Bad Default Disk Management in Windows Server Backup

Avatar photo
Anthony Lewis

Windows Server Backup (WSB) is a pretty good backup solution for Windows Servers. It has the advantage that it is built to take advantage of all of Windows’ features. On the up side this means WSB can sensibly back up all information managed by Microsoft software. However in Server 2008 and newer WSB has a default setting that will cause it to eventually break if you chose the back up “System State”. The low down is that “System State” backups are not part of the file system backup but stored as Volume Shadow Copy snapshots in the back up disk’s hidden System Information directory. Which is fine… not how I would have designed it… except that by default WSB configures the disk to have no shadow storage limit. [Unbounded.png] Still fine except that WSB relies on Volume Shadow Copy to purge old System State backups when the shadow storage limit is reached. Together, this means that eventually the  disk will fill with System State backups and the file system backup will be unable to trim the file backup to be small enough to fit a single recovery point on the disk and then fail complaining that the disk is full. So what can you the end user do? Well we can impose a limit on the volume shadow storage on each backup disk.

For the examples I am using a Windows 2008R2 Server. Windows Server Backup is configured to use a 1.5TB external hard drive.

At an elevated (run as administrator) command prompt,RunAsAdministrator
we can run:

> wmic volume list brief


to get a list of the disks (volumes) connected to the machine including the GUID. Locate you backup disk(s) in the list and copy the GUID, in our example it is 1a0e435d-0874-11e4-a065-18a905ebc978. Next, still at the elevated command prompt you need to run:

> vssadmin resize shadowstorage /for=\\?\Volume{GUID} /on=\\?\Volume{GUID} /maxsize=###GB

for each disk used to store backups, where the GUID is replaced by the GUID for the disk and ### is a reasonable number. For instance if you have 500GB backup disks and your file set is 200GB you might choose 100. This means that VSS will have 100GB of the disk or 20% and file backups will have 400GB or 80%. This leaves room for your backup file set size to grow while giving VSS room to copy the system state a couple of times. As our example disk is 1.5TB and our file set is small I am going to use 750GB or roughly 50% of the disk. Thus I’m going to use:

> vssadmin resize shadowstorage /for=\\?\Volume{1a0e435d-0874-11e4-a065-18a905ebc978} /on=\\?\Volume{1a0e435d-0874-11e4-a065-18a905ebc978} /maxsize=750GB


I have seen shadow sizes of about 11GB on a production domain controller, so leaving at least 100GB gives room for a few System State backups though your server may be different. Pro Tip: If you connect the backup drive to a Mac you can use du at the command line or DaisyDisk to see the size of the System State backups. Anyways the above command will take a bit to run and cleanup will happen next time Volume Shadow Copy looks at the disk such as during the next backup but you can check, still at the elevated command prompt, that the command worked using:

> vssadmin list shadowstorage


New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Price Vs Good IT

How Much Does Bad IT Cost? You are the decision maker. Whether deploying a new server, upgrading your switches, migrating to Office 365, or virtualizing your datacenter with VMware and Veeam, you may see the price tag and instantly balk. $10,000? $75,0
Avatar photo
Anthony Lewis
>>Read More

FTC Compliance: The Gramm-Leach-Bliley Revision

Amended Safeguards Rule from FTC On December 9th, 2021, the Federal Trade Commission (FTC) amended the Safeguards Rule, the 1999 Gramm-Leach-Bliley Act, to put more meat on the bones of the previous rule. In this revision, the FTC has made the Safeguar
Avatar photo
Art Ocain
>>Read More

Internal Penetration Testing and Small Businesses

Internal Penetration Testing What is Internal Penetration Testing? You may be thinking, “What even is an internal penetration test?” There is just something wrong about the phrase when you say it. The way it rolls off the tongue is just odd. Internal p
Avatar photo
Andy Gritzer
>>Read More