I'm using KeePass 2.54 installed on a server I'm not managing (please skip pointing out the security implications of it). When trying to create a user-defined profile for the password generator from an RDP session, I see a message talking about enforced configuration, and I'm asked for an administrator password (which I don't have/know):
Reading about Enforced Configuration, I checked for a file named KeePass.config.enforced.xml
, but I could not find one; instead I only found KeePass.config.xml
with this content:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Meta>
<PreferUserConfiguration>true</PreferUserConfiguration>
</Meta>
</Configuration>
So my guess would be that KeePass2 saves my preferences in a user-specific file (known as "Local Configuration"), but would not overwrite the KeePass.config.xml
file (known as "Global Configuration").
Actually I found %APPDATA%\Keepass\KeePass.config.xml
that contains the predefined password generator profiles and other user-specific settings.
So it seems to be writable by my user.
I'm owner of that file and I have full access rights on it.
Reference
I think "Installation by Administrator, Usage by User" should apply:
If you use the KeePass installer and install the program with administrator rights, the program directory will be write-protected when working as a normal/limited user. KeePass will use local configuration files, i.e. save and load the configuration from a file in your user directory.
Multiple users can use the locally installed KeePass. Configuration settings will not be shared and can be configured individually by each user.
So I wonder:
- Is it a configuration bug that prevents creating user-defined password profiles?
- Is it a software bug?
- Did I (or the administrator installing the software) do something wrong?
- Is there actually an enforced configuration (I think: No)?
Related
Maybe you want to read Password generation profiles sync and #2826 Store Password Generator Profiles within the database, too.
%APPDATA%
. And it seems user-defined configuration is allowed. So I don't see where the admin did enforce this restriction. Are asked in another way: What should the administrator do then?