Controlling System Restore Behavior with respect to file location

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I know that you can turn System Restore on / off on any given drive. What
I'd like to know is whether or not specific locations on specific drives can
be turned off so that the Shadow Copy feature stops keeping Previous Versions
for those locations.

The Previous Versions feature is a nice one. A lot of people apparently
thought that such a feature was implicit in the Windows XP version of System
Restore and learned, often to their chagrin, that it wasn't so. Nonetheless,
I consider it a privacy and security issue that there appears to be no way,
other than group policy (perhaps), to control just where Vista does its
shadow copying.

For example, I received e-mail from a colleague (whose system, it turns out,
had been compromised). This e-mail contained a couple of image attachments
which I saved to the Downloads directory under my user own account. When I
viewed the images what I found was a pair of images my friend had certainly
not intended to send to me. Nor, I suspect, had she ever even viewed them,
much less deliberately saved them to her hard drive. I deleted the images.

Flash forward a day. I accidentally delete my Downloads folder. (Hey, I was
tired and under the weather.) I resort to Previous Versions to pick the most
recent version of the folder so that it would have all of the correct
properties. To my admittedly ingenuous surprise, there were the two porno
images again!

So, let's say that a user starts writing a nastygram to a client / customer
/ boss / whatever and then thinks better of it and deletes the file(s)
involved. Or figure on some other similar scenario where you decide that
there is a file or files that you really wish to remove PERMANENTLY from your
system. As it turns out, anyone with access to your profile can peruse the
Previous Versions tab on the Properties dialog for a given folder and, if the
shadow copy system chose to make a copy at an inoppotune (for you) time,
there's the stuff you didn't want anyone else to see.

Is there a way to prevent this from happening -- short of turning off System
Restore altogether? This has the potential, I think, for causing the sorts of
issues that happened (and still probably happen) in Office before the Remove
Hidden Data Tool was made available.

Anyone have a bead on this? If so, please tell me where to aim.
 
Thanks for that information, Jill.

I thinkg that I had already indicated in my initial post that I was aware
that I could use a Group Policy to deal with this. But that's like throwing
the baby out with the bath water. I mean, really, does it make sense to have
to disable the operating system's first line means of recovering from serious
system problems? (That's a question for Microsoft, not for you, Jill.)

EFS on Vista Business? Well, sure, but then the recovery agents (the admins,
the same people about whom I was worried before) on the system or domain can
still get to the data.

I'm one of those sysadmins who thinks that at least some of a client's data
belongs only to her/him. If this system chooses an inopportune moment to
perform a shadow copy, that client can't count on the mental scratch pad or
whatever actually being gone. I've had to jump through some hoops on all
operating systems to be sure that erasures were secure enough to please the
legal types with whom I deal. I'm not going to tell them that even a secure
file erasure isn't going to protect them. I can't give them sole admin access
to these systems to protect their confidentiality because they would be
hapless at dealing with anything. It's beginning to look as though, in order
to use Vista, we'll be stuck with a procedural / physical security workaround
that will be onerous at best. They'll be taking hard drives home in their
briefcases, or we'll each have half of the password so that the system (which
can't be joined to a domain) can be accessed as an admin only with the lawyer
AND the admin present, or something else along those lines.

I hope Microsoft will make information on registry editing or custom policy
development to make it possible for us to get around this issue. My guess is
that I'm not the Lone Ranger on this one, even though my situation is
possibly a bit more extreme than most. I cannot, for the life of me, imagine
why Microsoft wouldn't make it possible to simply exclude the data files from
shadow copying. It's a function they ADDED to System Restore. Why not let the
user decide whether or not s/he really wants to use it. Many of us are
actually capable of taking care of our data. (No one on my domain has ever
lost more than a few minutes' worth of data when it wasn't definitively
her/his fault. Ever.)

But, again, thank you very much for your link to the blog. It is
informative. But it's just not the information I happen to need in this case.
And, nice blog, BTW.

Best regards,
Jim
 
Unlike in System Restore in XP, System Restore in Windows Vista uses the
Volume Shadow Copy Service (VSS). VSS uses a low level driver to keep
differential copies of changed blocks in your system. Because it interacts
with the system below the file system level, it would be very costly
(primarily performance-wise) to allow ad-hoc file and folder exclusions from
it. If the registry capability were to be added, it would work on a best
effort basis, not guaranteed.

I have passed your feedback on to the team for consideration.
 
Thanks, Jill, for a solid, succinct explanation. I tried to respond a little
bit ago but (apparently) got disconnected or otherwise defeated in making the
post.

I do appreciate your point. But the feature set, as it stands, presents some
obstacles to our use of the OS. As always, in anything this complex, there
must be trade-offs. Forcing data writes to non-shadowed (is that a word?)
drives or using removeable drives is one way around the issue, but will cost
in terms of outlay for new hardware and maybe by requiring acceptance of
design compromises which we wouldn't otherwise have to face. We could develop
procedures that depend upon hardware or dual passwords, like allowing admin
logins only in the presence of two keys (one held by the client and one by
the admin). We could use third party encryption to which only the client
would have the keys.

You have been very helpful. Can you think of any other avenues I could
explore, given the constraints under which I have to operate?

Thanks,
Jim
 
We don't currently have any documented avenues just yet, other than the
suggestions to use EFS or Bitlocker. I think this a good topic for community
discussion as people find creative ways to ensure their files can't be
restored. It will be interesting to see how the product team addresses this
issue moving forward.
--
This posting is provided "AS IS" with no warranties, and confers no rights.

Want to learn more about Windows file and storage technologies? Visit our
team blog at http://blogs.technet.com/filecab/default.aspx.
 
Okay, thanks for your help, Jill. I'll be hanging out around here, and I'll
turn what few gray cells I have to the problem to see if I can come up with
something useful -- as I hope others will do.

Regards,
Jim
 
The way I handle this is by moving/saving all personal files and downloads
to a partition other that the system partition. My decision is that only the
O/S and the programs that I consider to be integral to the operating system
belong on the system Partition. All of my personal files and folders have
been moved to partition D:.

Minor programs/utilities are also installed to D:\Programs Files and not
kept on the system partition, as a great many of these small programs are
contained 100% in their own folder. They survive a reinstall of the
operating system just fine.

Downloads are saved to partition E:, music to partition F:, Videos to
partition G: and so forth.

I then turn off system restore on all partitions and drives I have no reason
to monitor. This has worked for me for 6 years now.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
Back
Top