Data Centers

Configure IT Quick: Restore deleted files in an instant with shadow copies in Windows Server 2003

Use shadow copies to restore files instantly in Windows Server 2003.

You've probably been asked a thousand times by a user to drop what you're doing and restore a file that was accidentally deleted or modified. You know the drill: Mount a backup tape, restore the file, remove the backup tape, and mount the tape for tonight's backup. Depending on the speed of your backup mechanism and the size of the file, this single request can eat up anywhere from 10 minutes to an hour or more of your day.

Thanks to a feature called Shadow Copies Of Shared Folders In Windows Server 2003, a restore operation is now never more than a few clicks away. By enabling shadow copy, your users will be able to handle the restoration of any file they have accidentally deleted, saving your users time and your company money.

What is a shadow copy?
Think of a shadow copy as an automated backup mechanism. Any time that a file is modified or created, it gets backed up first. Since the backed-up files remain online, they are readily available for restore with just a few mouse clicks. The primary uses for shadow copies are to recover files that were accidentally deleted, to recover files that were accidentally overwritten or infected with a virus, and to compare the current version of a file against a previous version.

Shadow copy limitations
Shadow copy is not a substitute for a normal backup. Instead, shadow copy is a convenience feature. If a user needs a file restored quickly, then shadow copy is perfect for the job. However, there are a lot of restore jobs that shadow copy simply can't handle. For example, if the system's registry were to become corrupt, you wouldn't be able to restore it with shadow copy because in order to restore with shadow copy, Windows must be functional.

Likewise, if a hard disk were to fail, you wouldn't want to use shadow copy as your only mechanism, because, by default, the shadow copy backup exists on the same partition that contains the original data. Therefore, if a hard drive were to fail, not only is the data gone, but the shadow copy is gone as well.

Another limit that you need to be aware of is size. Remember, the shadow copy of the data exists on the same partition as the data itself. Therefore, as more data is accumulated, there becomes less room for the shadow copy. When the hard disk comes close to filling up, shadow copy data is automatically deleted, beginning with the oldest data.

Even if you had an infinite amount of hard disk space, a shadow copy is not eternal. At a maximum, Windows will retain the last 64 versions of a file. When the number of changes to a file exceeds the 64-version limit, then the oldest versions are deleted to make room for the newest versions.

Another thing that you need to know about shadow copies is that the copies are read-only. The reason for this is that one of the shadow copies' jobs is to protect old versions of files. If it were possible to modify shadow copies, then the versioning would not be truly protected. If you find yourself needing to restore a previous version of a file and then make changes to it, you must copy the shadow copy to an alternate location and then make the changes to the copy that you made rather than trying to change the actual shadow copy.

Although shadow copies of files are always flagged as read-only, shadow copies retain the original permissions set on the file. Therefore, if you were to restore a file that had been backed up by shadow copy, the restored file would have all of the same permissions as the original (with the exception of the read-only flag).

Finally, the shadow copy mechanism is enabled or disabled at the volume level. You cannot configure shadow copy to work on specific files and folders.

Enabling shadow copy
To enable shadow copies, select the Computer Management command from the Administrative Tools menu. When the Computer Management console opens, navigate through the console tree to Computer Management (Local) | System Tools | Shared Folders. Now, right-click on the Shared Folders container and select the All Tasks | Configure Shadow Copies commands from the resulting shortcut menus.

As an alternative, you can also configure shadow copies through the Disk Management console. To do so, open the Disk Management console by entering the DISKMGMT.MSC command at the Run prompt. When the Disk Management console opens, right-click on the volume for which you want to enable shadow copies and select the Properties command from the resulting shortcut menu. This will display the disk's properties sheet. Now, select the Shadow Copies tab, as shown in Figure A.

Figure A
The disk's properties sheet contains a Shadow Copies tab.

As you can see in the figure, enabling a shadow copy is as easy as clicking the Enable button. Before you click the Enable button, though, I recommend taking some time to custom-tailor the various shadow copy options. You can do this by clicking the Settings button. When you do, you'll see the Settings dialog box shown in Figure B.

Figure B
The Settings dialog box allows you to custom-configure the way that the shadow copies behave.

The first setting that you must configure is the storage location. The default setting tells Windows to place the shadow copies onto the same volume as where the original files exist. While you can certainly use the default options, this may not be a good idea for a couple of reasons.

First, if the hard disk goes bad or the volume gets corrupted, then you lose your shadow copies too. This may not sound like a big deal if you are still making a nightly tape backup, but think about it. During the day, the shadow copy will usually be more current than your nightly backup. Therefore, if you have to restore a backup tape from the night before, users may lose a full day's worth of work. If you are able to restore the shadow copies, users may only lose a few minutes or a few hours' worth of work (depending on the backup schedule and the time of day when the crash occurs). It's also good to be able to recover shadow copies after a crash because doing so allows you to maintain multiple versions of the files in the shared folders.

Another reason for moving the shadow copies to a different location is that having the shadow copies exist on a volume that's already very busy with user requests can degrade performance. Wherever you choose to store the shadow copies, there is one very important thing to remember. If you move the shadow copy location once shadow copies have already been enabled for the volume, all of the existing shadow copies for that volume will be lost. For example, if you have shadow copies enabled for drive F and you decide that you want to move the copies to drive Q, then all of the shadow copies that currently exist for drive F will be lost during the move.

The next setting that you can configure is the maximum shadow copy size. By default, shadow copies are given 10 percent of the volume space. I recommend giving this some serious thought before simply accepting the defaults though. Remember that you want to set aside enough, but not too much, disk space.

When I say that you must set aside enough disk space, I am talking about the minimum shadow copy size enforced by Windows and the minimum amount of disk space that you can use for practical results. Windows requires you to use at least 100 MB of disk space for shadow copies (if you choose to enable shadow copies). At the same time, though, 100 MB is probably nowhere near enough space for most applications. In fact, that may not even be enough space for a single shadow copy.

To figure out how much space you'll really need, you must determine how much space is being used by shared folders on the volume in question, how many shadow copies you want to use, and how much you expect the data in the shared folders to grow in the foreseeable future.

For example, I have a production server on my network that stores everything that I have ever written, all of the financial records for my various businesses, the source code for my Web site, and a lot of other stuff. All of this data takes up about 3 GB of space. That's a lot of writing! Therefore, I know that I must set aside at least 3 GB of space if I want to be able to successfully use a shadow copy on that volume. Where things get hairy is that I would like to use the maximum number of 64 shadow copies so that I can retain lots of old versions of my documents.

Therefore, I could multiply 64 shadow copies by 3 GB and determine that I would need 192 GB of space on that volume for shadow copies. Of course, this only accommodates my current need. On average, I consume about 1 GB per year of space on that volume. Given that Microsoft comes out with new server operating systems about every three years, I can anticipate that if I continue to write the same amount of stuff, then I'll have about 6 GB of data online by the time I'm ready to upgrade server operating systems around 2006. Therefore, I would try to set aside 384 GB in shadow copy space.

Earlier, I stated that while you didn't want to use too little disk space, you didn't want to use too much either. I estimated that 384 GB of disk space would hold me for the next three years and allow me to have 64 shadow copies available at a time. Keep in mind, though, that 384 GB is almost half a terabyte of disk space. Furthermore, that server only holds my personal data. Can you imagine how much disk space you would need to configure shadow copies for a server that handles 1,000 users who are doing nothing but creating documents day in and day out? You must also keep in mind that my estimate was based on a single volume. My network actually has dozens of server volumes. That one just happens to be the most important. As you can see, you can quickly burn through a whole lot of disk space if you try to use shadow copies to their full potential.

There are some environments, though, where you might want to use shadow copies to their full potential in spite of the hefty disk space requirements. For example, medical offices require very precise patient records to be kept. In such an environment, it could be beneficial to keep the last 64 versions of a patient's medical records available in case someone tries to file a malpractice suit.

The final element that you might want to configure is the shadow copy schedule. You can do this by clicking the Schedule button. By default, Windows is configured to create a shadow copy of the data every weekday at 7:00 A.M. and at noon. I'm assuming that the idea behind this schedule is that you can create the shadow copy before everyone shows up in the morning, and while everyone is at lunch.

Personally, I recommend modifying the shadow copy schedule to meet your needs. If everyone in the office shows up for work at 8:00 or 9:00, then there is little reason to create a 7:00 A.M. shadow copy. The shadow copy would be backing up the exact same data that you already have on tape from the night before. Instead, you might create a shadow copy at 11:00, 2:00, and 5:00. That way, you would have data restore points from throughout the day.

There are other things to keep in mind when setting up a schedule, though. The primary factor is performance. If the volume that you are shadow copying is heavily used, then there's a good chance that creating a shadow copy during business hours will slow the server to a crawl. Therefore, I recommend manually creating a shadow copy to see what impact it has before setting up a schedule. You can manually create a shadow copy by clicking the Create Now button shown in Figure A.

Another factor to consider is the amount of time it takes to create a shadow copy. For example, I suggested making a shadow copy at 11 A.M., 2 P.M., and 5 P.M. However, if it takes more than three hours to create a shadow copy, then it will be time for the next shadow copy to begin before the last one has even finished.

Finally, you will want to consider the number of days that you want to have available in the shadow copy archives. For example, if your server is storing 64 shadow copies and you are creating shadow copies three times a day, then you only have 21 days' worth of shadow copies available to you.

The client
So far, I have shown you how to set up shadow copies on the server, but you must also do some configuration on the client end. To install the client software, you must make the server's %SYSTEMROOT%\SYSTEM32\CLIENTS\TWCLIENT folder accessible to users whom you wish to have access to shadow copies of their files. Once you've done so, have clients run the installer in the X86 subfolder, or whichever subfolder is appropriate for their operating system. Installation is extremely fast and doesn't really ask any questions.

Once the client component is installed, clients have access to previous versions of the files as long as they are passing through the share point. If you try to access the files directly through the server console (C: as opposed to \\servername\sharename), the previous version option will be unavailable.

To access a previous version of a file, right-click on the file and select the Properties command from the resulting shortcut menu. When you do, you will see the file's properties sheet. Now, just select the Previous version tab to see which versions are available.

Use shadow copies to save time, effort
Although shadow copies have limitations and may not be as useful as having complete backups of data files, they do go a long way toward making data more safe and secure. If users accidentally erase or modify a file to their dissatisfaction, the original files can sometimes be restored quickly from the shadow copies. Once you get used to working with shadow copies, you'll find them to be a welcome addition to your network.

Editor's Picks