetter is set."

# Print summary
Write-Host "The script has made the following changes on drive $driveLetter:"
foreach ($change in $changesMade) {
    Write-Host $change
}

How to recover data when VSS is enabled

Once VSS is up and running, recovering data becomes a straightforward process. Whether you’re looking to roll back to an earlier version of a file or restore a deleted one, VSS has you covered.Here are the steps to retrieve your lost data:

  • Locate your file or folder: Use File Explorer to find the file or folder you’re interested in.
  • Open up properties: Right-click on your selected item and choose “Properties” from the context menu that appears.
  • Find the “Previous Versions” tab: In the properties window, locate and click on the “Previous Versions” tab.
  • Choose your version: You’ll see a list of the previous versions of your file or folder, each with a timestamp. Select the version you wish to restore.
  • Decide on your recovery method: After you’ve selected the version you need, you have three options:
    • Open: This allows you to view the content of the selected version. Use this option to confirm that you’ve selected the correct version before restoring it.
    • Copy: This lets you create a duplicate of the previous version in a location of your choice. Choose this option if you want to keep both the current version and the restored version.
    • Restore: This replaces the current file or folder with the selected previous version. Select this option if you want to overwrite the current version. Be careful, though, as this action is irreversible.
  • Verify your restoration: Once the process is complete, open the file or folder to ensure the restoration was successful.Remember, the availability of previous versions hinges on the configuration of VSS on your Windows Server. If you can’t find the version you need, reach out to your system administrator for help.

Side Note for SysAdmins Using VSS

For system administrators, VSS offers additional layers of flexibility. When VSS is enabled, not only can you recover previous versions of individual files, but you can also access entire folders as they existed at a previous point in time. This can be especially useful when you need to recover metadata, like permissions, that has been accidentally altered or removed.

These previous versions of folders are accessible via the UNC path \\localhost\[share-name]\@GMT-[yyyy.mm.dd-hh.mm.ss], where [share-name] is the name of your shared folder and [yyyy.mm.dd-hh.mm.ss] is the timestamp of the shadow copy you wish to access.

For example, if you’ve lost the specific permissions for a folder, you can use a tool like Robocopy to restore them. Robocopy, or “Robust File Copy”, is a command-line utility for copying files and directories, and it also allows you to copy file and folder permissions.

Here’s an example of how you might use Robocopy to restore permissions:

robocopy "\\localhost\share\@GMT-2023.06.28-07.00.00" "\\localhost\share" /E /COPY:SOU /IS /IT

In this command:

  • /E makes Robocopy copy directories and subdirectories, including empty ones.
  • /COPY:SOU tells Robocopy to copy System, Owner, and aUditing info (in this case, permissions).
  • /IS makes Robocopy include the same files.
  • /IT includes “tweaked” files.

With this command, Robocopy will restore the permissions from the previous version of the folder to the current one. Always remember to replace "\\localhost\share\@GMT-2023.06.28-07.00.00" with the actual path of your previous version and "\\localhost\share" with the path of your current folder.

Remember the Role of VSS in Data Recovery

Although VSS is an incredibly useful feature for quick recovery from minor data loss, it’s important to remember that it’s not a comprehensive backup solution. It’s a part of a larger data protection strategy. For more serious incidents like ransomware attacks, total drive failures, or significant data corruption, a robust, multi-faceted backup strategy is still crucial.

In conclusion, PowerShell provides a powerful, efficient way to enable and manage the Volume Shadow Copy feature, helping you automate and streamline your data protection process. Embrace it, and add another tool to your data management toolbox.

Leave a Reply

Your email address will not be published. Required fields are marked *