Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Code42 cloud environments.

Code42 Support

Grant Code42 permissions to macOS devices

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Code42 cloud environments.

Overview

Due to Apple privacy restrictions in macOS Catalina 10.15 and Mojave 10.14, administrators must grant Code42 permission to access specific applications and locations on user devices to ensure the Code42 app is able to back up and monitor all areas of the device.

This article uses examples from Jamf Pro and Jamf's Privacy Preferences Policy Control (PPPC) Utility, but the same concepts apply to any method you choose to deploy a .mobileconfig file to your devices. For detailed steps for other tools, consult the product documentation for your device management provider.

Non-Code42 products
​Information about products from other manufacturers is intended as a resource to help you get the most out of Code42 products. However, our Customer Champions cannot provide direct assistance for these products. For assistance with products not developed by Code42, contact the product's manufacturer.

Required permissions

Several Code42 features require specific permissions:

  • To back up files in locations including the Desktop, Documents, Downloads, Contacts, Photos, and Mail, Code42 needs access to those locations. We recommend granting full disk access.
  • In Forensic Search, to report the window title and URL that is active at the time a file is uploaded, Code42 needs permission to Automate other Applications for Safari, Google Chrome, Firefox, Opera, Slack, and Microsoft Edge (Chromium version only).

Create and deploy a Code42 computer configuration profile

Jamf example
The steps below use Jamf's Privacy Preferences Policy Control (PPPC) Utility to create a .mobileconfig file, but the same concepts apply to any application you choose to create a .mobileconfig file.
  1. Download and open Jamf's Privacy Preferences Policy Control (PPPC) Utility.
  2. Click the + icon to add an application.
  3. From the dialog of all applications, select Code42 CrashPlan.
  4. In the Properties section, select Allow for all areas you want to back up. We recommend allowing access to all items, but you should work with your internal stakeholders to determine what is best for your environment.
  5. In the Apple Events column, click the + icon and select the web browsers you want to monitor for file uploads. We recommend adding Safari, Google Chrome, Firefox, Opera, Slack, and Microsoft Edge (Chromium version only), but you should work with your internal stakeholders to determine what is best for your environment.
    If you don't see all the browsers as options after clicking the + icon, select Other. Then select the browser from the list of all applications.
  6. Click Save.
  7. Enter an Organization and Payload Name.
  8. Click Save.
    A .mobileconfig file is created and saved to the location you selected.
  9. Follow the instructions in Jamf's guide to deploy custom configuration profiles to deploy the .mobileconfig file to devices in your environment.

Sample computer configuration profile

Create and test your own computer configuration profile
The .mobileconfig file below should only be used as an example for reference purposes. We strongly recommend that you create your own file and test it thoroughly before deploying it to your production environment.

This .mobileconfig sample allows Code42 access to:

  • Locations to include for backup:
    • Desktop
    • Documents
    • Downloads
    • Photos
    • Calendar
    • Address Book
  • Applications to capture window title and URL exfiltration data in Forensic Search:
    • Safari
    • Google Chrome
    • Firefox
    • Opera
    • Slack
    • Microsoft Edge (Chromium version only)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadDescription</key>
            <string>Code42 Sample Access</string>
            <key>PayloadDisplayName</key>
            <string>Code42 Sample Access</string>
            <key>PayloadIdentifier</key>
            <string>34C19F52-FBB7-4A43-B8AB-9E78D143EF98</string>
            <key>PayloadOrganization</key>
            <string>Code42</string>
            <key>PayloadType</key>
            <string>com.apple.TCC.configuration-profile-policy</string>
            <key>PayloadUUID</key>
            <string>805B0804-6F8F-430E-B69B-641906D4E9E9</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>Services</key>
            <dict>
                <key>Accessibility</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>AddressBook</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>AppleEvents</key>
                <array>
                    <dict>
                        <key>AEReceiverCodeRequirement</key>
                        <string>identifier "com.tinyspeck.slackmacgap" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = BQR82RBBHL</string>
                        <key>AEReceiverIdentifier</key>
                        <string>com.tinyspeck.slackmacgap</string>
                        <key>AEReceiverIdentifierType</key>
                        <string>bundleID</string>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                    <dict>
                        <key>AEReceiverCodeRequirement</key>
                        <string>(identifier "com.operasoftware.Opera" or identifier "com.operasoftware.OperaNext" or identifier "com.operasoftware.OperaDeveloper" or identifier "com.operasoftware.OperaNightly" or identifier "com.operasoftware.OperaGX" or identifier "com.operasoftware.OperaGXNext" or identifier "com.operasoftware.OperaGXDeveloper" or identifier "com.operasoftware.OperaGXNightly") and (certificate leaf = H"cdf1c39967986616b6cd64c6bd04833a9cb7450d" or certificate leaf = H"261cd515406974afa19778f62e5d916ec977ebf4")</string>
                        <key>AEReceiverIdentifier</key>
                        <string>com.operasoftware.Opera</string>
                        <key>AEReceiverIdentifierType</key>
                        <string>bundleID</string>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                    <dict>
                        <key>AEReceiverCodeRequirement</key>
                        <string>anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "43AQ936H96"</string>
                        <key>AEReceiverIdentifier</key>
                        <string>org.mozilla.firefox</string>
                        <key>AEReceiverIdentifierType</key>
                        <string>bundleID</string>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                    <dict>
                        <key>AEReceiverCodeRequirement</key>
                        <string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string>
                        <key>AEReceiverIdentifier</key>
                        <string>com.google.Chrome</string>
                        <key>AEReceiverIdentifierType</key>
                        <string>bundleID</string>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                    <dict>
                        <key>AEReceiverCodeRequirement</key>
                        <string>identifier "com.apple.Safari" and anchor apple</string>
                        <key>AEReceiverIdentifier</key>
                        <string>com.apple.Safari</string>
                        <key>AEReceiverIdentifierType</key>
                        <string>bundleID</string>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                    <dict>
                        <key>AEReceiverCodeRequirement</key>
                        <string>identifier "com.microsoft.edgemac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
                        <key>AEReceiverIdentifier</key>
                        <string>com.microsoft.edgemac</string>
                        <key>AEReceiverIdentifierType</key>
                        <string>bundleID</string>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>Calendar</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>FileProviderPresence</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>MediaLibrary</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>Photos</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>PostEvent</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>Reminders</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>SystemPolicyAllFiles</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>SystemPolicyDesktopFolder</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>SystemPolicyDocumentsFolder</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>SystemPolicyDownloadsFolder</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>SystemPolicyNetworkVolumes</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>SystemPolicyRemovableVolumes</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
                <key>SystemPolicySysAdminFiles</key>
                <array>
                    <dict>
                        <key>Allowed</key>
                        <true/>
                        <key>CodeRequirement</key>
                        <string>identifier "com.backup42.desktop" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9YV9435DHD"</string>
                        <key>Comment</key>
                        <string></string>
                        <key>Identifier</key>
                        <string>com.backup42.desktop</string>
                        <key>IdentifierType</key>
                        <string>bundleID</string>
                    </dict>
                </array>
            </dict>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Code42 Sample Access</string>
    <key>PayloadDisplayName</key>
    <string>Code42 Sample Access</string>
    <key>PayloadIdentifier</key>
    <string>34C19F52-FBB7-4A43-B8AB-9E78D143EF98</string>
    <key>PayloadOrganization</key>
    <string>Code42</string>
    <key>PayloadType</key>
    <string>com.apple.TCC.configuration-profile-policy</string>
    <key>PayloadUUID</key>
    <string>E6E92FED-CA80-4FF5-8AD6-8D1A8896FFAF</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadScope</key>
    <string>System</string>
</dict>
</plist>
  • Was this article helpful?