Hello Folks,
While doing some experiments with volsnap on a windows 2k8 R2 machine I made
the following observations:
- Using disk shadow I took a persistant snapshot of the system volume and
mounted it. - And then did a file by file compare of the snapshots contents with the
live system volume (I know this is a bad idea, but please bear with me)
On doing so, I find the following:
- there are some files in the snapshot which are not at all present in the
live volume. - There are some files in the live volume which are not in the snapshot.
- Some file sizes don’t match at all.
Point to be noted is all the above three are in windows\system32 folder. The
files in question are legitimate files like dlls and exes amongst others. I
googled some of the file names and they all are part of windows OS.
I did this experiment by enabling as well as disabling vss writers, but he
result is the same.
Please note, nothing is running on the live os except disk shadow and the
things that usually run, no win update, no sql, or any other apps.
I can perhaps try and explain missing files in live volume case by hoping
that some vss writer needed those extra dlls and extracted them on the fly
from a cab, but it is just shooting in the dark. I have no idea about the
other two cases.
Can some vss expert help me with an explanation.