As the title tells, I need a programmatic way to find out if a particular disk drive is subject to System Restore in Windows.
You may see this information in Control Panel/System/System protection tab.
I'm developing a security-related app for windows, and it is crucial that some of its internal files are present strictly in a single copy. I'd like to prevent this files from being inadvertently copied/backed up by windows. Or at least to warn the user of the ensuing security risk.
I know of the
HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup but it doesn't solve the problem because it is used only at the restore phase, and the file contents is still present in the backup storage.
There is also HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore, but it doesn't contain information about subject disks, at least I don't see it.
Any clues are greatly appreciated.
System restore is managed by the Volume Shadow Copy api.
You need to call the QueryVolumesSupportedForDiffAreas method and inside the returned IVssEnumMgmtObject will be a VSS_DIFF_VOLUME_PROP structure which will tell you if any storage area is reserved in the m_llVolumeTotalSpace parameter.
Alternatively you could parse the output of the
vssadmin list shadowstoragecommand , or its equivalent in Powershell/WMI by exploring theGet-CimClass -ClassName *shadowcommand. These commands correspond to wmiobjects and the wmi api which may be easier to use and more accessible depending on your background and programming environment.Also consider using the
FilesNotToSnapshotinstead ofFilesNotToBackup. It is the one used for VSS/System Restore. You should read this document on its usage and also an api that lets you exclude files, and take note particularly about the cases where it might not work as you intend.