forked from onSec-fr/Keepass-Enhanced-Security-Configuration
-
Notifications
You must be signed in to change notification settings - Fork 0
/
KeePass.config.enforced.xml
73 lines (73 loc) · 2.68 KB
/
KeePass.config.enforced.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?xml version="1.0" encoding="utf-8"?>
<Configuration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Ref https://keepass.info/help/kb/config_enf.html -->
<Application>
<!-- Disable triggers -->
<TriggerSystem>
<Enabled>false</Enabled>
<Triggers MergeContentMode="Replace" />
</TriggerSystem>
<!-- Disable automatic update -->
<Start>
<CheckForUpdate>false</CheckForUpdate>
<CheckForUpdateConfigured>true</CheckForUpdateConfigured>
</Start>
</Application>
<!-- Specifying UI Element States : https://keepass.info/help/v2_dev/customize.html#uiflags -->
<UI>
<!-- Disable 'Help' → 'Check for Updates' menu item. -->
<UIFlags>32</UIFlags>
</UI>
<Security>
<!-- Edit Policy -->
<Policy>
<ChangeMasterKeyNoKey>false</ChangeMasterKeyNoKey>
<PrintNoKey>false</PrintNoKey>
<EditTriggers>false</EditTriggers>
<Plugins>false</Plugins>
<Export>false</Export>
<ExportNoKey>false</ExportNoKey>
<Import>false</Import>
<Print>false</Print>
<CopyWholeEntries>false</CopyWholeEntries>
<DragDrop>false</DragDrop>
<UnhidePasswords>false</UnhidePasswords>
</Policy>
<!-- Enforce automatic locking -->
<WorkspaceLocking>
<LockOnSessionSwitch>true</LockOnSessionSwitch>
<LockOnSuspend>true</LockOnSuspend>
<LockAfterTime>600</LockAfterTime>
<LockAfterGlobalTime>3600</LockAfterGlobalTime>
<LockOnRemoteControlChange>true</LockOnRemoteControlChange>
</WorkspaceLocking>
<!-- Master password requirements -->
<MasterPassword>
<MinimumLength>16</MinimumLength>
<MinimumQuality>80</MinimumQuality>
</MasterPassword>
<!-- Enable Secure Desktop (ref https://keepass.info/help/kb/sec_desk.html) -->
<MasterKeyOnSecureDesktop>true</MasterKeyOnSecureDesktop>
<!-- Clear clipboard after x sec -->
<ClipboardClearAfterSeconds>10</ClipboardClearAfterSeconds>
<!-- Protect Keepass process with DACL - Use with caution - -->
<ProtectProcessWithDacl>true</ProtectProcessWithDacl>
<!-- Prevent Screen Capture - Use with caution - -->
<PreventScreenCapture>true</PreventScreenCapture>
</Security>P
<!-- Replace default password generator -->
<PasswordGenerator>
<AutoGeneratedPasswordsProfile>
<GeneratorType>CharSet</GeneratorType>
<Length>12</Length>
<CharSetRanges>ULDS______</CharSetRanges>
<ExcludeLookAlike>true</ExcludeLookAlike>
<NoRepeatingCharacters>true</NoRepeatingCharacters>
</AutoGeneratedPasswordsProfile>
</PasswordGenerator>
<!-- Enforce Proxy configuration -->
<Integration>
<ProxyType>System</ProxyType>
<ProxyAuthType>Auto</ProxyAuthType>
</Integration>
</Configuration>