Shadow Copy is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copyservice. A software VSS provider service is also included as part of Windows to be used by Windows applications. Shadow Copy technology requires either the Windows NTFS or ReFS filesystems in order to create and store shadow copies. Shadow Copies can be created on local and external volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.
Overview
VSS operates at the block level of volumes. A snapshot is a read-only point-in-time copy of the volume. Snapshots allow the creation of consistent backups of a volume, ensuring that the contents do not change and are not locked while the backup is being made. The core component of shadow copy is the Volume Shadow Copy service, which initiates and oversees the snapshot creation process. The components that perform all the necessary data transfer are called providers. While Windows comes with a default System Provider, software and hardware vendors can create their own software or hardware providers and register them with Volume Shadow Copy service. Each provider has a maximum of 10 seconds' time to complete the snapshot generation. Other components that are involved in the snapshot creation process are writers. The aim of Shadow Copy is to create consistent reliable snapshots. But sometimes, this cannot simply be achieved by completing all pending file change operations. Sometimes, it is necessary to complete a series of inter-related changes to several related files. For example, when a database application transfers a piece of data from one file to another, it needs to delete it from the source file and create it in the destination file. Hence, a snapshot must not be between the first deletion and the subsequent creation, or else it is worthless; it must either be before the deletion or after the creation. Enforcing this semantic consistency is the duty of writers. Each writer is application-specific and has 60 seconds to establish a backup-safe state before providers start snapshot creation. If the Volume Shadow Copy service does not receive acknowledgement of success from the corresponding writers within this time-frame, it fails the operation. By default, snapshots are temporary; they do not survive a reboot. The ability to create persistent snapshots was added in Windows Server 2003 onward. However, Windows 8 removed the GUI portion necessary to browse them. Windows software and services that support VSS include Windows Failover Cluster, Windows Server Backup, Hyper-V, Virtual Server, Active Directory, SQL Server, Exchange Server and SharePoint. The end result is similar to a versioning file system, allowing any file to be retrieved as it existed at the time any of the snapshots was made. Unlike a true versioning file system, however, users cannot trigger the creation of new versions of an individual file, only the entire volume. As a side-effect, whereas the owner of a file can create new versions in a versioning file system, only a system administrator or a backup operator can create new snapshots, because this requires control of the entire volume rather than an individual file. Also, many versioning file systems implicitly save a version of files each time they are changed; systems using a snapshotting approach like Windows only capture the state periodically.
Volume Snapshot Service was first added to Microsoft Windows in Windows XP. It can only create temporary snapshots, used for accessing stable on-disk version of files that are opened for editing. This version of VSS is used by NTBackup. The creation of persistent snapshots has been added in Windows Server 2003, allowing up to 512 snapshots to exist simultaneously for the same volume. In Windows Server 2003, VSS is used to create incremental periodic snapshots of data of changed files over time. A maximum of 64 snapshots are stored on the server and are accessible to clients over the network. This feature is known as Shadow Copies for Shared Folders and is designed for a client–server model. Its client component is included with Windows XP SP2 or later, and is available for installation on Windows 2000 SP3 or later, as well as Windows XP RTM or SP1. Windows XP and later include a command line utility called vssadmin that can list, create or delete volume shadow copies and list installed shadow copy writers and providers.
Microsoft updated a number of Windows components to make use of Shadow Copy. Backup and Restore in Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 use shadow copies of files in both file-based and sector-by-sector backup. The System Protection component uses VSS when creating and maintaining periodic copies of system and user data on the same local volume ; VSS allows such data to be locally accessed by System Restore. System Restore allows reverting to an entire previous set of shadow copies called a restore point. Prior to Windows Vista, System Restore depended on a file-based filter that watched changes for a certain set of file extensions, and then copied files before they were overwritten. In addition, a part of Windows Explorer called Previous Versions allows restoring individual files or folders locally from restore points as they existed at the time of the snapshot, thus retrieving an earlier version of a file or recovering a file deleted by mistake. Finally, Windows Server 2008 introduces the diskshadow utility which exposes VSS functionality through 20 different commands. The system creates shadow copies automatically once per day, or when triggered by the backup utility or installer applications which create a restore point. The "Previous Versions" feature is available in the Business, Enterprise, and Ultimate editions of Windows Vista and in all Windows 7 editions. The Home Editions of Vista lack the "Previous Versions" feature, even though the Volume Snapshot Service is included and running. Using third-party tools it is still possible to restore previous versions of files on the local volume. Some of these tools also allow users to schedule snapshots at user-defined intervals, configure the storage used by volume-shadow copies and compare files or directories from different points-in-time using snapshots. Windows 7 also adds native support through a GUI to configure the storage used by volume-shadow copies.
Windows 8 and Server 2012
While supporting persistent shadow copies, Windows 8 lacks the GUI portion necessary to browse them; therefore the ability to browse, search or recover older versions of files via the Previous Versions tab of the Properties dialog of files was removed for local volumes. However, using third party tools it is possible to recover that functionality. The feature is fully available in Windows Server 2012.
Windows 10 restored the Previous Versions tab that was removed in Windows 8; however, in earlier builds it depended upon the File History feature instead of Volume Shadow copy. Current builds now allow restoration from both File History and System Protection points, which use Volume Shadow Copy.
Samba Server
on Linux is capable of providing Shadow Copy Service on an LVM-backed storage or with an underlying ZFS or btrfs.
Compatibility
While the different NTFS versions have a certain degree of both forward and backward compatibility, there are certain issues when mounting newer NTFS volumes containing persistent shadow copies in older versions of Windows. This affects dual-booting, and external portable hard drives. Specifically, the persistent shadow copies created by Windows Vista on an NTFS volume are deleted when Windows XP or Windows Server 2003 mount that NTFS volume. This happens because the older operating system does not understand the newer format of persistent shadow copies. Likewise, System Restore snapshots created by Windows 8 are deleted if they are exposed to a previous version of Windows.
