Overview
Due to Apple privacy restrictions, administrators must grant CrashPlan permission to access specific applications and locations on user devices to ensure the CrashPlan app is able to back up all necessary areas of the device.
This article uses examples from Jamf Pro and Jamf's Privacy Preferences Policy Control (PPPC) Utility. While the same general concepts apply to deploying a .mobileconfig file with other tools, implementation details can vary slightly. Consult the product documentation for your device management provider.
If you need help creating a .mobileconfig file with other tools, contact your Account Executive to engage the CrashPlan Professional Services team.
Required permissions
CrashPlan requires explicit permission for any location containing files you want to back up. For best results, allow access to all areas of the device (sometimes also referred to as "full disk access"), but work with your internal stakeholders to determine what is appropriate for your environment.
Steps
The options below must be performed from a Mac with the CrashPlan app already installed.
Option A: Use our sample configuration profile
Test your configuration profile before use
The sample .mobileconfig file below will work for most environments, but should be tested thoroughly before deploying it to your production environment.
This .mobileconfig sample allows CrashPlan access to locations to include for backup:
- Desktop
- Documents
- Downloads
- Photos
- Calendar
- Address Book
Follow the instructions in Jamf's guide to deploy custom configuration profiles to deploy the .mobileconfig file to devices in your environment.
The sample mobileconfig file is attached at the bottom of this article.
Option B: Create and deploy your own configuration profile
The steps below use Jamf's Privacy Preferences Policy Control (PPPC) Utility to create a .mobileconfig file.
- Download and open Jamf's Privacy Preferences Policy Control (PPPC) Utility.
- Click the + icon to add an application.
- From the dialog of all applications, select CrashPlan CrashPlan.
- In the Properties section, select Allow for all areas you want to back up. You should allow access to all items, but work with your internal stakeholders to determine what is best for your environment.
- Above the Apple Events column, disable Big Sur Compatibility.
Big Sur Compatibility mode adds more permissions objects to the configuration, none of which are needed by CrashPlan. Enabling Big Sur Compatibility mode also means the configuration profile will not work on devices running macOS versions older than Big Sur. - Click Save.
- Enter an Organization and Payload Name.
- Click Save.
A .mobileconfig file is created and saved to the location you selected. - Follow the instructions in Jamf's guide to deploy custom configuration profiles to deploy the .mobileconfig file to devices in your environment.
Full disk access not showing on Mac
Due to an Apple limitation, the CrashPlan app may not appear listed in the Security & Privacy window for Full Disk Access depending on your macOS version. However, the CrashPlan app will still be granted full disc access via the configuration profile.
You can confirm full disc access by going to Profiles, selecting the CrashPlan app, and verifying that it lists Access All Application Data as Allowed.
Confirm full disk access status
You can confirm if full disk access permissions are configured correctly for both a specific device and an entire organization by generating a device status report from the CrashPlan console. This report will include the status of full disk access permissions for each device listed.
To generate a device status report, navigate to Administration > Status > Reporting and select the Device Status Report tab. Toggle the different criteria to suit your needs and then select Run Report.
By default, the Full Disk Access Status filter will be set to "Any." To search for devices lacking the appropriate permissions, set the Full Disk Access Status filter to Disabled before running the report.
External resources
Downloads
Jamf Pro guides
- Computer Configuration Profiles
- Deploying Custom Configuration Profiles
- Preparing Your Organization for User Data Protections on macOS 10.14