Re: Vista/7 Shadow Copy

[Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>]

Sam:
You are correct.  I also understood the question to be more likely focused
on clients However, the most efficient way to turn off VSS on a whole
bunch of machines is to do so administratively.  I just put in the caveat
about servers in case using group policy or some other global management
method was the plan for doing this on a larger scale because it matters at
what level you deploy the change so you don't affect things that do
matter.  You're right though I didn't explain it except to say be sure to
exclude servers.

D/C

Sam Stelfox <SStelfox () vtc vsc edu> writes:
> I could be wrong but the original question looks less like a question
> about servers and more about clients. I don't see any reason that this
> should be on for a normal workstation. Volume Shadow Copy is used to
> access files that are currently in use and have a lock (assuming that the
> program that is holding the lock supports VSS).
>
> If you are using a backup solution to backup your workstations, even with
> VSS disabled the backups should not fail. 
>
> I can't see any reason to keep it enabled on clients/workstations.
>
> On 05/24/2010 04:23 PM, Dexter Caldwell wrote: 
>
>   
> Agree. � A number of backup and other products use this service. � Even
> some enterprise storage mechanisms leverage it on systems for things like
> snapshots or system-state (Active Directory recovery) backups when you
> backup Domain Controllers. � It just depends what you have on the back
> end. � I'd just be careful about where it's disabled. � (Ex, be sure to
> exclude servers, for example) � It's not always obvious what dependencies
> exist. � Also apps like SQL Server, Exchange sometimes use this for
> various functions, here's an article that's not directly related, but
> includes buried in the article some information that describes things
> that can be impacted by the service's ability to run properly.
>
> [ http://support.microsoft.com/kb/826936
> ]http://support.microsoft.com/kb/826936
>
> D/C
> The EDUCAUSE Security Constituent Group Listserv <[
> mailto:SECURITY () LISTSERV EDUCAUSE EDU ]SECURITY () LISTSERV EDUCAUSE EDU>
> writes:
> On 5/21/10 3:25 PM, Flynn, Gary wrote:
> > What do you think of disabling Shadow Copy on computers not having full
> > disk encryption to prevent inadvertent storage of sensitive data? Our
> > support folks indicated they don’t use the feature for maintenance or
> > troubleshooting. Some of our Windows folks are worried that it might be
> > used as part of the backup process or to recover files from servers
> > (???). And it it nice to have around when pushing patches or changes
> > that have higher risk of failure (e.g. Service packs).
>
> At least one major enterprise backup application I'm aware of uses VSS
> and backups will fail should that be disabled. You'll have to test your
> client machines to see if your client backup process is similarly hobbled.
>
> -- 
> Best regards
> -- Cal Frye, Network Administrator, Oberlin College
> � � Mudd Library, x.56930 -- CIT will NEVER ask you for your password!
>
> � � [ http://www.calfrye.com ]www.calfrye.com, � [
> http://www.oberlin.edu/cit/ ]www.oberlin.edu/cit/
>
> "There are two types of power. Organized money and organized people." --
> Linda Jeffers.
>
>
>
>
>
> -- 
> Sam Stelfox
> Network Administrator
> Vermont Technical College