KeePass only works if it’s configured correctly, which means if your users have meddled with its configuration settings, security falters or even worse, users forget their passwords, which means they end up calling the help desk. You certainly don’t want your phones tied up with password reset requests. That’s where PolicyPak comes in. PolicyPak enforces and locks down the optimum setting values that you, the administrator, want your users to have. PolicyPak sets and enforces expectations for your users’ applications, so that they get the same experience, every time they launch it. Keep your KeePass configuration settings enforced and streamlined with PolicyPak. Check out this video to see how it’s done:
Manage KeePass using Group Policy video transcript
Hi, this is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, we’re going to learn how to configure KeePass using PolicyPak.
I’ve already got KeePass installed on my computer, and I’m just a regular user here. As you can see, I’m logged on as a guy called “eastsalesuser4.” I’ll open up Keypass, go to Tools- Options, and examine the configuration settings a user has access to.
This is a security oriented application so I will start in “Security” where you have some critical settings such as “Lock workspace after KeePass inactivity” and “Clipboard auto-clear time.” “Interface” has a number of settings relating to how this application integrates with the Windows Interface and finally “Advanced” has some important settings such as “Check for update at KeePass startup.”
KeePass is a system file based application which means a computer savvy user can access this file and alter your desired settings. I have the XML system file opened here where your user could go straight into it and modify the setting for “LockAfterTime” and change the value from 300 to 0. As you can see, EastSalesUser4 has the rights to do this. No Admin rights required.
Now let’s see how we can ensure compliance and perform desktop management of settings quickly using PolicyPak. I’ll go ahead and switch over to my Management Station computer.
We’ll go ahead and right click over our “East Sales Users”, “Create a GPO” and we’re going to call it “Lockdown KeePass.” So this GPO is now associated with the “East Sales Users.” I’ll right click over it. I’ll click “Edit…” I’ll dive down under “User Configuration / PolicyPak/Applications/New/Application.” There it is, “PolicyPak for KeePass Password Safe” along with other applications like “Java,” “Flash” “Firefox,” “Skype” and lots of other important desktop applications that your users utilize every day (and you want to make more secure).
Let’s start with “Integration.” This application can’t manage passwords if it isn’t running so let’s make sure that “Run KeePass at Windows startup” is always checked. Notice how the setting became underlined as soon as I modified it. That means that the setting values will be delivered by PolicyPak. Let’s go to Advanced and make sure that “Check for update at KeePass startup” is always unchecked for your users.
Now let’s go to “Security” and manage these critical settings. Let’s make sure that “Lock workspace after KeePass inactivity,” “Lock workspace after global user inactivity” and “Clipboard auto-clear time” are all checked. Now let’s lock these setting all the way down to the system file itself by using PolicyPak’s unique feature, ACL Lockdown. This will prevent computer savvy users from modifying my delivered settings within the system file itself. To do so, I’ll pick one of these settings and right click on it and select “Perform ACL Lockdown.”
Now I will go back to my client machine, get a command prompt and run “gpupdate.” Now you could envision the user logging on for the very first time, using a Terminal Services or Citrix machine, using a VDI session, changing job roles, or getting a new computer. I just happen to be using gpupdate. Yes, PolicyPak performs the magic. To get the magic delivered, you can use Group Policy, SCCM, LanDesk, KACE or your own systems management software. Even if the user is offline, your settings are always preserved because PolicyPak is always working for you in the background, making the job of you the administrator, easier.
Now let’s open up KeePass again and check your settings. If we return to “Integration” we notice that our “Run KeePass at Windows startup” is checked and in “Advanced”, the “Check for update at KeePass startup” is unchecked. Now let’s move to “Security” and confirm that the first three critical values are checked just as we wanted.
Now let’s pretend this user tries to change the settings within the XML system file itself. I’ll open up the file once again and to attempt to modify “LockAfterTimeTemp” and as you can see the efforts of this user has been thwarted. PolicyPak with ACL Lockdown has locked down these file based settings.
And we are done. That is how incredibly easy it is for you to use PolicyPak to manage KeePass as well as tons of other desktop applications.
If you’re looking for a trial of PolicyPak, just click on the “Webinar / Download” button on the right.
Thanks so much for watching, and get in touch with us if you’re looking to get started. Talk to you soon.