If you have ever tried to copy a file that is locked by the file system, you may have experienced frustration. The file system will not allow you to copy the file because it is protected by a security feature called a lock. Shadow copies are a way to copy files that are locked by the file system. Shadow copies work just like regular copies, but they are made without the need for the original file to be present. Shadow copies can be used to copy files that are locked by the security features of the operating system or by other software. To make a shadow copy, you first need to create a new directory on your computer where you will store your copied files. You then need to add the original filename and path to this new directory. After adding these files, you can start copying them using the regularcopy command. When copying files that are locked by security features of the operating system or other software, it is important to use caution. If you do not follow these precautions, your copied files may be lost or damaged in some way.


When trying to create simple file copy backups in Windows, a common problem is locked files which can trip up the operation. Whether the file is currently opened by the user or locked by the OS itself, certain files have to be completely unused in order to be copied. Thankfully, there is a simple solution: Shadow Copies.

Using our simple tool, you can easily access shadow copies which allows access to point-in-time copies of the currently locked files as created by Windows Restore.

Image credit: Best Backup Services

What Are Shadow Copies?

Shadow copies are a concept which was first introduced in Windows Server 2003. It works by Windows periodically crawling the system and looking for file changes made since the last crawl and recording the changes. These changes are indexed and stacked on top of each other which creates a history of the file/folder. This process was then added to the Windows Vista OS under the System Restore function which is where it remains today. The technology is the foundation of the Windows previous versions functionality.

This is done in the background as a system level process (a Restore Point creation) which isn’t subject to the same limitations as user initiated file operations. As a result, the system is able to capture changes to files which are locked to the user.

So in order to access a locked file, we simply need to access the latest shadow copy. This is the same premise used by Windows Backup and other commercial backup products which are able to access, for example, Outlook PST files while Outlook remains open.

It is important to note, however, that since shadow copies are taken when a system restore point is created, the contents between the live file and shadow copy version can be different. By default, Windows creates a restore point every day so for most situations this should be a reasonable candidate for backup.

Accessing Shadow Copies

From this point, the article assumes you are using our tool provided via the link at the bottom of the article. The batch script should be placed in a folder set in your Windows PATH variable. If you are unsure, just place it in your C:\Windows directory and that should be good enough.

In order to access the files saved within shadow copies, we utilize the VSSAdmin command line tool which is included with Windows. This tool must be run as the administrator in order to function properly so when you open a command prompt, be sure to right-click and select the option to ‘Run as Administrator’.

Once open, our tool does the heavy lifting for you. To view the syntax and header information for the tool, just enter:

As an example, the command:

will perform the following actions:

Locate the latest shadow copy for drive C. Create a symbolic link/pseudo-directory “C:\LatestShadow” Make the entire contents of the shadow copy available at this directory.

Once complete, you are free browse the contents either through the command prompt:

or through Windows Explorer, just like any other folder.

When you are finished, you can simply delete the pseudo-directory through the command prompt using:

or directly through Windows Explorer. The delete action simply unmounts the folder and does not actually delete the shadow copy.

Using in Scripts / Automated Tasks

The information above is all fine and dandy, but through manual operation it is more relevantly accessible via Windows previous versions. The leverage our tool provides is during automated processes.

For example, the script below will mount the latest shadow copy to the local directory “C:\MyShadow” and then copy the “outlook.pst” located in user JDoe’s documents folder to a backup server. Once finished, the local directory which held the shadow copy location is removed to clean itself up.

If you tried to copy the live version of the same file and the user had it open at the time, your file copy operation would fail. However, since we accessed the file via a shadow copy, there are no locks and the copy procedure virtually always succeeds. As stated previously, this procedure is pretty much exactly how popular backup products are able to do the same thing.

XCOPY “C:\MyShadow\Users\JDoe\Documents\Outlook\outlook.pst” “\BackupServer\MyFiles\”

RMDIR C:\MyShadow

An important piece of information noted above is that in order to run the above script, or any script which uses the MountLatestShadowCopy.bat tool (which, again makes use of the VSSAdmin tool), the command prompt must be run as the administrator account. In order to use this tool inside of a scheduled task, the respective task must be set to ‘Run with highest privileges’ so that the automated process will have the ability to mount shadow copies using the VSSAdmin tool.

In a nutshell, performing file copy backups is almost always the safest when copying from shadow copies. While you will not always get the most up to date version of a file, the fact that you know the file will not be locked and the copy procedure will run can be quite advantageous under most circumstances.

Download MountLatestShadowCopy tool from HowToGeek.com