Start a new topic
Answered

Default policy/setting to disable saving doc password to Windows Cred manager

Hi,

Upon review of the scripting/default setting reference information, I cant see a way to disable the ability for someone to choose the "Store Password in Windows Credential manager" option.

image


This is due to an internal policy of not using it due to it vulnerabilities.

Does this setting exist? If not can it be added please? 

Thanks



Best Answer

Hi Charlie,


right now there's no way to disable this option but I implemented a new property called PolicyDoNotAllowWindowsCredentialManager (for the RoyalApplicationSetting object) in the next minor release which can be set through our configuration system:

https://docs.royalapps.com/r2021/royalts/advanced/default-settings.html


Regards,
Stefan



Answer

Hi Charlie,


right now there's no way to disable this option but I implemented a new property called PolicyDoNotAllowWindowsCredentialManager (for the RoyalApplicationSetting object) in the next minor release which can be set through our configuration system:

https://docs.royalapps.com/r2021/royalts/advanced/default-settings.html


Regards,
Stefan



1 person likes this

Legend! many thanks!



Just to check (as the documentation obviously wont show yet -  https://docs.royalapps.com/r2021/scripting/objects/options/royalapplicationsetting.html#policy)

 would that format be:
"PolicyDoNotAllowWindowsCredentialManager" : true,
or
"PolicyDoNotAllowWindowsCredentialManager (for the RoyalApplicationSetting object)": true,

Also I also assume no harm if I pre-stage this setting now in anticipation of the update? 

Thanks

It would be like that in json:

{
    "RoyalApplicationSetting" : {
        "PolicyDoNotAllowWindowsCredentialManager": true
    }
}


as environment variable:

RTSDefault_RoyalApplicationSetting__PolicyDoNotAllowWindowsCredentialManager = True


or registry:

[HKEY_CURRENT_USER\Software\Policies\RoyalApps\RoyalTS\Initial\RoyalApplicationSetting]

"PolicyDoNotAllowWindowsCredentialManager"="true"



And yes, pre-deploying the setting causes no harm and will be picked up as soon as the new version is installed...


1 person likes this
Login or Signup to post a comment