The global keepass.ini is on a write protected share that you can force options with. I get that part. How about the local user configurable keepass.ini? It's in the "Users's application directory"?? That's like C:\documents and settings\username\application data\keepass\keepass.ini ???
Does keepass make that folder, and the ini file all by itself? We use roaming profiles, so that file will follow the user, but all our global settings from the read only share will be applied right?. Can I use UNC pathnames in the ini file in case the user has a different drive mapped at their current location? How about environment variables? \\beavis\passwords\%username%.kdb for a forced db save file would kinda rock.
I really want implement keepass at our bank, but I need to make it idiot proof. Thanks for any help guys. If it works smoothly for us a decent donation shouldn't be a problem...:) - Joe
The mass install to the 300 users is shaping up.
Ok, it will use a UNC path for it's last open database in the ini file. The UNC will point to a replicated global share they have access to. The blank database will be their username.kdb
Push a registry key associating KDB files to keepass.exe on a drive everyone has. This share will have the locked down keepass.ini settings.
Push a shortcut to their username.kdb file to their profiles roaming desktop folder.
I think my last problem is how to force them to change their default keepass password, and make it a strong password?
Hasn't anyone ever deployed keepass on a large scale? I feel like I'm inventing the wheel alone here guys! :( - Joe
It is the weekend Joe ;-)
KeePass creates the directory and file if it can't write to the program path.
UNC paths shouldn't be a problem, it's a Windows thing really.
I don't know of any way to require a password change unless you write an AutoIt script to force their hand.
Log in to post a comment.