Profiles in SyncBack can be started automatically by various methods. They can be run automatically via a schedule, periodically, when files are changed, etc. The most common way to have a profile start automatically is via a schedule, e.g. every day at 9am. To achieve this SyncBack leverages the Task Scheduler that is part of Windows.
The first version of the scheduler was included in Windows NT 4.0 (1996) and was then called Scheduled Tasks. The second version, when it became known as the Task Scheduler, was introduced with Windows Vista (2007) and Windows Server 2008. It is this version that is used by SyncBack.
When you schedule a profile in SyncBack, it creates a scheduled task within the Windows Task Scheduler. This scheduled task defines which Windows user account will run the profile, when it is run, how it is run, etc.
Security is important with the scheduler. How a scheduled task can be run is strictly controlled by the access rights your Windows account has along with the elevation level of the process (SyncBack) that is creating the task. This has changed slightly since Windows Vista, so in this article we will only be looking at how it is implemented in Windows 11 (which, at time of writing, is the same as later versions of Windows 10).
When you create a scheduled task in SyncBack there are two ways to have it run by the Windows Task Scheduler:
For standard users (non-admin users), only option 1 is available, unless they have been given the "Log on as batch job" access right. This can be given by a Windows Administrator running the Local Security Policy and adding the user to the "Log on as batch job" policy:
Once given this access right, then a standard user can also use option 2 and have schedules run even when they are not logged in. If you were given the access right while SyncBack was running then you will need to restart SyncBack.
When having a schedule run, even when not logged in, you also have the option of not storing your Windows login password in the schedule. This option can only really be used when copying files from one local drive to another, and when neither drive is using any form of encryption. To use this option you must be a Windows Administrator and the process creating the scheduled task (SyncBack) must be elevated. SyncBackFree does not run elevated, but SyncBackPro and SyncBackSE can be run elevated or not elevated.
The "run interactively" option is not supported in Windows 10/11. If a scheduled task is configured to be able to run even when the user is not logged in then it is always run in session 0, which basically means it is run in the background with no user interaction.
A scheduled task can be configured to run with the highest privileges or not. When SyncBack creates a scheduled task, if the SyncBack process itself is elevated then the scheduled task will be configured to run with the highest privileges. If SyncBack is not run elevated then the scheduled task will not be configured to run with the highest privileges. For example, if you schedule a profile with SyncBackFree, then it will not be configured to run with the highest privileges because SyncBackFree is not run elevated.
When SyncBack is not run elevated you cannot edit, delete or import any schedules that are configured to run with the highest privileges (elevated). This is a security restriction of Windows, i.e. non-elevated processes cannot edit, delete or create elevated scheduled tasks. If SyncBack is run elevated then it can edit or delete any schedules.
How can you tell if a profile has been scheduled to run elevated? Look for the shield when editing or viewing the profiles schedule. If a shield is shown then it is elevated, otherwise it is not.
By default, Windows does not allow schedules to be created by users that do not have a login password. When creating a new schedule, SyncBack will prompt if you want the restriction removed. However, we recommend you instead set a password for your Windows account. If you do not want SyncBack to prompt you to remove the restriction: go to Global Settings and on the Easy page untick the option "Prompt me to remove the blank password restriction on the Windows Scheduler".
When a scheduled task is created, and a password is required, you must provide your Windows login password. You cannot use biometrics, a PIN number, a security key, Windows Hello, etc. It must be your Windows login password. The simple reason for this is that the Windows Task Scheduler requires it and it is not a limitation or restriction of SyncBack. Unsurprisingly, people forget their login password as they often only use other forms of authentication, e.g. Windows Hello. However, the Windows Task Scheduler cannot use Windows Hello, for example, and requires the password for your Windows user account. If you cannot remember your password, and cannot reset it, then the only solution is to configure the schedule to only run when you are logged in.
What happens to scheduled tasks that use your login password and you change your password? You need to edit one of the scheduled tasks and enter your new password: select a scheduled profile in the SyncBack main window, click the Schedule button, click the "Edit Schedule" button then press OK to close the window without making changes. SyncBack will prompt you for your password. Enter your new password and click OK. The Windows Task Scheduler will then automatically update all the other scheduled tasks (using the same Windows account) to use the new password.
SyncBack V11 introduced the Scheduler Monitor Service which can warn you when a schedule has not been run by the Windows Task Scheduler, e.g. because your password has changed. The Scheduler Monitor Service is only installed if you install SyncBack for All Users.
The Windows Task Scheduler has various security requirements which SyncBack must adhere to: