Reset all settings after update

[Spuner]

After installing the new version over the old version, the files "KeePass.config.xml" and "KeePass.exe.config" are overwritten. Each time, after updating, you have to manually copy these files from the backup copy, which is stored separately. This is terribly inconvenient. Make sure that these files are not overwritten when installing the new version over the old one.

[SteveShank]

It appears that they are updated, but I've never lost any settings in well over a decade. Though backing up config files is a good idea.

[wellread1]

Please provide some update details:

1. What is the name of the KeePass update file that you download?
2. How do you perform the update? For example, do you run an installation exe or msi file, or do overwrite KeePass files by copying them from a zip file? Do you manually delete any files?
3. What is the path to the KeePass program?
4. Where is the KeePass.config.xml file that is overwritten located?
5. How do you start KeePass/open databases? For example by clicking on the program exe file, or a shortcut to the KeePass program, or a database.
   

Feel free to redact any personally identifiable strings in names or paths.

[Spuner]

1. KeePass-2.51-Setup.exe
2. Installation file (exe) from the official site. I don't change anything manually, but install it over the old version.
3. C:\Program Files\KeePass
4. C:\Program Files\KeePass
5. Program exe

[T. Bug Reporter]

It's normal for KeePass.exe.config to get overwritten when updating; this is a helper file used by KeePass when compiling *.plgx files, and does not contain any user settings. It's also normal for the updater to rebuild the KeePass.config.xml file that is located with KeePass.exe; this is a template and minimal configuration, and your actual settings are stored in %APPDATA% instead.

[wellread1]

KeePass.exe.config is part of the KeePass program. It is replaced during an update. Users should not modify or delete this file.

C:\Program Files\ is a protected directory containing application folders. Users and programs should not have routine write-access to files in these folders. KeePass is misconfigured if a keepass.config.xml file in C:\Program Files\Keepass updates when KeePass is run. Instead, it should write to a local KeePass.config.xml file in the %APPDATA%\KeePass\ folder .
To direct KeePass to save settings in a local configuration file:

1. Shutdown KeePass
2. Rename the existing keepass.config.xml file in C:\Program Files\KeePass\ to keepass.config.xml.old (this file may contain settings that you want to preserve).
3. Copy the attached file to C:\Program Files\KeePass\.
4. Restart KeePass. It should start with default settings and will begin saving settings to the local config file.
   

Once KeePass is correctly configured to save a local config file, KeePass will not lose settings when it is updated. For details about KeePass configuration see https://keepass.info/help/base/configuration.html.

[Spuner]

When I try it like you said, I'll let you know the result.

[wellread1]

Are you switching between running KeePass as administrator and a standard user? That will result in erratic behavior because the settings will be saved locally in each user account.

[Spuner]

No, KeePass only runs as an administrator.

[Horst]

Bad idea.
Keepass has no need to run as administrator.
If you start anything from a url in KeePass it will also run as administrator.

[Spuner]

There is only one user (admin) in the system with all unlocked restrictions.

[steelej]

There is only one user (admin) in the system with all unlocked restrictions

This a most unwise thing to do. If you do all your work using an admin account you are bypassing all of the Windows security. Antimalware MAY protect you but this should be a second line of defence and not your only one.

I produced a document from my local computer club to inform our members of how their Windows system SHOULD be configured - see link below. Note that LINUX and MAC systems have always followed this practice.

[https://gxcc.org.uk/gxcc-docs/2021-06-GXCC-Windows-two-accounts.pdf]

Microsoft have always provided strong security since Windows XP and have recommended this approach since Windows XP for consumer products.

Computer manufacturers however have regrettably never informed their customers that having two accounts is a very desirable practice. It is my understanding that the protection you get from normally running as a User rather than an Admin account is far better that the best Antivirus software available. I am not saying you should not hat AV but this should be a second line of defence.

Having two accounts does mean that you get a User Account Control prompt if you attempt to perform a privileged operation. This is a GOOD THING and not something to try to avoid.

[Spuner]

I've been using it that way for 22 years, and in all that time I haven't had any problems. So, let's not do the drill... Thank you )

[ReadyPlayerOne]

Computer manufacturers however have regrettably never informed their customers that having two accounts is a very desirable practice. It is my understanding that the protection you get from normally running as a User rather than an Admin account is far better that the best Antivirus software available. I am not saying you should not hat AV but this should be a second line of defence.

This is been true since Windows O/S came out it wasn't until Windows 7 the separation of Admin and Limited user where the Admin password stayed Admin and once that password was created Limited user couldn't install or change the O/S or custom installed software that required Admin access. I told family and friend this many times until they wonder how did I get infected or who installed this. Unless this is your personnel and no other access then Admin not be strict but if Family computer then Admin PSWD lock so grubby hands don't do things their not suppose to do. Company selling computer should include this as 1st Instructions but they don't until it's too late. A/V works as long as the user doesn't block or remove it or use Admin to install malware then it's too late.

[steelej]

I personally have been using separate admin and user accounts since Windows XP on my own home computers. It is almost zero inconvenience to a user once set up and the additional protection it provides is very significant. Most users do not realise the effort required to remove a virus from a computer. I have had to this for a number of home users (mainly friends and my computer club members) so I have real experience. of doing this. I have never had to do it a second time though as I have always created the two accounts and not one of these users (all very inexpert users) has found it to be any inconvenience. to have the two accounts.

If a user had been given this advice and ignored it (I would have created the two accounts for them) I would not offer to help recover any data from their computer at any price if they were infected.

Windows NT has always provided such role separation for commercial systems I have designed many such systems (large and small) over the years and I would expect every such system to separate at least the admin and user accounts if their sysadmins actually know what they are doing.

[ReadyPlayerOne]

Windows O/S is different and not the same as KP. Let's not go down this rabbit hole shall we. If you password protect KP Admin or Standard user still need the master password to gain access and if your not doing this then your asking for trouble from Standard user seeing all the logins. If you don't want a standard user accessing Admin KP database they should have their own KP database for standard user created in their account.