About VSSAdmin.exe:

Windows uses VSSAdmin.exe to create shadow copy backups for the drives which have shared folders enabled. At the same time, Encryption viruses use the same vssadmin.exe file to delete the existing Shadow Copy backups from the system after encrypting all your data files. Hence, it puts us into a situation where we cannot restore the files from Shadow copy.

Creating Shadow Copy Backup via PowerShell:

In order to create the Shadow copy backups manually after renaming the VSSAdmin.exe file, follow the step-by-step procedure.

  1. First of all, identify the drives for the Shares that you want to backup via ShadowCopy. (Ex. C:, D:, E:, etc.)
  2. We’ll need an account to run the scheduled task that we are creating in the next step. Its is best to create a new user to perform the task like “Backup User”. This ensures that when the regular admin password is changed, the Shadow Copy Backup procedure is not affected. You also need to make sure that the password of this user doesn’t expire. Don’t forget to create this user with Local Admin / Domain Admin Rights depending on the environment.
  3. Open Task Scheduler and Create a new Task.

shadowcopy1

  1. Create a New Task from the right-hand side pane.

shadowcopy2

 

 

 

 

 

 

  1. In the Create Task Window under the General Tab, specify the following details.

a) Name of the Task.

b) Select “Run whether user is logged on or not”

c) Select “Run with highest privileges”

shadowcopy3

 

 

 

 

 

 

 

  1. Go to next Tab – Triggers, click on New and define a schedule to it to run. I would choose to run it at 6 AM and 12 PM, daily. You’ll eventually create two triggers for it to run at the specified time.

shadowcopy4

 

 

 

 

 

 

 

 

  1. Now move on to the Next Tab “Actions” and create a new Trigger. Again, you’ll define the triggers for each drive individually.
    1. Under Program/Script, type: PowerShell.exe
    2. Under Additional arguments, type: (gwmi -list win32_shadowcopy).Create(‘c:\’,’ClientAccessible’)
    3. Click on OK.
    4. You’ll repeat the steps for each additional drive replacing the C:\ to other drive letters for which you are taking the VSS Backup.

shadowcopy5

 

 

 

 

 

 

 

 

  1. Now, moving to Conditions Tab, we’ll leave the settings to default, unless you have any specific settings to define.

shadowcopy6

 

 

 

 

 

 

 

  1. Moving to Settings Tab, I’ve enabled the task to run if it’s missed on the last schedule.

shadowcopy7

 

 

 

 

 

 

 

  1. Once you hit ok, it will prompt you for the credentials. Enter the credentials for the user that you created in Step – 2. It will now use this user account to authenticate the task and run it in the background.
  2. Now that the task is created, you can try to run it manually by right clicking it and choose to Run.
  3. Open Windows Explorer, right click on the drive for which you just configured the Shadow Copies, and choose “Configure Shadow Copy“. Verify that it has successfully created a new Shadow Copy version for this drive.
The following two tabs change content below.
Passionate for Latest Gadgets, a Computer geek by Hobby, and luckily Profession too. Started my career in 2005 with IBM, worked with Microsoft later. Back in 2009, started Pledge Technologies (www.pledgetechnologies.com) (parent company to Grishbi). We, at Pledge Technologies, provide IT Consulting to SMBs across US & UK. Specialized in Microsoft Technologies like AD, Exchange, etc., and lot of experience of Office 365 Migration for various clients. Grishbi is a platform where we express what we learned today, and share it with world.
%d bloggers like this: