Shadow Copy Windows 10 All You Need to Know

Windows 10 Volume Shadow Copy can help you recover lost files or system while free backup software can protect your computer continuously. Learn more and follow the stepwise guide below.

Delia

By Delia Updated on December 8, 2022

Share this: instagram reddit

Content of this article:

What is Volume Shadow Copy in Windows 10

Volume Shadow Copy is a feature available in Windows 10/8/7 that creates snapshots (shadow copies) of disk volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copy service. By using it, you can create or store shadow copies on a local disk, external hard drive, or network drive.

Shadow Copy requires NTFS file system to create and save shadow copies. So only NTFS volumes can be protected when you enable Shadow Copy technology in Windows Backup and Restore. The same is true for System Restore and File History.

You probably have more shadow copies than you know. Every time a system restore point is created, you will have a valid shadow copy. When your Windows 10 system does not work as it should, you can use system restore point to restore Windows 10 to previous version.

As mentioned, Shadow Copy maintains snapshots of the entire volumes, so you can also use shadow copies to recover deleted files besides restoring system. By default, System Protection is turned on for system drive (C: drive). You can manually enable volume shadow copy to protect other volumes besides C: drive.

Shadow  Copies

How to restore lost files using Windows 10 shadow copy

If you have shadow copies available on the drive where you lost files, then you can easily use the Previous Versions to restore deleted files. If you don't create any shadow copy, you can choose to enable volume shadow copy in Windows 10 first. 

For example, to restore some files that were saved on Desktop, you can try the following steps:

1. Locate the Desktop folder in File Explorer.

2. Right-click on the Desktop folder and select Properties.

3. Navigate to Previous Versions tab, and then select the right version you want to restore and select Restore.

Windows 10 Shadow Copy Restore Deleted Files

Notes:
If you cannot find the folder containing the lost files, you can find its parent folder and then restore it to the previous version.
If you forget where the deleted files located, then you can download the free tool Shadow Explorer to help you find many shadow copies in a very convenient way.

Shadow Copy Explorer

How to delete shadow copies in Windows 10

By default, Windows 10 allows you to take 5% of the volume space to store shadow copies and it will be deleted if the Volume Shadow Copy in Windows 10 has a high disk usage. Also, you can choose to manually delete it, either delete all shadow copies or delete all but the latest one. Please follow the steps below.

To delete all shadow copies:

1. Right click on This PC, then select Properties and System Protection. Or you can directly go to Control Panel > System and Security > System, then tap on System Protection in the System Properties window.

2. Click Configure.

Configure

3. In a new pop-up window, click Delete to delete all shadow copies.

It is recommended to delete all but the most recent shadow copies. To only save the most recent shadow copy, you can use the built-in utility Disk Cleanup. 

Besides, you still can delete shadow copy in Windows 10 using cmd, vssadmin delete shadows, for example. For detailed steps, please refer to: delete shadow copies in Windows 10 (4 solutions are included).

Shadow Copy Windows 10 not working

As mentioned earlier, shadow copy is used for creating snapshots in Windows 10, but sometimes it may not work.

1. Shadow copies may not be created regularly by the default settings.

2. Shadow copies may not correctly keep all the changes.

3.  Shadow copies went because the volume stores shadow copies crash 

4. Your valuable shadow copies may be deleted due to the Volume Shadow Copy Windows 10 high disk usage issue. 

5. Backup failed if you turn off Volume Shadow Copy Service.

6. It does not support schedule shadow copy in Windows 10 like previous version of Windows, Windows 7, for example.

Well then, is there any available way to protect your computer and data on it? The answer is Yes, you can choose to create a backup with free backup software AOMEI Backupper Standard, instead of a snapshot, which does not completely rely on the Volume Shadow Copy Service. And it's an all-in-one backup software for Windows 10/8/7 that can continuously protect your computer in all aspects.

Simple and effective way to protect your computer

Here you will use free backup software - AOMEI Backupper Standard to safeguard your computer completely, below are the benefits of it.

  • Support 4 backup solutions, including System Backup, Disk Backup, Partition Backup and File Backup. The previous two options will include system and boot partition(s) required to start Windows. Also, you can backup specific partition or any files and folders.
  • Support multiple scheduled backup settings.  It allows you to create a backup regularly based on daily, weekly, monthly and different backup methods, such as, full backup, incremental backups, etc. 
  • Provides two backup services, namely, Microsoft VSS and AOMEI Backup Service. It will use Microsoft VSS by default. But if this service not working, it will use AOMEI Backup Service to perform backup continuously. This greatly reduce the risk of backup failed due to Microsoft VSS service.
  • Supports various backup destinations, such as internal disk, external hard drive, network drive, cloud drive, NAS, etc. 
  • Support Windows 10/8/7/XP/Vista.

In addition, you can enjoy more useful features in the advanced version of AOMEI Backupper Standard, such as,AOMEI Backupper Professional. It provides you an worry-free backup method to schedule backup only changes, it's the differential backup. Also, you can delete old backups with Backup Scheme to avoid high disk usage issue.

Then, download free backup software AOMEI Backupper Standard and create an auto backup task with it. 

Download Freeware Win 10/8.1/8/7/XP
Secure Download

1. In the main interface of AOMEI Backupper Standard, click the Backup tab and select System Backup. If you want to backup the entire hard drive, just select Disk Backup.

System Backup

2. In the System Backup screen, you can see system-related partitions have been included automatically. Just click the folder shapped button and choose a location folder or drive to store the backup image. It is recommended to backup Windows 10 to an external hard drive.

Backup Location

3. Then click Schedule  and OK to enable the default backup settings, it's daily incremental backup. Also, you can combine other backup interval and differential backup per your needs.  After that, click Start Backup to start the process.

Please be sure all the backups are intact if you use the default backup settings, otherwise the restore process will fail.  To avoid this issue, you can choose to use differential backup(supported by professional version). 

Schedule Settings

Other features you can use:

  • Event triggers (advanced version): It allows you to backup at specific event, such as, systemstartup, system shutdown, etc. 
  • USB Plug in (advanced version): It allows you to backup files to or from USB automatically when it's detected, even without opening this software.

Compared with Windows Backup and Restore, AOMEI Backupper is super fast. It took me 4 minutes to backup 70GB of data on a SATA SSD. If you use NVME SSD, it will be even faster.

When the backup completes, you can create a bootable media in case serious issues. It gives you a chance to boot your PC from the AOMEI bootable media and restore system image to new hard drive when your system fails to boot.

Further reading: Windows elevation of privilege vulnerability

On Jul 20, 2021, Microsoft released a privilege vulnerability issue, it's said that the reason is overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database.

And any attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges, then install programs, view, change, or delete data or create new accounts with full user rights. And this requires the attacker has the ability to execute code on a victim system.

And Microsoft promises to update the CVE as the investigation progresses. They added the affected versions of Windows in the Security Updates tab and provides 2 available methods to fix this issue. Below are the outline of them:

Step 1. Check if your computer is affected.  Open cmd as administrator, Type icacls c:\windows\system32\config\sam and hit Enter.  If you get a response like BUILTIN\Users:(I)(RX), it means unprivileged users can read the SAM file and your system may be attacked. 

Check SAM File

Step 2. Then, if your computer is affected, check if there are any shadow copies on your computer. Type vssadmin list shadows and hit Enter.

Step 3. Block unprivileged users from accessing to sensitive registry files. You can use cmd or powershell. 

  • For command prompt, type icacls %windir%\system32\config\*.* /inheritance:e command and hit Enter
  • For powersell, open it with priority, type icacls $env:windir\system32\config\*.* /inheritance:e command and hit Enter.

Step 4. If your computer has shadow copies, type vssadmin delete shadows /for=C: /quiet command and hit Enter.

Note: If there are any other partitions or volumes, please repeat this command and replace C: with other drive letters, D:, E:,for example.

Step 5. Check if there are still copyies left. Type vssadmin list shadows command and hit Enter. If all of them are deleted, you will get response "No items found that satisfy the query" from command prompt.

Step 6. Restart your computer and create a system restor point in the System Properties window.

After these changes are made, the newly created shadow copies should have some read-write permissions, so the unprivileged users cannot access essential system files on yours computer. Also, you can check if your computer is affected again using icacls command.

Delia
Delia · Editor
Delia owns extensive experience in writing technology-related blog posts, and has been a part of AOMEI since 2020 to provide expertise in data security and disaster recovery. She works with Windows operating systems, SQL databases, and virtualization platforms such as VMware and Hyper-V, specializing in troubleshooting and advising on data protection and migration.