this post was submitted on 15 Mar 2026
339 points (97.7% liked)
linuxmemes
30627 readers
1131 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
- Don't come looking for advice, this is not the right community.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. 🇬🇧 Language/язык/Sprache
- This is primarily an English-speaking community. 🇬🇧🇦🇺🇺🇸
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed.
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Real sys admins know this pain (rm suffers no fools) and accept the consequences of recovering from backups as pennance. No backups? Then you aren't really a sys admin then, are you?
Once I had to restore an entire organization from shadow copies because the IT director didn’t believe in off-site backups or using endpoint protection. The whole network got a ransomware that included the backups, but did not include the shadow copies on the main file server.
At least I got to help them build a disaster recovery procedure, and pick out a new EDR.
Are shadow copies like snapshots?
Yes, they are essentially file snapshots. Shadow copies in a Microsoft environment at least are basically file history without using file history. So when you modify a file when it's enabled, it makes a copy of the last version of the file.
But since it's not meant to be a actual backup solution, it's meant to be on a file-by-file basis. I think that means they had to go through and manual restore n a file by file basis
If I remember correctly, we were able to restore folders from the shadow copies. I certainly didn’t go file by file. I might have used a tool to do it. But as you pointed out, it’s not a proper backup so we had to do quite a bit of reconciliation to make sure we restored everything and document anything we couldn’t restore.
That sounds unpleasant. I’ve been through similar myself.
So it was long, manual, and painful. That sounds horrid.
Yeah, shadow copies on Windows servers are snapshots of files. They allow users to see previous versions of a file.
It’s not really intended as a backup solution on its own, but some backup software does use the volume shadow copy service (VSS) to perform backups on Windows servers.
I was basically restoring files from this prompt in Windows.
Thanx
And.. A new IT director.
Actually yes. The attack actually happened during the first week of the new director being there.
No, there is no indication that the old director had anything to do with it.
You're sys gamblin'
Next time I'm about to criticize the judgement of a video game boss for having an exposed weak point with a neon orange glow, I'll think about a sysadmin with no backups. Stupidity adds realism.
The best part is when you do something like
rm path/to/dir/*and after pressing enter you notice there is actually space before the*.And you realize that it’s taking a while to delete that small handful of files.
trash-cliis your friend.