Enterprise and groups Policy Management

Central Policy Management

Enterprise Backup and SpiderOak Groups now support central policy management. This gives admins the ability to set policy for any group of users. This includes defining default backup set selection, deleted file retention time period, backup scheduling, default download location, and many other options.

Policy management is located in the Management Console VM under Manage > Manage Policies.

Creating Policies

Policies can be created in the Manage Policies section of the Manage tab. Create a new policy by clicking Add Policy. Policies apply to a specific user Group; if you have not done so yet you can create user Groups in the Manage tab under Manage Groups.

Copying Policies

You can copy an existing policy in the Manage Policy screen by clicking the Copy to New Policy link under the Duplicate column. The name of the copied policy will be auto-created for you, but you can change it by clicking on the copied policy name, then editing the name. Be sure to click Save at the bottom of the screen after you have finished editing.

Editing Policies

Any policy can be edited by clicking on the Policy name in the Manage Policy screen. After changing policy values, be sure to click the Save button at the bottom of the screen.

Deleting Policies

To delete a policy, click on the policy name in the Manage Policies page. At the bottom of the policies option page on the left side click the Delete Policy link, then confirm by clicking the "Yes, delete policy" button.

A policy may only be deleted if it is not in use by a user group and if there are no policies that inherit attributes from it.

Applying policy to a user group

Once a policy has been created, it is applied to a user group. In the Manage tab of the Management Console, click the Manage Groups button. To create a new Group to apply the policy to, click the Add Groups button, and select the policy to be applied in the Device Policy section. Be sure to Save Changes after selecting.

To apply a policy to an existing Group, click the Details button, then select the policy in the Device Policy section. Be sure to Save Changes after selecting.

Users can be assigned to a Group in the Users tab. In the Group column, select the appropriate Group from the list, then click the Save Changes button. Policy applied to the user Group will then be applied to that user.

User notification of policy

Beginning with version 6.1.8 of the SpiderOak Groups application, a new section of text has been added to the Software License Agreement screen. This text informs users that the account admin has the ability remotely select folders for backup, and directs users with concerns to contact the account admin. A copy of the message is available below.

Please note that policy set through central policy management will only apply to users who have installed version 6.1.8 or later of the SpiderOak Groups application. All users are still affected by json/regedit policies.

groups policy user warning

Policy Options

Aside from the policy name, all policies can either be Managed or User Controlled. For any policy marked as Managed, you can then enter a value for the policy or select/deselect a check box. Policies marked as User Controlled cannot have values associated with them and policy will not be established for that item.

A number of policies have multiple options. These will only be visible when the policy is set to Managed.

Name:

Policy name. This is only displayed within the Management Console. A name must be entered in order to save your policy.

Interface

Launch at OS Startup:

When set to Managed and selected, this policy launches the SpiderOak Groups application on OS startup.

Launch minimized at startup:

When set to Managed and selected, this launches the Groups application in a minimized state. This option is independent of the Show splash screen at startup option.

Show splash screen at startup:

When set to Managed and selected, this displays the Groups splash screen when the application launches. This option is independent of the Launch minimized at startup option; the splash screen can be displayed even if the application launches minimized.

Disable space calculations:

When set to Managed and selected, the Groups application will not run a space calculation before uploading the data in the upload queue. User accounts with limited space benefit from space calculations; if the user has select more data than they have space for a warning will be displayed and the user will be prompted to adjust their backup selection.

Show hotkey enabled:

When set to Managed and selected, the admin can set a hotkey for users to launch the Groups app (or bring it to the foreground). Please note that application behavior varies across OSes. First select the Show hotkey modifier, then type the hotkey combination in the Showhotkeysymbol field.

Backup

Don't backup files larger than enabled:

When set to Managed and selected, a field will appear prompting the admin to enter a MB value in the Don't backup files larger than this many megabytes field. Enter numbers only.

Don't backup files older than enabled:

When set to Managed and selected, a field will appear prompting the admin to enter a value in seconds in the Don't backup files older than this many seconds field. Enter numbers only. For reference, one day is 86,400 seconds.

Exclude Files Matching Wildcard:

When set to Managed and selected, this allow the admin to specify files to exclude from backup using wildcards. Values should be comma separated.

Exclude Folders Matching Wildcard:

When set to Managed and selected, this allow the admin to specify folders to exclude from backup using wildcards. Values should be comma separated.

Enable previews:

When set to Managed and selected, the Groups application will create preview thumbnails of image files during the backup process. Preview thumbnails are only used in the web interface for quick previews.

Schedule

Enable backup scheduling:

When set to Managed and selected, a schedule for Full Scan Interval and Full Schedule can be set. Full Scan Interval is how often the directory watcher scans the backup set for changes. Values vary from Automatic to 48 hours. Full Schedule allows a set schedule to be set based on time of day or days of the week. If Frequency is selected, the Full Scan Interval will be used as the backup schedule. If Time of Day is selected, options appear for AM or PM, hours from 1 to 12, and every day or specific days of the week can be selected.

Enable sync scheduling:

When set to Managed and selected, a schedule for Sync Scan Interval and Sync Schedule can be set. Sync Scan Interval is how often the directory watcher scans folders that are selected to sync. Values vary from Automatic to 48 hours. Sync Schedule allows a set schedule to be set based on time of day or days of the week. If Frequency is selected, the Sync Scan Interval will be used as the backup schedule. If Time of Day is selected, options appear for AM or PM, hours from 1 to 12, and every day or specific days of the week can be selected.

Enable share scheduling:

When set to Managed and selected, a schedule for Share Scan Interval and Share Schedule can be set. Share Scan Interval is how often the directory watcher scans folders that are part of a Share Room for changes. Values vary from Automatic to 48 hours. Share Schedule allows a set schedule to be set based on time of day or days of the week. If Frequency is selected, the Share Scan Interval will be used as the backup schedule. If Time of Day is selected, options appear for AM or PM, hours from 1 to 12, and every day or specific days of the week can be selected.

Enable automatic re-scan of changed folders:

When set to Managed and selected, this allows the Groups application's directory watcher to scan folders for changes automatically. This does not change the backup schedule, but keeps a list of files that have been changed and will be added to the upload queue during the next scheduled backup.

Network

Http proxy enabled:

When set to Managed and selected, values for Http proxy host, Http proxy port, and Http proxy username can be entered.

Limit bandwidth:

When set to Managed and selected, a value can be entered in the Max upload KB/s field. Enter numbers only.

General

Mac Downloads Location:

When set to Managed and selected, this allows the admin to specify a folder when downloads from the Groups app will be downloaded to.

Linux Downloads Location:

When set to Managed and selected, this allows the admin to specify a folder when downloads from the Groups app will be downloaded to.

Windows XP Downloads Location:

When set to Managed and selected, this allows the admin to specify a folder when downloads from the Groups app will be downloaded to.

Windows Vista+ Downloads Location:

When set to Managed and selected, this allows the admin to specify a folder when downloads from the Groups app will be downloaded to.

Backup Selection

Mac backup selection enabled:

When set to Managed and selected, this allows the admin to select specific locations to be part of the default backup set.

Mac backup selection scope:: If exact is selected, only the locations specified in the policy will be backed up. No other folders can be added by the user.

Mac backup selection type:: Basic backup selection allows the admin to specify common folders that should be backed up, such as desktop, documents, home directory, music, and photos. Advanced allows the admin to enter a specific directory path that should be backed up, as well as directories that should be deselected. Please note that these are one path name per line, and that envars can be used.

Linux backup selection enabled:

When set to Managed and selected, this allows the admin to select specific locations to be part of the default backup set.

Linux backup selection scope:: If exact is selected, only the locations specified in the policy will be backed up. No other folders can be added by the user.

Linux backup selection type:: Basic backup selection allows the admin to specify common folders that should be backed up, such as desktop, documents, home directory, music, and photos. Advanced allows the admin to enter a specific directory path that should be backed up, as well as directories that should be deselected. Please note that these are one path name per line, and that envars can be used.

Windows XP backup selection enabled:

When set to Managed and selected, this allows the admin to select specific locations to be part of the default backup set.

Windows XP backup selection scope:: If exact is selected, only the locations specified in the policy will be backed up. No other folders can be added by the user.

Windows XP backup selection type:: Basic backup selection allows the admin to specify common folders that should be backed up, such as desktop, documents, home directory, music, and photos. Advanced allows the admin to enter a specific directory path that should be backed up, as well as directories that should be deselected. Please note that these are one path name per line, and that envars can be used.

Windows Vista+ backup selection enabled:

When set to Managed and selected, this allows the admin to select specific locations to be part of the default backup set.

Windows Vista+ backup selection scope:: If exact is selected, only the locations specified in the policy will be backed up. No other folders can be added by the user.

Windows Vista+ backup selection type:: Basic backup selection allows the admin to specify common folders that should be backed up, such as desktop, documents, home directory, music, and photos. Advanced allows the admin to enter a specific directory path that should be backed up, as well as directories that should be deselected. Please note that these are one path name per line, and that envars can be used.

Automatic Purge

Days until purging deleted items:

When set to Managed and selected, the value is the number of days after which deleted items are removed from user accounts. If this option is User Controlled, or Managed but no value is entered, deleted items will be automatically removed from user accounts.

Days until purging historical versions:

When set to Managed and selected, the value is the number of days after which historical versions are removed from user accounts. If User Controlled is selected, or Managed is selected but no value is entered, historical versions will be automatically removed from user accounts.