Deployment script and command reference

Updated

Overview

When you create a deployment policy in the CrashPlan console, the process generates user-detection scripts and arguments for CrashPlan app install commands. This article provides details about the scripts for Windows, Mac, and Linux devices.

Need help?
For assistance, contact your Account Executive to engage the CrashPlan Professional Services team. If you don't know who your Account Executive is, contact our technical support team.

Considerations

This article assumes you understand the introduction to deployment provided by the article Deploy CrashPlan apps .

To use these deployment tools, you need to sign in to your CrashPlan console as a user with the Security Administrator role. 

Deployment is a secure process:

  • During installation, device-server communications are encrypted.
  • Devices can use a proxy to reach the CrashPlan cloud. See the PROXY_URL parameter.
  • Deployment can run silently, with no intervention from users at devices.

About user detection scripts

CrashPlan relies on usernames having an email format, for instance, firstname.lastname@example.com. A user detection script detects the usernames in another system, such as a directory service, and transforms them to a username format that CrashPlan can use. When you create a user detection script, you must customize it for the system where you need to detect usernames.

To make it easier to create a user detection script that's right for your situation, we provide example scripts for Windows and Mac systems. You can use these examples as a starting place when creating your own user detection script.

Windows

For CrashPlan apps on Windows devices, a deployment policy provides:

  • A user detection script to provide the CrashPlan app with a username and home directory for the device. The script can also optionally specify the user's organization.
  • Installation properties to serve as the arguments string to a CrashPlan app install command.

Windows user detection script

When you create a deployment policy, you must also create a custom user detection script. A user detection script examines the host device and provides the CrashPlan app with a username and home directory. The script resides on the CrashPlan cloud. The CrashPlan app retrieves it during the install process.

The CrashPlan cloud requires a custom script
Because user names in the CrashPlan cloud must be email addresses, deployments for connection to the CrashPlan cloud always require a customized user detection script.

You need to create a custom script because CrashPlan usernames must be email addresses. If you need help, contact your Account Executive to engage the Professional Services team.

How the Windows script works

The user detection script for Windows:

  • Uses the device's operating system to determine the most recent logged-on username.
  • Calculates the typical home directory for that username.

The user detection script then reports these two values to a standard output.

Require users to manually enter their usernames
To require users to enter their usernames manually, do not use a detection script. In the deployment policy, leave all operating systems deselected to create a deployment policy without a user detection script.

Tips to create a custom Windows script

Create a custom script and paste your script into your deployment policy. If you need help, contact your Account Executive.

When creating your custom script, be aware of the following:

  • Every script must end by echoing values for two variables.

    echo AGENT_USERNAME=<value> echo AGENT_USER_HOME=<value>

  • In the CrashPlan cloud, usernames must be email addresses.

    echo AGENT_USERNAME=%current_user%@example.com

  • Optionally, you can also specify the the organization for the user. Use the registration key for the organization. If the organization is not defined, the user registers to the organization specified in the deployment policy.

    echo AGENT_ORG_REG_KEY=<value>
  • You must provide values. Null values and empty strings will not work.

  • If you cannot write a script to provide a workable value, write a message for the username field of the CrashPlan app sign in dialog, for example:

    echo "AGENT_USERNAME=Enter name and click Sign in"
  • The values cannot include either single (') or double (") quotation marks.

Windows command and arguments

Deployment policy command arguments need to be imported into your software management tool.

Commands and arguments are detailed here in case you need to modify them for some reason, or to help you deploy without a software management tool.

  • To install a CrashPlan app for all users of a device, sign in to an account with administrative rights and issue a command like the following:
msiexec /i CrashPlan_n.n.n_Win64.msi 
 CP_ARGS="DEPLOYMENT_URL=https://.host
 &DEPLOYMENT_POLICY_TOKEN=0fb12341-246b-448d-b07f-c6573ad5ad02
 &PROXY_URL=http://.host/fname.pac"
 CP_SILENT=true DEVICE_CLOAKED=false /norestart /qn
  • To install for one user only, sign in as that user, and append the following three parameters to the command:
    • ALLUSERS=2
    • MSIINSTALLPERUSER=1
    • INSTALL_PER_USER=1

Here are the individual parts of a command:

Elements Description
msiexec /i Windows command to install a product.
CrashPlan_n.n.n_Win64.msi Name of CrashPlan app installer file, version n.n.n. You must update the filename and version number to match the version being deployed. 
CP_ARGS=" Start of the installation properties copied from the deployment policy.
DEPLOYMENT_URL=
https://.host		 The address of your CrashPlan console. The CrashPlan app requests its deployment policy from this address.
DEPLOYMENT_POLICY_TOKEN= A unique ID string identifies each deployment policy.
PROXY_URL=
http://.host/fname.pac		 This argument is only present when your policy configuration says Use Org Proxy URL: Yes.

If the argument is present, but has no value, the policy says use proxy: yes, but the organization has no proxy addresses defined.
" The value of CP_ARGS begins and ends with quote marks.
CP_SILENT=true or false
  • True: The CrashPlan app does not open after installation. However, the CrashPlan app is still a visible application users can open manually. The CrashPlan icon also appears in the notification area (tray).
  • False: The CrashPlan app user interface opens on the user's device immediately after installation.
DEVICE_CLOAKED=true or false

The Client Visibility setting for this organization.

  • True: Most CrashPlan app user interface elements are hidden from users.
  • False: All CrashPlan app user interface elements are visible to users.

This argument only affects client visibility during initial deployment. Future changes to the Client Visibility setting in the CrashPlan console are automatically pushed to the device.
/norestart The Windows operating system does not restart after the CrashPlan app installs.
/qn Quiet: The Windows installer does not open a console and does not prompt the user.
/l* filename CrashPlan app writes installation logs to filename.
ALLUSERS=2
MSIINSTALLPERUSER=1
INSTALL_PER_USER=1		 Add these three parameters if you wish to install the CrashPlan app for only the currently signed-in user, not all users of the device.
ARPNOREMOVE= Optional) Add this parameter to prevent users from uninstalling the CrashPlan app from the Start menu and Add/Remove programs in the Control Panel.

The ARPNOREMOVE parameter does not require a value. Any value, including false or null, prevents uninstalling.

Example Windows user detection scripts

Following are example user detection scripts for the Windows platform. For help with these scripts, contact your Account Executive to engage the Professional Services team. 

General usage:

  • Replace domain.com with your domain name.
  • Add users you want to exclude from processing to the denylist in each script (look for ExcludedUsers or Excluded Users). This helps IT teams ensure that the CrashPlan installation is set up for the correct end users, and not the support staff setting up the Windows computers for the first time.

Domain-joined username detection

Professional Services filename: Win_Azure_ADSI_Combined_Userdetect.bat

This script detects users running explorer.exe and determines their email addresses from the directory. This script is the default Windows user detection script used by the CrashPlan Professional Services team. For Entra, the script looks at one of two registry keys. This script requires an active connection to a Windows domain and requires Powershell v.4.0 or later. 

Explorer.exe script

Professional Services filename: UserDetect_Explorer_AppendDomain.bat

The following script detects users running explorer.exe and appends the domain of the email address. The script sets the home directory by adding the username to the \Users directory path in Windows. This script requires PowerShell v.4.0 or later.

First name and last name script

Professional Services filename: UserDetect_FirstLastname_LastLoggedOnDisplayName.bat

The following script detects the locally logged-in users' first and last names and edits the string to create a username of firstname.lastname.  

Local account script

Professional Services filename: UserDetect_FirstLastName_NoActiveDirectory.bat

The following script retrieves names from a local account, joins the first name to the last name to create a username of firstname.lastname, and appends the domain of the email address. This script needs the Full Name field for a local account to be populated with a user's first name and last name separated by a space. This script requires PowerShell v4.0 or later.

Text file script

Professional Services filename: UserDetect_ReadFromFile_User.bat

The following script reads a text file (default location C:\Temp\CrashPlan_User.txt) for the user email addresses, and sets the home directory by adding the username to the \Users directory path in Windows. This script requires PowerShell v.4.0 or later.

Last logged on user script

Professional Services filename: UserDetect_Registry_AppendDomain.bat

The following script detects which user last logged in using the LastLoggedOnUser registry value in HKLM, and appends the domain of the email address. The script sets the home directory by adding the username to the \Users directory path in Windows.

Mac

For CrashPlan apps on Mac devices, a deployment policy provides:

  • A detection script to provide the CrashPlan app with a username and home directory for the device. The script can also optionally specify the user's organization.
  • A deploy.properties file to distribute along with the CrashPlan app installer package.

Before CrashPlan app installers run
Before CrashPlan app installers can run properly, the deploy.properties file must be in placed in the management tool or the device's file system.

Mac user detection script

When you create a deployment policy, you must also create a custom user detection script. A user detection script examines the host device and provides the CrashPlan app with a username and home directory. The script resides on the CrashPlan cloud. The CrashPlan app retrieves it during the install process.

The CrashPlan cloud requires a custom script
Because user names in the CrashPlan cloud must be email addresses, deployments for connection to the CrashPlan cloud always require a customized user detection script.

You need to create a custom script because CrashPlan usernames must be email addresses. If you need help, contact your Account Executive for enterprise support.

How the Mac script works

The user detection script for Mac:

  • Uses the device's operating system to determine the most recent logged-on username.
  • Calculates the typical home directory for that username.

The detection script then reports these two values to a standard output.

Require users to manually enter their usernames
To require users to enter their usernames manually, do not use a detection script. In the deployment policy, leave all operating systems deselected to create a deployment policy without a user detection script.

Python scripting language runtime is deprecated in macOS

According to the macOS Catalina 10.15 Release Notes, Apple deprecated bundling scripting language runtimes, including Python, in the Catalina release of macOS. This means that any Mac user detection script using Python may break in a future macOS.

To prevent this problem, if your user detection script uses Python, replace this:

 /usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'

with this:

echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }'

Removing Python calls from your user detection script in this way ensures proper functioning of the script in future macOS versions.

Tips to create a custom Mac script

Create a custom script and paste your script into your deployment policy. If you need help, contact your Account Executive for enterprise support.

When creating your custom script, be aware of the following:

  • Every script must end by echoing values for two variables:

    echo "AGENT_USERNAME=<value>"
echo "AGENT_USER_HOME=<value>"

  • In the CrashPlan cloud, usernames must be email addresses.

    echo "AGENT_USERNAME=${user}@example.com"

  • Optionally, you can also specify the the organization for the user. Use the registration key for the organization. If the organization is not defined, the user registers to the organization specified in the deployment policy.

    echo AGENT_ORG_REG_KEY=<value>
  • You must provide values. Null values and empty strings will not work.

  • If you cannot write a script to provide a workable value, write a message for the username field of the CrashPlan app sign in dialog, for example:

    echo "AGENT_USERNAME=Enter name and click Sign in"
  • The values cannot include either single (') or double (") quotation marks.

Mac commands

Deployment policy command arguments need to be imported into your software management tool.

Commands and arguments are detailed here in case you need to modify them for some reason, or to help you deploy without a device management tool.

  • To install a CrashPlan app for all users of a device, sign in to an account with administrative rights and issue a command like the following:
hdiutil attach CrashPlan_n.n.n_Mac.dmg
installer -package "/Volumes/CrashPlan/Install CrashPlan.pkg"  
-target LocalSystem
hdiutil detach /Volumes/CrashPlan
  • To install for one user only, sign in as that user and use targetCurrentUserHomeDirectory

Individual parts of the commands are as follows:

Elements Description
hdiutil attach CrashPlan_n.n.n_Mac.dmg Mount the CrashPlan app disk image. You must update the name of the installer file to match the exact name and version number being deployed.
installer -package
"/Volumes/CrashPlan/Install CrashPlan.pkg"		 Run the install program.
 

-target LocalSystem

-target CurrentUserHomeDirectory

Install the CrashPlan app for all users of the device.

Or, install for only the current user.
hdiutil detach /Volumes/CrashPlan Unmount the CrashPlan app disk image.

Mac deploy.properties file

The typical deploy.properties file reads like this:

DEPLOYMENT_URL=https://.host
DEPLOYMENT_POLICY_TOKEN=0fb12341-246b-448d-b07f-c6573ad5ad02
CP_SILENT=true
DEVICE_CLOAKED=false
PROXY_URL=http://.host/fname.pac

Individual parts of that file are as follows:

Elements Description
DEPLOYMENT_URL=
https://.host		 The address of your CrashPlan console. The CrashPlan app requests its deployment policy from this address.
DEPLOYMENT_POLICY_TOKEN= A unique ID string identifies each deployment policy.
CP_SILENT=true or false
  • True: The CrashPlan app does not open after installation. However, the CrashPlan app is still a visible application users can open manually. The CrashPlan icon also appears in the menu bar.
  • False: The CrashPlan app user interface opens on the user's device immediately after installation.
DEVICE_CLOAKED=true or false

The Client Visibility setting for this organization.

  • True: Most CrashPlan app user interface elements are hidden from users.
  • False: All CrashPlan app user interface elements are visible to users.

This argument only affects client visibility during initial deployment. Future changes to the Client Visibility setting in the CrashPlan console are automatically pushed to the device.

PROXY_URL=

http://.host/fname.pac

The address of a proxy auto-config file. The file tells a CrashPlan app how to communicate with CrashPlan through a proxy server.

This argument is only present when your policy configuration says Use Org Proxy URL: Yes.

If the argument is present, but has no value, the policy says use proxy: yes, but the organization has no proxy addresses defined.

Mac deploy.properties file location

When the CrashPlan app installer runs on Mac, it looks for the deploy.properties file in three locations, in the following order:

  1. (Best practice) In the directory /Library/Application Support/CrashPlan
    Installations for a single user use ~/Library rather than /Library.
  2. In the disk image, typically in /Volumes/CrashPlan
  3. In a Jamf Pro temp directory /tmp/mountpt/CrashPlan

Store in Library
For most software management tools, the best location is the first option: /Library/Application Support/CrashPlan

Location 1, Application Support (best practice) 

For deployment with most software management tools, including Jamf Pro, store the file here: /Library/Application Support/CrashPlan/deploy.properties

To install for a single user, rather than all users of a device, use  ~/Library rather than /Library.

To create the directory and write the file, run a bash script like the following where you replace <deploy.properties> with the text from your deploy.properties file:

#!/bin/bash
mkdir -p /Library/Application\ Support/CrashPlan
echo "<deploy.properties>" > /Library/Application\ Support/CrashPlan/deploy.properties

Location 2, the disk image

Adding deploy.properties to the installer disk image is best for users starting an install manually, by clicking on the .dmg file.

Test this option
Not all deployment software mounts the disk image in the same location, making deploy.properties in the disk image hard to find.

Add deploy.properties to the disk image as follows:

  1. Make a writable copy of the disk image.
  2. Mount the writable copy.
  3. Copy deploy.properties to the new image's root directory.
  4. Unmount the image.
  5. Return the image to the read-only state.

The following example shows the commands needed to add the deploy.properties file to the disk image.

hdiutil convert -format UDRW CrashPlan_n.n.n_Mac.dmg -o AGENT_n.n.n_w.dmg
hdiutil attach AGENT_n.n.n_w.dmg
cp deploy.properties /Volumes/CrashPlan/deploy.properties
hdiutil detach /Volumes/CrashPlan
hdiutil convert -format UDRO AGENT_n.n.n_w.dmg -o AGENT_n.n.n_ro.dmg

Location 3, Jamf Pro tmp
: /tmp/mountpt/CrashPlan

This location is unique to the Jamf Pro device management tool.

Example Mac user detection scripts

Following are example user detection scripts for the Mac platform. For help with these scripts, contact your Account Executive to engage the Professional Services team.

General usage:

  • Replace domain.com with your domain name.
  • Add users you want to exclude from processing to the denylist in each script (look for admin1|admin2|admin3). This helps IT teams ensure that the CrashPlan installation is set up for the correct users, and not the support staff setting up the Mac computers for the first time.

Prompt for email script

Professional Services filename: Email_prompt_for_email.sh

The following script creates a pop-up notification at CrashPlan app installation time prompting users to input their email address, which automatically registers the users in CrashPlan and starts backup. This script provides an alternative when no other scripts work and you want the end user to manually input their email address.

First initial and last name script

Professional Services filename: UserDetect_and_modify_firstinitial_dot_lastname.sh

The following script detects the locally logged-in users' first and last names and edits the string to create a username of firstinitial.lastname.

First name and last name script

Professional Services filename: UserDetect_and_modify_firstname_dot_lastname.sh

The following script detects the locally logged-in users' first and last names and edits the string to create a username of firstname.lastname.

Text file script

Professional Services filename: UserDetect_from_text.sh

The following script reads the username from a text file (located by default at /tmp/CrashPlantest.txt). Use when no other logical way of finding the username can be determined and no user interaction is desired.

Last logged on user script

Professional Services filename: UserDetect_last_plus_domain.sh

The following script checks the last known logged in users and narrows down the list to the currently logged-in user.

Scutil script

Professional Services filename: UserDetect_scutil_user_plus_domain.sh

The following script uses the system configuration utility (scutil) to detect the logged-in user. The client's email domain needs to be appended to the resulting username to get a valid CrashPlan username.

DSCL script

Professional Services filename: UserDetect_using_DSCL.sh

The following script obtains the user's email address from the domain records stored on the client using the Directory Service command line utility (DSCL). The Mac must be domain-bound.

Jamf plist script

Professional Services filename: macuserdetection-plist.sh

The following script is helpful if you use Jamf for device management. The script places a plist on the local machine that is populated with the username associated with the device from Jamf. This script is a good option if you have a username associated with a specific device in JAMF, but you do not have assurance that the usernames on the local device match the username part of the email address. This script requires additional setup in Jamf

To use this script:

  • Place the script into your deployment policy.
    You may need to update the script depending on your Jamf version and configuration. Earlier versions of Jamf put the plist in ~/Library/Preferences/, but later versions put it in /Library/Managed Preferences/.
  • In Jamf, create a new configuration profile or edit an existing one.
  • Go to Custom Settings (or Application & Custom Settings, depending on your Jamf version), and upload the following com.crashplan.email file.
    This is a sample plist file. If you prefer, you can create your own, as long as the EMAIL variable is present as a key that matches what the deployment policy is set up to read.

Linux

For CrashPlan apps on Linux devices, a deployment policy provides:

  • A custom-written detection script to provide the CrashPlan app with a username and home directory for the device. The script can also optionally specify the user's organization.
  • Installation properties to serve as the arguments string to a CrashPlan app install command.

Linux user detection script

A user detection script examines the host device and provides the CrashPlan app with a username and home directory. The script resides on the CrashPlan cloud. The CrashPlan app retrieves it during the install process.

Require users to manually enter their usernames
To require users to enter their usernames manually, do not use a detection script. In the deployment policy, leave all operating systems deselected to create a deployment policy without a user detection script.

Tips to create a custom Linux script

Create a custom script and paste your script into your deployment policy. If you need help, contact your Account Executive for enterprise support.

When creating your custom script, be aware of the following:

  • Every script must end by echoing values for two variables:

    echo AGENT_USERNAME=<value>;
echo AGENT_USER_HOME=<value>;
  • In the CrashPlan cloud, usernames must be email addresses.

  • Optionally, you can also specify the the organization for the user. Use the registration key for the organization. If the organization is not defined, the user registers to the organization specified in the deployment policy.

    echo AGENT_ORG_REG_KEY=<value>
  • You must provide values. Null values and empty strings will not work.
  • The values cannot include either single (') or double (") quotation marks.

Linux commands and arguments

Deployment policy command arguments need to be imported into your software management tool. 

Commands and arguments are detailed here in case you need to modify them for some reason, or to help you deploy without a device management tool.

  • To install a CrashPlan app for all users of a device, sign in to an account with root access and issue a command like the following:
tar -xvf CrashPlan_n.n.n_Linux.tgz
sudo crashplan-install/install.sh -q -d "DEPLOYMENT_URL=https://host
  &DEPLOYMENT_POLICY_TOKEN=0fb12341-246b-448d-b07f-c6573ad5ad02
  &PROXY_URL=http://host/filename.pac"
  • To install for one user only: Append the -u command with a user name. For example: -u "first.last"
Elements Description
tar -xvf CrashPlan_n.n.n_Linux.tgz Unpack the installer file. You must update the name of the installer file to match the exact name and version number being deployed. 
crashplan-install/install.sh Run the CrashPlan app install script.

-q

-d

-u

-c

q: Quiet. Do not open a console. Do not prompt the user.

d: Deployment. Apply the following properties.

u: Install for the specified username

cClient visibility for this organization is set to Hidden, which hides most CrashPlan app user interface elements from users. This only affects client visibility during initial deployment. Future changes to the Client Visibility setting in the CrashPlan console are automatically pushed to the device.
" Start and end the following properties with a quote.
DEPLOYMENT_URL=
https://.host		 The address of your CrashPlan console. The CrashPlan app requests its deployment policy from that address.
DEPLOYMENT_POLICY_TOKEN= A unique ID string identifies each deployment policy.

PROXY_URL=

http://.host/fname.pac

The address of a proxy auto-config file. The file tells a CrashPlan app how to communicate with CrashPlan through a proxy server.

This argument is only present when your policy configuration says Use Org Proxy URL: Yes.

If the argument is present, but has no value, the policy says use proxy: yes, but the organization has no proxy addresses defined.
" Start and end the above properties with a quote.

Linux deploy.properties file

Linux supports the use of a deploy.properties file just like in macOS. The same method can be used to deploy linux endpoints.

On Linux, the deploy.properties file is placed in the /usr/local/crashplan directory.

To create the directory and write the file, run a bash script like the following where you replace <deploy.properties>with the text from your deploy.properties file:

#!/bin/bash
mkdir -p /Library/Application\ Support/CrashPlan
echo "<deploy.properties>" > /usr/local/crashplan/deploy.properties
 
For more information see Mac deploy.properties file.
Was this article helpful?
0 out of 0 found this helpful