Recovery of Files or Folders

Recently I discovered the brilliant advantages of ShadowCopy and just felt like I should share this with all of you. This how-to has been pulled from several sites but atleast it will help my readers who have ever experienced data loss

There are three fundamental situations in which most end users find themselves at one time or another when they use their computers. These scenarios include:

• Accidental file deletion, the most common situation.
• Accidental file replacement, which occurs for example, when users forget to use Save As.
• File corruption.

It is possible to recover from all of these scenarios by accessing shadow copies. The process is a little different when accessing a file compared to accessing a folder.

Recovering a Deleted File

To recover a deleted file, use the following procedure:

1. Navigate to the folder in which the deleted file had been stored.
2. Position the cursor over a blank space in the folder. If the cursor hovers over a file, that file will be selected.
3. Right-click the mouse and select Properties from the bottom of the menu. Select the Previous Versions tab.
4. Select the version of the folder that contains the file before it was deleted, and then click View.
5. View the folder and select the file that will be recovered.
6. Drag and drop, or cut and paste, the shadow copy to the desktop or folder on the end user’s local machine.

Recovering an Overwritten or Corrupted File

Recovering an overwritten or corrupted file is easier than recovering a deleted file because the file itself can be right-clicked instead of the folder. To recover an overwritten or corrupted file use the following procedure:

1. Right-click the overwritten or corrupted file and click Properties.
2. Select Previous Versions.
3. If you want to view the old version, click View. To copy the old version to another location, click Copy… To replace the current version with the older version, click Restore.

Recovering a Folder

To recover a folder use the following procedure:

1. Position the cursor so that it is over a blank space in the folder that will be recovered. If the cursor hovers over a file, that file will be selected.
2. Right-click the mouse, select Properties from the bottom of the menu, and then, click the Previous Versions tab.
3. Choose either Copy or Restore.
4. Choosing Restore enables the user to recover everything in that folder as well as all subfolders. Selecting Restore will not delete any files.

Important: End users should be notified regarding how frequently shadow copies of the selected volume will be made. End users should also be made aware that there is a maximum of 64 shadow copies, after which the earliest copy is purged.

FAQs

Q.	I’m logged on locally to the server. How do I access shadow copies?
A.	This feature requires the Common Internet File System (CIFS) file sharing protocol to work—even if you are working on a server that stores shadow copies locally. Therefore, to see previous versions, loop back: for example, from Start, Run, connect to \\localhost\c$. This will enable the client running on the server to access previous versions.
Q.	I know I’ve enabled shadow copies on my server, but from my client computer I don’t see previous versions of a file. Why?
A.	The client computer user interface (UI) shows only previous versions that are different from the current version. If your file hasn’t changed from the previous versions that are stored on the server, then the client UI will not show any previous versions.
Q.	I installed Windows Server 2003. To enable shadow copies, do I need to have a dedicated data volume?
A.	You can take shadow copies of any NTFS volume and store shadow copies on any NTFS volume. The volume you choose to take a snapshot of and the one used for storing the snapshot can be the same—this is actually the default configuration.
Q.	If I enable Shadow Copies for Shared Folders on my system volume, will it take a snapshot of everything? For example, if I install a service pack, will my DLLs (dynamic link libraries) have previous versions available?
A.	Although you can take shadow copies of any NTFS volumes and place the shadow copy storage on any NTFS volume, Shadow Copies for Shared Folders is not a backup or archival solution. Microsoft does not recommend that Shadow Copies for Shared Folders be used for DLL recovery.
Q.	What are the performance implications for using Shadow Copies for Shared Folders?
A.	Shadow copies use a copy-on-write mechanism to preserve the volume image at points in time. This incurs a runtime cost. For lightly loaded servers, both in terms of input and output bandwidth and disk space used, the cost of maintaining shadow copies should not be noticeable. If the server is lightly loaded overall, there should be no adverse performance effect due to excessively large individual files. For heavily loaded servers, you should dedicate a disk for shadow copy storage. This will eliminate extra disk head seeks caused by the copy-on-write algorithm. It is not possible to give precise metrics on the performance overhead of shadow copies, because performance is highly dependent on workload.
Q.	How does security work?
A.	There are two key points with shadow copies and security. First, access control lists (ACLs) are preserved in each shadow copy; these ACLs are used to control who is able to read files on the shadow copy. For example, if Fred has access to a set of files at 7:00 A.M., he will have access to those files on the 7:00 A.M. shadow copy. Likewise, if he does not have permission to read those files, he won’t have access to them on the shadow copy. However, when reverting a file to a shadow copy version, the ACL that already exists on the file is preserved.
Q.	Can I revert an entire volume to a shadow copy? For example, if a virus hits at 4 A.M., and my computer created a shadow copy at 2 A.M., can I revert my disk image to the way it was at 2 A.M.?
A.	Yes, with WS 2003 SP1 revert is possible except of the boot and system volumes. On clusters reverts of volumes on shared disks are blocked.
Q.	How do I administer shadow copies using scripts?
A.	Two command-line tools enable you to administer shadow copies using scripts. “Vssadmin” lets you create shadow copies and configure settings for the shadow copy storage area. “Schtasks” lets you create and configure scheduled tasks. Using these tools you can automate every administrative task involving shadow copies.
Q.	Why isn’t the Recycle Bin sufficient for reverting back to a previous version of a file?
A.	Ever since Windows 95, Windows has provided a way for customers to undelete files: the Recycle Bin. However, two factors limit the usefulness of the Recycle Bin for knowledge workers. First, it can only be used to recover files that have been deleted by an application that is Recycle-Bin-aware, such as Microsoft Explorer. The Recycle Bin cannot be used to recover files deleted at the command line, for example, nor can it be used to recover old versions of files that have been modified. Second, and most important for knowledge workers: the Recycle Bin does not work for files stored on network shares.
Q.	Can Shadow Copies for Shared Folders be used on a file allocation table (FAT) volume?
A.	No. Shadow Copies for Shared Folders is an NTFS feature.