[MS-SCMP]:
Shadow Copy Management Protocol
Intellectual Property Rights Notice for Open Specifications Documentation
Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies.
Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL's, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications.
No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft Open Specification Promise or the Community Promise. If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting .
Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit
Fictitious Names. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
Preliminary Documentation. This Open Specification provides documentation for past and current releases and/or for the pre-release version of this technology. This Open Specification is final documentation for past or current releases as specifically noted in the document, as applicable; it is preliminary documentation for the pre-release versions. Microsoft will release final documentation in connection with the commercial release of the updated or new version of this technology. As the documentation may change between this preliminary version and the final version of this technology, there are risks in relying on preliminary documentation. To the extent that you incur additional development obligations or any other costs as a result of relying on this preliminary documentation, you do so at your own risk.
Revision Summary
Date / Revision History / Revision Class / Comments10/24/2008 / 0.01 / Version 0.01 release
12/5/2008 / 0.01.1 / Editorial / Changed language and formatting in the technical content.
1/16/2009 / 0.01.2 / Editorial / Changed language and formatting in the technical content.
2/27/2009 / 0.2 / Minor / Clarified the meaning of the technical content.
4/10/2009 / 0.3 / Minor / Clarified the meaning of the technical content.
5/22/2009 / 0.3.1 / Editorial / Changed language and formatting in the technical content.
7/2/2009 / 0.4 / Minor / Clarified the meaning of the technical content.
8/14/2009 / 0.4.1 / Editorial / Changed language and formatting in the technical content.
9/25/2009 / 0.5 / Minor / Clarified the meaning of the technical content.
11/6/2009 / 0.5.1 / Editorial / Changed language and formatting in the technical content.
12/18/2009 / 0.5.2 / Editorial / Changed language and formatting in the technical content.
1/29/2010 / 1.0 / Major / Updated and revised the technical content.
3/12/2010 / 1.0.1 / Editorial / Changed language and formatting in the technical content.
4/23/2010 / 1.0.2 / Editorial / Changed language and formatting in the technical content.
6/4/2010 / 2.0 / Major / Updated and revised the technical content.
7/16/2010 / 2.0 / None / No changes to the meaning, language, or formatting of the technical content.
8/27/2010 / 3.0 / Major / Updated and revised the technical content.
10/8/2010 / 4.0 / Major / Updated and revised the technical content.
11/19/2010 / 4.0 / None / No changes to the meaning, language, or formatting of the technical content.
1/7/2011 / 4.0 / None / No changes to the meaning, language, or formatting of the technical content.
2/11/2011 / 4.0 / None / No changes to the meaning, language, or formatting of the technical content.
3/25/2011 / 4.0 / None / No changes to the meaning, language, or formatting of the technical content.
5/6/2011 / 4.0 / None / No changes to the meaning, language, or formatting of the technical content.
6/17/2011 / 4.1 / Minor / Clarified the meaning of the technical content.
9/23/2011 / 4.1 / None / No changes to the meaning, language, or formatting of the technical content.
12/16/2011 / 4.1 / None / No changes to the meaning, language, or formatting of the technical content.
3/30/2012 / 4.1 / None / No changes to the meaning, language, or formatting of the technical content.
7/12/2012 / 4.1 / None / No changes to the meaning, language, or formatting of the technical content.
10/25/2012 / 4.1 / None / No changes to the meaning, language, or formatting of the technical content.
1/31/2013 / 4.1 / None / No changes to the meaning, language, or formatting of the technical content.
8/8/2013 / 5.0 / Major / Updated and revised the technical content.
11/14/2013 / 5.0 / None / No changes to the meaning, language, or formatting of the technical content.
2/13/2014 / 5.0 / None / No changes to the meaning, language, or formatting of the technical content.
5/15/2014 / 5.0 / None / No changes to the meaning, language, or formatting of the technical content.
6/30/2015 / 6.0 / Major / Significantly changed the technical content.
Table of Contents
1Introduction
1.1Glossary
1.2References
1.2.1Normative References
1.2.2Informative References
1.3Overview
1.4Relationship to Other Protocols
1.5Prerequisites/Preconditions
1.6Applicability Statement
1.7Versioning and Capability Negotiation
1.8Vendor-Extensible Fields
1.9Standards Assignments
2Messages
2.1Transport
2.2Common Data Types
2.2.1Data Types
2.2.1.1VSS_ID
2.2.1.2VSS_PWSZ
2.2.1.3VSS_TIMESTAMP
2.2.2Enumerations
2.2.2.1VSS_OBJECT_TYPE Enumeration
2.2.2.2VSS_MGMT_OBJECT_TYPE Enumeration
2.2.2.3VSS_VOLUME_SNAPSHOT_ATTRIBUTES Enumeration
2.2.2.4VSS_SNAPSHOT_STATE Enumeration
2.2.2.5VSS_PROVIDER_TYPE Enumeration
2.2.3Structures
2.2.3.1VSS_OBJECT_UNION Union
2.2.3.2VSS_OBJECT_PROP Structure
2.2.3.3VSS_SNAPSHOT_PROP Structure
2.2.3.4VSS_PROVIDER_PROP Structure
2.2.3.5VSS_MGMT_OBJECT_UNION Union
2.2.3.6VSS_MGMT_OBJECT_PROP Structure
2.2.3.7VSS_VOLUME_PROP Structure
2.2.3.8VSS_DIFF_VOLUME_PROP Structure
2.2.3.9VSS_DIFF_AREA_PROP Structure
3Protocol Details
3.1Server Details
3.1.1IVssSnapshotMgmt Details
3.1.1.1Abstract Data Model
3.1.1.2Timers
3.1.1.3Initialization
3.1.1.4Message Processing Events and Sequencing Rules
3.1.1.4.1GetProviderMgmtInterface (Opnum 3)
3.1.1.4.2QueryVolumesSupportedForSnapshots (Opnum 4)
3.1.1.4.2.1Volume Object Enumeration
3.1.1.4.3QuerySnapshotsByVolume (Opnum 5)
3.1.1.4.3.1Shadow Copy Enumeration Return Value
3.1.1.5Timer Events
3.1.1.6Other Local Events
3.1.2IVssEnumObject Details
3.1.2.1Next (Opnum 3)
3.1.2.2Skip (Opnum 4)
3.1.2.3Reset (Opnum 5)
3.1.2.4Clone (Opnum 6)
3.1.3IVssEnumMgmtObject Details
3.1.3.1Next (Opnum 3)
3.1.3.2Skip (Opnum 4)
3.1.3.3Reset (Opnum 5)
3.1.3.4Clone (Opnum 6)
3.1.4IVssDifferentialSoftwareSnapshotMgmt Details
3.1.4.1Abstract Data Model
3.1.4.2Timers
3.1.4.3Initialization
3.1.4.4Message Processing Events and Sequencing Rules
3.1.4.4.1Shadow Copy Storage Association Object Enumeration
3.1.4.4.2AddDiffArea (Opnum 3)
3.1.4.4.3ChangeDiffAreaMaximumSize (Opnum 4)
3.1.4.4.4QueryVolumesSupportedForDiffAreas (Opnum 5)
3.1.4.4.5QueryDiffAreasForVolume (Opnum 6)
3.1.4.4.6QueryDiffAreasOnVolume (Opnum 7)
3.1.4.5Timer Events
3.1.4.6Other Local Events
3.2Client Details
3.2.1Abstract Data Model
3.2.2Timers
3.2.3Initialization
3.2.4Message Processing Events and Sequencing Rules
3.2.4.1Processing Server Replies to Method Calls
3.2.4.1.1Shadow Copy Management Protocol Object Relationships
3.2.5Timer Events
3.2.6Other Local Events
4Protocol Examples
4.1Enumerate Volumes Supporting Shadow Copies
4.2Calculate Shadow Copy Storage Space on a Volume
4.3Store Shadow Copies on a Different Volume
5Security
5.1Security Considerations for Implementers
6Appendix A: Full IDL
7Appendix B: Product Behavior
8Change Tracking
9Index
1Introduction
The Shadow Copy Management Protocol is used to programmatically enumerate shadow copies and configure shadow copy storage on remote machines. The protocol uses a set of Distributed Component Object Model (DCOM)interfaces to query shadow copies and manage shadow copy storage on a remote machine.
This specification describes storage concepts, including volume storage concepts, in the Windows operating system. Although this specification outlines some basic storage concepts, it assumes that the reader has familiarity with these technologies. For background information about storage, disk, and volume concepts, see [MSDN-STC] and [MSDN-VOLMAN].
This protocol documentation is intended for use together with publicly available standard specifications, networking programming art, and Microsoft distributed systems concepts. It assumes that the reader is either familiar with this material or has immediate access to it.
A protocol specification does not require the use of Microsoft programming tools or programming environments for a Licensee to develop an implementation. Licensees who have access to Microsoft programming tools and environments are free to take advantage of them.
Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in [RFC2119]. Sections 1.5 and 1.9 are also normative but do not contain those terms. All other sections and examples in this specification are informative.
1.1Glossary
The following terms are specific to this document:
Component Object Model (COM): An object-oriented programming model that defines how objects interact within a single process or between processes. In COM, clients have access to an object through interfaces implemented on the object. For more information, see [MS-DCOM].
differential data: The data that can be applied to the contents of an original volume in order to generate the contents of a shadow copy.
Distributed Component Object Model (DCOM): The Microsoft Component Object Model (COM) specification that defines how components communicate over networks, as specified in [MS-DCOM].
drive letter: One of the 26 alphabetical characters A-Z, in uppercase or lowercase, that is assigned to a volume. Drive letters serve as a namespace through which data on the volume can be accessed. A volume with a drive letter can be referred to with the drive letter followed by a colon (for example, C:).
endpoint: A network-specific address of a remote procedure call (RPC) server process for remote procedure calls. The actual name and type of the endpoint depends on the RPC protocol sequence that is being used. For example, for RPC over TCP (RPC Protocol Sequence ncacn_ip_tcp), an endpoint might be TCP port 1025. For RPC over Server Message Block (RPC Protocol Sequence ncacn_np), an endpoint might be the name of a named pipe. For more information, see [C706].
free space: Space on a disk not in use by any volumes, primary partitions, or logical drives.
fully qualified domain name (FQDN): An unambiguous domain name (2) that gives an absolute location in the Domain Name System's (DNS) hierarchy tree, as defined in [RFC1035] section 3.1 and [RFC2181] section 11.
globally unique identifier (GUID): A term used interchangeably with universally unique identifier (UUID) in Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the value. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the GUID. See also universally unique identifier (UUID).
HRESULT: An integer value that indicates the result or status of an operation. A particular HRESULT can have different meanings depending on the protocol using it. See [MS-ERREF] section 2.1 and specific protocol documents for further details.
interface: A group of related function prototypes in a specific order, analogous to a C++ virtual interface. Multiple objects, of different object class, may implement the same interface. A derived interface may be created by adding methods after the end of an existing interface. In the Distributed Component Object Model (DCOM), all interfaces initially derive from IUnknown.
Interface Definition Language (IDL): The International Standards Organization (ISO) standard language for specifying the interface for remote procedure calls. For more information, see [C706] section 4.
mount point: See mounted folder.
Network Data Representation (NDR): A specification that defines a mapping from Interface Definition Language (IDL) data types onto octet streams. NDR also refers to the runtime environment that implements the mapping facilities (for example, data provided to NDR). For more information, see [MS-RPCE] and [C706] section 14.
opnum: An operation number or numeric identifier that is used to identify a specific remote procedure call (RPC) method or a method in an interface. For more information, see [C706] section 12.5.2.12 or [MS-RPCE].
original volume: The volume from which the shadow copy is derived.
path: When referring to a file path on a file system, a hierarchical sequence of folders. When referring to a connection to a storage device, a connection through which a machine can communicate with the storage device.
remote procedure call (RPC): A context-dependent term commonly overloaded with three meanings. Note that much of the industry literature concerning RPC technologies uses this term interchangeably for any of the three meanings. Following are the three definitions: (*) The runtime environment providing remote procedure call facilities. The preferred usage for this meaning is "RPC runtime". (*) The pattern of request and response message exchange between two parties (typically, a client and a server). The preferred usage for this meaning is "RPC exchange". (*) A single message from an exchange as defined in the previous definition. The preferred usage for this term is "RPC message". For more information about RPC, see [C706].
RPC protocol sequence: A character string that represents a valid combination of a remote procedure call (RPC) protocol, a network layer protocol, and a transport layer protocol, as described in [C706] and [MS-RPCE].
RPC transport: The underlying network services used by the remote procedure call (RPC) runtime for communications between network nodes. For more information, see [C706] section 2.
shadow copy: A duplicate of data held on a volume at a well-defined instant in time.
shadow copy provider: A software component on the server that provides local services to create, enumerate, delete, and manage shadow copies.
shadow copy set: A collection of shadow copies that are created at the same time and identified by a common ID.
shadow copy storage: The storage location where the differential data from an original volume is stored in order to maintain all shadow copies for a specified original volume. The location can be a file or a set of files on the same volume or on a separate volume.
shadow copy storage association: The relationship between the original volume and the volume where the shadow copy storage is located.
shadow copy storage volume: The volume on which shadow copy storage is located.
snapshot: The point in time at which a shadow copy of a volume is made.
universally unique identifier (UUID): A 128-bit value. UUIDs can be used for multiple purposes, from tagging objects with an extremely short lifetime, to reliably identifying very persistent objects in cross-process communication such as client and server interfaces, manager entry-point vectors, and RPC objects. UUIDs are highly likely to be unique. UUIDs are also known as globally unique identifiers (GUIDs) and these terms are used interchangeably in the Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the UUID. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the UUID.
volume: A group of one or more partitions that forms a logical region of storage and the basis for a file system. A volume is an area on a storage device that is managed by the file system as a discrete logical storage unit. A partition contains at least one volume, and a volume can exist on one or more partitions.
volume mount name: A path for a volume. The path consists of a GUID formatted as a string. Applications can use this path to open the volume.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.
1.2References
Links to a document in the Microsoft Open Specifications library point to the correct section in the most recently published version of the referenced document. However, because individual documents in the library are not updated at the same time, the section numbers in the documents may not match. You can confirm the correct section numbering by checking the Errata.
1.2.1Normative References
We conduct frequent surveys of the normative references to assure their continued availability. If you have any issue with finding a normative reference, please contact . We will assist you in finding the relevant information.
[C706] The Open Group, "DCE 1.1: Remote Procedure Call", C706, August 1997,
[MS-DCOM] Microsoft Corporation, "Distributed Component Object Model (DCOM) Remote Protocol".
[MS-DTYP] Microsoft Corporation, "Windows Data Types".
[MS-OAUT] Microsoft Corporation, "OLE Automation Protocol".
[MS-RPCE] Microsoft Corporation, "Remote Procedure Call Protocol Extensions".
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997,
1.2.2Informative References
[MS-SMB] Microsoft Corporation, "Server Message Block (SMB) Protocol".
[MSDN-SHADOW] Microsoft Corporation, "Volume Shadow Copy Service",
[MSDN-STC] Microsoft Corporation, "Storage Technologies Collection", March 2003,
[MSDN-VOLMAN] Microsoft Corporation, "Volume Management",
1.3Overview
The Shadow Copy Management Protocol provides a mechanism for remote configuration of shadow copies. Through the Shadow Copy Management Protocol, a client performs operations to enumerate shadow copies and configure the storage size and location that are used to maintain the shadow copies on the server.
The Shadow Copy Management Protocol is expressed as a set of DCOM interfaces. The server end of the protocol implements support for the DCOM interfaces to manage shadow copy configuration objects. The client end of the protocol invokes method calls on the interfaces to perform shadow copy configuration tasks on the server.<1> Specifically, the protocol is used for the following purposes:
Enumerating the volumes on the server that can be shadow copied.
Enumerating the shadow copies that are currently available on the server and that are point-in-time copies of a specified original volume.
Enumerating the volumes on the server that can be used as shadow copy storage.
Creating, modifying, enumerating, and deleting the shadow copy storage association objects that define the location and size of shadow copy storage for specific original volumes.