CrashPlan console settings

This article applies to CrashPlan Professional, Enterprise, and MSPs.png


This article lists settings in the CrashPlan console that you should use to optimize operation of your CrashPlan cloud environment. It lists only the highest-value settings rather than all settings in the CrashPlan console.

 Let CrashPlan set up your console settings

Rather than managing these settings yourself, consider having the CrashPlan team set them for you. Click here to request that Professional Services update your CrashPlan environment to the settings in this article. 


  • You must have the Customer Cloud Admin role to apply these settings.
  • The settings in this article reside at the organizational level. To apply the settings to a child organization only, ensure that you first disable inheritance from the parent organization. For example:
    • To disable inheritance of all device defaults, on the Device Backup Default Settings General tab, deselect Use device defaults from parent.
    • To disable inheritance of security settings for an organization, on the Organization Settings Security tab, deselect Inherit security settings from parent

Security settings

Device backup defaults security settings

To change the following settings, navigate to the the Security tab of device backup defaults.

Feature Setting Push or Lock? Benefit
Require account password to access CrashPlan app
Selected Lock Requires that the user enter the correct password to open the CrashPlan app. This setting helps protect backed up files from being accessed or deleted by an unauthorized user.
Archive Key Encryption Key Standard Lock

Allows users or administrators to restore files from archives without providing an additional password. For best operation, use the Standard setting. 


Lock the setting to prevent users from setting archive key passwords in the CrashPlan app. If users set archive key passwords, administrators can be locked out of user backup if the administrators cannot provide the passwords that users set.

Organization security settings

To change the following settings, navigate to the Security tab of organization settings. 

Feature Setting Push or Lock? Benefit
Web Restores Disabled Lock

Prevents administrators in the organization from performing zip file web restores, thereby keeping archive data from being decrypted on the CrashPlan server system. This secures user data from access on the server by administrators. Use this setting if your organization adheres to NIST 800-171 compliance


Lock the setting to prevent other administrators from changing it.

Client Visibility Hidden Lock Removes most user-facing indications of CrashPlan's presence from endpoints. 

General settings

To change the following settings, navigate to the the General tab of device backup defaults.

Feature Setting Push or Lock? Benefit
When user is away, use up to __ %
80 Lock Allows adequate resource allocation for CrashPlan operations, including the the initial file collection scan, without taking too many resources away from other applications.

When user is present, use up to __ %

Global Exclusions Set to our global exclusions Lock

Excludes non-user files from collection in archives, such as operating system and application files. Using our global exclusions results in less resource and bandwidth usage. These exclusions apply to backed up files only. Security monitoring of these files still continues. 


Setting Global Exclusions excludes the files from backup no matter where the files are being backed up to, whether to local storage (for example, an external drive) or to CrashPlan cloud storage. Files selected with this setting are also removed from all archives.


Lock this setting to prevent users from using the CrashPlan app to override the global file exclusions.

Cloud Exclusions None Lock Prevents files from being backed up only to local storage. As a result, the size of backup and restore file selections more closely match archive size in the cloud. 
Preferred time for verification scan

7 days at 12:00



Runs a file verification scan at noon every seven days to check endpoints for file changes and deleted files within file backup selections. Setting the scan at noon increases the chance that the endpoints are powered on and awake.


If the scan is run during off-business hours when endpoints are typically powered off or asleep, the scan cannot run until the next time the endpoint is powered on and awake, tying up endpoint resources just when users are starting them up for their work day.


Lock this setting to prevent other administrators from changing it. (Users can still manually scan for file changes from the CrashPlan app.)

Backup settings

To change the following settings, navigate to the the Backup tab of device backup defaults.

Feature Setting Push or Lock? Benefit
File selection: Included files :allusers Lock

Backs up all files in all users' home folders through use of the :allusers substitution variable. Backups include the parent Users folder:

  • Windows: C:\Users\ 
  • Mac /Users/ 
  • Linux: /home/ 

Lock this setting to prevent users from removing folders or files from file selection in the CrashPlan app.

Pausing Controls:
Allow pausing of:

Unselected Lock

Removes all pause controls from the CrashPlan app, thereby preventing users from pausing backups and downloads of files, including files under legal hold. Preventing pausing of backups ensures more complete sets of backup files, because every time a backup is paused, it can result in some files being missed in the process.


Lock the setting to prevent other administrators from changing it.

Frequency and versions:
Remove deleted files
90 days Lock Removes deleted files from backups after 90 days. 

Global exclusions

You should exclude operating system files, application files, and the like from being backed up, since users don't directly interact with these files and they can be restored by reinstalling the operating system or application. Set Global Exclusions to exclude the following files.

(?i)^.*(\.class|-journal|\.Win386\.SWP|PM_HIBER\.BIN|SAVE2DSK\.BIN|SYSTEM\.DAT|TOSHIBER\.DAT|Thumbs\.db|USER\.DAT|\.bck|\.bkf|\.cdt|\.hdd|\.hds|\.icloud|\.ini|\.lrprev|\.manifest|\.mum|\.nib|\.nvram|\.ost|\.part|\.pvm|\.pvs|\.rbf|\.tibx?|\.tmp|\.upd|\.avhdx|\.vdi|\.vfd|\.vhd|\.vhdx|\.vmc|\.vmdk|\.vmem|\.vmsd|\.vmsn|\.vmss|\.vmtm|\.vmwarevm|\.vmx|\.vmxf|\.vsv|\.vud|\.xva|\.qcow2?|iso|pkg|raw|memory\.dmp|/Lightroom.*Previews\.lrdata|\.sparsebundle|\.sparseimage|/(cookies|permissions)\.sqlite(-.{3})?|\.crdownload)$ (?i)^.*(/Apple.*/Installer Cache/|/Cache/|/Cookies/|/Music/Subscription/|/Plex Media Server/|/Steam/|/Temp/|/\.dropbox\.cache/|/\.git/|/iPod Photo Cache/|/node_modules/|/tmp/|/tsm_images/|\.Trash|\.hdd/|\.pvm/|\.cprestoretmp|\.nvm|\.npm|/\.gradle/).* linux:(?i)^/(usr/(?!($|local/$|local/crashplan/$|local/crashplan/print_job_data/.*))|opt/|etc/|dev/|home/[^/]+/\.config/google-chrome/|home/[^/]+/\.mozilla/|sbin/).* linux:^/(cdrom/|dev/fd/|devices/|dvdrom/|initrd/|kernel/|lost\+found/|proc/|run/|selinux/|srv/|sys/|system/|var/(:?run|lock|spool|tmp|cache)/|proc/).* linux:^/lib/modules/.*/volatile/\.mounted mac:(?i)^.*(/iTunes/Album Artwork/Cache/|/Network Trash Folder/|/Photos Library.*/Thumbnails/|/backups\.backupdb/|/iP.* Software Updates/|/iPhoto Library.*/Thumbnails/|/iPhoto Library/iPod Photo Cache|/migratedphotolibrary/Thumbnails/|\.imovielibrary/.*/Analysis Files/|\.imovielibrary/.*/Render Files/).* mac:^.*(/Trash/|/\.fcpcache/|MobileBackups/|\.Spotlight-.*/|\.fseventsd|\.hotfiles\.btree|/bin/|/home/|/sbin/|/cores/|/private/|/var/).* mac:(?i)^.*(\.imovielibrary/\.lock)$ mac:(?i)^.*(\.DS_Store|\.plist|\.strings)$ mac:(?i)^/(usr/|opt/|etc/|var/|Users/((?!XCode).)*/Applications/|Users/Shared/|dev/|Library/(?!($|Application Support/$|Application Support/CrashPlan/$|Application Support/CrashPlan/print_job_data/.*))|proc/|/Users/.*/.vscode/extensions/).* mac:^/(Applications/|Desktop DB|Desktop DF|Network/|Previous Systems|System/|Users/.*/\.cisco/vpn/log/|Users/.*/\.dropbox/|Users/[^/]+/Library/|\.DocumentRevisions-V100/|\.PKInstallSandboxManager-SystemSoftware|\.adobeTemp/|\.vol/|afs/|automount/|lost\+found/|net/).* win:(?i)^.*(/I386|/System Volume Information/|/Temporary Internet Files/|/Windows Update Setup Files/|\$RECYCLE\.BIN/|/NTUSER|/Safari/Library/Caches/|/Windows Defender/|/cygwin(64)?/(bin|dev|etc|lib|sbin|tmp|var|usr)/|UsrClass\.dat).* win:^.*(/Local Settings/Temp|/Local.*/History/|/LocalService/|/MSOCache|/NetHood/|/NetworkService/).* win:(?i)^.*(/pagefile\.sys|\.etl|\.mui)$ win:(?i)^.:/(Recovery/|boot/|ESD/|Recycler/|Dell/|Intel/|Oracle/|PerfLogs/|Program Files( \(x86\))?/|ProgramData/(?!$|CrashPlan/$|CrashPlan/user_settings/)|Users/All Users/|Users/[^/]+/AppData/|Users/[^/]+/Apple/MobileSync/|Windows(\.old)?/|\$WINDOWS.~(BT|WS)/|\$SysReset/|\$GetCurrent/|_RESTORE/|_SMSTaskSequence/|safeboot/|swsetup/).* win:(?i)^.:/(Config\.Msi|HIBERFIL\.SYS|HIBRN8\.DAT|autoexec\.bat|boot\.ini|bootmgr|bootnxt|bootsect\.bak|config\.sys|io\.sys|msdos\.sys|ntdetect\.com|ntldr|swapfile\.sys)$ (?i)^.*(\.kgdb|\.db|\.srd|-shm|-wal|-lock|\.musicdb|\.tvdb|\.pid)$ (?i)^.*\.photoslibrary/(private/|resources/|database/).*$ (?i)^.*/(.*\.?leveldb)/.*$
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more