Re: Vista/7 Shadow Copy

[Sam Stelfox <SStelfox () VTC VSC EDU>]

I could be wrong but the original question looks less like a question
about servers and more about clients. I don't see any reason that this
should be on for a normal workstation. Volume Shadow Copy is used to
access files that are currently in use and have a lock (assuming that
the program that is holding the lock supports VSS).

If you are using a backup solution to backup your workstations, even
with VSS disabled the backups should not fail.

I can't see any reason to keep it enabled on clients/workstations.

On 05/24/2010 04:23 PM, Dexter Caldwell wrote:
> Agree.  A number of backup and other products use this service.  Even
> some enterprise storage mechanisms leverage it on systems for things
> like snapshots or system-state (Active Directory recovery) backups
> when you backup Domain Controllers.  It just depends what you have on
> the back end.  I'd just be careful about where it's disabled.  (Ex, be
> sure to exclude servers, for example)  It's not always obvious what
> dependencies exist.  Also apps like SQL Server, Exchange sometimes use
> this for various functions, here's an article that's not directly
> related, but includes buried in the article some information that
> describes things that can be impacted by the service's ability to run
> properly.
>
> http://support.microsoft.com/kb/826936
>
> D/C
> *The EDUCAUSE Security Constituent Group Listserv
> <SECURITY () LISTSERV EDUCAUSE EDU
> <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> writes:*
> On 5/21/10 3:25 PM, Flynn, Gary wrote:
> > What do you think of disabling Shadow Copy on computers not having full
> > disk encryption to prevent inadvertent storage of sensitive data? Our
> > support folks indicated they don’t use the feature for maintenance or
> > troubleshooting. Some of our Windows folks are worried that it might be
> > used as part of the backup process or to recover files from servers
> > (???). And it it nice to have around when pushing patches or changes
> > that have higher risk of failure (e.g. Service packs).
>
> At least one major enterprise backup application I'm aware of uses VSS
> and backups will fail should that be disabled. You'll have to test your
> client machines to see if your client backup process is similarly hobbled.
>
> --
> Best regards
> -- Cal Frye, Network Administrator, Oberlin College
>   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!
>
> www.calfrye.com <http://www.calfrye.com>, www.oberlin.edu/cit/
> <http://www.oberlin.edu/cit/>
>
> "There are two types of power. Organized money and organized people." --
> Linda Jeffers.

--
Sam Stelfox
Network Administrator
Vermont Technical College