KeePass enforced configuration
I don't know why but despite all of my searches, I haven't been able to find a good tutorial on how to deploy KeePass with an enforced configuration (set parameters that users cannot change).
First, deployment: You can deploy the .msi and the related files using GPO, for example. But there is an easier way: simply copy the KeePass folder that contains the .exe to a network share. Make sure only admins (only admin accounts, not your regular account). have write access to this share, all other users read-only. To do that you can install KeePass on your computer temporarily an copy the folder that is in the Program Files folder.
Second, configuration enforcement: execute the local version of KeePass that you installed for step one. Set the parameters as you would like them, then close KeePass. A configuration file will be created in C:\Users\$username\AppData\Roaming\KeePass\KeePass.config.xml. You can create a copy of this file that you will name KeePass.config.enforced.xml in the KeePass directory that you've put on the network share. One thing left: remove the "<LastUsedFile>" section from your enforced.xml file (http://sourceforge.net/p/keepass/discussion/329220/thread/0e379d6d/#a8bf). If you don't, KeePass will not remember the last used database, forcing your users to manually open the last used database each time. You can also delete the "<Items>" sub-section of the "<MostRecentlyUsed>" section and replace it by just by "<Items />".
Have fun!
First, deployment: You can deploy the .msi and the related files using GPO, for example. But there is an easier way: simply copy the KeePass folder that contains the .exe to a network share. Make sure only admins (only admin accounts, not your regular account). have write access to this share, all other users read-only. To do that you can install KeePass on your computer temporarily an copy the folder that is in the Program Files folder.
Second, configuration enforcement: execute the local version of KeePass that you installed for step one. Set the parameters as you would like them, then close KeePass. A configuration file will be created in C:\Users\$username\AppData\Roaming\KeePass\KeePass.config.xml. You can create a copy of this file that you will name KeePass.config.enforced.xml in the KeePass directory that you've put on the network share. One thing left: remove the "<LastUsedFile>" section from your enforced.xml file (http://sourceforge.net/p/keepass/discussion/329220/thread/0e379d6d/#a8bf). If you don't, KeePass will not remember the last used database, forcing your users to manually open the last used database each time. You can also delete the "<Items>" sub-section of the "<MostRecentlyUsed>" section and replace it by just by "<Items />".
Have fun!
Comments
false
true