Skip to main content

Policy-Based Selection

Before You Begin​

Selection allows you to explicitly choose what to include or exclude from backups.

Selection can rely on different selection sets and be combined with filters.

➡ī¸ Learn more about policy-based retention

Data Selection​

Define Selection​

KeyParameterControl
Configuration.Node.Selectioninclude < path > | exclude < path > [from set < set >] | include all {documents|desktops\images} [in set < set >]Adds/removes a node to/from the selection or a selection set

To select an item, use the Configuration.Node.Selection key as follows:

  • include < path > [in set < set >]: include the location specified by the <path> variable (preferably in quotes) in the <set> selection set. The in set < set > parameter is optional. If not specified, the selection is linked to the default selection set.
  • include all \{documents\|desktops\images\} [in set < set >]: allows including, depending on the chosen selector, the documents (documents), desktops (desktops), or images (images) of all users on the machine.
  • exclude < path > [from set < set >]: exclude the location specified by the <path> variable (preferably in quotes) from the <set> selection set. The from set < set > parameter is optional. If not specified, the selection is linked to the default selection set.

Permissions and Security​

KeyParameterControl
Configuration.Node.Security[at < path >] authenticate with login < login > and password < password >Allows specifying authentication on a node or on the entire selection

ℹī¸ The backup agent is a service running under the system account.

To back up and restore resources for which the operating system does not have permissions (network shares, Microsoft 365 tenants, etc.), it is necessary to associate an authorized account with certain selection nodes.

The Configuration.Node.Security key is used to add a user account to a location in the tree:

  • at < path > (optional): the <path> parameter (preferably in quotes) indicates the point in the tree where authentication is performed. If not specified, authentication is performed at the account root.
  • authenticate with login < login > and password < password >: < login > and < password > are the credentials to use. In the case of network authentication, make sure to use the full identifier.

Allow Manual Additions​

KeyControl
Configuration.Node.Selection.MergeUserAllows the user to add nodes to the selection
Configuration.Node.Security.MergeUserAllows the user to add credentials to the selection

If a selection is injected by policy, the user can no longer modify it. The keys below allow the user to add elements to the selection:

  • Allow manually adding elements to the selection: use the policy key Configuration.Node.Selection.MergeUser with the value true.
  • Allow a user to manually add credentials: use the policy key Configuration.Node.Security.MergeUser with the value true.

The user will then be able to add elements and credentials without modifying those injected by policy.

Examples​

Select Documents and Desktops​

In the case of multi-user machines, such as RDS servers, where user profiles are unknown, here is how to back up users' "Desktop" and "My Documents" directories.

# Data selection
Configuration.Node.Selection: include all documents
: include all desktops

Database Backup​

Backup of SQL Server (named ERP) and HFSQL (named Stocks) databases via their components with authentication on the HFSQL server. Each database is selected in a different selection set.

# Selection
Configuration.Node.Selection: include component://localhost/HFSQL(localhost:4900)/Stocks in set 0
: include "component://localhost/Microsoft SQL Server 2022/ERP" in set 1

# Authentication
Configuration.Node.Security: at component://localhost/HFSQL(localhost:4900) authenticate with login "admin" and password "1234"