We have a customer where the “accidental” deletes and file moves got so out of hand, that I decided to enable the shadow copy service on the file server. Restoring files every two weeks is not fun.
So, let’s set it up.
Setup Shadow Copy
For this example, I deployed a Windows Server 2022 Eval with a 5GB partition for the “Share”. Let us begin, by enabling “Shadow Copy”.
Right-click on the C: partition and select “Configure Shadow Copies”
In the new window, select the partition you want to set a Shadow Copy for. E: in my case (1). Next, click on “Settings…” (2) and set the maximum size, the system is allowed to use for shadow copies (3). The default is 10% of your space.
After this, click on “Schedule…” (4) and set the time and day you want the system to create copies. Defaults are at 7am and 12pm every day, except at the weekends.
Confirm your settings with “OK”, this should enable Shadow Copy for the E: partition.
Create a Shadow Copy
I created a few files to test the Shadow Copy under the E: partition.
If you go back into the Shadow Copy configuration window, you can manually create a snapshot. Let’s do this to test things.
Select the partition and click on “Create Now” (1). I will create a few copies to demonstrate.
Next, I will delete one of the files and check the copy.
Right-click on the white space within the folder (you could also select the folder the file was in) and select “Properties” (1). Click on the tab “Previous Versions” (2), select the version you want to restore (3), and click “Open”.
(Clicking on “Restore” would restore the whole folder. I will show you how to disable this later)
A new Windows Explorer should open, with the time and date of the copy in the address bar. From here you can restore files and folders by copying them back to their original location.
Disabling the “Restore” Button via GPO
I mentioned it earlier, but did you notice the “Restore” button in the “Previous Versions” tab? This allows the user to restore the whole folder with one click. Great feature, to completely destroy the work of other people on the same folder or subfolder.
Yeah… I don’t like it. Let’s disable it.
Create a new policy and edit it.
Navigate to “Computer Configuration – Policies – Administrative Templates – Windows Components – File Explorer – Previous Versions” and enable “Prevent restoring remote previous versions”.
You could also add “Prevent restoring local previous versions” if you want to disable it locally as well. I will set it for this example, otherwise, the demonstration won’t work.
Assign the policy to the desired OU. I will set it to the Domain Controllers in this example.
Open the Command Line and enter “gpupdate /force” to load the new policy.
Now. If you try to restore a file again, you will see that the “Restore” button is greyed out.
This should hopefully prevent other “accidents”.
I do like this feature, I must say. It’s very easy to set up and works quite well.
It also makes my job a lot easier.
Till next time.