Skip to main content
Code42 Support

Block, deauthorize, and deactivate

Applies to:
  • CrashPlan PROe

Overview

Code42 environment administrators can use block, deauthorize, and deactivate actions to control access to data and manage accounts. This article explains the impact each of these actions has on organizations, users, devices, and plans in the Code42 environment.

Considerations

  • You must have administrative role permissions to perform block, deauthorize, and deactivate actions from the administration console.
  • You should understand the basic information hierarchy of the Code42 environment, including the definitions below:
Device

Represents a single computer or mobile device within your Code42 environment, and is uniquely identified by its GUID. A device is always associated with a single user.

User

Represents a single account within your Code42 environment. A user account has a single set of login credentials (username and password) and a single encryption key for all backups. A user always belongs to one (and only one) organization.

Organization

A group of users. You can define many settings at the organization level, allowing you to configure organizations with different settings for a variety of purposes. Each user can belong to only one organization. An organization can contain child organizations, and an organization can exist without containing any users.

Plan

Data is stored in plans to be shared between SharePlan users and devices. Data for each plan is stored on the enterprise server in an archive. There are two types of plans: personal plans and multi-user plans.

Blocking, deauthorizing, and deactivating at a glance

  • Blocking is a non-destructive action that prevents access to CrashPlan and SharePlan. A blocked user or device cannot sign in.
  • Deauthorizing is a non-destructive action that simply signs a user out of a specific device. Users can sign in again at any time.
  • Deactivating is a destructive action that removes a device, user, organization, or plan from your Code42 environment. An active user can sign in again to a deactivated device, but a deactivated user cannot sign in.

This table shows how blocking, deactivation, and deauthorization can be applied to devices, users, organizations, and plans.

  Devices Users Organizations1 Plans2 Possible Data Loss
Block X X X   No
Deactivate X X X X Yes
Deauthorize X       No

1 Applies to CrashPlan PROe and SharePlan only
2 Applies to SharePlan only

Blocking

Blocking prevents access to the Code42 environment but is not destructive to existing data. Specific implications for CrashPlan, SharePlan, devices, users, and organizations are detailed below.

Device
  • Blocking a device signs the user out of the CrashPlan app or SharePlan app on that device and does not allow the user to sign in again on that device.
  • Users can continue to use other devices.
  • Data on the device is still protected on the enterprise server.
  • CrashPlan continues backing up, but users cannot access CrashPlan on the device to restore data or change settings.
  • SharePlan files stop syncing, but the files remain accessible on the device.
Blocking both CrashPlan and SharePlan devices
A single device using both CrashPlan and SharePlan is listed as two separate devices in the administration console. To prevent access to both the CrashPlan app and SharePlan app, you must block both devices.
User
  • Blocking a user prevents that user from signing in to any part of your Code42 environment:
    • Users cannot sign in to the CrashPlan app or SharePlan app from any device.
    • Online access to the CrashPlan web app, SharePlan web app, and administration console is also blocked.
  • User data is still protected on the enterprise server.
  • CrashPlan continues backing up all of the user's devices, but the user cannot access CrashPlan to restore data or change settings.
  • SharePlan files stop syncing, but the files remain accessible on the user's devices.
Organization

CrashPlan PROe and SharePlan only

Blocking an organization behaves the same way as blocking a single user described above, but the action applies to all users in the organization, as well as all users in child organizations.

Blocking and licensing

  • For user-based licensing, blocked devices still use a license.
  • For storage-based licensing, blocked device data continues to count against your storage limit.

Blocking use cases

  • Theft or loss: you may want backups to continue while searching for the device, but want to prevent unauthorized access to backup archives or unauthorized changes to plan data.
  • Licensing: if you are managing backups for a third party, you may need to block a user for billing purposes.
  • Legal: in legal proceedings, you may need to restrict access to data due to a legal hold.
    For more information on legal holds, see our white paper Leveraging Endpoint Backup for Legal Holds & E-Discovery.

Unblocking

Unblocking a device, user, or organization restores normal access to CrashPlan and SharePlan.

Deauthorizing

Deauthorizing only applies to devices. Users and organizations cannot be deauthorized.

  • Deauthorizing a device signs the current user out of the CrashPlan app or SharePlan app. Users can sign in again at any time.
  • Deauthorization is not destructive, and no data is deleted when deauthorizing a device.
  • CrashPlan stops backing up, and users cannot access CrashPlan on the device to restore data or change settings without signing in again.
  • SharePlan files stop syncing, but the files remain accessible on the device.
Deauthorizing both CrashPlan and SharePlan devices
A single device using both CrashPlan and SharePlan is listed as two separate devices in the administration console. To sign the user out of both the CrashPlan app and SharePlan app, you must deauthorize both devices.

Deauthorizing and licensing

  • For user-based licensing, deauthorized devices still use a license.
  • For storage-based licensing, deauthorized device data continues to count against your storage limit.

Deauthorizing use cases

  • Troubleshooting: deauthorization is sometimes requested by our Customer Champions.
  • Testing: deauthorizing a device can be used to test a user's credentials or other behavior.
  • Theft or loss: the device will be unable to back up, sync, or restore files until the user has signed back in to the device.

Deactivating

Deactivating is a destructive action that prevents access to the Code42 environment and removes user data from devices. Specific implications for CrashPlan, SharePlan, devices, users, organizations, and plans are detailed below.

Permanent Data Loss Warning
Deactivation can destroy data, unlike blocking or deauthorizing.

  • In CrashPlan PRO, deactivated archives are marked for removal and will be permanently deleted within 24 hours.
  • In CrashPlan PROe and SharePlan, deactivated archives on an enterprise server destination are placed into cold storage for the configured cold storage period. Once the cold storage period has passed, the archive is permanently deleted.
  • Archives backed up to a local folder or other account device are immediately deleted upon deactivation. Cold storage is only available for enterprise server destinations.

For step-by-step recommendations on deactivation, see Deactivating & Reactivating Users & Devices.

Device
  • Deactivating a device signs the user out of the CrashPlan app and SharePlan app on that device.
  • The user can sign in again at any time, but archives previously associated with the device will no longer be present.
  • CrashPlan stops backing up and restores are not available.
  • Backup archives are removed from all backup destinations:
    • CrashPlan PROe: The device's backup archive is sent to cold storage. Archives in cold storage do not continue to back up, do not undergo regular archive maintenance, and by default will be deleted after 365 days.
    • CrashPlan PRO: The device's backup archive is marked for removal and will be permanently deleted within 24 hours.
  • SharePlan stops syncing, and all plan data is removed from the device.
Deactivating both CrashPlan and SharePlan devices
A single device using both CrashPlan and SharePlan is listed as two separate devices in the administration console. To deactivate both CrashPlan and SharePlan, you must deactivate both devices.
User
  • Deactivating a user signs the user out of all devices and online sessions and prevents that user from signing in to any part of your Code42 environment:
    • Users cannot sign in to the CrashPlan app or SharePlan app from any device.
    • Online access to the CrashPlan web app, SharePlan web app, and administration console is also prohibited.
    • The user cannot sign in to any device until being reactivated.
  • CrashPlan backup archives are removed from all backup destinations:
    • CrashPlan PROe: All of the user's backup archives are sent to cold storage. Archives in cold storage do not continue to back up, do not undergo regular archive maintenance, and by default will be deleted after 365 days.
    • CrashPlan PRO: All of the user's backup archives are marked for removal and will be permanently deleted within 24 hours.
  • SharePlan stops syncing:
    • All SharePlan plan data is removed from all of the user's devices.
    • The user's personal plan archive is moved to cold storage.
    • The user is removed as a member from any multi-user plans. Other members of multi-user plans are not affected.
Organization

CrashPlan PROe and SharePlan only

Deactivating an organization behaves the same way as deactivating a single user described above, but the action applies to all users in the organization, as well as all users in child organizations.

Plan

SharePlan only

Deactivating a plan removes the plan data from your enterprise server and from devices.

  • Plan archive is sent to cold storage.
  • Plan data is deleted from all devices of all plan members.

Deactivating and licensing

  • For user-based licensing, a deactivated user still uses a license as long as the user's archive exists in cold storage. Once the archive is purged from cold storage, the user no longer consumes a license.
  • For storage-based licensing, deactivated device data still counts against your storage limit while device archives exist in cold storage. Once the archives are purged from cold storage, they no longer count against your storage limit.

Deactivating use cases

  • Reclaiming licenses: deactivation is the only action that can free licenses that are being used.
  • Offboarding: deactivate a user account when an employee leaves the company.
  • Device recycling: deactivate a device when permanently removing it from service.

Reactivating

Reactivating restores access to the Code42 environment and restores deactivated archives to affected users, devices, and the enterprise server. See Reattaching A Backup Archive for step-by-step instructions for restoring a deactivated archive.

Limited time to recover deactivated archives
In CrashPlan PRO, recovering a deactivated archive is only possible if the device or user is reactivated within 24 hours of the deactivation. Please contact our Customer Champions for CrashPlan PRO support immediately if you need assistance recovering deactivated CrashPlan PRO archives.

CrashPlan PROe archives must be reactivated before the end of the cold storage period.
Device

Reactivating a device restores the deactivated archive(s) to the device.

  • CrashPlan PROe: Must be reactivated before the end of the cold storage period
  • CrashPlan PRO: Must be reactivated within 24 hours
Reactivating both CrashPlan and SharePlan devices
A single device using both CrashPlan and SharePlan is listed as two separate devices in the administration console. To reactivate both CrashPlan and SharePlan archives, you must reactivate both devices.
User

Reactivating a user restores the deactivated user's archives on each device associated with the user.

  • CrashPlan PROe: Must be reactivated before the end of the cold storage period
  • CrashPlan PRO: Must be reactivated within 24 hours.
  • SharePlan: Must be reactivated before the end of the cold storage period
    • Restores the user's personal plan from cold storage.
    • Places personal plan data on each device associated with the user.
    • Does not restore membership in multi-user plans. Reactivated users must be re-added to all multi-user plans.
Organization

CrashPlan PROe and SharePlan only

Reactivating an organization behaves the same way as reactivating a single user described above, but the action applies to all users in the organization, as well as all users in child organizations.

Plan

SharePlan only

Reactivating a plan restores the plan data on your enterprise server and to devices.

  • Plan archive is retrieved from cold storage (if reactivated before the end of the cold storage period)
  • Plan data is restored to all devices of all plan members.