SpiderOak Groups and Enterprise Backup support central policy management. This gives administrators the ability to set policy for any group of users. This includes defining the default backup set selection, deleted file retention time period, backup scheduling, default download location, and many other options.
Policy management is located in the Management Console VM under Manage > Manage Policies.
Getting started
Creating a policy
Policies can be created in the Manage Policies section of the Manage tab. Create a new policy by clicking Add Policy. Policies apply to a specific user group; if you have not done so yet you can create user groups in the Manage tab under Manage Groups.
Copying a policy
You can copy an existing policy in the Manage Policy screen by clicking the Copy to New Policy link under the Duplicate column. The name of the copied policy will be auto-created for you, but you can change it by clicking on the copied policy name, then editing the name. Be sure to click Save at the bottom of the screen after you have finished editing.
When you copy an existing policy, you are creating a new child policy from the original parent. You will notice that all of the options in the child policy have the value of Inherit by default. That means, take the value from that in the parent policy. If you subsequently change the value in the parent policy, the child policy will inherit the new value. You may of course change the value from Inherit to whatever you like.
One level of inheritance is supported.
Deleting a policy
To delete a policy, click on the policy name in the Manage Policies page. At the bottom of the policies option page on the left side click the Delete Policy link, then confirm by clicking the "Yes, delete policy" button.
A policy may only be deleted if it is not in use by a user group and if there are no policies that inherit attributes from it.
Applying a policy to a user group
Once a policy has been created, it is applied to a user group. In the Manage tab of the Management Console, click the Manage Groups button. To create a new group to apply the policy to, click the Add Groups button, and select the policy to be applied in the Device Policy section. Be sure to press Save Changes after selecting.
To apply a policy to an existing group, click the Details button, then select the policy in the Device Policy section. Be sure to press Save Changes after selecting.
Users can be assigned to a group in the Users tab. In the Group column, select the appropriate group from the list, then click the Save Changes button. Any policy applied to that group will then be applied to that user.
Order of precedence of central and local policies
The SpiderOak Groups and Enterprise applications additionally support local policies set in a JSON file or the Windows Registry on the end user's computer. A central policy set in the Management Console as described on this page overrides any local policy.
End user notification of policy
Beginning with version 6.1.8 of the SpiderOak Groups application, a new section of text has been added to the Software License Agreement screen. This text informs users that the account administrator has the ability to remotely select folders for backup, and directs users with concerns to contact the account administrator. A copy of the message is shown below.
Please note that policy set through central policy management will only apply to users who have installed version 6.1.8 or later of the SpiderOak Groups application. All users, including those running older versions of SpiderOak Groups, are still affected by JSON/Registry policies.
Editing a policy
A policy can be edited by clicking on its name in the Policy page (Manage - Manage Policies). After changing policy values, be sure to click the Save button at the bottom of the page.
Aside from the policy's name, each option can be set to either Managed or User controlled. Managed means that this item is controlled by policy, and user controlled means (as the name implies) that this item is controlled by the user.
Each option also has a checkbox. Checkboxes are only relevant for managed options. If the checkbox is checked, that enables the option. A cleared checkbox means that option is disabled. Some options have parameters; fields for entering those parameters appear if the checkbox is checked.
An example might clarify how this works. Consider the different settings available for the Autorun option:
- Managed and checked: All users assigned to this policy will have the application autorun when they log in to their computers.
- Managed and unchecked: The application will not autorun when users log in their computers.
- User controlled: Each user may set the application to autorun or not as desired. Being user controlled, the checkbox is not relevant and is ignored.
After you save your changes, the revised policy will apply to subsequently launched applications. For that reason if you wish to test the effects of your revised policy, be sure to shut down and re-launch the end user application that you are using to test so that it loads the newly revised policy.
Now that we have gone over the general characteristics of a policy's options, let's look at each in turn.
Name
Give your policy a name here. End users do not see this; the name is only displayed within the Management Console. A name must be entered in order to save your policy.
Interface
Autorun
When set to managed and checked, this policy launches the SpiderOak Groups application when the operating system user logs in.
Launch minimized at startup
When set to managed and checked, this launches the Groups application in a minimized state. This option is independent of the Show splash screen at startup option.
Show splash screen at startup
When set to managed and checked, this displays the Groups splash screen when the application launches. This option is independent of the Launch minimized at startup option; the splash screen can be displayed even if the application launches minimized.
Disable space calculations
When set to managed and checked, the Groups application will not run a space calculation before uploading the data in the upload queue. User accounts with limited space benefit from space calculations; if the user has select more data than they have space for a warning will be displayed and the user will be prompted to adjust their backup selection.
Show hotkey enabled
When set to managed and checked, the administrator can set a hotkey for users to launch the Groups app (or bring it to the foreground). Please note that application behavior varies across OSes. First select the Show hotkey modifier, then type the hotkey combination in the Showhotkeysymbol field.
Backup
Don't back up files larger than enabled
When set to managed and checked, a field will appear prompting the administrator to enter a MB value in the Don't backup files larger than this many megabytes field. Enter numbers only.
Don't back up files older than enabled
When set to managed and checked, a field will appear prompting the administrator to enter a value in seconds in the Don't backup files older than this many seconds field. Enter numbers only. For reference, one day is 86,400 seconds.
Exclude files matching wildcard
When set to managed and checked, this allow the administrator to specify files to exclude from backup using wildcards. Values should be comma separated.
Exclude folders matching wildcard
When set to managed and checked, this allow the administrator to specify folders to exclude from backup using wildcards. Values should be comma separated.
Enable previews
Preview generation has been deprecated, so this policy will be removed in a future version of the Management Console.
Schedule
Enable backup scheduling
When set to managed and checked, a schedule for Full Scan Interval and Full Schedule can be set. Full Scan Interval is how often the directory watcher scans the backup set for changes. Values vary from Automatic to 48 hours. Full Schedule allows a set schedule to be set based on time of day or days of the week. If Frequency is selected, the Full Scan Interval will be used as the backup schedule. If Time of Day is selected, options appear for AM or PM, hours from 1 to 12, and every day or specific days of the week can be selected.
Enable sync scheduling
When set to managed and checked, a schedule for Sync Scan Interval and Sync Schedule can be set. Sync Scan Interval is how often the directory watcher scans folders that are selected to sync. Values vary from Automatic to 48 hours. Sync Schedule allows a set schedule to be set based on time of day or days of the week. If Frequency is selected, the Sync Scan Interval will be used as the backup schedule. If Time of Day is selected, options appear for AM or PM, hours from 1 to 12, and every day or specific days of the week can be selected.
Enable share scheduling
When set to managed and checked, a schedule for Share Scan Interval and Share Schedule can be set. Share Scan Interval is how often the directory watcher scans folders that are part of a Share Room for changes. Values vary from Automatic to 48 hours. Share Schedule allows a set schedule to be set based on time of day or days of the week. If Frequency is selected, the Share Scan Interval will be used as the backup schedule. If Time of Day is selected, options appear for AM or PM, hours from 1 to 12, and every day or specific days of the week can be selected.
Enable automatic re-scan of changed folders
When set to managed and checked, this allows the Groups application's directory watcher to scan folders for changes automatically. This does not change the backup schedule, but keeps a list of files that have been changed and will be added to the upload queue during the next scheduled backup.
Network
HTTP proxy enabled
When set to managed and checked, values for proxy hostname, proxy port, and proxy username can be entered.
Limit bandwidth
When set to managed and checked, a value can be entered in the Max upload KB/s field. Enter numbers only.
General
Mac downloads location
When set to managed and checked, this allows the administrator to specify the folder where downloads from the application will be downloaded to.
Linux downloads location
When set to managed and checked, this allows the administrator to specify the folder where downloads from the application will be downloaded to.
Windows XP downloads location
Windows XP is no longer supported, so this policy is deprecated and will be removed in a future version of the Management Console.
Windows Vista+ downloads location
When set to managed and checked, this allows the administrator to specify the folder where downloads from the application will be downloaded to.
Backup Selection
Mac backup selection enabled
When set to managed and checked, this allows the administrator to select specific locations to be part of the default backup set.
Mac backup selection scope
When set to exact, only the specified locations will be backed up. No other folders may be added or removed by the user. When set to at least, the specified locations will always be backed up. The user is free to add other folders to also be backed up if desired.
Mac backup selection type
The basic setting allows the administrator to specify common folders that should be backed up, such as documents, photos, movies, music, and desktop. The advanced setting allows the administrator to enter specific paths that should be backed up, as well as paths that should be excluded ("deselected"). Enter one path per line. Environmental variables may be used.
Linux backup selection enabled
When set to managed and checked, this allows the administrator to select specific locations to be part of the default backup set.
Linux backup selection scope
When set to exact, only the specified locations will be backed up. No other folders may be added or removed by the user. When set to at least, the specified locations will always be backed up. The user is free to add other folders to also be backed up if desired.
Linux backup selection type
The basic setting allows the administrator to specify common folders that should be backed up, such as documents, photos, movies, music, and desktop. The advanced setting allows the administrator to enter specific paths that should be backed up, as well as paths that should be excluded ("deselected"). Enter one path per line. Environmental variables may be used.
Windows XP backup selection enabled
Windows XP is no longer supported, so this policy is depreciated and will be removed in a future version of the Management Console.
Windows Vista+ backup selection enabled
When set to managed and checked, this allows the administrator to select specific locations to be part of the default backup set.
Windows Vista+ backup selection scope
When set to exact, only the specified locations will be backed up. No other folders may be added or removed by the user. When set to at least, the specified locations will always be backed up. The user is free to add other folders to also be backed up if desired.
Windows Vista+ backup selection type
The basic setting allows the administrator to specify common folders that should be backed up, such as documents, photos, movies, music, and desktop. The advanced setting allows the administrator to enter specific paths that should be backed up, as well as paths that should be excluded ("deselected"). Enter one path per line. Environmental variables may be used.
Automatic Purge
Days until purging deleted items
When set to managed and checked, the value is the number of days after which deleted items are removed from user accounts. If this option is user controlled, or managed but no value is entered, deleted items will be automatically removed from user accounts.
A value of 0 (zero) or leaving the field empty means that deleted items will not be retained. If you wish to retain deleted items indefinitely, use an appropriately large number of days such as 99999 (which is 273 years).
Days until purging historical versions
When set to managed and checked, the value is the number of days after which historical versions are removed from user accounts. If user controlled is selected, or managed is selected but no value is entered, historical versions will be automatically removed from user accounts.
A value of 0 (zero) or leaving the field empty means that historical versions will not be retained. If you wish to retain historical versions indefinitely, use an appropriately large number of days such as 99999 (which is 273 years).