Skip to end of metadata
Go to start of metadata

This section is intended to discuss the security involved in Site Manager and show how these features and other features can be configured through the Site Manager interface.

User Settings - User Interface

This section controls the logged-in users' configuration of the Site Manager dashboard and interface.

Reset dashboard layoutThis option will restore the dashboard to the default layout, removing all widget layouts and notification tile customization. This only applies to the currently logged-in user
Reset table layoutsThis option will remove any changes to the table layouts on all Site Manager pages. This includes moving, hiding, or sorting columns. This only applies to the currently logged-in user

User Management - Roles, Users & Groups, Login Providers

The 'User Management' section of the Site Manager settings controls the users that can access Macrium Site Manager, the domains where these users are located, and the amount of access that these users have with pre-defined and custom role based permissions. For more information about configuring access control in Macrium Site Manager, see here.

System Settings

User Interface

This section controls the configuration of the Site Manager dashboard and interfaces for all users.

Reset all layouts

Removes all customization for all users and resets Site Manager to default layout settings


The various forms of network communication in Site Manager have some built-in security with options for further configuring them. 

Access Restriction

This section controls general access settings to Site Manager including which network interfaces the Site Manager UI is available on and whether user login is required. More granular access control is provided under the 'User Permissions' section.

Allow Access to Site Manager without login

If enabled, any new connections to Site Manager will allow direct access without a login. This may allow unauthenticated users access to the configuration and contents of backups and should only be used in a secure environment.

Session will expire after X minutesSession expiry time can be set so that if the Site Manager interface is left open in a web browser, it will automatically log out after a specified number of minutes being idle.
Network AccessSetting this to 'Site Manager accessible only from localhost' will make the Site Manager interface only accessible from a web browser running on the server itself. Otherwise the interface is available from any IP address.

Connection Settings

If the interface is exposed to a potentially insecure network or the internet, we recommend using HTTPS. When HTTPS is first enabled, a default self-signed certificate is used. This certificate is not recommended for use outside secure networks as it is shipped with every Site Manager installation. Any certificate in OpenSSL .PEM file format can be used in place of the built-in certificate. If you have keys in a different format, the OpenSSL command line utility can convert a variety of formats. See for details.

This section allows you to configure HTTP/HTTPS connection settings for the management console. The defaults should be fine for most installations but you may wish to provide your own SSL credentials and possibly alter the ports if they conflict with other applications on your server.

The keys supplied must be in OpenSSL .PEM format.

Different certificate management systems and providers use different names and file extensions to identify certificate files. The Site Manager server requires files using PEM format, under any file extension. These files can be identified by opening them in a text editor:

Valid certificate files will contain a Base64 encoded certificate in a section denoted by -----BEGIN CERTIFICATE-----

Valid private key files will contain a Base64 encoded key in a section denoted by -----BEGIN PRIVATE KEY-----

If both the certificate and key are in the same file, the same file should be specified for both fields in the Site Manager configuration

PortThe port used by the Site Manager HTTP and HTTPS servers
Certificate pathThe public certificate to be used by the internal Site Manager HTTPS server
Private key pathThe private key that matches the certificate specified in the 'Certificate Path' field.
Private key passphraseIf the private key file requires a passphrase to use, it can be set here

Agent Security

Communications between an agent and the Site Manager server are always encrypted using 256-bit AES encryption. This happens automatically, key generation, negotiation, and encryption are all done without any additional configuration. In addition, a passphrase can be set in the Site Manager. This passphrase is set on any successfully connected agent and prevents any other Site Manager from taking over that agent unless the new Site Manager has the same passphrase set. 

The purpose of this passphrase is for use in high integrity or untrusted environments where a guarantee that only the Site Manager server that has been configured for that agent can access that agent is required.

If a passphrase has been set on an agent, it will fail to connect to a Site Manager which does not have the matching passphrase set. Reinstalling the agent will reset the passphrase.

If a computer is added after previously having a passphrase set, the computer will be listed as unauthorized in the computers list. To manage the computer, either the Site Manager server must have the correct passphrase, the passphrase on the agent must be changed (this requires local administrator access to the computer) or a passphrase can be entered on the Site Manager server to allow one-off access. 


The Email section is divided into three subsections: 'SMTP Configuration' for setting up server details, 'Notification Email' for configuring where notifications (backup start, end, and others) are sent to, and 'Backup Summary' for configuring daily summary emails.

SMTP Configuration 

This section allows Email server settings to be configured, including security settings.

Sender's Email AddressThe email address the summary emails will be sent from.
SMTP ServerThe address (DNS or IP) of the SMTP server to use for sending.
Connection Type and Port

The type of connection used by the SMTP server. Supported options are:

Plain Text

Secure Sockets (SSL/TLS)

Transport Layer Security (STARTTLS)


The authentication method used by the SMTP server. Supported options are:



Challenge/Response Authentication (CRAM-MD5)

Secure Username/Password login (AUTH LOGIN)

Username/Password login (AUTH PLAIN)

Microsoft NT LAN Manager (NTLM)

Username and PasswordThe username and password for the SMTP server. If left blank, no username will be used.
Test EmailSends a test message to the recipients entered in the test box. If there are errors in the send, they will be reported back.

Notification Email

This section allows the recipients and subject to be specified for notification emails. These settings are applied to any notification emails sent according to the 'Notifications' section of the 'Settings'.

Recipients' Email AddressesEmail addresses to send notification emails - may be a semicolon-separated list 
Email SubjectSubject to be set on notification emails with optional variable input

The email subject can be specified using replaceable parameters.

Replaceable parameters are specified by starting them with a dollar character (and optionally surrounding them in curly braces) - {$example}. Available parameters are:

{$servername}Name of the Site Manager server as specified in the 'System' page of the 'Settings'.
{$date}The date in YYYYMMDD format
{$isodate}ISO 8601 timestamp of the date - YYYY-MM-DD

The type of notification. Possible types are:

Backup Successful

Backup Failed

Backup Started

Intra-daily Backup Successful

Update Found

Testing Slack

Testing Email

Remote Synchronization Started

Remote Synchronization Successful

Remote Synchronization Failed

Restore Started

Restore Successful

Restore Failed

Disk Space Low

Repository Uncontactable


Name of the Agent that triggered the notification.

{$definitionname}Name of the backup definition that triggered the notification.
{$schedulename}Name of the schedule that triggered the notification.
{$reponame}Name of the repository being used.

The backup level. Can be one of the following:





The type of operating being performed. Can be:


Image Restore

File and Folder Backup

File and Folder Restore

Exchange Backup

Exchange Restore

SQL Backup

SQL Restore


If a variable doesn't expand to anything and it's in a curly brace section, the whole curly brace section will be omitted. This can be used to hide extra spacing and text. For example, if the variable string below is used:

Notification - $notificationtype{ on computer $agent}

It will expand to "Notification - Backup Started on computer MYCOMPUTER" for a backup start notification and "Notification - Disk Space Low" for a disk space low notification.

Backup Summary

The summary section allows the configuration of daily backup summary emails as below:

The options available are: 

EnableThis toggle can be used to turn summary emails on or off
Recipients' Email AddressesEmail addresses to send notification emails - may be a semicolon-separated list 
Send TimeThe time when the daily email will be sent
Email SubjectSubject of the email with optional variable input
Days To SendThe days when an email will be sent
Select ColumnsWhich columns will appear in the summary email. Changes to this section are reflected in the email preview underneath
Select OptionsAdditional options to appear in the summary email. Changes to this section are reflected in the email preview underneath
Update AvailableThe email will state whether a Site Manager server update is available or not
Remote SyncInserts an additional section and table summarising Remote Sync activity
Unsuccessful Backup Details OnlyThe backup details table will only show information for failed backups. Successful backups are briefly summarised instead
Computer WarningsAdditional section detailing all computer warning information available. 

A preview of the daily email with the selected columns is shown below the settings.

The email subject can be specified using replaceable parameters. Replaceable parameters are specified by starting them with a dollar character (and optionally surrounding them in curly braces) - {$example}. Available parameters are:

{$servername}Name of the Site Manager server as specified in 'Settings' then 'System'
{$date}The date in YYYYMMDD format
{$isodate}ISO 8601 timestamp of the date - YYYY-MM-DD
{$notificationtype}This will be Backup Summary


The management console supports sending notifications to Slack. Once configured, the types of notifications can be configured in the 'Notifications' section described below.

Enable Toggle this to enable/disable Slack notifications.
Slack Incoming Webhook URLWebhook to use to post Slack messages. This can be configured in Slack management by creating a private app. See Slack Webhooks for more information
ChannelHere you can specify which channel you wish to post to in Slack. You may wish to create a new channel in Slack for your notifications.
Test NotificationThis button sends a test message the the slack channel configured above.


Here you can select which notifications appear in the User Interface, the Windows Event Log, over Slack or email (if configured). 

Notification types

Update AvailableSent when a software update to the Management Console is available 
Backup StartSent when a backup has started to run on a managed computer
Backup SuccessSent when a backup has completed successfully on a managed computer
Include Stealth Intra-daily backupsThis controls whether backup success emails should include intra-daily backups with the stealth option set. These backups do not create normal log files unless an error is encountered

Backup Fail

Sent when a backup has completed unsuccessfully on a managed computer
Restore StartSent when a restore has started to run on a managed computer
Restore SuccessSent when a restore has completed successfully on a managed computer
Restore FailSent when a restore has completed unsuccessfully on a managed computer
Remote Sync
Remote Sync StartSent when a repository starts remote synchronization with another server
Remote Sync SuccessSent when remote synchronization with another server succeeds
Remote Sync FailSent when remote synchronization with another server fails
Low Repository Disk SpaceSent when a repository has reached a low disk space
Repository UncontactableSent when a repository isn't available to Site Manager

Additionally, there are options to set whether relevant backup logs should be attached to emails and how many days without a backup should be allowed before the daily summary email warns that a computer is unprotected.


The number of days a computer can go without backups before being flagged as having an error in the dashboard, computers page, and daily status email is configurable here via the 'Backup expiry period (days)' setting.


The system section contains options for modifying the behavior of the overall system. The options available are as follows:

Server Name

Server Name

Allows a custom server name to be set. This server name will be shown in the title/tab bar of the browser, at the top of the Site Manager interface, and in email subject lines.

This allows organizations with multiple Site Manager installs to easily tell them apart. The naming options are:

Do not display a name - this is the default setting.

Display the server Computer name - uses the NetBIOS name of the server.

Display a custom name - the name entered in the 'Custom Name' field will be used.

Support Information

This section allows the gathering of support information and uploading to Macrium servers or downloading as a zip file. It should only be used under the direction of Macrium Support.

Log Retention

This section allows logs (both backup logs and event logs) to be automatically deleted after a number of days. This will only happen if the 'Keep Logs Forever' option is unselected. This option will affect both the backup logs and event logs. An agent computer's copy of the backup logs will also be permanently deleted.

Any permanent deletion action on the agent backup logs will occur either at midnight (local time) or on the Site Manager service restarting. This is to reduce accidental changes applying instantly.

Macrium Image Guardian 

This section provides convenient access to the Macrium Image Guardian installers. The installers can be used to install Macrium Image Guardian on Windows computers that host repositories separately to the Site Manager server. This article contains more information about Macrium Image Guardian.

Configuration Transfer

This section has options to backup, download, and restore the Site Manager configuration:

ArchiveUpdate the configuration archive on the Site Manager server with the current Site Manager configuration. Once complete, the timestamp shown by the 'Download configuration' option will be updated
Import settingsUpload a previously create Site Manager configuration backup and apply the settings to this Site Manager server. The current Site Manager configuration will be overwritten
Download configurationDownload the latest created archive in the browser. This can be used to provide a backup of Site Manager settings in case of server hardware error


The MultiSite section controls integration with Macrium MultiSite for remote management of Site Manager. If MultiSite is enabled and the HTTPS port configured in the 'Security' section is exposed to the internet, Site Manager can be managed by Macrium MultiSite.

The options in the 'MultiSite' section are as follows:

EnableEnables the interface for Macrium MultiSite on the same port used for HTTPS access. This does not affect HTTPS access.
API KeyThis key is required to authorize MultiSite to access Site Manager.
CopyCopies the API key to the clipboard to make transferring it easier.
Generate New KeyGenerates a new API key, replacing the old key. Note that if this Site Manager is managed by Macrium MultiSite, the key must be updated in MultiSite for continued access.

The 'MultiSite Connection Status' section will only appear if MultiSite is enabled. This section will show the current status of the Site Manager's connection to MultiSite. The 'Refresh' button retries the MultiSite connection if there are issues. 


This section controls how Site Manager agents and remote agent installation work.


Install Settings - Quiet Agent InstallSetting this option will change the default install options for the remote agent install to install the agent without creating a desktop or start menu shortcuts. Quiet install settings will only be updated on an agent when the remote install feature is used or the agent is upgraded through Site Manager
Install Settings - Auto Add AgentsSite Manager will automatically add agents to the computers table ('Backups' > 'Computers') on an agent's first established connection to Site Manager. Previously removed agents will not be auto-added.
Install Settings - Auto UpdateIf this option is set, the server will automatically update the agents when a new version is available.
Maximum Simultaneous UpdatesThis option specifies the number of updates that will be performed simultaneously.
Install Credentials

This option allows you to set credentials that will be used to install remote agents. This is useful if the majority of computers you wish to install agents on are on a domain that is not the same one used to log in to the Site Manager server

Server Connection DetailsChanging these fields while agents are connected will cause the server to send the new details to the connected agents. When an agent receives the new details, it will drop the connection and try to reconnect to the server. If the agent is not able to reconnect or if it wasn't connected when the details were changed the details must be manually set on the agent via the AgentConfigTool or remote install
Server Connection Details - Server IP

Additional IP addresses the agent should use to communicate with the Site Manager. Any IP addresses here will be tried before DNS name resolution or NetBIOS name resolution is attempted.

Server Connection Details - Server DNSAdditional DNS names the agent should use to look up the Site Manager server IP address. Any DNS addresses here will be tried before NetBIOS name resolution is attempted.
Server Connection Details - TCP PortThe TCP/IP port that is used by Site Manager to communicate with Agents. If this is changed, the Site Manager server will update all connected Agents and restart. 
Migrate AgentsThis section allows agents to be moved from one Site Manager server to another - the selected agents will attempt to connect to the server using the NetBIOS, DNS, or IP addresses specified and if successful, the agent will connect to the new server and drop into the disconnected status on the current server. If the agent cannot contact a Site Manager server using the entered network details, they will remain connected to the current Site Manager server.

Agent Server Connection

When installed via the remote install feature, agents will automatically be configured with the NetBIOS name of the Site Manager server, plus any details configured here. The Agent will try all connection details to connect to a Site Manager server.


This section contains options controlling how the Site Manager server accesses the internet.

Proxy Settings

A proxy server may be configured here. Site Manager will use this for all HTTP/HTTPS requests to the internet.

No ProxySite Manager will access the internet directly
Manual Proxy Setup - Proxy AddressThis is the address and type of the proxy server to use. The proxy type is selected from a dropdown (HTTP, HTTPS and SOCKS options)
Manual Proxy Setup - Proxy PortPort of the proxy server 
Manual Proxy Setup - Proxy UsernameUsername used to authenticate with the proxy server
Manual Proxy Setup - Proxy PasswordPassword used to authenticate with the proxy server
Get Proxy Settings From Specific UserIf account details for an account on the local domain or computer are entered here, the Site Manager server will attempt to read Internet Explorer proxy information from this user's profile on the Site Manager server.

Rescue Media

This section contains the option to change the Site Manager rescue media 'Working Directory'.

The working directory is the folder on the Site Manager server which is used as temporary space for Rescue Media building and to store the rescue media ISO images.

Working Directory

The path on the server to use for the rescue media working directory. This must be a local filesystem running NTFS. 

If this directory is changed, the old directory will be left intact and must be deleted manually. 

TestTests that the Rescue Media working directory is accessible and writable.

Daily Data Export

This section controls Site Manager's creation of a number of CSV files that can be exported on a daily basis to assist in auditing, third-party integration, or custom scripting.

The initial options allow the types of export to be selected and the export time. The export types are:

Export TypeDescription
Repository ContentsA list of backup images stored in each repository, along with type, path, and size information
Repository UsageThis generates two files - one with an overview of each repository, including status, path, free space, and space used by backups. The other file contains a breakdown of space used on each repository broken down by computer, including the number of backups and disk space usage changes since the last export.
ComputersA list of agent computers, along with status, last backup time, and other information from the Computers page.
Backup DataA list of backups attempted in the last 24 hours, including success or failure
Event LogThe last 24 hours of the event log

This section configures the file and folder information for the export. The credentials used to write the files can be controlled by specifying a username, password, and domain for the account. If left blank, the SYSTEM account on the Site Manager server is used.

The folder and file paths can be specified here using replaceable parameters - this allows a number of configurations, including creating each day's exports in the same place (overwriting old files), giving each day's export file a name based on the date, or placing each day's exports into a different subfolder.

Replaceable parameters are specified by starting them with a dollar character (and optionally surrounding them in curly braces) - {$example}. Available parameters are:

{$date}The date in YYYYMMDD format
{$time}The time in hhmm format
{$isodate}ISO 8601 timestamp of the export time - YYYY-MM-DDThhmmss
{$servername}Name of the Site Manager server as specified in Settings System

Type of export. When exporting multiple export types, this should be used to prevent each export type from overwriting the other. Possible values are:

Repository Contents

Repository Status

Repository Changes


Backup Data

Event Log


If a file already exists with the name generated, the export will overwrite the old file with the new one unless increment is used. Increment is a simple number that is incremented to create a unique file name for the export. 

For example, if the filename field is set to filename.csv, each day, the old file will be overwritten. If the field is set to filename-{$increment}.csv, the first day's export will create the file export-1.csv, the second day will create export-2.csv etc

  • No labels