Overview
CrashPlan administrators can use the Block, Deauthorize, and Deactivate actions to control data access and manage accounts. This guide explains the specific impact each of these actions has on organizations, users, and devices in your CrashPlan environment to help you choose the right tool for your specific situation.
Considerations
Before applying these actions, it is helpful to understand the basic information hierarchy in CrashPlan:
- Organization: The top level of the hierarchy. Settings applied to organizations can cascade down. An organization can contain users and child organizations.
- User: A single account with one set of credentials and an encryption key, belonging to exactly one organization.
- Device (Endpoint): A single computer, identified by a GUID, assigned to a user.
Quick comparison
| Action | Destructive? | Backup Activity | Applies To |
|---|---|---|---|
| Block | No | Continues | Devices, Users, Organizations |
| Deauthorize | No | Stops | Devices only |
| Deactivate | Yes (data loss) | Stops | Devices, Users, Organizations |
Block (access control)
Blocking immediately revokes access to the CrashPlan environment without affecting existing data or halting ongoing backups. Devices and users continue to consume a license.
Impact
- Devices: Users are signed out of the app and cannot sign back in, restore data, or alter their settings on that specific device. Background backups continue uninterrupted.
- Users: The user cannot sign in to the web console or the app on any device. Existing backups are untouched, and background backups continue. Audit log events are retained for 90 days.
- Organizations: Blocking an organization blocks all of its users and any child organizations.
Common use cases
- Theft or Loss: Secure the data from unauthorized access while allowing backups to continue in case the device connects to the internet.
- Legal Holds: Restrict a user's access during legal proceedings.
Deauthorize (sign-out)
Deauthorization is a simple sign-out action that applies only to devices. It pauses activity until the user authenticates again. Devices still consume a license.
Impact
- Devices: The current user is signed out of the CrashPlan app. Backup activity halts entirely until they sign back in. No data is deleted, but users cannot restore or change settings while signed out.
Common use cases
- Troubleshooting & Testing: Force a fresh sign-in, test user credentials, or refresh the app cache for troubleshooting purposes.
- Temporary Suspension: Halts backup and restore capabilities if a device goes missing.
Deactivate (archive deletion)
Deactivation is a destructive action. It immediately stops all backups, revokes access, and prepares backup archives for deletion.
Permanent data loss warning
Archives are immediately sent
to
Cold storage
when a device is deactivated. If the device is not reactivated
before the cold storage period expires (14 days by default), the backup
archives are
permanently purged and cannot be recovered.
Impact
- Devices: Backups stop, and the user is signed out. While the user can sign back in later, all previous backup archives tied to that device are removed from destinations and sent to cold storage.
-
Users: Device backups halt. The user is signed out across all sessions and cannot sign in until manually reactivated. All of their backup archives are moved to cold storage. They will only stop consuming a license once their archives are permanently purged from cold storage.
Users on Legal Hold cannot be deactivated, but they can be blocked. - Organizations: Deactivating an organization deactivates all of its users and child organizations.
Common use cases
- Offboarding: Securing and closing out an account when an employee leaves.
- Reclaiming Licenses: Freeing up licenses tied to inactive users or retired hardware.
- Device Recycling: Permanently retiring a computer from service.