PolicyPak for Dominik Reichi Keepass Password Safe

Your users access a variety of applications each and every day. Many of these applications require a password. As a Network Administrator you want to enforce secure password practices for your organization but don’t have time to manage passwords for your users. This is why you have an application such as KeePass to do just that.

But like any application, KeePass only works if it’s configured correctly, which means if your users have meddled with its configuration settings, security falters or even worse, users forget their passwords, which means they end up calling the help desk. You certainly don’t want your phones tied up with password reset requests.

That’s where PolicyPak comes in. PolicyPak enforces and locks down the optimum setting values that you, the administrator, want your users to have. PolicyPak sets and enforces expectations for your users’ applications, so that they get the same experience, every time they launch it.

Keep your KeePass configuration settings enforced and streamlined with PolicyPak. Check out this video to see how it’s done:

Our PolicyPak software snaps-in to the Group Policy Editor and gives you the same user interface as KeePass itself. Users require their passwords every time they use their computer so make sure that KeyPass is always running by making sure that “Run KeePass at Windows startup” is always checked.

manage-dominik-reichi-keepass-password-safe-using-group-policy-policypak-0

You don’t want your users being exposed to those constant application update messages for this and so many of the applications that PolicyPak supports. You especially don’t want to allot them control of the update process.

PolicyPak prevents this by making sure that “Check for update at KeyPass startup” is always unchecked. You can then use PolicyPak’s signature ACL Lockdown feature to lock this setting down all the way into the system file itself which stores all of the setting values for KeePass. This prevents even the savviest of users from circumventing your setting configurations by accessing the system file. Simply right click on the setting and select “Perform ACL Lockdown.”

manage-dominik-reichi-keepass-password-safe-using-group-policy-policypak-1

As a network administrator, you want to ensure the integrity of all passwords is preserved for all of your users. It’s important that KeePass is secured when users aren’t at their desktop so make sure that “Lock workspace after KeePass inactivity” and “Lock workspace after global user inactivity” are both checked at all times. Then lock these settings all the way with ACL Lockdown as well.

manage-dominik-reichi-keepass-password-safe-using-group-policy-policypak-2

With PolicyPak, you’re the one in control.

Besides, once you’re using PolicyPak to manage KeePass, you’ll also get to manage all your other enterprise desktop applications the same way: Flash, Lync, Java, Firefox, and any custom applications you have. They’re 100% included – absolutely free.

It’s all included when you’re a PolicyPak Professional customer.

PolicyPak was designed by Group Policy MVP Jeremy Moskowitz – who “wrote the book” on Group Policy, runs GPanswers.com, and lives and breathes Group Policy and enterprise software deployments and desktop lockdown.

When you’re ready to get serious about managing KeePass, PolicyPak is ready for you.

Manage KeePass using Group Policy video transcript

Hi, this is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, we’re going to learn how to configure KeePass using PolicyPak.

I’ve already got KeePass installed on my computer, and I’m just a regular user here. As you can see, I’m logged on as a guy called “eastsalesuser4.” I’ll open up Keypass, go to Tools- Options, and examine the configuration settings a user has access to.

This is a security oriented application so I will start in “Security” where you have some critical settings such as “Lock workspace after KeePass inactivity” and “Clipboard auto-clear time.” “Interface” has a number of settings relating to how this application integrates with the Windows Interface and finally “Advanced” has some important settings such as “Check for update at KeePass startup.”

KeePass is a system file based application which means a computer savvy user can access this file and alter your desired settings. I have the XML system file opened here where your user could go straight into it and modify the setting for “LockAfterTime” and change the value from 300 to 0. As you can see, EastSalesUser4 has the rights to do this. No Admin rights required.
Now let’s see how we can ensure compliance and perform desktop management of settings quickly using PolicyPak. I’ll go ahead and switch over to my Management Station computer.

We’ll go ahead and right click over our “East Sales Users”, “Create a GPO” and we’re going to call it “Lockdown KeePass.” So this GPO is now associated with the “East Sales Users.” I’ll right click over it. I’ll click “Edit…” I’ll dive down under “User Configuration / PolicyPak/Applications/New/Application.” There it is, “PolicyPak for KeePass Password Safe” along with other applications like “Java,” “Flash” “Firefox,” “Skype” and lots of other important desktop applications that your users utilize every day (and you want to make more secure).

Let’s start with “Integration.” This application can’t manage passwords if it isn’t running so let’s make sure that “Run KeePass at Windows startup” is always checked. Notice how the setting became underlined as soon as I modified it. That means that the setting values will be delivered by PolicyPak. Let’s go to Advanced and make sure that “Check for update at KeePass startup” is always unchecked for your users.

Now let’s go to “Security” and manage these critical settings. Let’s make sure that “Lock workspace after KeePass inactivity,” “Lock workspace after global user inactivity” and “Clipboard auto-clear time” are all checked. Now let’s lock these setting all the way down to the system file itself by using PolicyPak’s unique feature, ACL Lockdown. This will prevent computer savvy users from modifying my delivered settings within the system file itself. To do so, I’ll pick one of these settings and right click on it and select “Perform ACL Lockdown.”
Now I will go back to my client machine, get a command prompt and run “gpupdate.” Now you could envision the user logging on for the very first time, using a Terminal Services or Citrix machine, using a VDI session, changing job roles, or getting a new computer. I just happen to be using gpupdate. Yes, PolicyPak performs the magic. To get the magic delivered, you can use Group Policy, SCCM, LanDesk, KACE or your own systems management software. Even if the user is offline, your settings are always preserved because PolicyPak is always working for you in the background, making the job of you the administrator, easier.

Now let’s open up KeePass again and check your settings. If we return to “Integration” we notice that our “Run KeePass at Windows startup” is checked and in “Advanced”, the “Check for update at KeePass startup” is unchecked. Now let’s move to “Security” and confirm that the first three critical values are checked just as we wanted.

Now let’s pretend this user tries to change the settings within the XML system file itself. I’ll open up the file once again and to attempt to modify “LockAfterTimeTemp” and as you can see the efforts of this user has been thwarted. PolicyPak with ACL Lockdown has locked down these file based settings.

And we are done. That is how incredibly easy it is for you to use PolicyPak to manage KeePass as well as tons of other desktop applications.

If you’re looking for a trial of PolicyPak, just click on the “Webinar / Download” button on the right.

Thanks so much for watching, and get in touch with us if you’re looking to get started. Talk to you soon.