Volume Shadow Copies (VSS or also known as Volume Snapshot Services) is the technology used to perform snapshot and backup of system files and user data files at a specific time at regular interval. The incremental backup or snapshot by Shadow Copy is then used by System Restore or Previous Versions feature in Windows to restore Windows to previous state or recover deleted or altered files and folders.
When enabled and running properly, Shadow Copy service will backup almost everything on the drives. And Shadow Copy, which commonly known as System Restore accessible by System Protection in Windows’ System Properties is turned on by default on system drive. Thus, various System Restore Points created will save copies system and user data files incrementally in Shadow Copy repositories.
The existence of backup copies of files and folders in another location in VSS repositories may bring several issues. Firstly, for users who don’t use Previous Versions or System Restore features, or those (users of Home Premium and Home Basic editions of Windows Vista and Windows 7) who can’t access shadow copies of user data files, keeping these files is wasting disk space. Secondly, Shadow Copies may potentially leak trace and record of sensitive and private files or documents.
The first issue can be solved by disabling the Shadow Copy (or commonly known as System Restore). And for users who just want to keep some private confidential data out of the reach of been monitored and backed up can exclude files from Shadow Copies. MSDN Library describes how to using registry key to exclude files from Shadow Copies by deleting the selected files from shadow copy during creation.
Using the FilesNotToSnapshot Registry Key to Exclude Files from Shadow Copy
Files can be deleted from a shadow copy during shadow copy creation by using the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot
This registry key has REG_MULTI_SZ (multi string) values for each application whose files can be excluded. The files are specified by fully qualified paths, which can contain the * wildcard. If a fully qualified cannot be specified, then a path can also be implied by using the $UserProfile$ or $AllVolumes$ variable. For example:
- UserProfile$\Directory\Subdirectory\FileName.*
- $AllVolumes$\TemporaryFiles\*.*
To make the path recursive, append ” /s” to the end. For example:
- $UserProfile$\Directory\Subdirectory\FileName.* /s
- $AllVolumes$\TemporaryFiles\*.* /s
In all cases, the entry is ignored if there are no files that match the path string. Note that the exclusion (or rather the deletion of the files from the Shadow Copy repository during creation by the shadow copy optimization writer) of the files been added to the appropriate registry key value, is on a best-effort basis.