Limiting Shadow Copies?

I am very uncomfortable having all my files with "previous versions" stored
all over my PC in backups. Can this me limited or turned off?

Best,
Scott Adams

> I am very uncomfortable having all my files with "previous versions" stored
> all over my PC in backups. Can this me limited or turned off?

They are not "all over [your] PC" but rather in the <driveletter>\System
Volume Information folder. No matter, do this:

1. Open Control Panel
2. Open System and Maintenance
3. Open System
4. Click System protection
5. Accept the elevation prompt
6. Uncheck the drives that you want to disable System Restore and Previous
Versions for.

Once you turn this off you lose both Previous Versions and System Restore.
For instance, if you turn it off on the C: drive and then install something
that completely horks your system you need to figure out how to manually
remove it. You cannot use System Restore to go back to a previous working
configuration.

Yup. Not a very satisfactory solution for many people, having to turn off
System Restore on a single drive system in order to get rid of the previous
versions feature. I hope, but in vain no doubt, for a revision of this that
separates the two features. For anyone who has solid backup procedures the
previous versions feature can be a liability. A side job of mine involves
helping a not-for-profit legal aid group handle some IT chores. These guys
don't want "previous versions" of deleted files hanging around to haunt them
on their notebook systems. Can't say I blame them. So I had to kill System
Restore, which could have been useful to them at times, in order to keep them
from suffering possible legal ramifications of supposedly deleted files. Not
that the way XP handles deletions would prevent someone with data recovery
software from retrieving old files, but there is a considerable difference in
exposure.

"Jesper" wrote:

> > I am very uncomfortable having all my files with "previous versions" stored
> > all over my PC in backups. Can this me limited or turned off?
>
> They are not "all over [your] PC" but rather in the <driveletter>\System
> Volume Information folder. No matter, do this:
>
> 1. Open Control Panel
> 2. Open System and Maintenance
> 3. Open System
> 4. Click System protection
> 5. Accept the elevation prompt
> 6. Uncheck the drives that you want to disable System Restore and Previous
> Versions for.
>
> Once you turn this off you lose both Previous Versions and System Restore.
> For instance, if you turn it off on the C: drive and then install something
> that completely horks your system you need to figure out how to manually
> remove it. You cannot use System Restore to go back to a previous working
> configuration.

In message <4E7B4334-AEEF-44CB-9499-19A594DC0FAE@microsoft.com> jimmuh
<jimmuh@discussions.microsoft.com> wrote:

>Not
>that the way XP handles deletions would prevent someone with data recovery
>software from retrieving old files, but there is a considerable difference in
>exposure.

In other words, a false sense of security is better then no sense of
security at all?
--
Insert something clever here.

No, in other words there is a concept called "due diligence" at work here. It
is impossible make any system perfectly secure. But there's a hell of a
difference between being able to do a casual inspection and retrieve previous
versions through a folder's properties dialog on a machine inadvertantly left
unattended for a few minutes and having to use forensics to get the same
data. The difference is recognized quite widely in court. And these guys are
-- well, lawyers.

"DevilsPGD" wrote:

> In message <4E7B4334-AEEF-44CB-9499-19A594DC0FAE@microsoft.com> jimmuh
> <jimmuh@discussions.microsoft.com> wrote:
>
> >Not
> >that the way XP handles deletions would prevent someone with data recovery
> >software from retrieving old files, but there is a considerable difference in
> >exposure.
>
> In other words, a false sense of security is better then no sense of
> security at all?
> --
> Insert something clever here.
>

In message <C4BFE233-461C-4CC7-8C18-34B88BBD2900@microsoft.com> jimmuh
<jimmuh@discussions.microsoft.com> wrote:

>No, in other words there is a concept called "due diligence" at work here. It
>is impossible make any system perfectly secure. But there's a hell of a
>difference between being able to do a casual inspection and retrieve previous
>versions through a folder's properties dialog on a machine inadvertantly left
>unattended for a few minutes and having to use forensics to get the same
>data. The difference is recognized quite widely in court. And these guys are
>-- well, lawyers.

Understood, to a point -- Recovering files from a "oops I deleted it by
accident" point of view is unreliable. Undeleting files from a "The
rest of a client's life or livelihood depends on these files being gone"
is trivially simple for someone with relatively few skills (and access
to Google to find a tool to do it)

I would hope my lawyer does more then the minimum required to qualify as
due diligence.

That being said, there are a few options...

The easiest would be a second logical drive (physical or partition)
which doesn't use Shadow copies. You could even mount that partition
into the user's Documents directory, or redirect their Documents to an
appropriate location.

Better yet would be solution using encryption, which would only require
you to destroy the keys to effectively remove access to the data.
--
Insert something clever here.

Thank you for the suggestions. I've considered using second drives /
partitions, removable drives, and encryption with keys kept on USB memory
devices. For various reasons having to do with the nature of donated
equipment (new, but limited in flexibility) none of them is quite suitable to
the particular purpose, though encryption comes closest.

This due diligence issue is one for protection of the lawyers more than the
protection of the clients, and it really isn't a matter of them being lazy.
There are circumstances where a lawyer and clients are operating under
extreme stress. If it's sufficient to be sure that the notebook is not left
unattended for more than a couple of minutes, then it's sufficient. It would
be hard to explain without a pretty thorough explanation of their working
methods. But it is extremely important to have the technology be as
unintrusive as possible. These are good guys giving their time for free to
take care of folks who have no other access to legal help of this particular
type.

"DevilsPGD" wrote:

> In message <C4BFE233-461C-4CC7-8C18-34B88BBD2900@microsoft.com> jimmuh
> <jimmuh@discussions.microsoft.com> wrote:
>
> >No, in other words there is a concept called "due diligence" at work here. It
> >is impossible make any system perfectly secure. But there's a hell of a
> >difference between being able to do a casual inspection and retrieve previous
> >versions through a folder's properties dialog on a machine inadvertantly left
> >unattended for a few minutes and having to use forensics to get the same
> >data. The difference is recognized quite widely in court. And these guys are
> >-- well, lawyers.
>
> Understood, to a point -- Recovering files from a "oops I deleted it by
> accident" point of view is unreliable. Undeleting files from a "The
> rest of a client's life or livelihood depends on these files being gone"
> is trivially simple for someone with relatively few skills (and access
> to Google to find a tool to do it)
>
> I would hope my lawyer does more then the minimum required to qualify as
> due diligence.
>
> That being said, there are a few options...
>
> The easiest would be a second logical drive (physical or partition)
> which doesn't use Shadow copies. You could even mount that partition
> into the user's Documents directory, or redirect their Documents to an
> appropriate location.
>
> Better yet would be solution using encryption, which would only require
> you to destroy the keys to effectively remove access to the data.
> --
> Insert something clever here.
>

Sounds like you're most worried about someone walking over to these laptops
and using them?

I'd suggest a 5-minute timeout on the screen saver, and training the users
to lock the machine (windows key+L) every time they step away from it. Even
something as simple as closing the laptop's lid so it goes into standby mode-
and then, requiring a password to come out of standby mode- may work. These
methods could be bothersome to use- but I'd rather be bothered then insecure.

Of course, the biggest issue is that these laptops are being left unattended
in the first place! Definately look into EFS, because EFS can prevent a
stolen laptop problem from turning into a worse problem- stolen data. Stolen
data is what winds up on the front page of newspapers!

Now if you could acquire a Windows 2003 Server (even by beefing up an old
server from an online auction), you could set up a D: drive for everyone's
documents (and nothing else). You could enable Shadow Copies on the D:
drive. Redirect their Documents folders onto the D: drive. Set up
Certificate Services on the server to centrally manage everyone's EFS keys
(instead of trusting USB sticks). Enable "offline files" for the mobile
users, and encrypt the offline files datastore with EFS. Finally, enforce
the screen saver password through Group Policy. I would think (but I'm not
sure so you'd have to test this!), in that case, that a mobile "disconnected"
laptop could not restore Previous Versions if the deleted files had been
associated with the server- this is because the server is storing all of the
previous versions from its own D: drive, and the laptop is just using the VSS
client.

"jimmuh" wrote:

> Thank you for the suggestions. I've considered using second drives /
> partitions, removable drives, and encryption with keys kept on USB memory
> devices. For various reasons having to do with the nature of donated
> equipment (new, but limited in flexibility) none of them is quite suitable to
> the particular purpose, though encryption comes closest.
>
> This due diligence issue is one for protection of the lawyers more than the
> protection of the clients, and it really isn't a matter of them being lazy.
> There are circumstances where a lawyer and clients are operating under
> extreme stress. If it's sufficient to be sure that the notebook is not left
> unattended for more than a couple of minutes, then it's sufficient. It would
> be hard to explain without a pretty thorough explanation of their working
> methods. But it is extremely important to have the technology be as
> unintrusive as possible. These are good guys giving their time for free to
> take care of folks who have no other access to legal help of this particular
> type.
>
> "DevilsPGD" wrote:
>
> > In message <C4BFE233-461C-4CC7-8C18-34B88BBD2900@microsoft.com> jimmuh
> > <jimmuh@discussions.microsoft.com> wrote:
> >
> > >No, in other words there is a concept called "due diligence" at work here. It
> > >is impossible make any system perfectly secure. But there's a hell of a
> > >difference between being able to do a casual inspection and retrieve previous
> > >versions through a folder's properties dialog on a machine inadvertantly left
> > >unattended for a few minutes and having to use forensics to get the same
> > >data. The difference is recognized quite widely in court. And these guys are
> > >-- well, lawyers.
> >
> > Understood, to a point -- Recovering files from a "oops I deleted it by
> > accident" point of view is unreliable. Undeleting files from a "The
> > rest of a client's life or livelihood depends on these files being gone"
> > is trivially simple for someone with relatively few skills (and access
> > to Google to find a tool to do it)
> >
> > I would hope my lawyer does more then the minimum required to qualify as
> > due diligence.
> >
> > That being said, there are a few options...
> >
> > The easiest would be a second logical drive (physical or partition)
> > which doesn't use Shadow copies. You could even mount that partition
> > into the user's Documents directory, or redirect their Documents to an
> > appropriate location.
> >
> > Better yet would be solution using encryption, which would only require
> > you to destroy the keys to effectively remove access to the data.
> > --
> > Insert something clever here.
> >

Again, the reason why none of the usual solutions that appeal to us as IT
people will work has to do with the niceties of human interaction. I'm not
looking for a solution here, because of this particular design feature. A
lawyer going over information on the notebook with a client gets a call or
goes to the door to talk with someone else and steps away from the notebook
for a moment. Let's just say that, under the particular social situation, it
just isn't acceptable for him to lock the system or take it with him. It just
isn't. That is their unanimous opinion, and I have to respect that. They have
to delete anything they don't want seen, and they accept that. What they
couldn't accept was that someone sitting at their computer could, within a
few seconds, retrieve files that they had deleted whilst preparing for the
meeting. It was deleted for a reason. So, unfortuately we have to do without
system restore because of the way system restore and the previous versions
features are intertwined in Vista.

This morning I checked and found some controls for Previous Versions
behavior under Administrative Templates | Windows Components | Windows
Explorer in the group policy editor. It looks as though that's going to do
this particular trick very nicely.

There's usually more than one way to skin a cat. So, Scott Adams, you might
take a looke there to see if those might be of use to you. They're just about
perfect for my particular circumstance, but may not be as well-suited for
your purposes. And, of course, you would have to be running Vista version(s)
that have the policy editor.

"Thomas H" wrote:

> Sounds like you're most worried about someone walking over to these laptops
> and using them?
>
> I'd suggest a 5-minute timeout on the screen saver, and training the users
> to lock the machine (windows key+L) every time they step away from it. Even
> something as simple as closing the laptop's lid so it goes into standby mode-
> and then, requiring a password to come out of standby mode- may work. These
> methods could be bothersome to use- but I'd rather be bothered then insecure.
>
> Of course, the biggest issue is that these laptops are being left unattended
> in the first place! Definately look into EFS, because EFS can prevent a
> stolen laptop problem from turning into a worse problem- stolen data. Stolen
> data is what winds up on the front page of newspapers!
>
> Now if you could acquire a Windows 2003 Server (even by beefing up an old
> server from an online auction), you could set up a D: drive for everyone's
> documents (and nothing else). You could enable Shadow Copies on the D:
> drive. Redirect their Documents folders onto the D: drive. Set up
> Certificate Services on the server to centrally manage everyone's EFS keys
> (instead of trusting USB sticks). Enable "offline files" for the mobile
> users, and encrypt the offline files datastore with EFS. Finally, enforce
> the screen saver password through Group Policy. I would think (but I'm not
> sure so you'd have to test this!), in that case, that a mobile "disconnected"
> laptop could not restore Previous Versions if the deleted files had been
> associated with the server- this is because the server is storing all of the
> previous versions from its own D: drive, and the laptop is just using the VSS
> client.
>
> "jimmuh" wrote:
>
> > Thank you for the suggestions. I've considered using second drives /
> > partitions, removable drives, and encryption with keys kept on USB memory
> > devices. For various reasons having to do with the nature of donated
> > equipment (new, but limited in flexibility) none of them is quite suitable to
> > the particular purpose, though encryption comes closest.
> >
> > This due diligence issue is one for protection of the lawyers more than the
> > protection of the clients, and it really isn't a matter of them being lazy.
> > There are circumstances where a lawyer and clients are operating under
> > extreme stress. If it's sufficient to be sure that the notebook is not left
> > unattended for more than a couple of minutes, then it's sufficient. It would
> > be hard to explain without a pretty thorough explanation of their working
> > methods. But it is extremely important to have the technology be as
> > unintrusive as possible. These are good guys giving their time for free to
> > take care of folks who have no other access to legal help of this particular
> > type.
> >
> > "DevilsPGD" wrote:
> >
> > > In message <C4BFE233-461C-4CC7-8C18-34B88BBD2900@microsoft.com> jimmuh
> > > <jimmuh@discussions.microsoft.com> wrote:
> > >
> > > >No, in other words there is a concept called "due diligence" at work here. It
> > > >is impossible make any system perfectly secure. But there's a hell of a
> > > >difference between being able to do a casual inspection and retrieve previous
> > > >versions through a folder's properties dialog on a machine inadvertantly left
> > > >unattended for a few minutes and having to use forensics to get the same
> > > >data. The difference is recognized quite widely in court. And these guys are
> > > >-- well, lawyers.
> > >
> > > Understood, to a point -- Recovering files from a "oops I deleted it by
> > > accident" point of view is unreliable. Undeleting files from a "The
> > > rest of a client's life or livelihood depends on these files being gone"
> > > is trivially simple for someone with relatively few skills (and access
> > > to Google to find a tool to do it)
> > >
> > > I would hope my lawyer does more then the minimum required to qualify as
> > > due diligence.
> > >
> > > That being said, there are a few options...
> > >
> > > The easiest would be a second logical drive (physical or partition)
> > > which doesn't use Shadow copies. You could even mount that partition
> > > into the user's Documents directory, or redirect their Documents to an
> > > appropriate location.
> > >
> > > Better yet would be solution using encryption, which would only require
> > > you to destroy the keys to effectively remove access to the data.
> > > --
> > > Insert something clever here.
> > >

Bottom line is: It's my data (and drive space) - let me decide how to manage
it.

I think linking previous versions to restore points is a bit "too helpful."
I will assume that MS does this for the ease of the customer, but for some
reaosn, I doubt there was an outcry from people who accidentally deleted
files, and emptied their trash, then decided they wish they had historical
copies of their documents from the past.

I am thinking it was designed to be helpful to forensic scientists who wish
to retrieve data from the PC of folks they assume are committing crimes. I
am fine with that, but I am not a criminal and want my files gone when I
delete them -- and my drive space scrubbed.

Either way, I will disable my system restore points - or limit the space
available to them so I don't have a long list of them available.

Thanks for the help!