5/12/2017 - 3:16 PM

Windows backup types #windows #backup #disk #blog

Windows backup types #windows #backup #disk #blog

Windows integrated backup types

Related to Windows Desktop OS


  • Volume Shadow Copy
    Do not depend on it for critical stuff, should be moved to external drive if possible. It might actually make sense to turn it off on SSD drives to save space or at with reduced quota so it can contain minimal number of shadows.
  • Backup and Restore
    Do not use except for grandma and simple stuff.
  • File History
    Might be used in some specific contexts but not as a general tool.

Volume Shadow Copy

Create: SystemPropertiesProtection.exe
Restore: rstrui.exe

NOTE: In my Windows PRO 10 (10.0.14393 N/A Build 14393) tests it was not possible to restore any restore point, but I was able to see files when shadow was mounted.

  • Shadows entire drive, on previous versions of windows this wasn't the case.
  • Form of file system snapshot a-la ZFS/BTRFS.
  • Requires system restart on restore and takes about several minutes.
  • Takes up ~300MB without any shadow, to initialize. -Automatically deleted after 3 months or when quota is depleted (source). AFAIK no way to create specific shadows forever.
  • Kept in <drive>\System Volume Information by default. Can be moved to external drive with vssadmin add shadowstorage /for=d: /on=e:
  • ShadowExplorer can be used to view and export shadows (cinst shadowexplorer).
  • Shadows can be mounted via mklink (source)
    # interactive
    vssadmin list shadows 
    cmd /c "mklink /d c:\shadow <volume_from_list>\" # note: must have trailing \
    # non-interactive
    function mount-shadow($name) {
        Get-ComputerRestorePoint | ? Description -eq $name | % SequenceNumber | set s
        $mount_path = "c:\" + ($name -replace '[ :\\/?]', '-')
        cmd /c "mklink /d $mount_path \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy$($s-1)\"
        cd $mount_path
    mount-shadow 'test 1'


Enable-ComputerRestore -drive "c:\"

Checkpoint-Computer -Description "My first checkpoint" -Restorepointtype "Modify_Settings"

# This must be set beause of the message 
#  'A new system restore point cannot be created because one has already been created within the past 1440 minutes'
sp 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore' SystemRestorePointCreationFrequency 1 # Use number of minutes instead 1, 0 is allowed

Restore-Computer -RestorePoint 59 -whatif

# Remove is not available OTB, use https://goo.gl/jRoclF
 Get-ComputerRestorePoint | ? Description -eq 'test' | Delete-ComputerRestorePoint
# TO delete vssadmin can be used OTB
vssadmin delete shadows /Shadow=<ShadowId>

# See https://msdn.microsoft.com/en-us/library/aa394428(v=vs.85).aspx
$shadows = Get-WmiObject Win32_ShadowCopy | select DeviceObject, Id, @{ N='installDate'; E={ [DateTime]::ParseExact(($_.InstallDate -replace '\..+'), "yyyyMMddHHmmss", $null)}, @{ N='wmi', E={$_} }
$shadows #show, there is no description, identify by date which is around ~10s later then that reported by `Get-ComputerRestorePoint`.
$shadows[-1].wmi.Delete() #delete the last shadow

# WMI create
# see https://msdn.microsoft.com/en-us/library/aa389391(v=vs.85).aspx
 (Get-WmiObject -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
# or 
$class.create("C:\", "ClientAccessible")
# NOTE: Those are not visible by the Get-ComputerRestorePoint or rstrui.exe, but only vssadmin and WMI. There doesn't seem a way to restore them OTB !!!

# get available contexts
Get-WmiObject win32_shadowcontext | Out-GridView

Show used storage

PS> vssadmin list shadowstorage

Shadow Copy Storage association
   For volume: (C:)\\?\Volume{7ff35979-24a6-4b98-ac45-48b7acc35892}\
   Shadow Copy Storage volume: (C:)\\?\Volume{7ff35979-24a6-4b98-ac45-48b7acc35892}\
   Used Shadow Copy Storage space: 3.98 GB (1%)
   Allocated Shadow Copy Storage space: 4.38 GB (1%)
   Maximum Shadow Copy Storage space: 10.0 GB (4%)

Other cli tools

  • DiskShadow - only on server
  • Vssadmin - contains more command on Server (can add, create etc.)


Backup and Restore

control /name Microsoft.BackupAndRestore

  • Can backup entire partitions
  • Any file/dir can be excluded
  • Backups are full or inccremental. Full can be done
  • System image creates a backup of all system drives ($Env:SysDrive, EFI, Repair). There is no selection.
  • Backup schedule can be changed from Task Scheduler: Get-ScheduledTask | ? TaskName -eq AutomaticBackup
  • Backups are saved on external `<computer>' in zip files.
  • Does not support multiple backups.
  • Restoring files/directories is unusable.

File History

control /name Microsoft.FileHistory

File History only backs up copies of files that are in the Documents, Music, Pictures, Videos, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders.

  • On Windows 10, it doesn't behave as described above but it copies almost entire $HOME folder:
    • If you create a directory in it, its content will be saved.
    • Doesn't save any files in directly in the $HOME.
    • Random folders on drive can't be included.
    • Adding symbolic link via mklink in $HOME doesnt include that folder. Adding hardlink works but hardlinks are by default possible only on files so script must be made to recreate directory structure.
  • Works like a form of automatic version control.
  • Saves on interval - min 10 minutes, max daily (run manually).
  • Keeps saved versions - min 1 month, max forever (or until space is needed).
  • Keeps files in <disk>\FileHistory\<user>\<computer>\Data\C\Users\<user>. Adds UTC time as suffix to file names.
  • Restores files using $env:SystemRoot\System32\FileHistory.exe. App has very bad interface and looks unusuable with big number of versions. Its way better to just browse \FileHistory directly.
  • There is no integration with Explorer.
  • Keeps configuration in XML file <disk>\FileHistory\<user>\<computer0\Configuration. Adding random folder there outside of the $HOME doesn't work.