I'm having a lot of trouble understanding on what conditions a user will be able to restore files from a ShadowCopy.
Here is a brief description of the context of the issue:
Windows Server 2012 R2 as a fileshare server.
Volume Shadow copy activated on the local drive hosting the files
Very disparate ACLs over hundreds of files. Constantly evolving ACLs.
Files are accessible through a DFS share to the end users.
Admin accounts are in the Domain Admins group in the AD.
From time to time, as admins, we have to restore files using shadow copies. More often than not, admins are not able to see any available shadow copies (even though they technically have access to that folder as Domain Admins) through the explorer UI when connected to that server. It seems logical that Shadow Copies for a folder are only available if you have access to that folder.
By default most folders do have "Domain Administrators" in their access list. But the admin is nominatively added to the ACL only when he visits the folders in the explorer and after an UAC prompt for admins rights. Then, when the admin is nominatively added to the ACL, he can see newer Shadow copies from that moment on. But apparently not older snapshots that were created before that. It's as if the Domain Administrator group is not taken in account when it comes to determining if shadow copies should show up for Admin-A account.
Obviously, when connected as the built-in local Administrator account, we can see much more history of shadow copies over most folders.
Is there an easy and reliable way to access ALL shadow copies as an Administrator ? As I understand it, being a domain administrator I should be able to see the full history of shadow copies for a folder only as long as the Domain Administrator group had full access to that folder in its ACL.
I have seen methods where you could manually mount shadow copies but it seems a bit counter productive.
Also, if there is any documentation on how permissions to see/restore ShadowCopies are handled, I would be more than happy to delve into them.
Thanks for any help !
