Bad Default Disk Management in Windows Server Backup

Avatar photo
Anthony Lewis

Windows Server Backup (WSB) is a pretty good backup solution for Windows Servers. It has the advantage that it is built to take advantage of all of Windows’ features. On the up side this means WSB can sensibly back up all information managed by Microsoft software. However in Server 2008 and newer WSB has a default setting that will cause it to eventually break if you chose the back up “System State”. The low down is that “System State” backups are not part of the file system backup but stored as Volume Shadow Copy snapshots in the back up disk’s hidden System Information directory. Which is fine… not how I would have designed it… except that by default WSB configures the disk to have no shadow storage limit. [Unbounded.png] Still fine except that WSB relies on Volume Shadow Copy to purge old System State backups when the shadow storage limit is reached. Together, this means that eventually the  disk will fill with System State backups and the file system backup will be unable to trim the file backup to be small enough to fit a single recovery point on the disk and then fail complaining that the disk is full. So what can you the end user do? Well we can impose a limit on the volume shadow storage on each backup disk.

For the examples I am using a Windows 2008R2 Server. Windows Server Backup is configured to use a 1.5TB external hard drive.

At an elevated (run as administrator) command prompt,RunAsAdministrator
we can run:

> wmic volume list brief


to get a list of the disks (volumes) connected to the machine including the GUID. Locate you backup disk(s) in the list and copy the GUID, in our example it is 1a0e435d-0874-11e4-a065-18a905ebc978. Next, still at the elevated command prompt you need to run:

> vssadmin resize shadowstorage /for=\\?\Volume{GUID} /on=\\?\Volume{GUID} /maxsize=###GB

for each disk used to store backups, where the GUID is replaced by the GUID for the disk and ### is a reasonable number. For instance if you have 500GB backup disks and your file set is 200GB you might choose 100. This means that VSS will have 100GB of the disk or 20% and file backups will have 400GB or 80%. This leaves room for your backup file set size to grow while giving VSS room to copy the system state a couple of times. As our example disk is 1.5TB and our file set is small I am going to use 750GB or roughly 50% of the disk. Thus I’m going to use:

> vssadmin resize shadowstorage /for=\\?\Volume{1a0e435d-0874-11e4-a065-18a905ebc978} /on=\\?\Volume{1a0e435d-0874-11e4-a065-18a905ebc978} /maxsize=750GB


I have seen shadow sizes of about 11GB on a production domain controller, so leaving at least 100GB gives room for a few System State backups though your server may be different. Pro Tip: If you connect the backup drive to a Mac you can use du at the command line or DaisyDisk to see the size of the System State backups. Anyways the above command will take a bit to run and cleanup will happen next time Volume Shadow Copy looks at the disk such as during the next backup but you can check, still at the elevated command prompt, that the command worked using:

> vssadmin list shadowstorage


New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Customer Success Story: Noble Biomaterials

 Airiam Supporting Innovation When most people think of silver, they don’t think of clothes. Noble Biomaterials found this void in the market and focused on selling silver fiber technology for its antimicrobial and conductive properties. Exempt from pa
Vivian Lee
>>Read More

Strong Passwords Are Strong Defense Against Cybercrime

You may have seen the game show Password, where one partner gives clues and the other guesses the secret word. With the right hints, it’s easy for the guesser to get the password right. The same holds for cybercriminals trying to hack into your network
Avatar photo
Ryan Palermo
>>Read More

How Often Should You Pentest?

  How Often Should You Pentest? Penetration testing is important because it allows organizations to simulate real-world attacks on their systems and networks in order to identify vulnerabilities and weaknesses.  By conducting these tests, companie
Avatar photo
Art Ocain
>>Read More