#155 enforcing the enforced.xml for application

closed
nobody
5
2012-01-24
2012-01-11
Elleng
No

I run most applications on terminal servers. I've installed KeePass 2.18 in C:/Program Files and have made the recommended security changes to the KeePass.exe - to execute and have given the KeePass folder read permissions for terminal server users, & power users. I made changes to the application policy and then have changed the name to be KeePass.config.enforced.xml. Non-admin user executes program, inputs their own master key, Once they are in, they can then make changes to the Policy. And it allows them to save it. The terminal servers save it in the Application Data under c://Documents and Settings/user/application data/KeePass. The original enforced.xml does not get changed, but now they can undo, what I don't want them to do. There .xml shows PreferUserConfiguration>False.....

How can I lock it down so they can not change the enforced.xml? The file attached shows on top local user, and on the bottom enforced.xml configuration.

Discussion

  • Elleng
    Elleng
    2012-01-11

    Enforced.xml versus local config file

     
    Attachments
  • Dominik Reichl
    Dominik Reichl
    2012-01-24

    Although users can change policy values, they don't become effective until a KeePass restart. When restarting KeePass, the values from the enforced configuration file are used again. So, changes made by users to enforced policy settings never have any effect.

    Best regards
    Dominik

    PS: Please use the forums for discussions.

     
  • Dominik Reichl
    Dominik Reichl
    2012-01-24

    • status: open --> closed