Using SyncBackPro > Technical Reference

Windows Group Policies are only supported with SyncBackPro.

Windows Group Policies allow IT administrators to centrally control what users can and cannot do in SyncBackPro. This is useful in enterprise environments where administrators need to restrict users from modifying backup configurations, deleting profiles, or changing global settings.

If using the SyncBack Management Service (SBMS) is not practical or possible, Windows Group Policies are an alternative for restricting user actions. Both approaches can also be used together.

In the current version, only security settings are defined in the group policy (i.e. what users are allowed to do), not default values for profile or application settings. If you have suggestions for additional policies, please contact us.

Installing the ADMX Templates

The SyncBackPro installation includes ADMX and ADML template files in the ADMX sub-directory of the SyncBackPro installation folder. Two pairs of template files are provided:

•2BrightSparks.admx — policies that apply at the computer (machine) level, under Computer Configuration in the Group Policy Editor

•2BrightSparksUsr.admx — policies that apply at the user level, under User Configuration in the Group Policy Editor

Each ADMX file has a corresponding ADML language file in the en-US sub-directory.

To install the templates on a local computer:

1.Copy the .admx files to C:\Windows\PolicyDefinitions\

2.Copy the .adml files to C:\Windows\PolicyDefinitions\en-US\

In a domain environment with a central policy store, copy the files to the corresponding locations in the SYSVOL PolicyDefinitions folder on your domain controller instead.

Once installed, the policies appear in the Group Policy Editor under 2BrightSparks Policy > SyncBackPro in both Computer Configuration and User Configuration.

Available Policies

Each policy has three states: Not Configured (the default, no restriction is applied), Enabled (the action is explicitly allowed), and Disabled (the action is blocked). To restrict a user from performing an action, set the corresponding policy to Disabled.

The following policies are available:

•CanCreateProfiles: Controls whether the user can create new profiles.

•CanDeleteProfiles: Controls whether the user can delete profiles.

•CanModifyProfiles: Controls whether the user can modify the settings of existing profiles.

•CanRenameProfiles: Controls whether the user can rename profiles.

•CanExportProfiles: Controls whether the user can export profiles. Disabling this prevents users from copying profile configurations out of SyncBackPro.

•CanImportProfiles: Controls whether the user can import profiles.

•CanModifyGlobalSettings: Controls whether the user can modify the Global Settings.

•CanModifyLoginSettings: Controls whether the user can modify the SBMS login settings. Disabling this prevents users from changing the SBMS server connection, which is useful when SBMS is used alongside group policies.

•CanRunProfilesManually: Controls whether the user can manually run profiles. When disabled, profiles can only run via schedules or triggers.

•CanRunProfilesToRestore: Controls whether the user can run profiles in restore mode. Disabling this prevents users from performing restore operations.

Policy Priority

When both SBMS and group policies are used, the group policy setting takes priority over the SBMS setting. Within group policy itself, User Configuration policies override Computer Configuration policies. The full priority order, from highest to lowest, is:

1.Group Policy — User Configuration (highest priority)

2.Group Policy — Computer Configuration

3.SyncBack Management Service (SBMS)

4.Local user settings (lowest priority)

This means, for example, that if SBMS allows a user to create profiles but a Computer Configuration group policy disables CanCreateProfiles, the group policy takes precedence and the user will not be able to create profiles. If a User Configuration policy then enables CanCreateProfiles for a specific user, that user will be able to create profiles despite the machine-level restriction.

Registry Path

The policies are stored in the Windows registry under the following path:

SOFTWARE\Policies\2BrightSparks\SyncBackPro

Computer Configuration policies are written under HKEY_LOCAL_MACHINE and User Configuration policies under HKEY_CURRENT_USER. Each policy is a DWORD value: 1 means the action is allowed, 0 means it is blocked. If the value does not exist, the policy is not configured and no restriction is applied.

This registry path can also be used to deploy policies through other management tools (such as Microsoft Intune or registry scripts) without requiring the ADMX templates.