1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
<meta name="author" content="Dominik Reichl" />
<meta name="DC.title" content="Configuration - KeePass" />
<meta name="DC.creator" content="Dominik Reichl" />
<meta name="DC.type" content="Text" />
<meta name="DC.format" content="text/html" />
<meta name="DC.language" content="en" />
<meta name="DC.rights" content="Copyright (C) 2003-2024 Dominik Reichl" />
<meta name="robots" content="index, follow" />
<title>Configuration - KeePass</title>
<base target="_self" />
<link rel="stylesheet" type="text/css" href="../../default.css" />
</head>
<body>
<table class="sectionheader"><tr>
<td><img src="../images/b64x64_kmultiple.png" alt="" /></td>
<td><h1>Configuration</h1>
<p>Details about how and where KeePass stores its configuration.</p></td>
</tr></table>
<ul>
<li><a href="#gen">General</a></li>
<li><a href="#local">Installation by Administrator, Usage by User</a></li>
<li><a href="#portable">Portable Version</a></li>
<li><a href="#itp">Create Portable Version of Installed KeePass</a></li>
<li><a href="#network">For Network Administrators: Enforced Configuration</a></li>
<li><a href="#enableenf">Enabling Enforcement-Requiring Items Again (2.x)</a></li>
<li><a href="#tech">Technical Details</a></li>
</ul>
<br />
<a name="gen"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_kmultiple.png" alt="" />
General</h2>
<p>KeePass supports multiple locations for storing configuration information:
the <i>global</i> configuration file in the KeePass application directory,
a <i>local</i> user-dependent one in the user's private configuration folder, and
an <i>enforced</i> configuration file in the KeePass application directory.
The first one is called <i>global</i>,
because everyone using this KeePass installation will
write to the same configuration file (and possibly overwriting settings of other
users). The second one is called <i>local</i>, because changes made to this configuration
file only affect the current user.</p>
Configuration files are stored in XML format.<br /><br />
<table class="tablebox">
<tr><th>Configuration</th><th>Location</th><th>Typical File Path</th></tr>
<tr>
<td>Global</td>
<td>Application Directory</td>
<td>C:\Program Files\KeePass Password Safe 2\KeePass.config.xml</td>
</tr>
<tr>
<td>Global (Virtualized)</td>
<td>Windows Virtual Store</td>
<td>C:\Users\<i>User Name</i>\AppData\Local\VirtualStore\Program Files\KeePass Password Safe 2\KeePass.config.xml</td>
</tr>
<tr>
<td>Local</td>
<td>User Application Data</td>
<td>C:\Users\<i>User Name</i>\AppData\Roaming\KeePass\KeePass.config.xml</td>
</tr>
<tr>
<td>Enforced</td>
<td>Application Directory</td>
<td>C:\Program Files\KeePass Password Safe 2\KeePass.config.enforced.xml</td>
</tr>
</table>
<!-- <p>On 32-bit systems, the name of the program files folder is 'Program Files'
instead of 'Program Files (x86)'.</p> -->
<p>On Linux systems, the local configuration file is typically stored in
'$XDG_CONFIG_HOME/KeePass' (which often is '~/.config/KeePass',
where '~' is the user's home directory).</p>
<br />
<a name="local"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_package_system.png" alt="" />
Installation by Administrator, Usage by User</h2>
<p>If you use the KeePass installer and install the program with administrator rights,
the program directory will be write-protected when working
as a normal/limited user. KeePass will use local configuration files, i.e. save and load
the configuration from a file in your user directory.</p>
<p>Multiple users can use the locally installed KeePass. Configuration settings
will not be shared and can be configured individually by each user.</p>
<br />
<a name="portable"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_usbpendrive_unmount.png" alt="" />
Portable Version</h2>
<p>If you downloaded the portable version of KeePass (ZIP package), KeePass will
try to store its configuration in the application directory. No configuration
settings will be stored in the user directory (if the global configuration file is
writable).</p>
<br />
<a name="itp"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_usbpendrive_unmount.png" alt="" />
Create Portable Version of Installed KeePass</h2>
<p>If you are currently using a locally installed version of KeePass
(installed by the KeePass installer) and want to create a portable version of it,
first copy all files of KeePass to the portable device. Then get the configuration file
from your user directory (application data, see above) and copy it
over the configuration file on the portable device.</p>
<br />
<a name="network"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_server.png" alt="" />
For Network Administrators: Enforced Configuration</h2>
<p>Settings in an <dfn>enforced configuration file</dfn>
take precedence over settings in global and local
configuration files.</p>
<p>This feature is intended primarily for network administrators
who want to enforce certain settings for users of a shared
KeePass installation.</p>
<p>For details, please see the
<a href="https://keepass.info/help/kb/config_enf.html" target="_blank">Enforced Configuration</a>
help page.</p>
<br />
<a name="enableenf"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_file_locked.png" alt="" />
Enabling Enforcement-Requiring Items Again (2.x)</h2>
<p>Certain feature items are saved to the
<a href="https://keepass.info/help/kb/config_enf.html" target="_blank">enforced configuration</a>
file.
Under certain circumstances, there may be such items in the regular
configuration file only (e.g. when you copy the regular configuration
file to a new PC, but not the enforced one).
If you want to continue using the items, you have to enable them again.
This may require administrator permission; KeePass shows a User Account Control
dialog, if necessary.</p>
<p>If you are using an installed KeePass version (setup EXE or MSI) and
one or more of the following features, please note:</p>
<ul class="withspc">
<li><a href="https://keepass.info/help/v2/triggers.html" target="_blank">Triggers</a>:<br />
If your triggers are not stored in the enforced configuration file,
KeePass disables the trigger system.
If you want to continue using your triggers, open the 'Triggers' dialog
(via the main menu item 'Tools' → 'Triggers'),
activate the 'Enable trigger system' option, check all triggers
(with regard to security, privacy, functionality, compatibility, etc.)
and click the 'OK' button.</li>
<li><a href="autourl.html#override">Global URL overrides</a>:<br />
If your global URL overrides are not stored in the enforced configuration file,
KeePass disables them
(individually; therefore, it is recommended that you remember the overrides that
you have enabled, e.g. by taking a screenshot).
If you want to continue using your overrides, open the 'URL Overrides' dialog
(via the main menu item 'Tools' → 'Options' → tab 'Integration' →
button 'URL Overrides'), check all desired overrides
(with regard to security, privacy, functionality, compatibility, etc.),
enable them and click the 'OK' button.</li>
<li><a href="pwgenerator.html#profiles">Password generator profiles</a>:<br />
If your password generator profiles are not stored in the enforced configuration file,
KeePass disables them.
If you want to continue using your profiles, open the 'Password Generator' dialog
(via the main menu item 'Tools' → 'Generate Password'), click the
shield button (top right) and check all profiles
(with regard to security, privacy, functionality, compatibility, etc.).</li>
</ul>
<p>If you are using the portable ZIP package, KeePass tries to migrate
triggers, URL overrides and password generator profiles automatically.</p>
<br />
<a name="tech"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_kmultiple.png" alt="" />
Technical Details</h2>
<p>This section explains in detail how loading and saving the configuration works.</p>
<p>When KeePass starts up and finds both global and local configuration files, it must
decide the order in which KeePass tries to get the configuration items.
This is controlled by the
(<code>Kee</code>)<code>PreferUserConfiguration</code> flag in the global configuration
file. If it is not present, it defaults to <i>false</i>.</p>
<p>The flag is set to <i>true</i> in the global configuration file of the
KeePass installer package. The portable ZIP package does not contain a configuration file,
consequently the flag defaults to <i>false</i>.</p>
Loading:
<ul>
<li>Try to get the configuration item from the enforced configuration file.
If found, use this one.</li>
<li>If the <code>PreferUserConfiguration</code> flag is <i>true</i>, use the item from
the local configuration file, otherwise use the item from the global one.
If the chosen configuration file does not contain the item, use the default value.</li>
</ul>
Saving:
<ul>
<li>If the <code>PreferUserConfiguration</code> flag is <i>true</i>, try to store
all configuration items into the local configuration file.
If this fails, report the error and try to store them into the global configuration file.
If this fails, report the error.</li>
<li>If the <code>PreferUserConfiguration</code> flag is <i>false</i>, try to store
all configuration items into the global configuration file.
If this fails, report the error and try to store them into the local configuration file.
If this fails, report the error.</li>
</ul>
The path of the local configuration file can be changed
using the '<code>-cfg-local:</code>' <a href="cmdline.html">command line</a> parameter.
<!-- <p>If the enforced configuration is used, KeePass makes no attempt to save the current
configuration.</p> -->
</body></html>
|
