|
Preliminaries
Most options below are configured by directly editing the
KeePass.config.xml configuration file. If you're planning to
deploy a customized KeePass version, you should fully understand the
KeePass configuration system,
especially how to enforce some settings and leave others up to users.
Note that KeePass features a rich plugin framework. If there's no
item in the XML file to configure what you're thinking about, you might
want to write a plugin.
Minimum Master Password Requirements
You can specify several properties that master passwords must have
in order to be accepted (length, estimated quality, ...).
See Specifying Minimum Master Password
Properties.
Specifying UI Element States
The state (enabled, disabled, visible, hidden) of several user interface
(UI) elements can be specified using the UIFlags value
of the UI node in the configuration file.
This can be a bitwise combination of one or more of
the following flags:
Flag (Hex) | Flag (Dec) |
Description |
0x0 | 0 |
Don't force any states (default). |
0x1 | 1 |
Disable 'Tools' → 'Options' menu item. |
0x2 | 2 |
Disable 'Tools' → 'Plugins' menu item. |
0x4 | 4 |
Disable 'Tools' → 'Triggers' menu item. |
0x8 | 8 |
Disable controls to specify after how many
days the master key should/must be changed. |
0x10 | 16 |
Hide password quality progress bars and information labels. |
0x20 | 32 |
Disable 'Help' → 'Check for Updates' menu item. |
0x40 | 64 |
Disable 'Tools' → 'Database Tools' → 'XML Replace' menu item. |
0x80 | 128 |
Disable 'File' → 'Database Settings' menu item. |
0x10000 | 65536 |
Hide built-in profiles in the
password generator context menu of the entry editing dialog. |
0x20000 | 131072 |
Show UI elements related to last access times.
Note: Databases are not marked as modified when a last access time
changes. Thus, when only last access times are changed and the user closes the
database (without saving manually first and without a save forced e.g. by a trigger or plugin),
the changes to the last access times are lost. |
0x40000 | 262144 |
Do not display information dialogs when creating a new database. |
0x80000 | 524288 |
Do not display auto-type obfuscation compatibility information dialogs. |
0x100000 | 1048576 |
Do not clear the quick search terms list when closing/locking a database.
Note: Even if this flag is set, the list is cleared when exiting
KeePass. If you frequently perform the same searches, consider using
tags or
search profiles. |
0x200000 | 2097152 |
Enable the Input Method Editor (IME) on
secure desktops.
This can result in problems (black screen, IME/CTF process with
high CPU usage, ...). See
'Why
does the Input Method Editor (IME) not work?'. |
0x400000 | 4194304 |
Automatically adjust weak key transformation
settings to the current default values, without a warning/confirmation dialog.
If this UIFlags bit is set, the option
'Show warning when the key transformation settings are weak'
(which is activated by default) has no effect. When adjusting the
key transformation settings, the database is marked as modified. |
The value of UIFlags must be specified in decimal notation.
For example, if you want to disable the 'Options' and 'Check for Updates'
menu items, you'd specify 33 as value for the UIFlags node
(0x1 + 0x20 = 1 + 32 = 33).
More Options
- Configuration/Application/ConfigSave:
If this option is set to false , KeePass does not save
any configuration settings (i.e. the configuration is loaded normally,
but changes to it are discarded when exiting KeePass).
- Configuration/Application/ExpirySoonDays:
Specifies the number of days within which entries are considered
to expire "soon". The default value is 7.
- Configuration/Application/HelpUrl:
Specifies the URL that is opened for a help page.
This overrides all other help sources (local and online).
Spr-compiled;
the relative help page path is inserted by {BASE} .
This element is used only if it is stored in the
enforced
configuration file.
- Configuration/Defaults/WinFavsBaseFolderName:
For the 'Windows Favorites' export:
name of the root folder; the default value is 'KeePass'.
- Configuration/Defaults/WinFavsFileNamePrefix:
For the 'Windows Favorites' export:
prefix for the title of every favorite; the default value is an empty string.
- Configuration/Defaults/WinFavsFileNameSuffix:
For the 'Windows Favorites' export:
suffix for the title of every favorite; the default value is an empty string.
- Configuration/Integration/AutoTypeInterKeyDelay:
Specifies the default delay (in ms) between two keypresses sent by auto-type.
The minimum is 1 ms.
Note that very small delays may result in target applications not being able
to process the keypresses correctly.
- Configuration/Integration/AutoTypeAbortOnWindows:
This node may contain one or more Window nodes that
specify disallowed auto-type target windows (the value of each node must
be a target window filter).
For example, the following configuration disallows auto-typing into
WordPad and LibreOffice Writer:
<AutoTypeAbortOnWindows>
<Window>* - WordPad</Window>
<Window>* - LibreOffice Writer</Window>
</AutoTypeAbortOnWindows>
- Configuration/Security/MasterKeyTries:
Specifies how often the master key dialog appears when entering incorrect
master keys. The default value is 3.
- Configuration/Security/ProtectProcessWithDacl:
If this option is set to true , KeePass protects its process with a
discretionary access control list (DACL).
Please note that this also blocks legitimate other software
(accessibility-related tools like Windows Narrator, other security
products like anti-virus programs or firewalls, tools providing user interface
enhancements, etc.) from working with KeePass. Furthermore, various problems
like application hangs, exceptions and crashes may occur.
Therefore, this option is turned off by default and can only be turned on
by manually editing the configuration file.
It only works reasonably in very specific, limited usage scenarios
and is not recommended for most users.
This option works on Windows only and requires the KeePassLibC DLL
(included in default installations and packages).
- Configuration/UI/TrayIcon/ShowOnlyIfTrayedEx:
If this option is set to true , the KeePass icon in the
system tray is displayed only if the main window has been minimized
to the tray.
Turning on this option can result in denial-of-service problems.
If you want to hide the KeePass icon, it is recommended to configure
this in the system settings instead;
see 'Customize the taskbar notification area'.
|
|