Solved

Does Volume Shadow Copy need Admin Rights (Win7 onwards) ?

Posted on 2014-09-17
8
1,062 Views
Last Modified: 2014-09-29
Is it true that  Volume Shadow Copy needs Admin Rights (Win7 onwards).
Several of my customers have given Standard Rights to their users and I have a backup package to which I have just added VSS feature (VSCSC.exe).
Is there a way to perform shadow copy without daily UAC Prompts.
I have created Exe with 'Manifest' but then it prompts always at startup.
Ideally the Passwords should only be asked during Application Setup.

Regards
Allan
0
Comment
Question by:Allan_Fernandes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40328518
You can mess with UAC settings, but depending on how you call the VSS service, you don't need admin rights if you make some changes: You can add them to the backup operators and I believe they get the rights they need. Shadow Copies however should not be restricted to the users OWN files... but if they have to enable the service, and they are not admins, then they won't be able to use the VSS.

http://technet.microsoft.com/en-us/library/cc875808.aspx
Backup Permissions

Certain permissions and user rights are required to back up files and folders. As part of scheduling backups, you will be asked for information about who is running the backup. If you are a member of the Administrators or Backup Operators group on the local computer, you can back up any file and folder on the local computer to which the local group applies. Likewise, if you are a member of the Administrators or Backup Operators group on a domain controller, you can back up any file and folder locally on any computer in the domain with which you have a two-way trust relationship. However, if you are not a member of either the Administrator or Backup Operators group for the domain, and you want to back up files, then you must be the owner of the files and folders that you want to back up, or you must have one or more of the following permissions for the files and folders you want to back up: Read, Read & Execute, Modify, or Full Control.
-rich
0
 

Author Comment

by:Allan_Fernandes
ID: 40331970
I have started the Service yet I get below message for Standard User.

(Option: Create shadow copy set)
ERROR: COM call "CreateVssBackupComponents(&m_pVssObject)" failed.
- Returned HRESULT = 0x80070005
- Error text: Access is denied.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40333040
This error occurs when you try to start the service? It may not need to be running, but just make sure it is not disabled. Again you should be able to make copies of the files inside the User's profile and most folders that are owned or created by that same user. Other files/folders will be off limits. If that fails, perhaps move the User to the backup operators and see?
-rich
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:Allan_Fernandes
ID: 40334147
>> make sure it is not disabled.

When I load Services.msc and right click on any line 'Stop/Start/Pause/Resume/Restart' all are disabled. Does this mean the  standard user does not have access to any of the services ? This is in my personal PC Win 7. Is there a way I can enable the service ? Via Admin login all is fine.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40334327
Try this command in a CMD window
sc query vss
It should look something like this:
SERVICE_NAME: vss
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
STOPPED is OK, DISABLED is not OK. If it's disabled then no one should be able to take any snapshot's using the shadow copy service.
-rich
0
 

Author Comment

by:Allan_Fernandes
ID: 40336126
This is the output
 

SERVICE_NAME: vss
        TYPE               : 10  WIN32_OWN_PROCESS  
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 40336269
Good then that's the default. What is the command you are using to create a volume shadow copy?
Vssadmin create shadow /For=c:
Copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Users\rich\Documents c:\temp
Vssadmin delete shadows /shadow={Some-Random-Looking-Character-ID}

Open in new window

That should work, change the path's to your user's name, and the character ID to the one you created with the first command.
-rich
0
 

Author Comment

by:Allan_Fernandes
ID: 40338879
I use
VSCSC c:
or
VShadow c:

Vssadmin create shadow /For=c:

gives 'Error: Invalid command.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question