Creating a shadow copy using the "Backup" context in a PowerShell - powershell

I am in the process of writing a PowerShell script for backing up a Windows computer using rsync. To this end, I am attempting to use WMI from said script to create a non-persistent Shadow copy with writer participation (as is apparently recommended for backups).
I found out from another question (Accessing Volume Shadow Copy (VSS) Snapshots from powershell) a way to create a shadow copy in general, but the example given there uses "ClientAccessible" as the context parameter, which results in the creation of a persistent Shadow Copy, without writer participation.
While searching for a solution, I have found that I could use the following command to obtain a list of contexts, which I assume are understood by WMI:
Get-WmiObject win32_shadowcontext | Out-GridView
It does the list have a context named "Backup", which is conveniently what I want. I proceeded to attempt creating a non-persistent shadow copy using that context:
$shadow = (Get-WmiObject -list win32_shadowcopy).Create("C:\", "Backup")
However, this seems to fail and the content of the $shadow variable is set to
ReturnValue : 5
ShadowID : {00000000-0000-0000-0000-000000000000}
According to the relevant documentation (Create method of the Win32_ShadowCopy class), the return value means "Unsupported shadow copy context."
I couldn't find any relevant documentation as to why this context is unsupported or whether it is possible to use it at all. I have also tried the "FileShareBackup" and "AppRollback" contexts without success.
I assume I am either missing something obvious, or that for some reason, WMI really doesn't support anything else than "clientAccessible" when creating shadow copies, or that this is OS-dependent (I am testing this on Windows 7, 64-bit)
How can I get this to work?

Okay, Technoob1984 here with the scoop. See my attached screen shot.
This one is tricky, because you have to use x64 version of Powershell (located under system32 not wow64)
The Shadow Copy Context are the .properties of the object.
Also I used the static method in my screenshots below.
https://learn.microsoft.com/en-us/previous-versions/windows/desktop/vsswmi/create-method-in-class-win32-shadowcopy
# get existing shadow copies
$shadow = get-wmiobject win32_shadowcopy
"There are {0} shadow copies on this sytem" -f $shadow.count
""
# get static method
$class=[WMICLASS]"root\cimv2:win32_shadowcopy"
# create a new shadow copy
"Creating a new shadow copy"
$class.create("C:\", "ClientAccessible")
# Count again
$shadow = get-wmiobject win32_shadowcopy
so in the example there, you would want to use $class.Properties to see what you can use as a Shadow Context.
See my screen shot:
So Shadow Context is 'Caption, Count, Description' and anything else under the 'Name:' value of .Properties. I do not see 'Backup' as one of the options.
Enjoy

Your $shadow has a 5 on return value looking at the error message, your shadow id has all zeros , you would need to add a 1 or a 2 to the end of the volume shadow copy in the registry using binary or dword.
find the folder in the registry named volsnap in your regedit search .volsnap.sys is found in the C:\Windows\System32\drivers directory. The file size is 52,352 bytes.The volsnap file contains Microsoft's digital signature make sure its the correct bytes.
This confirms its authenticity. volsnap.sys appears to be a file that was compressed by an EXE-Packer. This technique is often used by trojans to keep the file size small and also hamper debugging efforts.
However, this in itself is not sufficient reason to presume malicious intent, since even well-intentioned, professional software producers take advantage of compressed files. For this reason, 2% of all experts consider this file to be a possible threat. The probability that it can cause harm is high. Please consider the additional Comments from other users.
shadow id default
00000000-0000-0000-0000-000000000000
00000000-0000-0000-0000-000000000005
if it already has a 5 which it probably doesn't change it to 1
or create new code
Shadow id $shadow 00000000-0000-0000-0000-0000000000001
not exactly as shown.you may have to try different wording I'm not sure if $will work, if not, try the js standalone version.

Related

Shell.Application & errors

To clarify, I am specifically asking about how to HANDLE errors when using Shell.Application. Or more to the point, CAN one handle errors, and IF SO, how. The font example is just that, an example of the current situation I am trying to solve. But the question remains, can one handle (not avoid, handle) an error when using Shell.Application? There may well be some subtlety to the answer, I.e in general you can, but specifically not in the fonts example. That seems to be the case, and I am inclined to decide that Shell.Application is old, broken technology that should simply not be used, because it can't be robust in all use cases, which to me says it's potentially fragile in any use case.
I am attempting to refine my use of Shell.Application.CopyHere(), specifically for use installing fonts. What I hope to do is address the occasional error where a font file is corrupt or otherwise not a valid font file.
So far as I can tell from this there really is no way to address this. I can use argument value 16 Respond with "Yes to All" for any dialog box that is displayed. to perhaps get past the error, but with no return code I have no way to log a resulting error. Using .CopyHere() in PowerShell with a Try/Catch doesn't work either. Is this just old technology from a time when Microsoft just accepted things failing ungracefully? Or am I missing a technique that solves the issue?
EDIT: Based on that link I provided, I tried the 1024 argument, Do not display a user interface if an error occurs. Like so
$fontFolder.CopyHere($fontFilePath, 1024)
Doesn't seem to do what it says it does, since I am seeing a dialog that says
Cannot install bogus.ttf
The file ... does not appear to be a valid font.
So, not only not able to get a meaningful error back, but the presence of an error disrupts execution of the script and requires user interaction. Ugh.
EDIT 2:
Not really a minimal code example, since my question is CAN this be done, even before how. But this is what I just tried.
fontFilePath = '\\px\Rollouts\Misc\Fonts\bogus.ttf'
$fontFolderPath = "$env:windir\Fonts"
$fontFolder = $(New-Object -ComObject:Shell.Application).Namespace($fontFolderPath)
$fontFolder.CopyHere($fontFilePath, 1024)
Based on what that 1024 argument claims to do, I would expect this to fail, but also not stop processing while a dialog waits for user interaction.
Also, worth noting that bogus.ttf is simply an empty text file renamed with TTF extension. So, guaranteed not to successfully install a font.
It seems that the Fonts folder, while it does implement Folder.CopyHere, does not evaluate the flags passed in the second parameter. Doesn't seem there are any other standard utilities to install fonts programmatically, or verify the integrity of the TTF non-interactively.
So this leaves us the option of rolling our own Font registration using the Win32 API. Basically, you have to copy the font to the Fonts folder:
# For .NET versions earlier than 4.0, hardcode to C:\Windows\Fonts
# Fonts special folder is new in 4.0
$fontDir = [System.Environment]::GetFolderPath([System.Environment.SpecialFolder]::Fonts)
Copy-Item C:\Path\To\Font.ttf "${fontDir}\Font.ttf"
This next call isn't strictly necessary, as it only adds the font temporarily to your user session, but it does function as an integrity check to see if the font is valid and can be imported. You need to P/Invoke AddFontResource from the Win32 API:
Add-Type -Name Gdi32 -Namespace Win32 -MemberDefinition #"
[System.Runtime.InteropServices.DllImport("gdi32.dll")]
public static extern int AddFontResource(string lpszFilename);
"#
# Returns 1 on success or 0 on failure, if you want your error checking here
[Win32.Gdi32]::AddFontResource("${fontDir}\FontFileName.ttf")
And then register it at the following registry key. This piece is necessary for persisting the font you copied to $fontDir:
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts' -Name "FontName" -Value "FontFileName.ttf"
You can programmatically get the FontName using the PrivateFontCollection class, and the Families[x].Name property under that, where x is the index of the font in the collection you want the name for.
To address your edit, there isn't going to be a "one size fits all" approach when it comes to handling errors in Shell.Application. There are multiple reasons to avoid using Shell.Application, such as:
APIs are wrought with legacy behavior, such as using modal dialogs to report errors
Windows standards are implemented inconsistently, such as Fonts ignoring the documented CopyFile flags
Not available in a non-interactive session
The first two points are cases the example in your question hits. The third comes into play in many automation scenarios, especially when a non-interactive service accounts are used to execute commands. There are very few cases where something can only be done via Shell.Application, and as such it's almost always best to avoid it if there is an alternative API. Your font installation scenario is an excellent example of this.

Is it possible to get shell properties for an item not in the shell namespace?

Short Version
How does the shell get the properties of a file?
Long Version
The Windows Shell exposes a rich system of properties about items (e.g. files and folders) in the shell namespace.
For example:
System.Title: A Quick Guide for SQL Server Native Client OLE DB to ODBC Conversion
System.Author: George Yan (KW)
System.Document.LastAuthor: rohanl
System.Comment: To learn more about this speaker, find other TEDTalks, and subscribe to this Podcast series, visit www.TED.com Feedback: tedtalks#ted.com
System.ItemParticipants: George Yan (KW)
System.Company: Contoso
System.Language: English (United States)
System.Document.DateCreated: 6/‎10/‎2014 ‏‎5∶16∶30 ᴘᴍ
System.Image.HorizontalSize: 1845 pixels
System.Image.VerticalSize: 4695 pixels
System.Image.HorizontalResolution: 71 dpi
System.Image.VerticalResolution: 71 dpi
In order for the shell to read these properties, it obviously has to use a lot of sources:
Windows Media Foundation IMFMetadata works great for images and movies
Windows Imaging Component (WIC) probably has a lot of APIs for reading metadata
I'm not sure if IFilter can retrieve Title, Author, Subject, Comments etc from Office documents
Either way, it has to read the file contents stream and do something with the contents of the file in order to get all these fancy shell properties. In other words:
IStream \
+ |--> [magic] --> IPropertyStore
.ext /
Can use it with my own stream?
I have items that are not in the shell namespace; they are in a data store. I do expose them to the shell through IDataObject as CF_FILEDESCRIPTOR with an IStream when its time to perform copy-paste or drag-drop. But outside of that they are just streamable blobs in a data store.
I'd like to be able to leverage all the existing work done by the very talented and hard-working1 shell team to read metadata from a "file", which in the end only exists as an IStream.
Is there perhaps a binding context option that lets me get a property store based on an IDataObject rather than a IShellItem2?
So rather than:
IPropertyStore ps = shellItem2.GetPropertyStore();
is there a:
IPropertyStore ps = GetShellPropertiesFromFileStream(stream);
?
How does the shell get all the properties of a file?
Bonus Chatter - IPropertyStoreFactory
This interface is typically obtained through IShellFolder::BindToObject or IShellItem::BindToHandler. It is useful for data source implementers who want to avoid the additional overhead of creating a property store through IShellItem2::GetPropertyStore. However, IShellItem2::GetPropertyStore is the recommended method to obtain a property store unless you are implementing a data source through a Shell folder extension.
Tried
IPropertyStore ps = CoCreateInstance(CLSID_PropertyStore);
IInitializeWithStream iws = ps.QueryInterface(IID_IInitializeWithStream);
But CLSID_PropertyStore does not support IInitializeWithStream.
Bonus Reading
MSDN: Initializing Property Handlers
Property handlers are a crucial part of the property system. They are invoked in-process by the indexer to read and index property values, and are also invoked by Windows Explorer in-process to read and write property values directly in the files.
MSDN: Registering and Distributing Property Handlers (spellunking the registry for fun and reading contracts from the other side)
(Have some experience in Property Store handlers) How I see a solution:
Get PropertyStore handler CLSID for your file extension. You should use 2 regkeys key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.yourext
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\SystemPropertyHandlers
Create two objects with CoCreateInstance
If you have 2 object you can combine them into single object with PSCreateMultiplexPropertyStore
Query for IInitializeWithStream (also you can try to query IPersistStream).
If the PropertyStore object supports IInitializeWithStream/IPersistStream: you are lucky - just init your object and query the properties you need. If does not - you still have (dirty) variant to create temporary file and then use IPersistFile.

Using global variables in a ps1

I can't seem to find good enough solution to my problem. Is there a good way of grouping variables in some kind of file so that multiple scripts could access them?
I've been doing some work with Desired State Configuration but the work that needs to be done cannot be efficiently implemented that way. The point is to install Azure Build Agent on a server and then to configure it. There are some variables that really should not be inside a script file just copypasted like Personal Access Token. I just want to be able to easily change it without the need to go inside every script that would be using it. In DSC you can just make a .psd1 file and access the variables like for example AllNodes.NodeName. The config file invocation and parameters look like this:
.\config.cmd --unattended --url $myUrl --auth PAT --token $myToken --pool default --agent "$env:COMPUTERNAME" --acceptTeeEula --work $workDir'
I want to make the variable $myToken accessible from outside file for better security and having a centralized place from where I can change values. $myUrl is also important to have access to due to it changing with new update to Build Agent.
Thank you in advance for your effort. If anything is not clear please let me know.
I have two very different answers to your question, although either one of them may miss your point.
First, it's possible to define veriables inside your profile script. Most people only use the profile script to define a library of functions or classes. But a variable can be made global the same way.
I have a variable named $myps that identifies the folder where I keep my PS scripts (in subfolders).
When I start a session I generally switch to this directory (oops, I called it a folder above.
The second way involde storing values of variables in a CSV file, while the names are stored in the CSV header.i then have a quickie little comandlet that steps through a CSV file, record by record, generating different expansions of a template each time through.
These values are not quite global, but they can be used in more than one context.
Thank you for the help. Those are very useful solutions in some cases, but I dug a bit deeper and found solution that suits my purpose. Basically if you have a psd1 file suited for DSC use you can also access its content via normal ps1 file. For example:
NonNodeData =
#{
Pat = 'somePAT'
}
Let's say this section of a psd1 file called ENV.psd1 is on your local machine in C:/Configuration
To access the content of this file you have to make a variable inside your script and use Import-PowerShellDataFile like so:
$configData = Import-PowerShellDataFile -Path "C:\Configuration\ENV.psd1"
And now you are free to use anything stored inside ENV.psd1. For example if I want to extract my PAT from config file to be able to store it in a variable in the script:
$myPat = $configData.NonNodeData.Pat
Thanks to that I can just pass $myPat as a parameter when invoking config.cmd like so:
.\config.cmd --unattended --auth PAT --token $myPat
Keeping my code cleaner and easier for any future updates.

Set network files/folders to offline via script (batch/powershell)

I'm trying to automate the process of right clicking a folder or file and then clicking the "Always available offline" in windows 7+.
I've not been able to find any command or batch way to do that. So far, I found this powershell script that simulate a right click operation on a context menu item (Always available offline in my case).
$o = New-Object -ComObject Shell.Application
$o.Namespace("Z:\").Self.verbs() | `
Where-Object { $_.Name -eq 'Always &available offline' } | `
ForEach-Object { $_.DoIt() }
It doesn't work.
If I try to pass a folder or UNC path instead of a drive (let's say Z:\foldertomakeavailableoffline), all I get is "You cannot call a method on a null-valued expression." as if the folder I specify doesn't exist.
Any help is appreciated.
Thanks.
It would be rather helpful if you would post your $o.Namespace("Z:\").Self.verbs() result like this:
Mine are:
Name
----
&Open
Git &Add all files now
Git &Commit Tool
Git &History
Git &Gui
Git Ba&sh
Scan for Viruses...
Hg &Workbench
Restore previous &versions
Combine files in Acrobat...
Select &Left Folder for Compare
&Disconnect
&Copy
Create &shortcut
Rena&me
P&roperties
In my eyes the issue here is that you don't see it and that is why id does not work. (It is also atypical menu item as the value are true/false).
I would try to do it the following "pinning" way:
If you need to pin a folder/file for a user try this:
$path = “\\path_to\shared\folder”
$objWMI = [wmiclass]”\\.\root\cimv2:win32_offlinefilescache”
$objWMI.Pin($path, 0x00001221, $true)
Which uses these bits:
0x00001221
OfflineFilesPinControlFlagFill (0x00000001)
Fills the item in addition to pinning it. This results in the item being fully cached as part of the pin operation. If this flag is not
set, the item is only pinned and must wait to be filled by some other
means of synchronization. Note that the Offline Files service
periodically fills files in the background. If immediate offline
availability is not necessary, it may be better (performance-wise) to
not set this flag and let the service fill the file in the background.
OfflineFilesPinControlFlagForUser (0x00000020)
Pins the items for the calling user. This is the flag typically set for a caller of this function. It is important to note that
Offline Files does not support a true per-user notion of pinning. When
an item is pinned for a user, it is pinned for all users of that
machine. An item that is pinned with this flag can be unpinned by any
user who has access to that file. The ability to access that pinned
file depends on the user's access rights to that file computed while
online.
OfflineFilesPinControlFlagLowPriority (0x00000200)
Reserved for future use.
(I like to use this one for it is LowPriority not to clog the system)
OfflineFilesPinControlFlagConsole (0x00001000)
This flag is ignored if the OfflineFilesPinControlFlagInteractive flag is not set. If the OfflineFilesPinControlFlagInteractive flag is
set, this flag indicates that any UI produced should be directed to
the console window associated with the process invoking the operation.

Understanding Moodle $context

From Moodle doc:
A context is a space in Moodle where roles can be assigned.
I understand that a context is a logical space used to manage Moodle objects.
I developed a custom block plugin with a file upload where I use file_prepare_draft_area andfile_save_draft_area_files functions.There is a $context parameter that must be passed and I am don't really know what context should I pass ?
This mean, I guess, in which logical space should I put my block plugin uploaded files ?
In my opinion, the most logical would be store the uploaded files in a context related to my block plugin.
I tried to use context_block::instance($instanceid) but I don't know how to get $instanceid param.
Which context should I use in this case?
How to get it?
The types of context are as follows:
System
Course category
Course
Activity module
Block
User
The hierarchy of contexts are:
System => Course category => Course => Activity module
Block contexts can appear within courses or within the 'site' course.
User contexts are outside of courses.
If you want the files tied to a specific instance of the block (e.g. so they are deleted automatically when the block is deleted and you can keep the files from different instances of the block separate), then you should use the block context (but you'll have to pass the instanceid of the block to the sub-pages in order to use this to get the context:
$context = context_block::instance($blockinstanceid);
If you want the files tied to the course - so all instances of the block in the course share the same file space and the files are only deleted when the whole course is deleted, then use the course context (pass the courseid into the subpages, as a param, then use:
$context = context_course::instance($courseid);
If, however, you want to share that file area across all blocks on the site, then the system context is what you want:
$context = context_system();
There is also a piece of (old?) documentation for reference - see par. "13.2. Moodle's Roles and Permissions System".
(I also found Russian translation of that paragraph, maybe useful for someone.)