Trigger Action - failed - Access Denied (probably UAC blocking)
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
I attempted to introduce a log file into my Trigger actions. It's a simple cmd BAT file, which works fine in a command prompt shell (ie CMD). I also tried to implement a "lock file" to prevent simultaneous updates. Neither work when executed within the Trigger facility.
Security allows Everyone ALL access to the directory (for now for testing). However, file I/O produced "Access denied" errors when run by the KeePass trigger. Using the "runas /user:" facility prompts for a password, and I can't figure out how to bypass that prompt. Is there a way to perform simple file operations without requiring user interaction? There must be a way, because synchronization itself works without interruption.
Perhaps once again, as usual, I missed something. :-)
I wonder if there could be an action implemented in a future release, for example,
LogTo Filename SomeString, Date, Time, etc.
Thanks in advance.
-JDB
Last edit: JDB 2025-05-02
See the Audit Trigger for some ideas.
https://keepass.info/help/kb/trigger_examples.html#audit
The Multi User(ish) trigger collection is an example of using files to control what KeePass does.
https://sourceforge.net/p/keepass/discussion/329220/thread/ec13ed6fc0/
cheers, Paul
Thanks again! Sorry I missed this again in the documentation. The Audit Trigger method lets me keep a logfile. I see now that internal commands can execute fine if they are included in the action script (and not in external BAT files which require elevation/UAC). I'm not going to worry about using a lock file (or multi-user db). Chances of a collision in my environment are almost non-existent. It makes more sense to trigger a backup based on a timer or program startup.
This is likely a case of UAC blocking the trigger from executing your .bat file with the required permissions. One approach is to run KeePass as Administrator so its triggers inherit elevated rights. Another workaround is to create a shortcut to your .bat file, set that shortcut to always run as admin, and point KeePass to it instead. Not perfect, but it avoids UAC prompts. A native log action in future releases would definitely help simplify things.