Professional Documents
Culture Documents
Inhalt
Contents
Preface
13
13
Safety
16
Licensing
17
Usage scenarios
20
Editions
22
1 Personal
Edition
..............................................................................................................................................
23
2 Standard
Edition
..............................................................................................................................................
24
3 Professional
Edition
..............................................................................................................................................
26
4 Enterprise
Edition
..............................................................................................................................................
30
5 Enterprise
Server
..............................................................................................................................................
34
6 iOS App
(iPhone, iPad, etc.)
..............................................................................................................................................
36
7 Android
App
..............................................................................................................................................
37
8 Web Access
.............................................................................................................................................. 38
First steps
39
1 System..............................................................................................................................................
preconditions
39
2 Quick Start
Guides
..............................................................................................................................................
40
Singleuser ............................................................................................................................................................................ 40
Multiuser
............................................................................................................................................................................ 40
Client- / server
............................................................................................................................................................................ 41
3 Download
and installation
..............................................................................................................................................
42
Local installation
............................................................................................................................................................................ 43
Netw ork share
............................................................................................................................................................................
/ netw ork installation
43
Term inal server
............................................................................................................................................................................
/ citrix installation
44
Databases m em
............................................................................................................................................................................
ory location
44
4 Update.............................................................................................................................................. 44
5 Upgrade
v5, v6 to v7
..............................................................................................................................................
45
6 Import..............................................................................................................................................
of PSX backups (v5, v6, v7)
45
7 Demo version
.............................................................................................................................................. 46
8 Activation
.............................................................................................................................................. 47
Activation of Personal
............................................................................................................................................................................
and Standard Edition
47
Activation via Softw
...................................................................................................................................................................
are Activation Assistant
47
Extend w ith a module
...................................................................................................................................................................
key
51
Activation w ith a...................................................................................................................................................................
License Certificate
51
2015 MATESO GmbH
9 Database
concept
..............................................................................................................................................
60
10 Set up..............................................................................................................................................
database
62
Singleuser database
............................................................................................................................................................................ 63
Multiuser database
............................................................................................................................................................................ 70
Link w ith an existing
............................................................................................................................................................................
database
77
11 Enterprise
server connection certificate
..............................................................................................................................................
83
12 Backup.............................................................................................................................................. 85
Single and m ultiuser
............................................................................................................................................................................
databases
85
Client- /server............................................................................................................................................................................
databases
86
13 Database
login
..............................................................................................................................................
86
14 User Login
.............................................................................................................................................. 87
Login w ith Passw
............................................................................................................................................................................
ord Safe users
90
Login w ith active
............................................................................................................................................................................
directory users
91
Login via PKI /............................................................................................................................................................................
certificate
95
Login problem
............................................................................................................................................................................
s
97
15 Basic settings
.............................................................................................................................................. 99
General settings
............................................................................................................................................................................ 99
General
................................................................................................................................................................... 100
Safety
................................................................................................................................................................... 101
Folders
................................................................................................................................................................... 102
Clipboard
................................................................................................................................................................... 104
Passw ord
................................................................................................................................................................... 105
Hot keys
................................................................................................................................................................... 108
Quick access ................................................................................................................................................................... 111
Internet Brow ser
................................................................................................................................................................... 112
Brow ser addons
................................................................................................................................................................... 113
Documents
................................................................................................................................................................... 114
Messaging
................................................................................................................................................................... 118
Search
................................................................................................................................................................... 119
Dow nload
................................................................................................................................................................... 119
Records
................................................................................................................................................................... 119
Database settings
............................................................................................................................................................................ 120
General
................................................................................................................................................................... 120
Auto backup ................................................................................................................................................................... 121
Currencies
................................................................................................................................................................... 122
Logbook
................................................................................................................................................................... 123
Passw ord
................................................................................................................................................................... 125
Seal
................................................................................................................................................................... 126
Locking
................................................................................................................................................................... 128
Release system................................................................................................................................................................... 128
Right management
................................................................................................................................................................... 128
USB stick
................................................................................................................................................................... 129
Offline mode ................................................................................................................................................................... 130
Mobile devices ................................................................................................................................................................... 134
Reports
................................................................................................................................................................... 136
HTML-Webview................................................................................................................................................................... 139
Personal settings
............................................................................................................................................................................ 139
2015 MATESO GmbH
Inhalt
Language
................................................................................................................................................................... 139
Color scheme ................................................................................................................................................................... 140
Auto login ............................................................................................................................................................................ 140
Plugins
............................................................................................................................................................................ 141
Standard USB stick
................................................................................................................................................................... 147
PKCS#11
................................................................................................................................................................... 150
Passw ord key USB
...................................................................................................................................................................
key (outdated)
155
Modules
............................................................................................................................................................................ 156
Netw ork logon ................................................................................................................................................................... 156
Terminal server...................................................................................................................................................................
/ citrix
156
Without client licensing
................................................................................................................................................................... 156
Handling
157
1 User interface
..............................................................................................................................................157
Folder and navigation
............................................................................................................................................................................ 160
Detail area ............................................................................................................................................................................ 161
Tabs
............................................................................................................................................................................ 163
Quick access............................................................................................................................................................................ 164
Quick access............................................................................................................................................................................
toolbar
166
Data sheet functions
............................................................................................................................................................................ 167
Quick search ................................................................................................................................................................... 167
Show or hide columns
................................................................................................................................................................... 168
Arrangement ................................................................................................................................................................... 168
Sorting
................................................................................................................................................................... 169
2 My profile
..............................................................................................................................................170
3 Handling
of data
..............................................................................................................................................
172
Folders
............................................................................................................................................................................ 172
Add folder
................................................................................................................................................................... 172
Redefine folder ................................................................................................................................................................... 174
Copy folder
................................................................................................................................................................... 175
Move folder
................................................................................................................................................................... 176
Delete folder ................................................................................................................................................................... 177
External links ................................................................................................................................................................... 177
Favourite folders
................................................................................................................................................................... 178
Edit folder
................................................................................................................................................................... 179
Folder quick search
................................................................................................................................................................... 183
Search folders ................................................................................................................................................................... 184
Private folders ................................................................................................................................................................... 186
Datasets (e.g.
............................................................................................................................................................................
passw ords)
188
Add dataset ................................................................................................................................................................... 189
Edit dataset
................................................................................................................................................................... 195
htaccess connection
............................................................................................................................................................... 196
Move dataset ................................................................................................................................................................... 199
Copy dataset ................................................................................................................................................................... 201
Delete dataset ................................................................................................................................................................... 201
Print dataset ................................................................................................................................................................... 201
Use datasets ................................................................................................................................................................... 202
Copy user name................................................................................................................................................................... 203
Copy passw ord................................................................................................................................................................... 203
Copy URL
................................................................................................................................................................... 203
Copy array
................................................................................................................................................................... 203
Clear clipboard ................................................................................................................................................................... 205
Go to folder
................................................................................................................................................................... 205
2015 MATESO GmbH
4 Search..............................................................................................................................................253
Global search
............................................................................................................................................................................ 254
Extended search
............................................................................................................................................................................ 254
User filter
................................................................................................................................................................... 256
Search for passw
...................................................................................................................................................................
ords
256
Search for documents
................................................................................................................................................................... 259
Search for messages
................................................................................................................................................................... 260
Search for tasks
................................................................................................................................................................... 260
Search for banks
................................................................................................................................................................... 261
Search for seals
................................................................................................................................................................... 262
Search profiles/recurrent
...................................................................................................................................................................
search
262
Change form ................................................................................................................................................................... 263
Inhalt
5 Forms ..............................................................................................................................................264
Create a form
............................................................................................................................................................................ 264
Export / im port
............................................................................................................................................................................
form s
273
Edit/extend a............................................................................................................................................................................
form
275
Delete form ............................................................................................................................................................................ 277
6 Password
guideline
..............................................................................................................................................
278
Manage passw
............................................................................................................................................................................
ord guidelines
278
Check passw
............................................................................................................................................................................
ord guidelines
281
7 Single ..............................................................................................................................................
password generator
282
8 Seal ..............................................................................................................................................284
Seal a dataset
............................................................................................................................................................................ 285
Require to unseal
............................................................................................................................................................................ 290
Sealing m essages
............................................................................................................................................................................
and unseal
294
Break seal ............................................................................................................................................................................ 295
Delete seal /............................................................................................................................................................................
seal again
298
Sealing logbook
............................................................................................................................................................................ 300
Sealing tem plates
............................................................................................................................................................................ 301
9 Lock/unlock
..............................................................................................................................................309
Install lock ............................................................................................................................................................................ 310
Delete lock ............................................................................................................................................................................ 311
Use lock
............................................................................................................................................................................ 312
Locking tem............................................................................................................................................................................
plates
313
10 Releases
..............................................................................................................................................319
Create and m
............................................................................................................................................................................
anage releases
320
Use releases............................................................................................................................................................................ 327
11 Automativ
entry (Applications)
..............................................................................................................................................
327
Install brow ser
............................................................................................................................................................................
addons
328
Mozilla Firefox ................................................................................................................................................................... 329
Google Chrome................................................................................................................................................................... 330
Opera
................................................................................................................................................................... 332
Opera Next
................................................................................................................................................................... 332
Safari
................................................................................................................................................................... 333
Update brow............................................................................................................................................................................
ser addons
333
Delete brow ser
............................................................................................................................................................................
addons
334
Convert older
............................................................................................................................................................................
applications
337
Create applications
............................................................................................................................................................................ 341
Fill in form fields...................................................................................................................................................................
(w eb brow ser)
345
Script for entry ...................................................................................................................................................................
sequence
350
Controls
................................................................................................................................................................... 351
htaccess
................................................................................................................................................................... 354
Edit applications
............................................................................................................................................................................ 354
Delete applications
............................................................................................................................................................................ 355
Exam ples ............................................................................................................................................................................ 356
Brow ser application
................................................................................................................................................................... 356
Existing passw...............................................................................................................................................................
ord
356
New passw ord
...............................................................................................................................................................
via addon
359
New start of a...............................................................................................................................................................
dataset
361
Window s application
................................................................................................................................................................... 365
Parameter passing
...................................................................................................................................................................
to application
368
Login w ith script
................................................................................................................................................................... 372
Passw ord entry...................................................................................................................................................................
w ith hot key
380
Autom atische
............................................................................................................................................................................
Eintragung ohne Anw endung
382
2015 MATESO GmbH
12 Anmeldung
an SAP
..............................................................................................................................................
385
13 Remote
desktop connections
..............................................................................................................................................
386
14 Workflow
management
..............................................................................................................................................
390
Filter function
............................................................................................................................................................................ 391
Start w orkflow
............................................................................................................................................................................ 393
Wildcard character
............................................................................................................................................................................ 399
Logical links............................................................................................................................................................................ 401
Workflow Events
............................................................................................................................................................................ 411
Edit after application
................................................................................................................................................................... 411
Delete after application
................................................................................................................................................................... 411
After new application
................................................................................................................................................................... 412
Edit before application
................................................................................................................................................................... 412
Delete before application
................................................................................................................................................................... 412
Before new application
................................................................................................................................................................... 413
After task status
...................................................................................................................................................................
change
413
After new task ...................................................................................................................................................................
for user
413
Before task status
...................................................................................................................................................................
change
413
After user editing
................................................................................................................................................................... 414
After printing user
................................................................................................................................................................... 414
After opening user
................................................................................................................................................................... 414
Nach Benutzerpassw
...................................................................................................................................................................
ort ndern
414
Edit after group................................................................................................................................................................... 415
After printing group
................................................................................................................................................................... 415
After deleting group
................................................................................................................................................................... 415
After adding group
................................................................................................................................................................... 415
After opening group
................................................................................................................................................................... 416
After deleting private
...................................................................................................................................................................
data
416
After new user................................................................................................................................................................... 416
After changing ...................................................................................................................................................................
the user memberships
416
After changing ...................................................................................................................................................................
the group memberships
417
Edit before user................................................................................................................................................................... 417
Before printing ...................................................................................................................................................................
user
417
Before opening...................................................................................................................................................................
user
418
Before changing
...................................................................................................................................................................
user passw ord
418
Edit before group
................................................................................................................................................................... 418
Before printing group
................................................................................................................................................................... 418
Before deleting ...................................................................................................................................................................
group
418
Before adding group
................................................................................................................................................................... 419
Before opening...................................................................................................................................................................
group
419
Before opening...................................................................................................................................................................
the user and group management
419
Before deleting ...................................................................................................................................................................
private data
419
Before new user
................................................................................................................................................................... 420
Before changing
...................................................................................................................................................................
the user memberships
420
Before changing
...................................................................................................................................................................
the group memberships
420
After saving database
...................................................................................................................................................................
settings
421
Before saving database
...................................................................................................................................................................
settings
421
Before opening...................................................................................................................................................................
database settings
421
Create after USB
...................................................................................................................................................................
stick
421
Synchronize after
...................................................................................................................................................................
mobile device
422
Create before USB
...................................................................................................................................................................
stick
422
Synchronize before
...................................................................................................................................................................
mobile device
422
After new mail ................................................................................................................................................................... 422
After deleting logbook
................................................................................................................................................................... 423
2015 MATESO GmbH
Inhalt
10
15 System..............................................................................................................................................
tasks
477
SMTP m ail (reports)
............................................................................................................................................................................ 482
Sending SMTP
............................................................................................................................................................................
m essages
485
Sending SMTP
............................................................................................................................................................................
tasks
485
Active Directory
............................................................................................................................................................................
synchronization
486
Seal
............................................................................................................................................................................ 487
Locking
............................................................................................................................................................................ 489
WebView er export
............................................................................................................................................................................ 490
Logbook export
............................................................................................................................................................................ 491
Exam ples ............................................................................................................................................................................ 492
Example task for
...................................................................................................................................................................
SMTP mail (expiring passw ords)
492
Example seal ................................................................................................................................................................... 502
16 WebViewer
..............................................................................................................................................507
Preconditions
............................................................................................................................................................................ 507
WebView er export
............................................................................................................................................................................ 508
Handling of the
............................................................................................................................................................................
WebView er
514
17 Right management
..............................................................................................................................................519
In general ............................................................................................................................................................................ 519
First steps ............................................................................................................................................................................ 519
First login ............................................................................................................................................................................ 520
2015 MATESO GmbH
Inhalt
11
18 Active ..............................................................................................................................................
Directory connection
552
Settings
............................................................................................................................................................................ 553
Readout/im port
............................................................................................................................................................................
users and groups
556
Active Directory
............................................................................................................................................................................
synchronisation
561
Active Directory
............................................................................................................................................................................
elem ents
564
Activate / deactivate
............................................................................................................................................................................
elem ents
568
Update to version
............................................................................................................................................................................
6.3
570
19 Reporting
and interpretation
..............................................................................................................................................
576
Reports
............................................................................................................................................................................ 576
Report User ............................................................................................................................................................................
Rights
577
Logbook
............................................................................................................................................................................ 579
Dataset logbook................................................................................................................................................................... 580
Folder logbook ................................................................................................................................................................... 581
20 Icons ..............................................................................................................................................581
21 Labels..............................................................................................................................................583
22 Import..............................................................................................................................................585
Im port form ............................................................................................................................................................................
data
586
Im port users............................................................................................................................................................................
and groups
594
23 Export..............................................................................................................................................596
24 Set up..............................................................................................................................................
USB stick
597
25 Enterprise
Server
..............................................................................................................................................
597
Sessions ............................................................................................................................................................................ 598
Gesperrte Benutzer
............................................................................................................................................................................ 599
Miscellaneous
600
1 Removal
on a new PC
..............................................................................................................................................
600
2 Updates
..............................................................................................................................................600
3 Set up..............................................................................................................................................
USB stick manually
603
11
12
4 Configure
network logon
..............................................................................................................................................
604
5 Configuration
file
..............................................................................................................................................
606
6 Environment
variables
..............................................................................................................................................
609
7 Overview
file endings
..............................................................................................................................................
610
8 Terminal
server/citrix
..............................................................................................................................................
611
9 Problem
solving
..............................................................................................................................................
611
10 Error codes
..............................................................................................................................................614
11 Support
..............................................................................................................................................617
12 Licensing
terms and conditions
..............................................................................................................................................
618
Preface
13
Preface
Password Safe and Repository Version 7
A cordial welcome to Password Safe and Repository. Password Safe is the leading complete solution
within the range of password and identity management. The highly modern and intuitive user prompt, as
well as the functional range, which has no competition so far, are making an immediate construction of a
protected password database possible to every beginner. Our software has been awarded several times
by the specialized press. Password Safe exists in many editions for the most various intended uses, from
the private user to the enterprise sector for large companies. Password Safe and Repository Version 7
continues this successful way and extends the software by important functions like the Apps for iOS and
Android.
14
15
16
Safety
We have integrated a lot of security technologies into Password Safe to save and protect your data from
access without authority.
Safety
17
We are constantly searching for new security technologies, so that we are always up-todate with the best available technology.
Despite all these technologies it is important that an active virus protection is installed, because here
normally all known software key loggers and destructive programs are cut off from the outset. This
should be understood for every PC that is out on the internet. Like for all algorithms the use of a safe
master password is very important, so you can forbid from the outset that someone can guess your
password or find out by dictionaries (Dictionary-Attack) and Brute-Force-Attacks would take millions of
years to calculate the password.
Tips for secure passwords
Sometimes you need a password you can keep in mind, but it should as well be absolutely safe, for
example for the master password of the data base. The following guidelines give you some hints, how
you can create yourself a safe and as well easy to memorize password.
A safe password should at least be 10 characters long. But it is not really safe until 16 characters.
A safe password consists of numbers, punctuation marks and special signs. Moreover it contains upper
and lower case.
If you can look up your password in a dictionary, it is not safe enough. Password cracker programs
(Brute-Force-Attack) work with such dictionaries and have a crack at their entries systematically.
The own name, names of relatives, the name of the pet, telephone numbers, car numbers, birthdays
and other data that can be found out by a research about you are unusable as a password. The same
applies to numbers like pi.
Avoid keyboard patterns like asdf and jkl.
Create passwords in which you use the initials from sentence you can easily memorize. "Starting from
now I only want to use safe passwords for my PC" makes Sfn1owtuspfmP (additionally here for
example I was replaced by 1).
A further way is to mix up numbers and words: K2e9n1n0w2o0r0t1 out of keyword and 29.10.2001.
Thereby the date should not be a common birthday.
Licensing
In this chapter it is described which licenses exist and for which use cases they are necessary
- Licensing per PC/user named user license model
- Extension with plugins / modules
Personal Edition
License
A license is always valid for one user and one computer
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
2015 MATESO GmbH
18
this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.
Standard Edition
License
A license is always valid for one user and computer
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.
Professional Edition
License
A license is alway valid for one user and computer (except in connection with the module "without client
licensing")
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.
Module: Network logon
This module extends your installation by a central database login. Therefore the login at the corporately
used database can optionally be made automatically via the network and therefore no password for the
database login has to be entered by the user. The user only identifies with his/her personal password.
The module has to be bought once for a license file and is then valid for all existing clients that log in at
this license file.
Module: Terminal server / citrix
With this module you can run the software on a terminal server or under citrix. However, generally you
need a user license for every employee or user who accesses Password Safe. The module has to be
purchased once for a license file and is then valid for all existing clients that log in at this license file. If
2015 MATESO GmbH
Licensing
19
you should use more than one terminal server (or citrix farm) you additionally need the module "without
client licensing".
Module: Without client licensing
With this module the licensing is only made per user. The counting of the clients (computers) is
deactivated and you can install Password Safe on any computers in your company. However, generally
you need a user license for every employee or user who accesses Password Safe. This kind is
appropriate for small administrator teams who need the access to Password Safe on every PC in the
company. The module has to be purchased once for a license file and then is valid for all existing clients
that log in at this license file.
Enterprise Edition
License
A license is alway valid for one user and computer (except in connection with the module "without client
licensing")
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.
Module: Network logon
This module extends your installation by a central database login. Therefore the login at the corporately
used database can optionally be made automatically via the network and therefore no password for the
database login has to be entered by the user. The user only identifies with his/her personal password.
The module has to be bought once for a license file and is then valid for all existing clients that log in at
this license file.
Module: Terminal server / citrix
With this module you can run the software on a terminal server or under citrix. However, generally you
need a user license for every employee or user who accesses Password Safe. The module has to be
purchased once for a license file and is then valid for all existing clients that log in at this license file. If
you should use more than one terminal server (or citrix farm) you additionally need the module "without
client licensing".
Module: Without client licensing
With this module the licensing is only made per user. The counting of the clients (computers) is
deactivated and you can install Password Safe on any computers in your company. However, generally
you need a user license for every employee or user who accesses Password Safe. This kind is
appropriate for small administrator teams who need the access to Password Safe on every PC in the
company. The module has to be purchased once for a license file and then is valid for all existing clients
that log in at this license file.
20
Enterprise server
Module workflow system
Via this module the software can be adapted to the requirements of the company. Therefore you can
react to certain events with the workflow system like for example the sending of e-mail messages if a
certain password has been opened. Furthermore Password Safe functions like for example the
"administration of users and groups" can be protected by different actions like the "several-eyesprinciple". Only possible in combination with the Enterprise server. The module has to be purchased once
for a license file and is then valid for all existing clients that log in at this license file.
Module web access
Via the module web access you easily and quickly have got live access per browser (SSL) to the saved
passwords. Like in a search machine, the authorized passwords can be searched. According to the
authorization it is also possible to change datasets or create new ones. So employees can access the
passwords in the company network cross-platform. Also an external use can be configured without
problems, so that also a sales representative has got live access to passwords. The Password Safe Web
Access is an additional module for the Enterprise server. In order to be able to use the module you need
an installed IIS server (Internet Information Services).
Usage scenarios
Password Safe enables you the central management of passwords, identities, license data, customer
data and other important information. Due to the many practical features the management of safety
Usage scenarios
21
critical data is made much easier for you. The high flexibility enables to adapt Password Safe to your
individual work environment so that also complex processes can be carried out easily.
In this chapter we want to introduce to you four typical application scenarios in order to relieve the
introduction to Password Safe for you.
Scenario IT sector
With structures getting more complex in the company the issue of safety gets more and more relevant.
The work of the system administrators is an important safety factor, because the configuration of
firewalls, servers and accesses is a highly sensitive area of responsibility. Here Password Safe offers
unbeatable advantages: It enables the authorization role-based up to dataset level.
Due to the integrated remote desktop connection as well as the automatic entry (SSO) the administrators
can authenticate effectively with complex passwords. Furthermore Password Safe enables the use of the
data for the automatic login with the user not being able to see the password.
Adaptable system tasks send emails periodically and inform the users about the up-to-dateness oft he
data. For example email can be generated at the beginning of the week in which the expiring or expired
passwords of the coming days are listed.
Scenario bank
Banking houses are high safety areas concerning data. A specially high data encryption and its release
only by authorized persons are standard here. By means of the Password Safe and Repository
Enterprise Edition passwords can be digitized and managed safely. The password letters with out-dated
passwords which are still used in banks today now belong to the past.
22
Our seal system at the giving away of passwords is a several eyes principle which enables a complete
logging. According to the access the fetch of a password can only be made with a release defined
before. The taking of a password must be reasoned with one or several digital signatures. Optionally a
security administrator is informed via email when a seal is broken or certain passwords are opened.
Password Safe does not only increase data safety. Digital password management deskews safety
structures in your company. This creates flexibility and efficiency.
Editions
Password Safe is available in many editions for the most various intended use, from the private user up
to the enterprise sector for huge companies.
Standard Edition
High-quality single place password management with with an enormous functional range
Professional Edition
Password and identity management in a team with network and mains operation (up to 20 users)
Editions
23
Enterprise Edition
Administrates all passwords and accesses of a company an its employees centralized, highly safe and
simple
6.1
Personal Edition
The Personal Edition of Password Safe and Repository is the ideal solution for the simple use. With the
Personal Edition you have all basic functions for the setup of a secure data safe for your data. Therefore
you will never forget a password again or give it away by writing it down. PASSWORD SAFE
administrates a password protected database of your access data. You only have to remember one main
password to have direct access to your secret data. The Personal Edition is available in the free version
(Personal Free), which is limited to records and in the Personal Edition, in which the limitation to records
can be lifted for the little amount of 9,90 euros.
24
of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.
6.2
Standard Edition
The Standard Edition of PASSWORD SAFE is the professional and comfortable solution for the
management of your data (passwords), TAN blocks and documents. The newly designed user interface is
conformed to Outlook and therefore offers an excellent overview and usability. An optional number of
databases can be opened simultaneously and "On The Fly" you can change between these databases.
Besides different folders can be opened in tabs and you can also change between them. In addition own
forms can be written or already existing forms can be edited. Your data will be secured in an optimal
way by the 12 latest encryption algorithms. Among them of course the famous and extremely safe
standard "AES" with 256 bit (Rijandel) is provided. Also the password which you use to encrypt the
database will be extrapolated by hash functions to the maximum crypto length of the encryption
algorithm used. Consequently a Brute-Force-Attack to the database file is no longer possible.
Editions
25
more. The next time you open the folder this information will be reset the way you set it before. In
addition these settings will be saved individually per database and user.
No redundancies
Double entry should be avoided. That is why you can create any links to folders and other data in
PASSWORD SAFE, so that one password can be contained in several folders. But you will not lose track
of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
Password management with over 40 predefined forms (entry masks)
Change forms as desired or create own forms that suit your purpose.
Rapid access
Use the new comfortable and intelligent rapid access to have your data always readily available. Data
will be selected automatically if they have been linked to applications or web pages. Thus there is no
need to search.
Rapid access bar
With the comfortable rapid access bar you have access to your passwords and TAN blocks. Dock the
space saving bar at the edge of the screen and benefit from the automatic selection, if for example
your password is linked to a website or an application, the appropriate record will be automatically
displayed.
Automatic password entry
Let data automatically be entered easily and securely in other applications and browser, e.g. Internet
Explorer.
Labels
Use coloured labels to categorise records and distinguish them better. Arrange records that were
assigned to a label.
Tags
Supply records with tags to further categorise them and to find them more easily.
Tasks
Organise the expiration date of passwords by automatically written tasks. You will be automatically
reminded when a password expires or other important events occur.
Messages
The system automatically sends you messages at certain occasions.
management of documents
Protect your most important documents with Password Safe. You can download any files and
documents to the database. These do not have to remain on your hard disk then. Boot and edit
documents directly out of Password Safe. Link remote desktop access or remote maintenance software
with passwords and boot these including parameter passing.
Affix/documents
Link documents with any passwords.
History
By the new history you always have an overview of the past. See how a record or a password has
changed in the course of time. Rebuild accidentally overwritten records. Compare different version
levels with each other.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Own icons
2015 MATESO GmbH
26
There are aldready many standard icons available. Are these not sufficient, just download own icons to
the database and use these in folders and records. So you can further individualise the database and
especially bring out records.
Own arrays
Individualise records with own arrays. If once a record should not have a required array, just simply
and quickly add it. There are different types of arrays available (e.g. secured password array or also a
memo array). Start own arrays on the folder and benefit from the fact that when starting a new record
the arrays are already available.
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.
6.3
Professional Edition
The Professional Edition contains the same functionality like the Standard Edition. The Professional
Version differs in the possibility to even better suit the program to your purposes and contains extended
professional functions like for example the seal and lock function. All password arrays are protected from
Trojan and key loggers by different latest technologies. Also the readout of the password arrays with
tools like "PantsOff!" or diverse key loggers is not possible. The highly modern and intuitive operator
guidance, conformed to Outlook 2007, as well as the functional range which has no competition so far,
enable every first-time user the immediate installation of a secured password database.
Editions
27
28
examples...
Extensive password generator
Let absolute safe passwords be generated automatically, so you are always safe and create
unbreakable passwords.
Reporting
Of course you can also print your passwords on paper, to archive the data for example in a safe.
Comfort functions
PASSWORD SAFE memorises a lot, e.g. column widths, sorting, grouping, detail array, and many
more. The next time you open the folder this information will be reset the way you set it before. In
addition these settings will be saved individually per database and user.
No redundancies
Double entry should be avoided. That is why you can create any links to folders and other data in
PASSWORD SAFE, so that one password can be contained in several folders. But you will not lose track
of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
Password management with over 40 predefined forms (entry masks)
Change forms as desired or create own forms that suit your purpose.
Rapid access
Use the new comfortable and intelligent rapid access to have your data always readily available. Data
will be selected automatically if they have been linked to applications or web pages. Thus there is no
need to search.
Rapid access bar
With the comfortable rapid access bar you have access to your passwords and TAN blocks. Dock the
space saving bar at the edge of the screen and benefit from the automatic selection, if for example
your password is linked to a website or an application, the appropriate record will be automatically
displayed.
Automatic password entry
Let data automatically be entered easily and securely in other applications and browser, e.g. Internet
Explorer.
Labels
Use coloured labels to categorise records and distinguish them better. Arrange records that were
assigned to a label.
Tags
Supply records with tags to further categorise them and to find them more easily.
Tasks
Organise the expiration date of passwords by automatically written tasks. You will be automatically
reminded when a password expires or other important events occur.
Messages
The system automatically sends you messages at certain occasions.
management of documents
Protect your most important documents with Password Safe. You can download any files and
documents to the database. These do not have to remain on your hard disk then. Boot and edit
documents directly out of Password Safe. Link remote desktop access or remote maintenance software
with passwords and boot these including parameter passing.
Affix/documents
Link documents with any passwords.
History
2015 MATESO GmbH
Editions
29
By the new history you always have an overview of the past. See how a record or a password has
changed in the course of time. Rebuild accidentally overwritten records. Compare different version
levels with each other.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Own icons
There are aldready many standard icons available. Are these not sufficient, just download own icons to
the database and use these in folders and records. So you can further individualise the database and
especially bring out records.
Own arrays
Individualise records with own arrays. If once a record should not have a required array, just simply
and quickly add it. There are different types of arrays available (e.g. secured password array or also a
memo array). Start own arrays on the folder and benefit from the fact that when starting a new record
the arrays are already available.
Tasks
Send tasks to groups and users. Receive system messages as the administrator, for example if a user
has entered a wrong password and it hast to be set again.
Messages
The system automatically sends you messages at certain events (e.g. break of seal). Use messages for
the safe communication in your company. The messages never leave the database and are therefore
always encrypted and can not be seen by other persons.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Network compatible
From the Professional Edition on the software is network and multiple user compatible. It is about a
real network data base with simultaneous user access (reading and writing). The database simply has
to be filed on a windows network share and is therefore available to every user. Extensive network
functions, like for example automatic record locking, are provided. Get informed about e.g. the internal
message system, by the time a user finished the revision of a record.
management of users, groups and privileges
Organise your password database into operator groups. Assign rights to user and group level.
Privileges like for example reading, editing or deletion can be assigned to folders and almost any
records.
Sealing
The new extended sealing system now also offers the four-eyes principle. Seal passwords and define
who is allowed to deblock and crush them. With the task and message system the persons concerned
will be informed automatically.
Locking
Lock passwords from the access of other users. Even if you have locked a password you can provide it
to specific persons for the automatic password entry. So the users do not have any access to the
password but can automated log in applications or Internet portals without knowing the password.
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.
30
6.4
Enterprise Edition
The Enterprise Edition in combination with the Enterprise Server offers the optimal solution for a central
password management in your company. With the Enterprise Edition you have the possibility to run
Password Safe in the client-/server mode. Of course the TCP/IP communication is encrypted in the
network, so that nobody can read along data between client and server (for example through a network
sniffer). Following a small extract of the functionalities.
Editions
31
32
examples...
Extensive password generator
Let absolute safe passwords be generated automatically, so you are always safe and create
unbreakable passwords.
Reporting
Of course you can also print your passwords on paper, to archive the data for example in a safe.
Comfort functions
PASSWORD SAFE memorises a lot, e.g. column widths, sorting, grouping, detail array, and many
more. The next time you open the folder this information will be reset the way you set it before. In
addition these settings will be saved individually per database and user.
No redundancies
Double entry should be avoided. That is why you can create any links to folders and other data in
PASSWORD SAFE, so that one password can be contained in several folders. But you will not lose track
of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
Password management with over 40 predefined forms (entry masks)
Change forms as desired or create own forms that suit your purpose.
Rapid access
Use the new comfortable and intelligent rapid access to have your data always readily available. Data
will be selected automatically if they have been linked to applications or web pages. Thus there is no
need to search.
Rapid access bar
With the comfortable rapid access bar you have access to your passwords and TAN blocks. Dock the
space saving bar at the edge of the screen and benefit from the automatic selection, if for example
your password is linked to a website or an application, the appropriate record will be automatically
displayed.
Automatic password entry
Let data automatically be entered easily and securely in other applications and browser, e.g. Internet
Explorer.
Labels
Use coloured labels to categorise records and distinguish them better. Arrange records that were
assigned to a label.
Tags
Supply records with tags to further categorise them and to find them more easily.
Tasks
Organise the expiration date of passwords by automatically written tasks. You will be automatically
reminded when a password expires or other important events occur.
Messages
The system automatically sends you messages at certain occasions.
management of documents
Protect your most important documents with Password Safe. You can download any files and
documents to the database. These do not have to remain on your hard disk then. Boot and edit
documents directly out of Password Safe. Link remote desktop access or remote maintenance software
with passwords and boot these including parameter passing.
Affix/documents
Link documents with any passwords.
History
2015 MATESO GmbH
Editions
33
By the new history you always have an overview of the past. See how a record or a password has
changed in the course of time. Rebuild accidentally overwritten records. Compare different version
levels with each other.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Own icons
There are aldready many standard icons available. Are these not sufficient, just download own icons to
the database and use these in folders and records. So you can further individualise the database and
especially bring out records.
Own arrays
Individualise records with own arrays. If once a record should not have a required array, just simply
and quickly add it. There are different types of arrays available (e.g. secured password array or also a
memo array). Start own arrays on the folder and benefit from the fact that when starting a new record
the arrays are already available.
Tasks
Send tasks to groups and users. Receive system messages as the administrator, for example if a user
has entered a wrong password and it hast to be set again.
Messages
The system automatically sends you messages at certain events (e.g. break of seal). Use messages for
the safe communication in your company. The messages never leave the database and are therefore
always encrypted and can not be seen by other persons.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Network compatible
From the Professional Edition on the software is network and multiple user compatible. It is about a
real network data base with simultaneous user access (reading and writing). The database simply has
to be filed on a windows network share and is therefore available to every user. Extensive network
functions, like for example automatic record locking, are provided. Get informed about e.g. the internal
message system, by the time a user finished the revision of a record.
management of users, groups and privileges
Organise your password database into operator groups. Assign rights to user and group level.
Privileges like for example reading, editing or deletion can be assigned to folders and almost any
records.
Sealing
The new extended sealing system now also offers the four-eyes principle. Seal passwords and define
who is allowed to deblock and crush them. With the task and message system the persons concerned
will be informed automatically.
Locking
Lock passwords from the access of other users. Even if you have locked a password you can provide it
to specific persons for the automatic password entry. So the users do not have any access to the
password but can automated log in applications or Internet portals without knowing the password.
Active Directory Integration
From the Enterprise Edition on existing users and groups can be adopted from the Active Directory. An
automatic authentication of the user is possible.
Client-/Server
With the Enterprise Server you can arrange a client-/server architecture. Use the optimal speed to also
use WAN or VPN connections and that way easily link up home office or working offices. That way the
users no longer access a database on a network share but on the Enterprise Server, which
administrates the databases by itself and provides them via a encrypted TCP/IP connection. This is
2015 MATESO GmbH
34
about a SQL server, which receives enquiries from the client and only transfers the sample spaces to
the client. Since the users do not have access to the database files, they can not be abstracted from
the company.
Workflow system (only in combination with the Enterprise Server)
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.
6.5
Enterprise Server
The Enterprise Server in combination with the Enterprise Edition Client is offering the optimal package for
your company. At this the database file is deposited on a server (alternatively it can also be saved on a
redundant SAN). Therefore a user has no longer direct access to database file and can not abstract it
from the company. Here the users only access the server via an encrypted TCP/IP connection.
Furthermore the Enterprise Server is offering the best performance with larger amounts of data. The
server is running in the background as a service and with the comfortable management panel the
administrator can arbitrarily set many server parameters. This is the most secure possibility to work with
Password Safe within a network with several users.
Editions
35
By means of the database assistant as many databases as you want can be quickly and easily created.
Via the database management the databases (database password, database encryption, etc.) can be
accordingly adapted and edited. A backup service provides the daily data backup.
More information about the connection to the server and its security can be found on following link:
www.passwordsafe.de/download/connectiondetails
36
You can find continuative information in the manual on the Enterprise Server.
http://help.passwordsafe.de/v7/sds/en
6.6
Feature Overview
Your safety is our aim
- Encryption with 256-bit AES algorithm
- Generates secure and complex passwords at the push of a button
Editions
37
6.7
Android App
Via the Android app, you can access with any Android smartphone or tablet to your data. The installation
is running - as usual - via the Google Play Stores and is available on all mobile devices with Android 2.2
or later.
To ensure that your data is always up to date, a synchronization between your mobile device and your
Password Safe client is possible. However, you can also sync via Dropbox, or even store encrypted
backups there.
The Android Help can be found on following Link:
http://help.passwordsafe.de/android/EN
38
Feature Overview
Your safety is our aim
- Encryption with 256-bit AES algorithm
- Generates secure and complex passwords at the push of a button
- Deletion mode following too many logins (optional)
- Expiry date for the database (optional)
- Managing multiple databases
- Automatic transfer of rights for Professional and Enterprise Edition
- Encrypted backup in the Dropbox
More than just passwords
- Managing credit cards, debit cards, PINs and passwords
- Customizable input masks
- Folder structure to easily organize data
Favorites and Geo-favorites
- Highlight your most important data as a favorite with just one click
- GeoFav for location-based access to favorite passwords. For example, you need/have different favorites
at work and at home
Automatic registration and integrated browser
- Integrated browser with new automatic password entry
- Web bookmarks for faster browser access
Synchronization and cloud
- Synchronization with Windows Password Safe version (from Standard Edition version 7) Danke
- Cross-device Secure Cloud Sync with the Dropbox, for example from Smartphone to Tablet
- In Sync with a corporate database other security-related settings are possible, as well as the
deactivation of cloud features
Temporary Access (release)
- The innovation in mobile Password Manager
- airPass for temporary passwords secure browser-based access with external PC's and Mac's
General
- Individual optimized layout for smartphones and tablets
- Runs on Smartphones and Tablets with Android
- No ongoing fees or InApp purchases
6.8
Web Access
With the new Password Safe Web Access you can now access your passwords independent of a platform
using a browser.
For this purpose, we have been inspired by the most successful search engine in the world. For the first
time we have changed the design concept completely. Folders are secondary. In line with the motto find
and not search. Of course you can also edit entries or add new ones. As usual, users can access the
data to which they are entitled.
The help for the Web Access can be found on following link: http://help.passwordsafe.de/v7/pwa/en/
Editions
39
Feature Overview
Password Safe Web Access login
Is a database for the Web Access configured the user are able to log into the available database. Also
login with a Active Directory user, as shown in the example, is possible.
Folders are secondary - find and not search
In the upper section, you can easily search for a desired record. The hits are marked in yellow. By
clicking on the folder directory path one is directly taken to the folder.
Access and edit passwords
Records can be easily opened with a click and changed at will. The password is only transmitted and
displayed when you press the corresponding button. All record changes or password requests are
recorded in the logbook accordingly.
Enter new records easily and quickly
Naturally the Web Access can be used to create new records. The rights from the parent folder are
automatically adopted. Using the search folder, or the folder selection, you can select the desired folder.
In this example you can see how the form is dynamically displayed on the basis of the folder. Once you
have decided on a folder, the stored form of the folder is automatically displayed to create the data set.
General
The Password Safe Web Access is a paid add-on module and is only available in combination with the
Enterprise Edition and the Enterprise Server.
First steps
7.1
System preconditions
Password Safe is run capable on almost every Windows system, older systems like for example Windows
ME and even older ones, are excluded.
Operating systems:
Windows XP (32Bit & 64 Bit)
Windows Vista (32Bit & 64 Bit)
Windows 7 (32Bit & 64 Bit)
Windows 8 (32Bit & 64 Bit)
CPU and main memory:
Due to the encryption and decryption a certain processing power is required. According to CPU load and
processor speed the performance of the client can vary.
Notice (terminal server/citrix):
The client can be processed on a Windows server operating system or also under a terminal server or
a citrix environment. To do so the terminal server/citrix module has to be licensed.
The Seamless Mode on citrix installations isnt supported.
Notice:
We basically suggest the Enterprise edition with the Enterprise server in the terminal server operation.
40
File sharing:
In principle, the database can be saved on a local hard drive using the file systems NFTS, FAT32 or FAT.
The same also applies to network shares in Windows. Only network shares on Windows Server 2003
(32Bit & 64 Bit), Windows Server 2008 R2 (32Bit & 64 Bit) and Windows Server 2012 (32Bit & 64 Bit) are
supported.
It is possible that other network shares (e.g. on some NAS devices) may not function in multi-user
operation in certain circumstances. The use of DFS file shares is also not possible.
Miscellaneous:
Only the default font sizes are supported.
7.2
7.2.1
Singleuser
For the quick start with a singleuser database (possible in all editions) you act as follows:
1. Download of the software
First of all download the software under http://www.passwordsafe.de/download/psrdetail
2. Installation of the software
Start the installation assistant with a double click on the downloaded file
3. Activation of the software
Start Password Safe after the installation with a double click. The software directly starts with the
activation assistant which supports you at the activation
4. Creating the database
After the activation the database assistant appears, via which you can start a database
7.2.2
Multiuser
For the quick start with multiuser database (only possible in the Professional and in the Enterprise
Edition) you act as follows:
1. Download of the software
First of download the software under http://www.passwordsafe.de/download/psrdetail herunter.
2. Installation of the software
Start the installation assistant with a double click on the downloaded file. The perfect storage location
is a network share to which all clients are authorized.
3. Activation of the software
After the installation you start Password Safe with a double click. The software starts directly with the
activation assistant, which supports you with the activation process.
Further information is also available in the chapter Creating a licence file
2015 MATESO GmbH
First steps
41
7.2.3
Client- / server
For the quick start with an Enterprise server database (only possible in the Enterprise Edition with
Enterprise server) you act as follows:
Installation server
1. Download of the software
First of download the software under http://www.passwordsafe.de/download/sdsdetail
2. Installation of the software
Start the installation assistant with a double click on the downloaded file.
3. Activation of the software
After the installation you start Password Safe with a double click. The software starts directly with the
activation assistant which supports you with the activation
4. Creating the database
Via a click on start new database the database assistant appears via which you can start a
database
5. Configure database firewall
In order to enable the individual clients the access the firewall has to be deactivated or the firewall
rules have to be given away. Also enter the IP address of the server so that the backup service can be
started.
6. Configure network logon (if licensed)
If you have licensed the module network logon we now suggest to create an accordant network logon
file and therefore distribute the database configuration among the individual clients
7. Configuration of the backup time schedule
In order to have backups created automatically in the future a backup time schedule has to be created
8. Configuration of the task service
If you want to use the task service it needs to be configured and activated
9. Configuration of the hacker protection
Define if messaging mails should be sent at a hacker suspicion. Furthermore a whitelist can be created
if you work with debugging tools
Installation client
1. Download of the software
First of download the software under http://www.passwordsafe.de/download/psrdetail
2. Installation of the software
2015 MATESO GmbH
42
Start the installation assistant with a double click on the downloaded file. The perfect storage location
is a network share for which all clients are authorized
3. Activation of the software
After the installation you start Password Safe with a double click. The software starts directly with the
activation assistant which supports you with the activation.
You can find further information in the chapters activation via license overview, activation via license
file and automatic activation
4. Linking the database
After the activation a database assistant appears via which you link the already created database. If
you use the module network logon the linking is made automatically at the first start
7.3
First steps
7.3.1
43
Local installation
Single place installation (personal and standard edition for private user)
In doing so Password Safe will be installed locally on a computer. Password Safe will be saved to the
program directory of Windows by default. According to desires the installation place can also be
adjusted. The configuration file "psr.pc7" will be automatically stored in the application data directory.
At the first start of the software you can decide which editions you want to test. If you should have
already bought a license, please choose the edition which you have bought. You can enter the license at
the release assistant.
More information on release: Release and activation
More information on configuration file: Configuration file
7.3.2
44
If the directory has been built up as described above, Password Safe will be licensed automatically when
starting the application, due to the module "network logon" the database connection will be set up
automatically and the user can authenticate at the database. An automatic user login via AD is basically
not possible in the multi user operation, for this the Enterprise server is required. Also with the
Enterprise server the automatic user login is only possible if the user has authenticated at a client with
his/her Active Directory password once.
7.3.3
7.3.4
7.4
Update
Later versions can be installed by means of the setup via the existing installation. At this the version
installed before will be deleted, but not the configuration file "psr.pc7". Therefore all settings are
preserved. With the menu under "help" -> "search for updates..." you can check if a later version is
available for download.
Every time before an update a backup has to be made and it has to be checked if the software
maintenance is still valid. If the software maintenance has expired, please connect the sales team
(sales@passwordsafe.de). Please wait with the update until you have a valid software maintenance
again. Afterwards download and install the new version.
First login at the database after an update:
2015 MATESO GmbH
First steps
45
Confirm the message that the database can only be opened with the current version.
Carry out random data checks.
Notice for multi user databases:
All clients always need to have the same version, in order that they can access Password Safe. Clients
with a lower version level can not build up a connection with the database. According to that all clients
have to be updated at an update.
7.5
Upgrade v5, v6 to v7
At the further development of our products we attach great importance to the update capability.
Therefore it is possible to migrate even older database states of Password Safe in a current version. The
migration of the data is made by means of a PSX backup, which can be created from version 3.5 on. The
backup can always be stated in the database assistant at the creation of a new database (client and
server).
Before you migrate your database to the current version, you have to create a backup with the older
version. We suggest a copy of the database file as well as a "PSX backup", which you can also use for
the migration later. Besides you have to make sure that you own the necessary passwords (database
password, administrator password, etc.). Also notice that a migration of older versions, e.g. v4 and older
can also involve a manual effort.
You can find more information on the import of PSX backups under the following link: Import of PSX
backups (v5, v6, v7)
If you should already be a version 6 customer with silver or gold software maintenance, please check
before an update if your software maintenance is still valid. If yes, you can upgrade to the current
version for free.
If you are v5 customer or v6 customer with bronze support, please buy the according new licenses
before the update. Our sales team will be pleased to make you an offer (sales@passwordsafe.de).
Download and install the new Password Safe version. The clients of the old version can remain installed
until you do not need them anymore. The clients of both versions will run on one computer parallel
without problems. The older version can just be uninstalled later. In case you have licensed the module
"network logon", please notice that this has to be configured again after an update. Make sure that the
client can read in the profile file. Start the client and log in at the database as "administrator". Confirm
the message that the database can only be opened with the current version.
Attention:
An Enterprise server installation can not be operated parallel to older versions! If the
server from version 7 will be installed, an existing Enterprise server from version 6 will be
automatically uninstalled.
If you use Password Safe in the network share, only all program files can be exchanged. If Password
Safe should be be installed locally on the workstation, you can roll out Password Safe as usually.
7.6
46
Notice:
If you should already be version 6 customer with silver or gold software maintenance, please check
before an update, if the software maintenance is still valid. If it is you can upgrade to the current
version for free. If you are v4, v5 or v6 customer with bronze support, please buy the according new
licenses via the online shop. Without license, an import is not possible, because the demo version is
limited to 20 datasets.
7.7
Demo version
You can test our software as a demo version for 30 days. There you have all functions in the different
editions available. When starting Password Safe you can choose the edition you want to test. You can
change the test edition via the menu "extras" later on.
If you buy an edition later the bought edition will be automatically chosen by the licence.
If you choose the Personal Edition the application is not temporally limited. Therefore you can use the
application as Personal Edition Free. There you can start up to 20 records. If you need more records you
can buy the Personal Edition or any other edition. Of course your data will be taken over to the version
you have bought.
At all other editions the software activation assistant starts in the demo version. Choose "start as demo
2015 MATESO GmbH
First steps
47
version" and then close the assistant via "continue" and "complete" to start the software in the demo
mode.
Here you can read how to activate the software.
Note:
For technical reasons, the databases are not backward compatible.
If you change the edition (for example, from the Personal Edition to Standard Edition) you must convert
the database. The database can then no longer be opened with the lower edition.
7.8
Activation
After you have ordered Password Safe you will receive an email from the MATESO GmbH sales team,
which includes a license certificate. With this certificate you can create a license file. Depending on the
used Edition the license file needs to be distributed to the individual clients. The exact procedure is
described in the following chapters:
7.8.1
7.8.1.1
48
certificate with your mouse from "-----BEGIN LICENCE CERTIFICATE-----" to "----- END LICENCE
CERTIFICATE -----" and choose the menu item "copy" in the context menu with your right mouse button.
Alternatively you can also use the hot key CTRL+C. .
Since the license certificate is in the clipboard now you can now do the activation in the assistant. To do
so click on "continue" in the first step in order to start the process.
In the second step choose the item "add license certificate (activate software)", if you own a license
certificate. If a license file (for example psrX.lic has been given to you, choose the option "add license file
2015 MATESO GmbH
First steps
49
If the license certificate already is in the clipboard it will be automatically pasted in. If the license
certificate is not pasted in automatically, you can now paste it in yourself via the clipboard. In the lower
array you can define where the license information is saved on the hard disk. The license information is
stored in the license file "psr.X.lic" and should be considered in your security concept. Afterwards click on
"continue" to start the check.
50
If the license certificate has passed the test and is therefore valid you receive the following note. Confirm
this note with "Ok". Afterwards you can click on "complete". The application is automatically started again
afterwards and is activated as a full version from that point on.
Thank you very much for having chosen Password Safe. We hope you will take much pleasure in the use
of Password Safe...
If the license certificate is not accepted please notice that you choose the directory of the license file in a
way that write access is allowed there. Under Vista you should store the license file in the personal
document directory. Usually the suggested memory location is the best choice.
If a problem should arise with the activation please contact support@passwordsafe.de per email.
First steps
7.8.1.2
51
7.8.1.3
52
you can also use the hot key "CTRL+C". Click on the button add license certificate in the license
overview in order to activate the software with the certificate.
The license certificat is displayed automatically if it is in the clipboard. Otherwise now paste it in manually
via "CTRL+V". In the lower array you can define where the license information is saved on the hard disk.
The license information is stored in the license file "psr.X.lic" and should be considered in your security
concept. Afterwards click on "continue" to start the check.
First steps
53
If the license certificate has passed the test and is therefore valid you receive the following note. Confirm
this note with "Ok". Afterwards the data is updated in the license overview.
7.8.1.4
54
If the license wont be accepted, be sure that you have the rights to edit the file. If the license is from
another computer or the computer name has changed, you have to look for the old computer name in
the license overview. Rightclick on it and deactivate it.
7.8.2
7.8.2.1
First steps
55
Since the license certificate is in the clipboard now you can now do the activation in the assistant. To do
so click on "continue" in the first step in order to start the process.
In the second step choose the item "add license certificate (activate software)", if you own a license
certificate. If a license file (for example psrX.lic has been given to you, choose the option "add license file
(*.lic) and afterwards confirm with "continue".
56
If the license certificate already is in the clipboard it will be automatically pasted in. If the license
certificate is not pasted in automatically, you can now paste it in yourself via the clipboard. In the lower
array you can define where the license information is saved on the hard disk. The license information is
stored in the license file "psr.X.lic" and should be considered in your security concept. Afterwards click on
"continue" to start the check.
First steps
57
If the license certificate has passed the test and is therefore valid you receive the following note. Confirm
this note with "Ok". Afterwards you can click on "complete". The application is automatically started again
afterwards and is activated as a full version from that point on.
Thank you very much for having chosen Password Safe. We hope you will take much pleasure in the use
of Password Safe...
If the license certificate is not accepted please notice that you choose the directory of the license file in a
way that write access is allowed there. Under Vista you should store the license file in the personal
document directory. Usually the suggested memory location is the best choice.
If a problem should arise with the activation please contact support@passwordsafe.de per email.
58
7.8.2.2
Notice:
Since Password Safe writes the names of the single computers into the license file, it is necessary that
all users have got writing access to the file psr7.lic. In the standard installation folders (e.g.: C:/
programs/) there is no writing access.
First steps
59
- Configure the necessary variable in the next step. Click on new to start the variable.
60
overview via help -> license overview. There you please choose the item adding module key. Afterwards
you copy the module key from the email to the accordant window and confirm with OK. After a reboot of
Password Safe the extension is entered in the license overview.
7.9
Database concept
In Version 7 there are three different database concepts. Normally the choice of the edition
depends on the usage and the number of users.
Singleuser (1 user, not network-compatible, only database login)
Multiuser (1-20 users, database login and user login)
Client-/Server (1-n user, only user login)
Which databases you can use depends on which edition you have bought.
Standard Edition -> Singleuser
Professional Edition -> Singleuser, Multiuser, maximally 10 databases per PC
Enterprise Edition -> Singleuser, Multiuser and Client-/Server
First steps
61
62
7.10
Set up database
At the first start of the software the database assistant will be started automatically, which leads you
through the single steps for the setup of a database. Every individual step will be described detailed in
the assistant. You can also call up the database assistant manually to set up a new database or also an
existing one.
Please notice that you can not start more than 10 databases per computer in the Professional Edition.
Via the toolbar, or via the menu file -> create database account, you can directly create a new
database:
First steps
63
After a click on continue you can decide if you want to configure an existing database or create a new
database. For a new start just click on continue
64
In the next step you define which type of database should be created. The singleuser database can only
be accessed by one user at a time while the multiuser database enables 20 users to access the database
simultaneously. The Enterprise database can not be selected here because it is directly created at the
server.
First steps
Now give the database a significant name. In this example we decided for "PSR-Database"
65
66
It is important to select the an appropriate storage location for the database. Please notice that you need
the write privileges in the accordant directory. This is not the case in the program directory. The
document directory is suggested to you by default. However, we decide for an own folder on the hard
disk D:, which has the name "database"
In the next step you define how you want to secure the database from foreign access. This can be made
with a password, a password file or a combination of both. Please notice that you can not access the
database if you forget the password or if the password file is deleted. We decide for the protection via
password and click on continue
First steps
67
Now the password has to be entered and confirmed. Under password quality you can see how hard your
password is to guess. For your security the password should be at least 12 characters and exist of capital
and small letters as well as of numeric characters and ideally special characters.
68
Tip:
The database password should offer as much security as possible but should also be easy to
remember, so that you do not forget it. Create the password for example by using the initial letters of a
sentence you can easily remember. "From now on I only want to use safe passwords for my PC" is
Fno1owtuspfmP (additionally I has been replaced by 1 here)
After a click on continue you can select the language of the database. Alternatively you can also import a
backup (for example from an older version)
First steps
69
70
After a click on next you can decide if you want to link an already existing database or start a new
database. For starting a new one just click on next
First steps
71
In the next step you define which kind of database should be created. Only one user can connect with the
singleuser database while 20 users can access the multiuser database at the same time. The Enterprise
database cannot be selected here, because it is created directly at the server.
72
Now give the database a significant name. In this example we choose PSR database
First steps
73
It is important to select a proper storage location for the database. At a multiuser database it is
necessary that all clients that should connect with the database need writing rights in the accordant
share.
Notice:
You can deposit the multiuser database on every standard SMB share (Windows share). However,
notice that the DFS shares are not supported.
In the next step you define how you want to protect the database from foreign access. This can be made
via a password, a password file or a combination of both. Please notice that no access to the database is
possible if the password has been forgotten or the password file is deleted. We choose the protection via
password and click on next
74
Now the password has to be given away and be confirmed. Under password quality it is shown to you
how hard it is to crack your password. For your security the password should be at least 12 characters
long and should contain capital and small letters as well as numbers and special signs.
First steps
75
Tip:
The database password should on the one hand offer a very high security but on the other hand it
should be easy to remember, so you do not forget it. For example create the password by using the
initial letters from an easy to remember sentence. From now on I only want to use safe passwords for
my PC is Fno1owtuspfmP (additionally I has been replaced by 1 here)
In every multiuser database there is a local administrator account. Now give away the password for it.
76
After a click on next you can select the language of the database. Alternatively you can also read in a
backup (for example from an older version). If a backup is read in the database receives its language.
First steps
77
78
First steps
79
In the next step you have to enter which kink of database it is about. So you select Professional (multiuser mode, Peer to Peer) in this case
80
Notice:
Please notice that all clients that want to access the database need writing rights in the accordant
share.
The name of the database has to be entered, however, the current database name is already suggested.
It is recommended to keep that name.
First steps
81
Notice:
A multiuser database necessarily has to be linked under the same name at all clients. Also notice case
sensitivity here.
Now it has to be stated how the database has been encrypted
82
First steps
83
7.11
84
First steps
7.12
85
Backup
Backup concepts
Singleuser database
If you use a singleuser database we suggest to create an automatic backup every time you close
Password Safe locally on your computer. Please notice that the backups are each overwritten if you do
not annex date and time. Therefore you receive a backup file which is updated every day. If you annex
date and time you receive a new backup daily and can therefore also get back to older backups. If you
want to continue to increase safety you can copy the backup file to file system level after the creation. As
a storage location we suggest a NAS here or another computer, but also the copying to another hard disk
makes sense because that way you do not loose your data in the case of a hard disk crash. The backup
file can either be copied manually or also via a backup. If you should use a tool please make sure at its
configuration that the backup has to be completely created before you copy it.
Multiuser database
At the use of a multiuser database we suggest to define an employee who creates manual backups daily.
It is also possible here to use the option automatic backup when closing, however, here every user
would be asked to create a backup when closing. Additionally it makes sense to copy the database file
2015 MATESO GmbH
86
7.13
Database login
In the database login you can choose the database in the upper array on which you want to log on. If you
have started several databases you can just switch between them. If you have found the database on
which you want to log on, enter the database password in the next step and confirm with "Ok".
According to the database status an accordant symbol will be displayed. If the database should not be
accessible it will be accordingly displayed.
Database exists, login possible.
Already logged on the database
First steps
87
You can call up the database properties with the button next to the database name and accordingly
change them if necessary.
Database properties: Change or see database properties.
Configure plugin: Configuration of the plugin chosen in the menu
Call up screen keyboard
Protection status: Deactivate or limit keylogger and protection mechanisms for the login array.
Hint:
You can realize an automatic database login with the module network logon.
7.14
User Login
Password Safe offers different possibilities for the user authentication. At this there are the following
different user types:
Password Safe users: These users are stored locally in Password Safe and can be in multiuser as well
as in Enterprise server databases.
Active Directory users: You have got the possibility to take over users from the Active Directory.
These users can then log in with their domain password.
Acitve Diretory users with PKI: Optionally users can
According to the user the logins differ in the process. The single processes are illustrated with diagrams
here.
88
First steps
89
90
Notice:
You have given away the password for the administrator account at the start of the database.
2015 MATESO GmbH
First steps
91
At the users taken from the Active Directory, the tab Active Directory can be found in the properties
(when editing the user).
92
If the function automatic login is activated, the user can log in automated, that means without
password entry. Please notice that this function also has to be activated and configured at the server.
The function user name has to conform to Windows login name effects that only the user that is
logged on at the operating system is allowed to log on at Password Safe. Generally the automatic login is
only possible for the logged in domain user.
By means of the button behind the user name you can let your currently logged in user name including
the domain be entered automatically.
First steps
93
Second login
At the second login a push-button appears in the login mask below to activate the automatic login. Set a
check mark here and log in like you did at the first login.
Third login
The third login is now carried out automatically. In the left corner below the encryption is shown to you
via a symbol, here the RSA encryption.
94
Second login
The second login is already carried out automatically. In the left corner below the SID encryption will be
2015 MATESO GmbH
First steps
95
Notice:
Especially in the test run it can happen that a user wants to log on at Password Safe that does not
comply with the user logged in at the operating system. In this case consider the option user name
must match with Windows logon name. You can find further information on this in the chapter
manage users and groups.
Tip:
If you have activated an automatic login but want to log in with another user, keep the Shift key (upper
case) pushed. Therefore the automatic login is deactivated and you can carry out a manual login.
96
Here first of all the used provider has to be selected. If you should not know the provider please contact
your system administrator. Afterwards you can you can select the accordant certificate. In this example
the certificate has got the name of the user. According to the configuration of the PKI the certificates can
also be called differently.
First steps
97
At the first login via a certificate the key word or the PIN of the token or the smartcard has to be entered.
For this a dialogue of the accordant provider appears.
Notice:
Especially in the test run it can happen that a user wants to log on at Password Safe that does not
comply with the user logged in at the operating system. In this case consider the option user name
must match with Windows logon name. You can find further information on this in the chapter
manage users and groups.
If a user wants to log in using a token, the PIN for the token needs to be entered. If the Password Safe
client is blocked and needs to be unblocked again, this PIN request does not appear. Therefore, the
token should be configured in such a way that it is automatically blocked.
98
ProblError at the user authentication. Please make sure that you log in with domain/user.
em: Client error.
Reas Client could not carry out the login. Usually the password is wrong here.
on: Make sure that the right password is used, that the shift key is not activated and that keyboard
Soluti language is not altered.
on:
ProblError at the user authentication. Please make sure that you log in with domain/user.
em: Server error
Reas Server could not carry out the login. Usually the password is wrong here.
on: Make sure that the right password is used, that the shift key is not activated and that keyboard
Soluti language is not altered.
on:
ProblNo authorization for the user authentication.
em: User must not be used for the AD login, because he/she does not comply with the user logged in at
Reas the operating system.
on: Log off at the operating system with the right user. Alternatively the option can be deactivated in
Soluti the user settings.
on:
ProblLogged in Windows user cannot be used for the user authentication.
em: The login cannot be carried out because the user logged in at the operating system does not
Reas comply with the user that wants to log in at Password Safe.
on: Log off at the operating system with the right user. Alternatively the option can be deactivated in
Soluti the user settings.
on:
ProblNo authorization for the automatic user authentication.
em: The user does not have enough rights for the automatic login.
Reas Make sure that the user has got the appropriate rights.
on:
Soluti
on:
ProblThe configuration of the user authentication is not correct. Therefore the auto login
em: cannot be carried out.
Reas Automatic login with an Active Directory user failed, because the Public Key is not correct.
on: Try to configure the automatic login again.
Soluti
on:
ProblError at the user authentication. Client locked.
em: The user that should be logged in could not be found, therefore the IP address of the accordant
Reas client has been locked.
on: Make sure that the user name is spelled properly and that the user is installed in Password Safe.
Soluti
on:
ProblThe used certificate cannot be used for the user login because the signature has not
em: been confirmed.
Reas Error at checking the signature.
on: Check if the client and the server have got the same version.
2015 MATESO GmbH
First steps
99
Soluti
on:
ProblThe used certificate cannot be used for the user login because it is not trusted.
em: Server does not trust the certificate.
Reas Check the certificate.
on:
Soluti
on:
ProblThe used certificate cannot be used for the user login because it is expired.
em: The certificate is expired.
Reas Renew the certificate.
on:
Soluti
on:
ProblThe used certificate cannot be used for the user login because the fingerprint does not
em: comply.
Reas Server could not confirm fingerprint.
on: Check the certificate and issue it again if necessary.
Soluti
on:
ProblThe used certificate cannot be used for the user login, because the CA cannot be
em: reached.
Reas The necessary certificate authority cannot be reached.
on: Check the connection with the accordant server.
Soluti
on:
ProblThe used certificate cannot be used for the user login because no user has been found
em: for it.
Reas User from the certificate has not been found in Password Safe.
on: Make sure that the user in Password Safe has got the same name as the user in the certificate.
Soluti
on:
ProblThe user found for the certificate is not logged in at the system. Login at Password
em: Safe is not possible.
Reas The login cannot be carried out because the user logged in at the operating system does not
on: comply with the user that wants to log in at Password Safe.
Soluti Log off at the operating system with the right user. Alternatively the option can be deactivated in
on: the user settings.
7.15
Basic settings
100
7.15.1.1 General
In the tab "general" you can carry out basic settings for Password Safe.
First steps
101
102
deactivated the data is always hidden with a character length of 10 characters. A conclusion to the length
of the password is therefore not possible.
Hide passwords and data in the quick view
With this option you can hide the data when calling up quick view (space bar). The data will be dumped
unprotected in the quick view by default.
Hide detail array when it`s locked
If the detail array is for example locked due to the logbook setting "view/open", the detail array can be
completely hidden with this option.
Minimize automatically at anergic state
If this option is activated Password Safe minimizes automatically at anergic state after the configured
time.
Minimize automatically at user change
Password Safe will be automatically minimized at a user change.
Minimize automatically at Standby or idle state
Password Safe will automatically be minimized at Standby or idle state of the computer.
Lock databases after automatic minimizing
If this option is activated the database will be automatically locked if Password Safe is minimized
automatically for example at anergic state or user change.
Lock databases after minimizing
By activating this function the database will be locked after every minimizing
Lock database when maximising
This option only locks the database when it is maximised. As long as Password Safe remains minimised,
it is possible, for example, for passwords to be automatically entered.
7.15.1.3 Folders
The folder settings affect all folder lists. Note that some settings can affect the performance.
First steps
103
104
7.15.1.4 Clipboard
Change to the tab "clipboard" in the left array to configure the clipboard.
Delete clipboard when hiding passwords
When hiding passwords the clipboard will be automatically deleted.
Delete clipboard when minimizing
If Password Safe is minimized the clipboard will be deleted.
Delete clipboard when closing
Before closing Password Safe the clipboard will be deleted.
Automatically delete data from the clipboard after
If this option is activated the data will be automatically deleted after the configured time.
Activate monitoring of the clipboard
The activation of this option causes that Password Safe monitors the clipboard. If another application
also uses the clipboard you will be advised of it. You can automatically enter applications in the "allowed
programs" by selecting the option "always ignore this application" in the clipboard dialogue. Alternatively
you can also add and delete the applications manually via the buttons. Via the context menu (click on an
application with your right mouse button) you can also delete the program again from the allowed
programs.
Always ignore this application
By confirming the button the application will be entered in the list of the "allowed programs". Afterwards
Password Safe ignores the application and immediately writes the data in the clipboard.
Ignore application once
The application will be ignored and Password Safe writes the data to the clipboard once.
Abort
The action is aborted an no data will be written to the clipboard.
First steps
105
7.15.1.5 Password
In the array password you can define the password guidelines and policies yourself. According to the
configured criteria the password will be created and also tested if it conforms to the guidelines and can
therefore be used. In the array below you can define which characters the "password generator" should
use. With these settings absolutely safe and unbreakable passwords can be generated.
106
Here you have got the possibility to create one password guideline for new databases as well as one for
administration passwords. At the first start already two standard guidelines are predefined, which can be
changed with a click on the accordant key symbol. Under the tab general you define name, description
as well as the guideline yourself. Furthermore symbols can be excluded here.
First steps
107
Under the tab exclusion list you can state words which must not be used in passwords. Besides you
have got the possibility here, to export or import already created lists in the format *.csv. You can also
download a list of commonly used passwords. For this use buttons marked in the screenshot.
108
First steps
109
record is used. If you have for example opened the quick access, the quick access bar as well as the
Password Safe main window the data from the quick access are used. If you use the quick access and
the main window the data from the quick access bar is used. If you have only opened the main window
the data from the selected record from the list will be used.
Where does the data come from and what configuration possibilities are there?
You can deposit a certain command for every hot key, even whole scripts to be able to act individually
and quickly.
110
"Memo (multiline description field)". Here the script which should be acted out at the hot key has been
deposited. In this script it is possible to access the "general data" as well as "own arrays".
{A ppS cript}
If an application is linked with the record also the scripts of applications can be directly executed with the
hot key.
First steps
111
112
record will already be selected when opening the internet page in quick access. Note that this is not
about a automatic entry.
Automatically select record at the change in the list outlook
At the opened quick access bar and the navigation in the password list the quick access bar will be
automatically updated and the selected record will be loaded from the password list.
Recreate window status and position when opening or unlocking
When starting Password Safe or re-open the quick access or the quick access bar it will be displayed at
the position recently used.
Recreate data when opening the quick access
When opening the quick access or the quick access bar the data of the recently chosen record will be
displayed again.
Quick access bar
You can also "flatten" the quick access bar in the functional range or rather deactivate functions not used.
Through this the quick access bar is also shortened
7.15.1.8 Internet Browser
In the array "Internet Browser" you can configure the browser settings as well as the recognition of the
automatic field assignment.
Standard browser
All browsers installed are listed here. Choose the browser which you want to use as a standard browser
for Password Safe.
The array with the array ID "username" has been selected in the list outlook. On the Internet Explorer it
will be shown to you visually what array it is.
First steps
113
Here you can activate or deactivate the addon functionality. There are differences in the different
editions:
Personal Edition: No addons contained
Standard Edition: Addons activated by default
Professional Edition: Addons deactivated by default
Enterprise Edition: Addons are deactivated by default
Furthermore you have got the possibilty to activate or deactivate the capture of the new passwords via
114
the addons.
If the option load favicon of website at the capture of new passwords is active Password Safe
automatically loads down the symbol which is displayed next to the address bar in the browser and tags
the newly started dataset with it.
If you should have any problems with the addons you can also adjust the port. But usually the standard
port 12001 can be retained.
The option automatically use favicon of URL as dataset icon causes that at the manual start of a
dataset the favicon of the website is used as a dataset icon.
7.15.1.10 Documents
Change to the tab "documents" in the setting dialogue, to make the configuration of the document
management. In the upper array of the setting menu you can change between three arrays.
Directory settings
Here you can define in which directory the documents should be swapped out. This setting refers to all
documents, however in the document itself a swapping path can be defined. You can get more
information on that under edit documents.
Own swapping directory:
Every document that has to be swapped out for the start or for opening/editing will be swapped out for
this purpose in the configured path. The documents will be swapped out in the user application directory
by default.
Automatically create directory and delete after the change:
Through this the directory will be created before the document is swapped out and securely deleted
again after the application, the document has been closed.
First steps
File settings
In the file settings you can define basic settings for the document management.
115
116
First steps
117
118
List options
Define in the list option how Password Safe should act at a double click on a document in the detail
outlook "affix/documents".
7.15.1.11 Messaging
If you receive a new task or a message you will be informed about it.
Messaging at events
If this option is activated you will be informed about new messages and tasks.
Time interval for the testing of new events
This setting defines the time interval for the testing of new events.
Display duration of the message
2015 MATESO GmbH
First steps
119
120
7.15.2.1 General
In the general area you can configure general database settings, for example the maximum document
size.
Maximum document size in MB
Configure the maximum file size for documents.
Display passwords as soon expiring, where remaining days are less than
A time period is defined here in which a password is classified as "soon expiring". 5 days are set as a
standard.
First steps
121
Forms
Here you define which form is chosen as a standard when creating a new folder.
General export settings
The folders selected here are included in an export as a standard.
Applications
When this option is activated, Password Safe automatically looks for a suitable application when
generating a new password. If one or even more suitable applications are found, they are displayed to
enable the correct application to be selected.
Folders
This option has the effect of creating a personal folder for every new user added. You can select whether
the folder is created in the root directory or in a directory of your choice.
If this option has been activated, you can also create a private folder in the user and group management
section by right-clicking on the relevant user.
7.15.2.2 Auto backup
Password Safe offers you the possibility to automatically start a backup when closing. In the array "auto
backup" you can configure the backup.
122
If this function has been activated, an encrypted HTML page will be created when Password Safe is
closed that contains a list of all passwords to which the registered user has access. If desired, you can
directly define the password and the location where the file is saved here. If this information is not
saved, the password and the location where the file is to be saved will be requested when the file is
created. In addition, it is also possible to configure whether a request appears before the creation of the
file.
With a double click or via the context menu (click with the right mouse button) you can edit existing
currencies. Afterwards confirm you change with "save".
First steps
123
7.15.2.4 Logbook
By means of the integrated logbook functionality all events can be recorded.
If the option create logbook entry with reason at RDP connection is activated, at the build-up of
an RDP connection the following window opens:
124
Here you can state the reason of the RDP connection. This is then taken over to the logbook.
Clear logbook
Via clear logbook you open a further dialogue:
Here you can directly delete the entries of the logbook via delete all. The option delete after days
2015 MATESO GmbH
First steps
125
only deletes the datasets which are older than the configured number of days.
In addition, it is also possible for you to firstly export all of those entries to be deleted into a CSV file.
Logging options
The following logging options are available in the logbook:
New
Change
Duplicate
Delete
Print
Move
Export
Import
Login
Logout
Clipboard
Connection to the
internet site
Automatic entry
View / open
Events
User changes
Permissions and
rights
Offline mode
Database settings
126
You have got the possibility here to create a global password guideline, as well as one for new user
passwords and one for export passwords. At the first start already three standard guidelines are
predefined. With a click on the accordant key symbol you get to the password guideline management.
There you can select predefined guidelines or add new ones.
What are safety points?
The safety points reflect the complexity of a password. If numbers, small letters, capital letters and
special signs are used in a password, it is quite complex and therefore receives the required safety
points more quickly. The safety points are calculated for every password, at this also redundancies and
direct repeats are considered. So it can be made sure that the passwords are saved complex enough.
7.15.2.6 Seal
Password Safe offers the possibility to "seal" records. According to the seal it can also be about a sealing
according to the four our more eyes principle, that means so called permissions from other Password
Safe users are necessary to break the seal. Only after the breaking of the seal the date can be seen.
Here you can define how you want to send the sealing messages. You can choose between task and
message system here. The task system offers the advantage that you will be reminded of the permission
via the reminder function.
2015 MATESO GmbH
First steps
127
128
7.15.2.7 Locking
The administrator can be deleted at locking
When starting the locking the administrator can be deleted from the list "lift the locking".
The administrator group can be deleted at the locking
When starting the locking the administrator group can be deleted from the list "break seal".
7.15.2.8 Release system
Do not edit task automatically
The task will be automaticall opened as soon as it is assigned to a user.
Set task to completed if release is completed
After the task is completed its status will be set to completed automatically.
Delete task when release is completed
After the task has been completed it will be automatically deleted
7.15.2.9 Right management
In the array "right management" settings concerning privileges and permissions can be managed.
Display menu items without rights
If this option is activated, the menu items for which the user is not authorized will be shown in the single
menus. That enables the user to require missing rights. At the attempt to open a menu item without
rights, the accordant dialogue appears:
First steps
129
It is possible to completely delete the administrator and the administrator group from the permissions.
Hereby also completely private passwords/records are possible. Consequently the administrator has no
longer access. Please also notice that without an administrator in a permission no logbook entries will be
written for that record.
Inherit change to shares in subfolders and records
If this setting is deactivated the question of inheritance will no longer be displayed and changes of
permissions will no longer be passed on to subordinated folders and records. The automatic inheritance
to a new record is not concerned by this and is still carried out.
Users can choose between personal and public records
If this setting is active you will be asked for every new record if this record should be personal or public.
With the choice "personal" only the current user will be lodged in the rights of the record. With the choice
"public" the normal inheritance of rights from the superordinate folder takes effect. In both cases the
rights can be adapted manually afterwards. A personal record can therefore however be made
accessible to other users later on.
Template for root folder
Is required to define the folder rights in the root (highest level for folders). If no template is deposited
here every user can start a folder in the root.
Record template
This template only applies if no inheritance of rights is carried out to the record. As an example we can
name the bank because it is not allocated to any folder but exists overall. This is exactly when this
template takes effect. If no template is deposited the administrator and the administrator group will be
added in addition to the user that receives full access.
System messages
Here it is defined to who the system messages are sent. If no designation is made the administrator
receives the messages. You can choose single users as well as groups.
The configuration in the database settings is only available if the user has the right "... can manage users
and groups". Generally it is suggestive to possibly only give this right to the administrator.
You can find further information in the chapter right templates.
7.15.2.10 USB stick
Configure the USB-Stick settings for the user which have the right to export and use this feature.
Only the originator of the USB stick can log on the database
Activate this option if only the originator of the USB stick is allowed to log on the database.
Start passwords without folders when search folders are exported
If the option is active passwords will be additionally exported, which are not linked with any folder. You
can find the records in the search folders, which also have to be exported.
Only copy records with export privilege on the USB stick
If this option is active only records, for which the user set the privilege "export", will be exported to the
USB stick.
Use expiration date
Here you can set an expiration after a certain number of days after the setup of the USB stick, or also a
2015 MATESO GmbH
130
general expiration date. If the USB stick, or rather the database, has expired, the user can no longer log
on, but has to create a new USB stick.
Notify users about expiry (in days)
Define here whether and when a user is notified about the expiry of the USB stick.
USB stick can be synchronized
If this option is active changes which have been made on the USB stick can be synchronized back to the
main database.
Destroy and finally delete database after expriation
Alternatively you have the possibility to destroy the database after the expiration and delete safely.
Attention:
Hereby the database will be deleted irrevocably with the Gutmann method. A recreation of the data is
not possible anymore!
7.15.2.11 Offline mode
The offline mode is only available in the Enterprise Edition if a connection to an Enterprise server exists.
With the offline mode it is possible to work without access to the Enterprise server. Hereby the data will
be buffered in an offline database. So you can carry all your data with you with a notebook at a field
work. If you are back in the company you can work again online and your changes will be synchronized
with the server.
Setup
In the Enterprise Edition with the Enterprise server the offline mode is available to you. To use the offline
mode it has to be configured first. You can do this in the database settings under "offline mode". This
point is only available in the online mode, that means when you are connected to an Enterprise server. In
an offline database the point is not available. The offline mode can also only be used in connection with
an Enterprise server. For normal multi user databases on a network share the offline mode is not
available for technical reasons.
First steps
131
132
Security query
Here you can define if a query appears before certain actions and therefore you can decide at any time if
an action should be carried out. if the security queries are deactivated the actions are carried out
automatically without previous enquiry.
Use expiration date
Here you can define for how long an offline database is valid. After the expiration date has been reached
the offline database is destroyed. Through this it should be avoided that employees outside the company
network can access the database. In order to enable a smooth access to the offline database within the
company network, the following logic is used:
The checking of the expiration date only takes place if you are logged in via login -> database
properties -> connect with offline database.
If it is synchronized in Password Safe via the menu file -> offline mode or if you go offline, the
expiration days are counted up, that means if the offline database should expire in 10 days, but the
user synchronizes after 9 days, the expiration date is extended by 10 days.
Also if the date already expired the user can, if he/she is connected with the database, still access his/
her offline database. Only if he/she connects with it again via the login (that means if he/she is not in
the company net) the database is destroyed.
Notify users about expiry (in days)
Define here whether and when a user is notified about the expiry of the USB stick.
Work offline
If you are connected with the Enterprise server you can activate the offline mode via the menu "file" ->
"offline mode" -> "work offline". Here all data, for which you have the right to access, are saved off
line in an offline database. At the first call this can take a few minutes according to the mounds of data.
As soon as the offline database has been created you can immediately continue to work offline. From the
second call on only the changes will be synchronized with the server, which normally does not take long.
In the status bar, next to the database name, you can see when you work offline.
First steps
133
Work online
When you are offline you can connect with the Enterprise server again at every time via the menu "file"
-> "offline mode" -> "work online", and the changes will be synchronized in both directions.
Afterwards your offline database is updated again and the changes you made have been reset with the
server. Normally this only takes a few seconds, but depends on how long you have been offline and how
many changes have been made meanwhile, off line and on the server.
Synchronize database
If you want to continue to work offline and only synchronize your changes on the server quickly, or want
to receive current data from the server, you can do that via the menu "file" -> "offline mode" ->
"synchronize database". Afterwards your offline database is updated again and the changes you
made have been reset with the server. Normally this only takes a few seconds, but depends on for how
long you have not synchronized and how many changes have been made meanwhile, off line and on the
server. The menu item is only available if you work offline.
Database overview
Via the menu "file" -> "offline mode" -> "database overview" you can see what the current status
of your offline database is. Here you can also reset the offline mode, afterwards the offline database can
no longer be synchronized and has to be newly created. Normally this step is only necessary if you want
to start an offline database on another computer. Only one offline database can be active for one user at
the same time. The menu item is only available if you are connected with the Enterprise server and
therefore work online.
Ticket system
The offline mode is linked with the ticket system. That means only one client can go online or offline at
the same time. If another client goes online or offline (or also several clients), you receive an information
window with waiting position. Normally a synchronization does not take long, so you do not have to wait
long.
134
Notice:
If rights have been changed or given away in the online mode the offline database has to be created
again afterwards in order to take over the new right structure!
First steps
135
136
also have got the possibility to create backups of the database in the iCloud.
Allow dropbox synchronization
Via this option you can synchronize your mobile databases with a dropbox account, or also create
backups.
Allow airPass release
With the airPass release you get the possibility to provide the data once on every PC from your
smartphone, via W-LAN / IP address.
7.15.2.13 Reports
Here you can change the image of the reports. It is also possible to integrate freely defined texts, like for
example the company name, in the reports.
It is possible to define the font in which the reports will be printed in the lower section.
First steps
Also free texts can be taken into the settings (beside the standard varibles):
137
138
First steps
139
7.15.2.14 HTML-Webview
As an export to a WebViewer file can take some time in the case of very large data volumes, it is
possible to configure here whether the user should be issued with a warning. A threshold value can also
be configured.
140
Luna
Oliva
Black
IceBlue
Silber
Aero Theme
Edition Theme
Windows 8
Windows XP
contained
contained
contained
contained
contained
not contained
standard
not contained
Windows Vista
contained
contained
contained
contained
contained
not contained
standard
not contained
Windows 7
contained
contained
contained
contained
contained
contained
standard
not contained
Windows 8
contained
contained
contained
contained
not contained
contained
contained
standard
Notice:
Please note that the auto login can only be configured for one database (settings are deposited on the
computer). If the auto login has already been configured you can accordingly change it via the menu.
First steps
141
7.15.5 Plugins
Via our plugin gateway any PCs can be linked with Password Safe for the user authentication. In the
following all currently available plugins are listed. Further plugins for authentication tools like for example
Tokens, Smartcards, Biometrie and RFID employee identification badges are just being planned.
Licence info: For each computer/user licence a plugin licence has to be bought. So if you have 20
computer/user licenses you also have to buy 20 plugin licenses.
142
Available plugins
Standard USB stick (Standard gateway for USB stick, USB hard disk, USB memory stick)
PKCS#11 (Standard gateway for Tokens, Smartcards, Middleware, and many more)
No longer available plugins
Password Key USB key (out-dated flavor of the Password Key Edition v3 and v4 for Windows XP)
Setup of plugins
From Version 5.3 on plugins will be automatically offered in the setup program and can be installed.
Set the check mark at "plugins" in the setup program. Only then they will be installed and can be used in
the software.
If you have not installed the plugins at the first setup of Password Safe you can just reset the installation
program and "overinstall" so to speak. At this all settings and databases remain obtained, only the
program files will be updated and the plugins also re-installed..
Notice:
Older plugins (e.g. Password Key) have to be re-installed manually. The old plugins can be downloaded
in the download array in the category "plugins". At every old plugin a manual is added in PDF format,
which exactly describes the setup.
First steps
143
Setup
Set up a new database and choose the item "use plugin" in the step "define database protection". If the
item "use plugin" should not exist you either have not installed the plugins or you do not have a valid
licence for the plugin. Look in the licence overview if the licence for the desired plugin has been unlocked.
Afterwards carry out all further steps and in the end click on "Finish".
144
Now you see all installed plugins. In the first column you see the status of the plugins.
Red = Not active (no USB stick (or Token, Smartcard, and many more) sticks in the computer)
Yellow = No licence for the plugin available
Green = Aktive (the USB stick (or Token, Smartcard, and many more) sticks in the computer and is
ready)
The plugin is not configured so far. Click on the plugin, for example "standard USB key/memory", and
afterwards click on "properties" in the left array below.
Afterwards the configuration of the plugin opens. Here you can carry out different settings.
First steps
145
If the plugin has been properly configured and the USB stick (or Token, Smartcard, and many more)
sticks in the computer the attendance will be signalized with a green symbol.
Now click on "choose" or double click on the plugin to generate a new key for the database. If you use
the plugin for the first time you also receive a new PIN, generated by chance, for the USB stick (if
available according to the plugin). This PIN has to be entered every time you want to use the USB stick
with Password Safe, that means for every login at a database. According to the PC the PIN can be
changed via the settings of the plugin or via the software of the PC manufacturer. For example for the
plugin "PKCS#11" the key is generated with the help of the certificate that you choose.
You receive a PIN and an emergency key, which you may save securely please, for example in a safe.
The emergency key is needed if the USB stick (or Token, Smartcard, and many more) is defect or lost.
2015 MATESO GmbH
146
Now click on "Ok" to log on at the database with the plugin. Now you are asked to enter the PIN.
Enter your PIN. Afterwards the database will be opened with the key of the plugin (USB stick, Token,
Smartcard, and many more).
If you should enter your PIN wrongly the acceptance of avoiding Brute Force attacks will be delayed.
First steps
147
Via the button "properties" you can see or change the settings of the plugin.
If you have entered the PIN correctly you are now logged on at the database and you are able to use it.
Setup
You can see here how to set up a new database with a plugin.
To configure a plugin select a plugin in the choice box in the login window and click on the button on the
right side next to the choice box.
148
Afterwards click on the plugin "standard USB key/memory" and then click on "properties" in the left array
below.
Afterwards the setup of the plugin opens. Here you can carry out different settings.
First steps
149
General
Drive
Enter the drive, under which the USB stick is available, here, e.g. G
PollInterval
Enter here in milliseconds how often should be checked if the USB stick still plugs in the computer.
1 Second = 1000 milliseconds
MessageDelay
waiting time for the display of messages.
Insert card
Auto login
Here you have the possibility that Password Safe memorizes with which database and with which key a
login at the database has to be carried out. If you plug in the USB stick for the second time a database
will be opened automatically.
150
Delete card
Nothing = No action completed
Lock = The database will be locked
Logout = The database will be closed
Change PIN
Click on the button to change the current PIN of the USB stick.
If you have carried out the changes click on "Ok" to save the changes.
If the plugin has been properly configured and the USB stick plugs in the computer the attendance will be
signalized with a green symbol
7.15.5.2 PKCS#11
With this plugin the Personal, Standard, Professional and Enterprise Edition can be extended by the login
with a Token, a Smartcard or another authentication tool. So the login can optionally be made via this
Token and therefore no password for the login has to be entered. For the use of a plugin you need a
Token, Smartcard or a Middleware which supports the standard gateway PKCS#11. This gateway is
supported by nearly all Token, Smartcard or Middleware producers. So you can integrate Password Safe
in already existing PKI scenarios in your company. But also private users benefit from increased security
by that.
Notice that Password Safe only works with certificates which are filed on the Token. Password Safe itself
can not create certificates and safe them on the Token. Password Safe only uses existing certificates. To
create and coast new certificates please use the tools of the Token producers or of the Middleware.
License info: One plugin license has to be bought for each computer/user license. So if you have 20
computer/user licenses you also have to buy 20 plugin licenses.
2015 MATESO GmbH
First steps
151
Notice:
Please get to know before if your device or Middleware producer has a PKCS#11 gateway. Basically we
can not take back licenses due to devices which are not supported. As a company you can receive a test
license in advance and therefore test your devices for the login at Password Safe.
Working manufacturers products which we have tested:
eToken Pro with eToken PKI Client (Producer: Aladdin, PKCS#11-DLL: eTPKCS11.dll)
CardMan 3121 by Omikey with SafeSign Middleware (Producerr: Omnikey, PKCS#11-DLL: aetpkss1.dll)
With substantial orders you can directly contact our reseller. Please directly address our sales
department. We are pleased to advise you.
Setup
You can see how to create a new database with a plugin here.
To configure a plugin choose a plugin in the check box in the login window and click on the button on the
right side next to the check box.
Afterwards click on the plugin "Standard PKCS#11" and then click on "properties" in the left array below.
152
Afterwards the configuration of the plugin opens. Here you can carry out different settings.
General
PKCS#11 DLL
First steps
153
Choose the DLL here, which the Token (or Smartcard, or Middleware, and many more) provides for the
PKCS#11 gateway. As an example we use an eToken Pro by Aladdin. If you do not know if your Token
has got a PKCS#11 gateway please directly ask the producer of your Token.
Name
Please enter any name here that you want to give your Token (or Smartcard, and many more). This
name will be shown to you in the whole program when you use the device.
MessageDelay
Waiting time in milliseconds for the display of messages.
1 second = 1000 milliseconds
Private keys
If the Token (or Smartcard, and many more) has got private keys please activate this option. Normally
only then a PIN entry is requested and only then it will be possible to access secured certificates on the
Token.
Insert card
Auto login
Here you have the possibility that Password Safe memorizes with which database and with which key a
login at the database has to be carried out. If you plug in the USB stick for the second time a database
will be opened automatically.
Delete auto login
With this you can delete the auto login. The auto login is not active until you logged in the next time.
Delete card
Nothing = No action completed
Lock = The database will be locked
Logout = The database will be closed
For safety reasons we generally recommend to use the option "Logout". Therefore the database will be
completely closed when pulling off the key.
Example for a configuration of an eToken Pro by Aladdin:
154
If you have carried out the changes click on "Ok" to save the changes.
If the plugin has been properly configured and the Token (or Smartcard, and many more) plugs in the
computer, the attendance will be signalized with a green symbol.
If a PIN should be required for the access to the Private Keys you have to enter that PIN when plugging in
the Token or at the login on a database.
2015 MATESO GmbH
First steps
155
As soon as the PIN has been entered the saved certificates for the use in Password Safe are available.
If you have mistyped the PIN only the Public Keys are shown to you. You can enter the correct PIN again
via the button "enter PIN", afterwards also the Private Keys will be shown to you. Then choose the
certificate which you want to use for the database. We basically recommend to use only private keys
because here you only need to enter one PIN. Public keys can be read at any time without PIN entry and
if you should loose your key it would be a security hole. So you better only use private keys for safety
reasons.
7.15.5.3 Password key USB key (outdated)
Plugin for Password Safe and Repository for the login with the Password Key USB key. The plugin is an
extension for Password Safe and Repository Standard v4 and Professional v4 for Windows XP. Per
license a plugin license has to be bought.
License info: For each computer/user license a plugin license has to be bought.
Notice: This plugin is only contained for compatibility reasons. It is no longer possible to buy it for
Version 5. The operation of the plugin is only possible under Windows XP. If you should have used the
plugin with v4 and to continue to use it under v5 and Windows XP, please contact the Support.
156
7.15.6 Modules
Modules are extensions of the software, only have to be bought once for a license file and then apply to
all users who access that license file.
7.15.6.1 Network logon
The Professional and the Enterprise Version can be extended by the Network Logon with this module. So
the login can optionally be made automatically via the network ond therefore no password has to be
entered for the database login. The module has to be bought once for a license file and then applies to
all existing clients who log on that license file.
Professional Edition:
The login at the Professional Edition can optionally also be made automatically via the network and
therefore you do not have to enter a password for the database login. If the right management is active
the user only has to login with his/her own login data. Therefore you do not have to give away the
password of the database to your users. With the right management the user only identifies with his/her
user name and his/her personal password.
Enterprise Edition:
At the Enterprise Edition basically no database password has to be entered, because here another
database management is the basis. In the Enterprise Edition the user login can also be automated via the
Active-Directory authentication, so that a login can be made fully automatic in combination.
Configuration:
You can find the configuration of the module under "extras" -> "configure network logon". Please notice
that you have to specify an UNC path for the database (if it lies on a network share), which is available
from every client. The menu item is only available at the client if the administrator logs on a database.
This can also be configured via the Enterprise server.
You can find further information in the chapter "Configure network logon".
Notice:
This module is liable to pay costs and is only available at the client if it has been bought.
First steps
157
Notice:
This module is liable to pay costs and is only available at the client if it has been bought.
Handling
8.1
User interface
The newly designed user interface is conformed to Outlook and therefore offers an excellent overview
and usability. An optional number of databases can be opened simultaneously and "On The Fly" you can
change between these databases. Besides different folders can be opened in tabs and you can also
change between them.
If you go across a button with your mouse it will be shown to you visually which function will be called up
here.
In the upper area the main menu is placed. With the main menu you can start or configure functionalities
which are specific to the program. In the main menu for example the import, the settings and many
more are provided.
Among them is a button bar. The displayed buttons are in each case dependent on the Edition an if you
logged in the database.
Database login: Opens the login window to login in the database chosen.
Database logout: Disconnect database connection.
Database assistant: Start a new or an existing database.
Edit database: Edit database subsequently (path, name, etc.).
Lock database: Locks the database, afterwards login required.
Database user change: Database users change (also "On-The-Fly").
Update: The software is updated, including the settings.
Administrate applications: Enter, edit and delete applications (automatic entry).*
Administrate forms: Edit existing and new forms for the recording of the data.*
Administrate Labels: Design labels newly, or edit or also delete existing ones.*
Administrate users and groups
2015 MATESO GmbH
158
Databases can be changed easily "on the fly" via the database assortment in the toolbar. In the upper
part of the choice menu you can find the databases with which you are currently connected. In the below
part you can find all the databases which are set up in Password Safe.
On the left side is the folder assortment. In the upper area the favourites are listed, which you can add in
the favourites array via Drag&Drop. Under it the folder array, here you can also displace the folders via
Drag&Drop and that way change the structure of the folders arbitrarily. You can call up further settings
and characteristics by clicking on a folder with your right mouse button.
Handling
159
On the right side, in the upper array is the tab menu. Here you can navigate between several folders.
You can open a new tab by clicking on a folder with your right mouse button and afterwards clicking
"open in new tab" ( * = locked tabs).
2015 MATESO GmbH
160
In the right array, underneath the tab menu is the menu to the open folder. According to the type of
folder other buttons and functions are shown here.
Underneath the menu is a list which shows your data. By clicking on the white array with your right
mouse button you can access different functions here. In the lower, right array is the detail display. You
can change the several arrays with a click, for example on preview.
8.1.1
Handling
161
8.1.2
Detail area
In the detail area different information on the selected record are displayed. With a click on an accordant
button below you can change between the detail areas. Every area offers another functionality.
162
Comments:
In the detail area comments any notes can be deposited to the record. You can enter the comments
under "edit dataset".
Preview:
The preview area shows the data of the selected entry. With a click on the blue arrow the different
functionalities are displayed, according to the type of area (password, e-mail, text, etc.). All areas can be
dragged into any areas via Drag&Drop (left mouse button pushed).
History:
In the history you can see which changes have been made when and who made these changes. Red
gives an account of the old condition and blue gives an account of the new condition. You can call up an
exact history as well as the reset of the record via the context menu (click on record with the right mouse
button -> history).
Logbook:
2015 MATESO GmbH
Handling
163
When the logbook has been activated via the database settings you can see very detailed here, who did
what and when with the dataset.
Affix/documents:
In the detail area affix/documents you can link documents with a record or also add new documents.
Furthermore you can start, run and edit a document directly out of the list.
8.1.3
Tabs
The integrated tab management makes it possible to always have the most important folder opened. So
you can quickly change between folders. By clicking on a tab with your right mouse button you get to the
context menu. Here you can for example lock, reload or also close the tab.
164
Tip!
Via "lock tab" you can sort of fix the selected tab. In this tab no other data can be loaded then. If you
change a folder a new tab will be opened. The locked tab remains. You recognise a locked tab by the
asterisk attached *.
8.1.4
Quick access
You can show the quick access with the hot key CTRL+Q or via "view" -> "quick access toolbar".
Brief description
The quick access works as follows:
1. Enter the search key, then press Return or Enter.
2. If only one record was found the record will be displayed immediately and Drag&Drop can be dragged
immediately to the target field in the browser with the arrows next to the box.
3. If several records were found with this search key a list appears, and with a double click on an entry
you get to the record and you can work with it as per description under the 2. point.
It works even better, if an internet page is linked with the record, that way the record will be
automatically displayed when quick access is unclosed and you can access the data immediately and
work per Drag&Drop without have made one single click.
Handling
165
If the search key conforms to several records, several hits are displayed. Afterwards you can choose
between these hits. Double-click the entry you need. Afterwards all details of the password are available
to you.
All data in quick access can be dragged to any arrays via Drag&Drop. To do so click on the blue arrow
and keep the mouse button pushed. Go across the array in which the data should be entered with the
mouse (the left mouse button still has to be pushed), and then let the mouse button loose. Afterwards
the data will be entered there provided that the array supports Drag&Drop.
Advice!
2015 MATESO GmbH
166
8.1.5
2. Select/choose record. Afterwards you can drag the data into the required arrays using Drag&Drop or
using the buttons and access the unlocked functions.
Handling
167
Notice!
You can configure quick access in the general settings.
8.1.6
8.1.6.1
Quick search
The quick search (DrillDown-search) enables the further browsing of an already determined sample
space. You are for example searching "Max". You enter "Max" in the search box and all records which
contain "Max" are being displayed. Now you recognise that there are too many entries with "Max" and so
you want to search for "Max Mustermann". For this just delimitate the already determined sample space
by entering the second search key "Mustermann" in the search box. Afterwards all entries in which "Max
Mustermann" is found will be displayed. With "ESC" you can reset or close the search.
To open quick search just click on the button with the "binoculars". Thereby the display widens and you
can enter the search key into the array.
168
Tip!
The option "search in displayed records" should basically be activated. Otherwise the searching via
the database can take a bit longer
8.1.6.2
Only columns out of forms can be used. You can simply change forms and add own arrays via "edit" ->
"administrate forms" (from Standard Edition on).
8.1.6.3
Arrangement
With a click on the headline with your right mouse button the context menu opens. Here you can arrange
data arbitrarily to have a better overview.
Handling
169
8.1.6.4
Sorting
Lists can be sorted for a better clear arrangement. If you click on a column overview, the list will be
sorted ascending according to that column:
170
Here for example the accordant column has been sorted alphabetically upward with a click on
description. Another click on description sorts the list downwards:
By right-clicking on a column heading, you can open a context menu in which you can delete the
sorting function.
8.2
My profile
Via file -> my profile you can carry out certain user concerned settings.
Handling
171
Edit my profile
Here you can manage your name, the description of your account as well as your email address.
Change my keyword
Here you can change your personal keyword. (Not for users from the Active Directory).
User certificate
Via this menu item you can allocate yourself a certificate and therefore automate the login. You can find
further information under Login via PKI / certificate.
Detail array
Show or hide the detail array here.
Quick access bar
Here you can define which start folder you want to use in the quick access bar.
Reset settings
Via this the user settings, the workflow display as well as the settings for the Windows authentication
(automatic login of AD users) can be reset.
Ignored browser URLs
In this menu you can accept web pages which should be ignored by the browser addons at the capture of
new passwords. In order to accept a new URL please just click on
.
You can also use RegEx here. The entry "ebay" causes that www.ebay.de as well as www.ebay.com,
2015 MATESO GmbH
172
and of course all other URLs that contain "ebay" are ignored.
Configure autologin
The autologin is described in a separate chapter.
Open releases
Here you can find all releases which you still have to edit (agree/refuse). You can find further information
in the chapter releases.
8.3
Handling of data
8.3.1
Folders
By means of the folders (categories) you can map your own data format in Password Safe. Every folder
can take on different functions. There are for example folders for TAN management, HTML pages, forms
and finally search folders (e.g. all passwords). According to the folder function chosen other functions
and ways of entry are available.
To record datasets (e.g. passwords, TAN blocks, etc.), you have to start an appropriate folder first of all,
which contains the accordant records. Data is basically in the folder designed for it. Without folders no
records can be filed in the database.
Notice rights:
In order that a user can see a folder, he needs at least the privilege to "read" for that folder. If the
folder is in a branched structure as a subfolder, the user needs the right to read on all containing
folders as well. Folders can only be started if the user has got "edit" right on the folder.
8.3.1.1
Add folder
If you want to start a new folder click on the blank array (on the left side beneath a folder) with your
right mouse button and then choose "new folder " in the context menu. Drag&Drop has been integrated
in the whole folder structure. So you can comfortably remove folders (push and hold the mouse button)
and therefore just change the existing structure.
Handling
173
In case you have not deactivated the folder assistant it is available when starting a new folder. In the
folder assistant you will be guided through all steps to directly start a folder with its properties.
Via the folder properties you can configure different settings at the folder chosen. Thereby folders can
take on different functions.
Use folder as:
Form
Assign a form to a folder, so the entry mask automatically adapts to the deposited data format when
creating a new record (e.g. passwords). Of course you also can create own forms or change existing
ones via a comfortable assistant (from Standard Edition on).
TAN management
Folders for the management of TANs and banks. Here any banks can be designed as master data and
assigned to TAN blocks. Consequently the capture of a bank is only necessary once. If you have not
designed a bank yet you will be automatically advised of it when you design the first TAN block.
Via the button "call up bank management", you can enter further banks or edit existing banks.
Call up bank management
174
events, like for example the configuration of the auto-backup. From the Standard Edition on you can see
on the homepage, if a new or unread message is available. Of course you also see due tasks and from
the Professional Edition on you can additionally see on the homepage information on broken seals.
Search folders
By means of the search folders you can list all data on a data sheet and browse it with the quick search
(CTRL+F). Also the own favourites can be displayed as search folders. See also chapter search folder..
Folder without data
This type of folder is an "empty" folder, which only serves for building up the structure. No datasets can
be saved in that folder.
8.3.1.2
Redefine folder
You can directly redefine a folder in the folder structure. To do so click on the required folder with your
left mouse button and choose "redefine folder" in the context menu.
Thereupon the outlook changes so that the folder is displayed as a small box.
Now directly type the new folder name into that box and confirm the change with the enter key (Return
or Enter on the keyboard). If you want to abort the entry press the "ESC" key.
Alternatively you can also change the folder name in the folder properties. To do so click on the folder
with your right mouse button and choose "properties" in the contexgt menu.
On the tab "overall" you can edit the folder name directly in the first box and also change the displayed
icon for the folder by clicking on the button on the right side next to the box. You can find further
information on the management of icons in the chapter "icons".
Handling
8.3.1.3
175
Copy folder
Via the function "copy folder" you can copy the selected folder with its properties. Please notice that here
only the folder itself will be copied and no contained records.
To do so click on the folder you want to copy and choose "copy folder" in the context menu. Afterwards a
new folder will be started directly underneath the folder entry. This folder contains the name affix
"(copy)". A box will be displayed directly afterwards and you can type in the new folder name.
Save the new name by confirming the entry with the enter key (Return or Enter on the keyboard).
176
Folder
Here the currently selected folder is displayed. So you can be sure that you have chosen the right folder.
Copy to
Hereby you can define where the new folder structure will be inserted in the already existing folder
structure. Click on the button next to the box to comfortably choose the folder. There you also can
directly start a new folder and opt this one for target.
Copy recursively
Confirm herewith that not only the selected folder but also all subfolders are copied. With the option
update existing folders you can define that the folder structure is not created newly, but an existing
one is updated. If you for example have a folder structure in your database several times and want to
extend them all by the same folder you can start the new folder once and you can then take it over to the
other structures via this option. Please notice that here no records but only the folder structure is copied.
"No predecessor" means that the folder is started in the "Root" of the folder structure, that means
without predecessor.
Notice: The copying of a complete folder structure, with all rights and properties can take a bit of time.
8.3.1.4
Move folder
Folders can be moved in two ways in the folder structure. Either you move the folder to his new position
with the mouse per Drag&Drop or you use the function "move folder". With bigger folder structures,
moving with Drag&Drop is not really suggestive, because you may loose overview and the folder can be
stored faultily. A Drag&Drop operation can be aborted at any time with the "ESC" key.
To move a folder, click on the folder and choose "move folder" in the context menu.
Handling
177
Folder
Here the currently selected folder is displayed. So you can be sure that you have chosen the right folder.
Copy to
Hereby you can define where the new folder structure will be inserted in the already existing folder
structure. Click on the button next to the box to comfortably choose the folder. There you also can
directly start a new folder and opt this one for target.
"No parent" means that the folder is started in the "Root" of the folder structure, that means without
predecessor.
8.3.1.5
Delete folder
If you want to delete a folder, click on it and choose "delete folder" in the context menu.
At this the whole folder structure will be deleted. That means not only the selected folder but also all
subfolders will be deleted. If you also want to delete all records in the contained folders highlight the
option "Should all records in the folders also be deleted?". If this option is not set the folders and links to
the respective records will be deleted. Afterwards you still can find the records in the search folder "all
passwords" and so they can be relocated to another folder. If you activate the option all contained
records will be deleted irrevocably..
8.3.1.6
External links
You can create so-called external links for folders. These enable you to get to the accordant folder
directly from the desktop. In order to create such a link, click on the accordant folder with your right
mouse button and then select generate external link. Then you receive the following window:
178
If you take over the link to the clipboard, you can generate it per CTRL + V in every folder. Alternatively
you can also directly create a link on the desktop. An external link to the folder "IT" could then look as
follows:
The external link always carries the name of the folder plus a randomly generated ID. This ID causes that
existing links are not accidentally overwritten. An external link can be renamed at any time, also the ID
can be deleted from the name.
With a double click on the link the accordant folder opens in Password Safe in a new tab. If Password
Safe is minimized, the software is of course maximized in order to display the folder. If Password Safe is
not started or locked, you have to log in first.
8.3.1.7
Favourite folders
Folders can be stored per user as favourites in the upper area of the folder navigation. So you always
have quick access to your most important folders and folder often used.
Handling
179
You can drag the required folders simply per Drag&Drop from the folder structure to the folder
favourites. Alternatively you can add a folder to the favourites by choosing "add to favourites" via the
context menu.
You can delete the folder again from the favourites via the context menu in the folder favourites,
manually move folder in the order and change the sortation
8.3.1.8
Edit folder
Via the context menu "properties" you can edit the folder. To do so click on the required folder and
choose "properties" in the context menu. Then you receive a window with different tabs.
180
In general
Change folder names
Change the name of the folder in the first box.
Change icon
Via the button next to the box of the folder name you can change the icon for this folder.
Use as
Here you can change the purpose of use of the folder. You can find further information on the different
purposes of use of the folders in the chapter "folders".
You can define certain settings according to the purpose of use via the button next to the selection.
Form
Here you can change the form used for this folder. Please note that this only applies to new records. The
already contained records retain the form with which the record has been started.
Via the button next to the selection you can see the form and directly edit it.
Comments
Via this array you can give information to the user which is important for that folder. Here the text will be
displayed in the password list in the head array. You also can define the icon itself and therefore also
2015 MATESO GmbH
Handling
181
change the colour of the reference note to get more attention on the specification text. First specify the
number of the icon (0 to 3), followed by a semicolon; and afterwards the displayed text. Also see Forms.
Custom fields
Via the tab "custom fields" you can start a guideline for new records. The arrays recorded here will be
added automatically at a new installation of a record. So you do not have to retrieve additional arrays at
a new record and the underlying form does not have to be especially adapted.
To record own arrays click on the button "add field" and choose the kind of array afterwards.
182
Field label
This is the description that is displayed in front of the box.
Field name
This is the clear identification of the array. The array name may only appear once per folder. The array
name is also used as a variable name, e.g. for the password entry. So choose an appropriate and
significant name. Please note that here no special signs and umlauts can be used.
Field type
The type of array will already be set before by means of the type of array you have chosen and can not
be changed.
Mandatory field
Activate this option if the new array is a mandatory field. Then the record can only be saved if the array
has been filled in.
Internet link (URL)
Is the array for a URL, so activate this option. Then further functions at this array are available (e.g.
direct call in the browser).
Email address
If it is about an e-mail address at this array, activate this option. Then additional functions are available
at this array (e.g. sending e-mail).
Handling
183
Release
Under the tab release the rights for the folder are given away. You can find further information on that
in the chapter "Manage releases and rights".
Extended
The tab extended offers on the one hand the possibility to manage the inheritance of right templates,
and on the other hand you have got the possibility here to configure the folder for private datasets.
8.3.1.9
The result of the search will be displayed immediately. In the first column the direct folder name will be
shown and in the second column the complete mapping of the folder will be shown. So you can quickly
navigate through many folders. Select the accordant folder with a "double click" or the "Enter" key. Of
course you can also page through the sample space with the cursor keys.
184
This search folder can be configured via the button next to the choice box.
Handling
185
User screen
Here you can choose a user. Only the records, which conform to the accordant user, will be listed.
Date screen
Here you can put on restrictions concerning the date. If you activate the "today" CheckBox then always
the current date will be used for the information retrieval. So it is for example possible to show all
records that have been written today.
Folder screen
Via the folder screen any amount of folders can be added. The folders are linked with OR, so that all
records which are contained in one of the specified folders, will be listed.
Set up screen for form fields
186
Hereby you have the possibility to search for every form field and therefore put on several restrictions.
There will be no exact search but each content of the array will be browsed for the search key. If the
search key exists in the array the record will be listed.
Screen settings for form fields
Hereby you can influence the search of form fields and therefore enable an AND or an OR link-up.
Besides you can activate the case sensitivity.
Tag screen
With the tag screen you can search for tags and let the records with the contained tags be listed. A
properly administrated database with tags is a big relief in order to find records. With tags you can easily
achieve a clear arrangement of topics. At a password record tags can be added on the tab "comments".
The tags can be linked with AND (all tags have to be contained) or OR (only one tag has to be contained)
.
Special screen
With the special screens certain functions can be enquired, e.g. if a record is sealed. The special screens
can be inverted via the CheckBox "reverse", e.g. if a record is not sealed.
We continuously extend the screen settings and enlarge them to a powerful search tool.
8.3.1.11 Private folders
The users in Password Safe have got the possibility to start private folders. Only the user that has
created the folder has got access or rights to it. Also the administrators or the members of the
administrator group do not have access. If a user is deleted, however, you have got the possibility to
delete all private data of the user as well.
In order to create private folders it is suggestive to create a parent folder at first. After the creation
switch to the settings of the folder by selecting "folder without data" under general at use as. Now
switch to the releases of the folder and there you give all users at least the rights "read" and "edit".
Under the tab extended you can then define if the folder is public or private. Furthermore you have got
the possibility to let the users choose if they create private or public subfolders.
Handling
187
With a click with the right mouse button on the folder the users can create own, private subfolders:
188
The user that has created the private subfolder has full access to it. All other users can not see the
folder:
8.3.2
Handling
8.3.2.1
189
Add dataset
To add a new record first of all select the folder in which the new record should be started. To do so
click on a folder with your left mouse button. In the right array the content of the folder will be displayed
now.
Click on the blank array with your right mouse button and choose "add record" in the context menu. Then
a new window opens for the recording of the new record. According to the selected folder and the
dedicated form you can enter different data.
Following an overview of the most important arrays for the recording of records:
190
General data
Filed in folder
There all folders are listed, with which the record will be linked or already is linked. Click on the button
on the right side to directly get to the link-ups. There link-ups can be added, edited or deleted.
Valid until
Hereby you can define the validity of the record. As soon as you set the check mark you can set the date
for the validity or the record. Furthermore you will be asked if a task should be created therefor. You can
edit the task at saving. Further information on tasks you find in the chapter "Tasks".
Comments
Handling
191
Own fields
You can start as many own arrays per record as you want and therefore suit the record to your individual
purposes. Click on the button "add array" to start own arrays. It is also possible to deposit "own arrays"
as a sample for a folder. You can find further information on these samples in the chapter "Edit folder".
There are three different types of of arrays for own arrays:
Edit (description field)
A description field is used for the entry of single-spaced texts.
Password (password array)
A password array is used for the entry of important data that has to be secured. The entered data will
be hidden in the presetting and displayed as an asterisk.
Memo (multiline description field)
A multiline description field is used for the entry of longer texts and notes.
If you should require further types of arrays you also can directly edit the form or start a new form for a
specific purpose of use. You can find further information on forms in the chapter "forms".
Afterwards set up the data of the new array.
192
Array inscription
This is the description which is displayed in front of the box.
Array name
This is the clear identification of the array. The array name may only occur once per folder. The array
name is also used as a variable name, e.g. for the password entry. So choose an appropriate and
significant name. Please note that here no special signs and umlauts can be used.
Type of array
The type of array will be preset with the help of the type of array you have chosen and can not be
changed.
Mandatory field
Activate this option if the new array is a mandatory field. The record then only can be saved if the array
has been filled in.
Internet link (URL)
If the array is for a URL activate this option. Then additional functions are available at this array (e.g.
direct call in the browser).
In URL fields following parameters can be added. Then documents or applications which are already
associated with the record are so involved that they can be opened by a click on the parameters.
startapp: Application -> by clicking on the entry the associated application is started
startdoc: Document -> by clicking on the linked documents en entry opens
Handling
193
EMail address
If this array is for an email address activate this option. Then additional functions are available at this
array (e.g. sending emails).
Link-ups
Here you can see with which other data the current record is linked. Link-ups are very practical because
thereby redundancies, that means double data management, can be avoided. Therefore folders,
applications, labels, etc. can be used repeatedly for various records.
In the list all link-ups of the current record are displayed, arranged according to the type (folders,
documents, favourites, labels, applications). To add further link-ups click on the button "add link".
That way records can be linked with as many folders, applications, etc. as desired without having to start
data repeatedly. If a password is required in several folders, for example because a co-operator member
has got no access to the other folder structure, then it is enough to additionally link the password with
the folder that the co-operator can access.
194
Handling
195
Also some link-ups can be edited directly. If you want to adapt an application for example you can access
the application directly with the password and edit the application via the detour over "administrate
applications".
8.3.2.2
Edit dataset
To edit an already existing record highlight the desired record in the list and choose "edit record" in the
toolbar or in the context menu. A double click on the desired record in the list also opens the respective
record for editing. In the chapter "Add record" the particular arrays and functions are described.
If you only have the privilege to read the record, the record will be opened in the ReadOnly mode. In this
mode it is only possible to read data. A changing of the data is not possible.
Furthermore it is possible to mark several datasets and edit them together. For this there are two
possibilities:
- click on the first dataset, keep SHIFT pushed, click on the last dataset
- keep CTRL pushed and mark the desired datasets
As soon as several datasets are selected, you can choose the item edit all marked datasets via a click
on your right mouse button. Then a blank entry mask appears. All data that is entered here will be taken
over to the selected datasets. So you have got for example the possibility to change the passwords for
several RDP connections in one operation.
After a change of a dataset, you can see in the context menu of a field when the change was carried out
and who did it. At a synchronization with a USB stick or an offline database the data will be adjusted with
this time stamp.
196
On web pages with htaccess login the login data can be directly taken over (that means without
application), if the accordant web page is opened in a Password Safe tab.
First of all start an accordant dataset.
Handling
197
Here only a description and the URL is necessary. Now switch to the tab own fields, where you create an
own field in the format edit (text field) via add field. This must have the field name "hta_user".
198
Afterwards you create an own field of the type password (password field) in the same way. Then you
give it the name hta_pass. Now you see the accordant fields and can fill them in.
Handling
199
If you now call up the web page via right mouse click on the dataset -> open in tab, the login data
will be directly given over.
If you have a normal login on a web page afterwards, you can use the form to enter user name and
password there. For this both logins with only one form and an allocated application are required for the
second login.
8.3.2.3
Move dataset
Datasets can be moved to other folders per Drag and Drop or be linked with other folders. As soon as a
dataset has been moved the following dialogue appears:
200
Link
If a dataset is linked with another folder you can see it in both folders. At the linking you receive the
following selection dialogue:
Select maintain current rights here, so the dataset gets the same rights in the new folder as in the
old folder. Choose add rights of the destination folder, so the rights of both folders will be
accumulated. No rights will be deleted.
Notice:
If the rights are changed in one of the folders this also affects the rights of the dataset in the other
folder.
Move
If a dataset is moved to another folder it is no longer available in the original folder. When moving you
receive the following options for adapting the rights:
Handling
201
The option maintain current rights causes that the rights of the dataset do not change.
Via add rights of the destination folder the rights of the original folder as well as the rights of the
new folder are accumulated. No rights will be deleted.
Adopt rights of the destination folder allocates the dataset the complete right structure of the new
folder. If the original folder has got more rights, they will be deleted as well.
8.3.2.4
Copy dataset
If you require a similar record and only want to do a minimal change you can copy an already existing
record and accordingly change it. To copy a record select the accordant record in the list and choose
"copy record" in the context menu.
Afterwards a new record will be started just underneath the copied record, which contains all data and
link-ups like the original record. The history and the logbook are not copied because these now only
contain the changes of the new record. This record contains the name affix "(copy)". Now you can
directly edit the new record.
8.3.2.5
Delete dataset
To delete a record, select the accordant record and choose "delete dataset". Then you receive a
request for security if the record should really be deleted.
If the record is still linked with further folders it only will be deleted from the current folder. If the record
should definitely be deleted from all folders and therefore irrevocably be deleted from the database,
additionally activate the option "finally delete from all folders".
8.3.2.6
Print dataset
You can print a single record by selecting it from the list and choose "print dataset" in the context
menu.
It is also possible to print the whole list in the current outlook. To do so click on the printer icon in the
202
toolbar and choose "print list (active outlook)" or "print list (extensive)".
Print dataset
Only prints the currently selected record.
Print list (active outlook)
Prints a list of the passwords that are in the current list. The list will be dumped tabularly and contains all
columns of the displayed list.
Print list (extensive)
Prints every record that is in the current list separately.
8.3.2.7
Use datasets
If a field of the type "URL" is contained in a dataset you can open the accordant web page directly out of
Password Safe. For this there are several possibilities.
Handling
8.3.2.8
203
8.3.2.9
Copy password
To copy the password to the clipboard choose "copy password" in the context menu. Alternatively you
can click on the accordant button in the toolbar.
"Copy password" only works if an array with the name "Password" is available in the form.
Example:
The dataset you want to copy contains the following data:
204
In order to copy fields from that dataset please click in the main window with your right mouse button to
the accordant line:
Handling
205
In the context menu which opens next please select "copy field". Then you will be shown the following
window:
Here you can mark the desired field(s). In order to mark several fields please keep the CTRL key pushed.
If all fields from that dataset are copied, they will be taken over to the clipboard as follows:
eBay
purchase virtual company
0NX26pds3PDQ
http://www.ebay.com
If the descriptions are copied as well the following will be taken over to the clipboard:
Description: eBay
User name: purchase virtual company
Password: 0NX26pds3PDQ
URL: http://www.ebay.com
Email address:
8.3.2.12 Clear clipboard
You can clear the clipboard and therefore delete all contained data from the memory by selecting "clear
clipboard" in the context menu or clicking on the accordant button in the toolbar.
The clipboard can also be cleared automatically. Further information you can find in the chapter
"clipboard"..
8.3.2.13 Go to folder
Via "Move to folder" all linked folders are displayed in the context menu and you can directly skip to
that folder by clicking on an entry in the context menu. At this a new tab will be opened with the
selected folder. Therefore the active tab remains maintained and you quickly have the possibility to look
up the content of the other folder.
2015 MATESO GmbH
206
Add affix/documents
Via the menu item add affix/documents you get to the following menu
Here you can choose the desired document and link it with the dataset via choose.
List documents
Via this menu item all documents linked with this dataset will be shown to you. You can directly open
them with a double click.
Handling
207
Thereby you have the same functionalities as in the record outlook. Basically the quick view is only
apparent for 15 seconds. Via the button keep open you can intercept this automatic and leave the
window open unboundedly.
Via the button with the lock you can make hidden data apparent or hide it again.
You can directly close the quick view again with the space bar provided that the focus is still on the
button close.
Since the quick view is a dynamic window, the view can vary from dataset to dataset. If for example a
2015 MATESO GmbH
208
comment has been given at a dataset it will be shown in the quick view:
8.3.2.16 History
The history is a real producer of dataset versions. Thereby every change of the dataset will be saved as
a version. You have the possibility to skip back to a version of the dataset at every time. Furthermore you
have the possibility to compare datasets in the history and to see what has changed at this dataset in the
course of time.
Preview
If you select a record in from the list click on the tab "history" in the below outlook array, you can see
the accordant changes to the active record. According to this in our example the array "password" has
been changed. The text highlighted in red is the old field content and the blue text is the new field
content.
So you can see at a glance when a change at the record was made and, first of all, who made a change
and what has been changed by that user. Please note that here only form fields are taken into
consideration. Other changes of the record, like for example link-ups, comments, tags, etc., are not
contained in the history. But some of these changes are contained in the logbook, e.g. when a link-up is
deleted.
Handling
209
Saved data is displayed as dots according to the setting, that means it is hidden. To display the data in
plain text choose "show passwords and saved data" in the toolbar or push the F12 key.
Details
You can see the complete history when you select a record and choose "history" in the context menu.
Here you can see the individual versions of the record and therefore have an overview of the entire
history of the record. If you activate the option "highlight changes to the predecessor" the changes
compared to the last record will be displayed in terms of colour. You can delete individual versions from
the history if you click on the desired record in left list and click on the button "delete". Also all version
levels can be deleted at once by clicking on the button "delete all".
Undelete datasets
Via the button "undelete" the selected record can be undeleted. Please note here that the active record
will be overwritten. But the active record will be saved in the history as a record version so that it also
can be undeleted at every time. Therefore a data loss is impossible.
210
Compare datasets
Via the button "compare" you can display two versions of a record next to each other and directly
compare with each other.
Via the choice box you can load a record on every side and directly compare them with each other. If you
activate the option "highlight changes" the changes in the records will be highlighted in terms of colour
(before = red, afterwards = blue).
Handling
211
export as XML in the context menu in order to export one or several datasets. At the export the datasets
will be written into a highly encrypted XML file. You can set the password yourself at the export or also
use the existing database password. At this export all dataset information (except links and rights) are
also exported.
Import as XML
In order to import datasets from another Password Safe database, select extras -> import as XML in
the context menu after a click with your right mouse button on a dataset and follow the assistant.
Export as CSV
(unencrypted export)
Analogue to the XML export you can also export datasets in the format CSV. Here the datasets are not
encrypted. So you can create lists which can for example be continuously edited in a table processing
program.
Import as CSV
You can import CSV files by doing a click with your right mouse button in the list and select extras ->
import as CSV in the context menu. Also follow the instructions of the assistant here.
Notice:
In order that an export can be carried out the user has to own the export right of the dataset,
furthermore the user needs the general right to export datasets. An import can only be made if the user
owns the right to edit the folder and also the general right for dataset import.
212
You can either take over the external link to the clipboard or directly create a desktop link. If this option is
selected, the accordant link appears on the desktop:
If this link is clicked on the password opens and can be used or edited directly. Precondition for this is
that you are logged on the accordant database. However, Password Safe can be minimized for this.
You can also generate an external link by dragging the accordant password to the desktop with a pushed
CTRL button.
Handling
213
desktop icon. At this the application is started before, as soon as the login window appears the login is
carried out as usual. For this it is important that you are already logged on the database.
8.3.2.19 Properties
Normally the properties of records contain the information on the users who started, edited or have seen
the record. At this the user, the date and the exact time is listed.
8.3.2.20 Change Form
If you want to change the form allocated to a record because, for example, you require a new field, this
option is directly available to you in the record,
After clicking on the relevant button, a selection list will be displayed in which you can choose the desired
form. Confirm your selection by clicking on Select.
214
Then the Form converter will open. This function is used to allocate the fields.
Handling
215
You will see the fields in the new form on the left-hand side. The fields in the old form will be displayed
on the right-hand side. If both forms possess forms with the same names then these will be
automatically allocated. If a field cannot be allocated or does not correspond to the criteria for the
automatic allocation function, the desired field can be selected by clicking on the relevant field on the
right-hand side. If all fields have been allocated, it is sufficient to simply click on Save to accept the
changes.
If you find that the newly selected form is not the correct one then you can select a new form in the
bottom left.
If you want to change the form for multiple records simultaneously, you have this option under Extended
search
8.3.3
TAN management
By means of the TAN management you can start and administrate as many TAN lists as you want. But
before a TAN list can be started a bank has to be started to which the TAN block will be assigned in the
further course. When starting the first TAN block you will be automatically requested to start a bank.
After starting a bank you can start the accordant TAN block. By entering the bank management you can
connect any TAN blocks to a bank or rather a bank account, without having to start them twice.
If you start the first TAN list you will be automatically passed on to the bank asset form.
In the list outlook the following functions are available in the upper array. Alternatively you can also
access/call up the functions in the context menu (click with the right mouse button).
Create new TAN block
Edit TAN block
Delete TAN block
Use TAN/use iTAN/highlight TAN as used
Call up bank management
Notice:
Before you can start a TAN block you have to set up the use of the folder for the TAN management. How
you start a folder for the TAN management you can read in the chapter "Add folder (use as...)".
216
8.3.3.1
Bank management
You can call up the bank management via the menu in the TAN management. To do so switch to a folder
that is used as TAN management.
Bank management
After pushing the button the bank management opens. In the bank management you can start, edit and
delete new banks and accounts. You can call up the menu via the context menu (click on the right mouse
button).
Add new bank
Edit bank
Delete bank
Bank properties
When starting the first TAN list you will be automatically passed on to the form "Add bank". In this form
you can record bank and account data. Furthermore you can enter further data of the bank, like for
example the URL, in the tab "address data". Therefore you can avoid so called Phishing, by always
using the URL deposited in Password Safe. To do so switch to the tab "address data" and enter the
URL of the bank in the array "Internet". Afterwards you can directly call up the internet page of the
bank directly out of the TAN list.
Handling
217
Add account
You have to deposit a bank account to the bank to save the bank data. In the further course this account
will be assigned to the TAN list. If you should have started several banks and bank accounts you can
select and allocate the accordant bank account in the TAN list. Click on the button "Add account" in the
tab "general". Afterwards you have to confirm the message to save the bank data, for starting a bank
account.
Enter your account data in the following dialogue and confirm with "Add" to save the data.
After adding an account and entering the main information of the bank, you can save the bank with a
click on the button "save". Afterwards the bank accounts are available when starting a TAN list.
218
The deposited bank data and bank accounts can be changed at every time. But deleting the bank
accounts is only possible if they are no longer assigned to a TAN list. Open the bank management and
select the bank you want to edit with a double click. Alternatively you can also call up the bank edit form
via the context menu "edit bank" out of the bank management or the TAN list.
8.3.3.1.3 Delete bank
Via the context menu of the "bank management" you can delete the bank. The bank can only be
deleted if no bank account of this bank is linked with a TAN list. If a link-up with a TAN list should still
exist change the bank account of the TAN list or delete the TAN list.
Handling
8.3.3.2
219
220
8.3.3.3
8.3.3.4
Handling
8.3.3.5
221
TAN menu
To add a TAN you have to start a TAN block or edit an already existing TAN block. Click on the button
"TAN menu" in the TAN block. Alternatively you can also open the form via the context menu. Choose
the menu item "add TAN". Afterwards the entry mask opens with which you can record TAN`s.
Ser. no.
Enter the iTAN number here. The ser. no./iTAN can only be used once in every TAN block.
TAN
TAN number or iTAN
Confirmation number
Confirmation number (is only used rarely)
Used on
Enter when the TAN has been used up or used
Magnitude
Here you can enter the magnitude with which you have used the TAN
Add more
The entry window for TAN's remains opened after the "add" so that you can quickly enter several TAN`s
in a row.
Add
The TAN entry window closes after the "add" of a TAN.
222
Choose a TAN in the TAN block with a double click or by means of the context menu "edit TAN".
Afterwards you can change the TAN.
8.3.3.5.3 Delete TAN`s
Highlight a TAN in the TAN block and delete it via the context menu "delete TAN". Alternatively you can
also work with the "TAN menu" and delete the TAN with it..
8.3.3.5.4 Use TAN/iTAN/highlight as used
Handling
223
224
Use TAN
Enter the iTAN which you want to use in this dialogue. Leave this array blank and Password Safe
automatically searches the next free TAN for you.
With a click on "use TAN" the TAN will be written to the clipboard. Afterwards click on the array in which
the TAN is required. With the hot key "CTRL+V" you can paste the TAN from the clipboard.
Handling
225
Choose the menu item "import TAN list" in the TAN menu to call up the import assistant.
With a click on "import TAN list" the TAN block import assistant opens. In this step choose the text file
which you have scanned in before via OCR program.
226
The text file which should be imported has the following format after converting/saving in a text file.
In the next step you have to configure the length of the TAN/confirmation number to create a search
mask. By entering "0" at the individual lengths these arrays will not be utilized. If your TAN or your
confirmation number contains numbers and letters please activate "alphanumeric".
Tip:
To keep the bit error rate down you should search the TXT file for characters which should not be
imported in an Editor and delete them.
Handling
227
By means of the configuration of the length descriptions a search mask is already defined. If the
automatically created search mask should not conform to your TAN block please change it. Click on
"continue".
X = wildcard character (space character)
N = serial number
T = TAN
t = TAN alphanumeric
B = Confirmation number
b = Confirmation number alphanumberic
228
Start the import of the TAN`s with complete. Afterwards the TAN`s will be listed in the TAN block and
are available.
8.3.4
Tasks
The integrated task system in Password Safe helps you to keep an overview. Here the expiring
passwords, system messages and also own created tasks will be displayed. The tasks can also be
passed out to several users and groups. This relieves the management of large databases considerably,
because several users have access to the tasks and can therefore quickly work them off. Password Safe
automatically creates system messages, for example when an account has been locked due to wrong
password entry, or when a user requests access to an array to which he/she has no access at the
moment.
In the upper array of the list outlook the following task functions are available:
Search for a task
Update list outlook
Start new task
Edit task
Handling
229
Delete task
Alternatively you can call up this function via the context menu.
8.3.4.1
New task
Switch to the array "tasks" and click on the icon with the green plus to start a new task. Alternatively
you can also start a new task via the context menu.
Start new task
Afterwards the entry mask opens in which you can start the task.
To:
Click on the button "To..." to allocate the task to several users or groups.
Subject:
Brief description of the task.
Priority:
Priority can be added to every task. This will be displayed in the list outlook.
Status:
Define in which status the task is at the moment. A change of the status can activate a new advice,
according to the setup.
Affix:
Click on the button behind affix to add an affix to the task. You can read more about this under document
link-ups.
Starts at:
Define when the task should start.
Due at:
Here you can name the date of maturity.
Reminder:
Choose here when you will be reminded of the due task before. In the reminder window you can
postpone the task again.
230
8.3.4.2
Edit task
With a double click on the task or via the "edit task" button you can open and edit the task. Alternatively
you can edit the task via the context menu, and also change the status of the task.
Handling
8.3.4.3
231
8.3.4.4
Mementos
The reminder window automatically appears if one or more tasks are due or if you want to be reminded
of tasks before. You can delay individual tasks, selected or all tasks in the reminder window or be
reminded of them later. To do so choose the desired point of time and confirm with the button "remind
again". If you do not want to be reminded of the task again confirm with the button "close task" or
"close all", to close all due tasks. With the button "open task" you can directly open and edit a task.
232
8.3.5
Messages
The integrated message system of Password Safe offers the usual functions like every email program. By
means of the message system messages can be sent to individual users or groups, can be answered and
finally also be forwarded. The messages are only organised within the Password Safe database,
therefore a safe communication can be guaranteed. Switch to the array "messages" to get to the list
outlook of the message. The "message" array is subdivided into three folders, "in-box", "transmitted
messages" and "deleted messages".
In-box:
In the in-box all messages you received are listed. System messages are also deposited in the in-box.
Transmitted messages:
All messages you have sent will automatically be deposited in the folder "transmitted messages".
Deleted messages:
Here all deleted messages are listed.
In the upper array of the list outlook you can access the message functions. Alternatively you can also
call them up with the context menu of the list (click with your right mouse button).
Search for a message
Update list outlook
New message
2015 MATESO GmbH
Handling
233
Answer message
Answer message to all
forward message
Delay message to the recycle bin
Finally delete message
In the below array of the list outlook you can change between the "preview" of the message and the
"affixes/files".
8.3.5.1
New message
You start new messages in the array messages. To do so click on the icon for new messages.
Alternatively you can also start a message via the context menu of the list.
Start new message
After pushing the button the entry mask opens and you can write the message.
Sending:
Click on "send" to send the message.
Affix:
Click on the button with the paper and the paper clip to add an affix to the message. You can read more
about this under document link-ups.
To:
Click on the button "To..." to allocate the message to several users or groups.
Subject:
Brief description of the message.
Priority:
Priority can be added to every message. This will be displayed in the list outlook.
234
8.3.5.2
Read message
If you have received a message you can open it and see it with a double click. Alternatively you can also
see the message in the below array "preview". In the upper array of the window you can immediately
answer or delete the message.
Handling
8.3.5.3
235
Reply message
After receiving a message you answer it with the button "reply message", "reply message to all".
Alternatively you can also answer the message with a double click, in the reading window or via the
context menu. The original text of the message will be enclosed below. Click on "send" after writing to
send the message.
236
8.3.5.4
Forward message
If you want to forward a message click on the button "forward message". The recipient of the
message stays blank and has to be named manually. The original text will be enclosed below. After
finishing click on "send" to send the message or rather to forward it to the accordant users or groups.
8.3.5.5
8.3.6
Documents
The document management can physically take files and applications into the database and therefore
safely encrypt them. The document management system (DMS) integrated in Password Safe is very
multifunctional, comfortable and besides complex workflows can be mapped, like for example the
automatic mounting and dismounting of of drives before a document is swapped or executed. The
Handling
237
parameter passing function makes it possible to already pass on information to the applications at the
boot, therefore a program can already be automated at the boot. Furthermore the document
management system offers an integrated history function and of course documents can be restrained
from unauthorized access within a database via privilege setup (unblocking and safety).
An overview of the features of the document management system:
Access safety of the documents due to the allocation of privileges including logging in the logbook
Distinguishable types of documents including automatic allocation to application programs (e.g. Word,
Excel, PDF, etc.)
Adaptable archive structure due to the the folder system
Adaptable meta data due to any amount of own arrays
Version control due to recoverable history
From-bin transfer to an directories including automatic restoring at a change and following safe
deleting according to the Gutmann method.
Run applications out of Password Safe, including any parameters. The embedding of an application in
the database is also possible (e.g. remote maintenance client)
Connectable with records (passwords, TAN blocks, messages, tasks,...)
Hold-file of documents via the message system
Document type "Link" can be linked with any files on the hard disk, FTP or also HTTP, and can directly
be called up.
and much more
Switch to "documents" in the left array to get to the list outlook of the documents. Via the buttons in the
upper array as well as via the context menu (click with your right mouse button in the list array) you can
add, edit new documents and call up further functions like the privilege and unblocking setup as well as
the history.
Search document
Update list outlook
Add document
Edit document
Delete document
Execute or open document
Open document for editing
Save document under...
Copy link to the clipboard
Clear clipboard
Unblocking and safety (set up privileges)
history
238
settings
8.3.6.1
Add documents
The document management offers two ways to add documents to Password Safe, hereby it is
distinguished between a so called "link" and a physical upload "add file". Clock on the button "add
document" above the list to open the form for adding documents. Alternatively you can call up the form
via the context menu in the document list. To do so click on the list array with your right mouse button
and choose "add dataset". Afterwards the form for adding documents opens.
Document folder:
Here you can define in which folder the document should be filed.
Document:
Click on the folder symbol to open the file browser for the file choice.
Document size:
The document size is defined automatically and can not be adapted manually.
Type of document:
The type of document will be automatically defined if the format is distinguished. If the type of document
should not be distinguished it is not fatal because in the end Password Safe is geared to the Windows
program allocations. This allocation only serves for the visualization. The choice of the program is made
according to the file extension.
Parameter:
Is the document an application (EXE file) you can pass parameters to it.
Description:
The description is made according to the document and can be changed if desired.
Comments:
You can deposit a comment to every document.
Handling
Add a link:
Here the document is not adopted to the database, only a link-up is made.
239
240
8.3.6.2
Edit documents
Already added documents can be selected and edited in the document management or in the password
list, in the detail array. The data of the document can be arbitrarily changed in the edit outlook. In the
upper array you can switch between different tabs and settings. In the below array you can open the
document with the buttons (Readonly) or also edit it. Hereby the document is swapped out without write
protection and can be edited afterwards.
General data
In the tab "general data" you can set up the most important document settings.
Document directory:
Click on the folder symbol to open the file browser for the file choice. Thereby the document is reloaded
to the database and is therefore changed.
Document information:
The document size as well as the document information are defined automatically and can not be
adopted manually.
Type of document:
Handling
241
The type of document will be automatically defined if the format is distinguished. If the type of document
should not be distinguished it is not fatal because in the end Password Safe is geared to the Windows
program allocations. This allocation only serves for the visualization. The choice of the program is made
according to the file extension.
Parameter:
Is the document an application (EXE file) you can pass parameters to it.
Description:
The description is made according to the document and can be changed if desired.
From-bin transfer directory:
If desired a document can be swapped out in a selected directory before it is opened or processed.
Window mode:
With the window mode you can covertly for example start BAT commands before processing a document
or not display the program at the operation.
Delete cache after a specified period of time
This option can be used to specify the period of time a document remains in the cache before it is
deleted.
242
Extended parameters
By means of the "extended parameters" you can start certain documents or also programs before and
after processing the real document.
Direct link:
The "direct link" refers to a file or a program which is not integrated in the Password Safe document
management. For example you could make a mount command via BAT file here.
Document:
The "document" link refers to a document which has already been added in the document
management.
Comments
Use the "comment" function to lodge a comprehensive description text to the selected document.
Handling
243
Own arrays
With the "own arrays" you can add any data to the document. For example a password protection has
been added to the Word document. By means of the "own arrays" you can create a password array to
safely lodge the password to the document. Of course you can also lodge other arrays and information to
the document.
244
Links
In the "links" it is displayed with which types and records the document is already linked. In the following
screenshot the document has already been linked with the folder "documents" and the password
"MySoftware".
Handling
245
Notice:
Open Office documents cannot be edited directly. For editing, such documents have to be saved locally
first. After editing you have to import the document again.
8.3.6.3
Link documents
Documents can be linked with passwords (datasets), tasks and messages to have the data quickly
available. Hereby no redundancies occur and the document can be linked with any amount of records,
tasks and messages. Due to the integrated privilege management an unauthorized access is impossible.
246
Handling
8.3.6.4
247
Documents parameters
The new document management of Password Safe supports the processing of program parameters.
Therefore you can pass on information when starting the program. Not every program supports
parameters. If you should not be sure if the desired program supports parameters look it up in the help
of the program or contact the producer. If you add or link an application the array "parameters"
becomes editable and you can accordingly define the parameters. These parameters can be fix or can be
replaced by any form values of the record. For example the server IP or password and login information.
248
With the form assistant you get to know the variable name with which you can access the data. In the
following example the server"{FRM:Server}" is passed to the remote desktop application with
"parameters".
Handling
249
In order that the variable is replaced by the value the document has to be linked with a record
(password). In our case the variable "{FRM:Server}" is replaced by the IP "192.168.0.45". So when you
call up applications you can simply pass on information to them.
250
8.3.6.5
Documents history
The documents history can be activated via the settings. You can get more information on the settings
under documents settings. After activating the history all changes of the documents are archived. Via the
history you can see all document changes and reset them if necessary. You can call up the history in the
array "documents" via the context menu. (Click on a document with your right mouse button).
Delete:
Deletes the selected entry after a security query
Delete all:
Deletes all entries after a security query
Reset:
Resets the selected document
Handling
8.3.6.6
251
Run/open documents
You can open or run the documents in different parts. You can open, run or save the documents at every
time in the array "documents" or, if linked, in the detail array "affix/documents". With a click on the
document with your right mouse button the following options are always displayed:
Open or run document
If the document has been loaded to the database it will be swapped out first and afterwards opened
"write-protected". If it is about an application, it will be started. If it is about an link, it will be called up.
Open the document for editing
The document will be swapped out and be opened without write protection. Thus the document can be
edited. After closing you will be asked if you want to adapt the change. Hereby the changed document
will be re-backed up to the database and destructed and afterwards deleted. You can configure these
settings in the document settings.
Save document under...
Hereby you can save the document in an optional directory.
Alternatively you can also run the document via edit document. You can find further information on that
under edit documents.
252
8.3.6.7
Documents settings
The document management can be set up via the "general settings". You can get further information on
the settings under documents.
8.3.6.8
External links
You can create so-called external links for documents. These enable you to get from the desktop to the
accordant document. In order to create such a link click on the accordant document with your right
mouse button and then select generate external link. Then you receive the following window:
Handling
253
If you take over the link to the clipboard, you can create it per CTRL + V in every folder. Alternatively
you can also directly create a link on the desktop. An external link for the document "data privacy" could
then look as follows:
The external link always has the name of the document plus a randomly generated ID. This causes that
no links are overwritten accidentally. An external link can be renamed any time, also the ID can be
deleted from the name.
With a double click on the link the window for editing the document opens in Password Safe. So you can
directly choose if the document should be opened write-protected or for editing. If Password Safe is
minimized while the link is carried out, the software will of course be maximized. If Password Safe is not
started or locked, you have to log in first.
8.4
Search
Password Safe offers several possibilites to search for records and folders. To user should always have
quick access to the desired record or also folder.
Global search
Use this search to quickly search for a record.
You can find information on the global search under "global search".
254
Search folders
Search folders are special folders which can display certain record amounts according to the setup (all
passwords, favourites, own screen).
You can find information on search folders under "search folders".
Extended search
With the extended search you can search for every records. With this search you can only browse certain
folders and considerably cut down the result with many setup possibilities.
You can find information on the extended search under "extended search".
8.4.1
Global search
With the global search, which you always find in the upper menu array, you can quickly search for
records within the currently opened database.
How to use global search
Enter the desired search key in the search box and activate the search with a click on the "search
button". Alternatively you can also use the enter key (Enter) to activate the search.
8.4.2
Extended search
With the extended search which is available from the Professional Editon on you can quickly search for
records within the opened database. The search can be limited considerably by means of the many setup
possibilities. Furthermore you can start "search profiles" for recurrent searchings. In the upper array of
the search dialogue you can find the screen settings. According to the search (passwords, documents,
etc.) the tabs and screen possibilities change. The screen settings can be shown and hidden via the
button with the blue arrow in the upper right array. In the middle array the results of the search are
displayed. In the below array of the search you can access saved search profiles, reset the search and
search again, as well as abort and close the search.
1:
2015 MATESO GmbH
Handling
255
The tab "general" is always available. Select in the tab "general" what you want to search for.
Additionally you can already set screen criteria here.
2:
The tabs in the middle array change the function in the tab "general", according to the selected search.
Click on the tabs to set the search key as well as further screens.
3:
The tab "miscellaneous" is always available, as well as the tab "general".
General
Under "general" you can choose what you want to search for, like for example passwords, documents,
etc. (search for). In the array "user screen" you can search for different user events, like for example
screen "written by" additionally. Use the "date screen" to further limit the result according to date
values.
For recurrent searchings you can for example always automatically have the date set at the beginning of
the week or today, by means of the button.
,
Result list
The search results are displayed in the result list. With a double click and a click with the right mouse
button you can access the functions of the record. According to the search (passwords, documents,
messages, etc.) other functions are available.
256
Status bar
In the status bar you can reset the search, administrate search profiles and also see the status of the
search at every time. You can stop the search with the button "stop" and and close it with "abort".
8.4.2.1
User filter
Via the user filter you have got the possibility to seach for data systematically for which a certain user is
authorized. Please notice that the individual filters can vary according to the search.
Created by: Via this you can search for all data which have been created by the selected user
Viewed recently by: Only searches for datasets which have been recently viewed by a certain user
Changed recently by: Only searches for datasets which have been recently changed by a certain user
User rights: Only datasets for which a certain user is authorized are searched
Group rights: Only datasets are searched for which a certain user group is authorized
8.4.2.2
Handling
257
Form fields
Folder screens
Select in the left array which folder you want to browse. To do so click on the small boxes to set the
check mark. If a check mark is set on a node which has got subfolders, then automatically also all
subfolders are selected.
Form screens
Enter the accordant search keys in the arrays, which you want to search for. With the button below the
arrays you can add further form fields and also other forms to the search. After the screen setup activate
the search with the button "search" (on the right side below).
Choose the arrays which you want to add a further screens form this overview. In the left array you can
access the saved forms. Afterwards choose the accordant form field, which you require as a search key
and confirm with "adopt". Afterwards this array is available as a search box. Every array which you
adopt in the search will be displayed as a column in result list.
258
Entry screen
Define how the entered conditions have to conform.
Miscellaneous
Switch to the tab "miscellaneous" to set up further screen criteria. Here you can search for tags or also
limit the search for sealed or locked records.
Tip:
If you want to search for all records that are linked with no folder, do not enter the search key and
choose the option "records without link to a folder".
Search settings
In the search settings you can set up how the result should be grouped. Additionally you can activate
optionally if the search key in the array "description" should as well be applied to folders. In the following
screenshot the grouping was made according to "folder structure".
Handling
8.4.2.3
259
Documents
folder screen
Select which folder you want to browse in the left array.
Entry screen
Define how the entered conditions have to confirm.
260
8.4.2.4
Messages
Enter the accordant search keys in the arrays (subject, message, etc.) for which you want to search.
Activate the search with the button "search" (on the right side below).
Entry screen
Define how the entered conditions have to confirm.
8.4.2.5
Tasks
Enter the desired search keys in the arrays (description, task, etc.). You also can limit the search by
means of the "date screen". Afterwards activate the search with the button "search" (on the right side
below).
Handling
261
Entry screen
Define how the entered conditions have to confirm.
8.4.2.6
Banks
Enter the desired search keys in the arrays (bank, bank code number, etc.). Afterwards activate the
search with the button "search" (on the right side below).
Entry screen
Define how the entered conditions have to conform.
262
8.4.2.7
Seal
Enter the name of the searched seal in the array "description". If you are not sure if the seal has already
been deleted set the check mark at "display deleted seals". The search only gives the seals, which the
current user is allowed to edit.
8.4.2.8
Tip:
By means of the "date screen" in the tab "general" you can set up date values for recurrent search
settings.
Handling
8.4.2.9
263
Change form
Via the Extended search function, you also have the opportunity to allocate multiple records to a new
form. You can select the records to be processed via all of the options in the Extended search function.
Only the option Group according to password form in the tab Search settings needs to be active
In order to change the folder, mark the desired records in the search results. After right-clicking the
mouse, you can now select Change form. You can then select the desired form and allocate the fields
via the Form converter.
Note:
The option Group according to password form must be active. In addition, only records that are
allocated to the same form (found in a group after the search) can be processed at the same time.
264
8.5
Forms
More than 40 predefined forms (e.g. passwords, contacts, cards, licence keys, etc.) help you to optimally
and categorised administrate your data. Via "edit" -> "form management" you can change existing
ones but also create new ones. When starting a folder or also in the folder properties you can assign the
form to a folder and therefore build up your own data structure.
Via a click with your right mouse button on a folder and then a click on properties you get to the following
window. According to the type of folder and the privileges you can directly change the allocated form by
clicking on the highlighted button.
Alternatively you can also open the form management via "edit" -> "administrate forms". Hereby you
have to choose the accordant form yourself, or rather know which one you want to edit.
8.5.1
Create a form
If you want to create a new form, open the form management via edit -> manage forms. Afterwards
click on add form to open the form assistant.
Handling
265
After a click on continue you can choose if you want to create a new form or educe from an existing
one.
266
If you decide for the creation of a new form you get directly to the window of the form properties. If you
want to educe a form from an existing one you get the possibility before to choose the accordant form.
When educing from a form the fields are initialised and can be changed according to your requests. If
you create a new form the fields are blank.
Here you have got the possibility to give the form a name and to describe it. Furthermore you can choose
the icons for the linked folders and datasets here. In the next window you define the fields of the new
form. The field description is contained by default.
Handling
267
Via the push-button upwards and downwards you can change the order of the fields. Via the button
add you have got the possibility to integrate new fields to the form.
268
In the field properties you can define which kind of field it should be. You have got a selection of several
types of fields here. The field name is a clear allocation and can only appear once in a form. The field
name furthermore serves for the identification of the field, for example at the applications, and scripts as
variable name {FRM:field name}.
Handling
269
Default values
You can preset the corresponding fields under Default values for all records that have been created
with a form. Naturally, the fields can be also changed or extended at a later point in time.
For example, it is possible to enter a fixed date for date fields. Please note here that the date format
must correspond to the format used by the operating system.
270
Handling
271
available:
Edit: Field type for texts of all kinds
Password: Field type for storing passwords. This field can be turned on and off.
Checkbox: Displays a box for checking (Yes / No).
Combobox: This draws a box with a selection list -> Caution, the order must not be changed, if data has
already been entered.
Date: Field type for dates including calendar function.
Header: For displaying sub-headings.
Memo: Multiline text box.
Decimal: Field for decimal numbers, including a calculator function
Number: field type for all numbers. Entering text is not possible.
All field types have a feature to take the content into the clipboard.
Description: In the field "description" you can deposit information which is displayed when editing a
dataset. For this there are several possibilities:
Description text without icon entry
Just enter a text, this will then be displayed as an information as follows.
Tip (yellow)
1;As a user name also the email address can be used.
272
Length (min./max.) Define the minimum and the maximum length of the passwords here.
Allowed symbols If specifications are set here, only the entered symbols can be used for a password.
Entry mask: Here a set phrase, a "regular expression" can be deposited for a check.
Internet link (URL) If this option is activated, the entry appears as a link and can be activated directly.
Email address Here it can be stated if it is about an email address.
In PWA always show (only in server databases) If this is activated the field will be shown in a
Password Safe WebAccess search always. Also wen theres no search result.
Password guideline: With this option it is made sure that the entered password fulfills the password
guidelines. Select an already created guideline here via a click on the key symbol.
Check password guideline: This option causes that newly created passwords have to accord the
guideline.
Generate password at new capture: If this option is activated, Password Safe automatically creates
a new password according to the password guideline, when a new dataset is started.
Handling
273
After you have saved your settings and completed the assistant the new form is available for you.
8.5.2
Export forms
For export just mark the desired forms (multiple choice is possible) and then select export in the context
menu. The data is saved in the format *.xml.
274
Import forms
For the import of forms select the item import forms via the context menu. Afterwards select the
accordant *.xml file.
Handling
275
If you should want to import a form which already exists in the database you will be asked if you want to
overwrite, add again or ignore the existing form.
Please notice that if you choose add again two forms with the same name are in the database. In this
case it is advisable to rename one of the forms. If you click on overwrite the old form is overwritten
irrevocably. Via ignore you achieve that the accordant form is not imported.
8.5.3
Edit/extend a form
For editing or extending of an existing form just open the form management via edit -> manage forms
276
With a double click on the desired form you get to the form assistant which guides you through the single
steps at the changing of the form.
Handling
277
edit you can edit a field. This outlook reflects the outlook of the data capture. You can position the fields
arbitrarily. The description field (name) can not be changed.
8.5.4
Delete form
If a form should no longer be required, you can delete it via the form management. Call up the form
management via edit -> manage forms. Please notice that forms can only be deleted if they are no
longer used with a folder or a dataset.
278
After a click on the accordant form with your right mouse button it can be directly deleted.
8.6
Password guideline
8.6.1
Handling
279
280
General
First of all give away a name for the guideline. In the field description you can give the users additional
information for the use of the guideline.
Password guideline
In this chapter the guideline is defined. If can for example be defined how long a password has to be at
least. Furthermore you can define how many safety points a password has to achieve. Besides you can
influence from which categories symbols in the password have to be used. Since for certain logins some
symbols are not accepted (e.g. the ""), symbols can also be excluded.
Guideline preview
In the preview you can see how a password that accords the guidelines could look and how safe it would
be.
Handling
281
Under the tab excluding list you can name words which must not be used in passwords. Furthermore
you have got the possibility here, to export or import already created lists in the format *.csv. For this
use the pushbuttons marked in the screenshot.
8.6.2
282
After clicking on , initially select the relevant password guidelines with which the records in this folder
should be compared. If the records in the subfolder should also be checked, you can enter the relevant
check mark in the bottom left.
Only those records will be displayed that do not fulfil the password guidelines.
Under Fulfilled to, you will find out the percent to which the guidelines are fulfilled.
The column Info shows you which criteria are not fulfilled. It could be e.g. too few characters have been
used or the password has too few safety points because, for example, no special characters have been
used.
Under Points, you can see how many safety points the password currently achieves
The column Length shows how many characters are used in the password.
By clicking on the button Report, you can print out the report created.
8.7
Handling
283
If you select create password according to own criteria, you can create the password manually or
automatically. In the array general you can define the criteria for the new passwords.
If you select the option create passwords according to password guidelines, the manual creation
is not possible. Here always the password guideline which has been configured under edit -> general
settings -> guideline for the database password.Pronounceable passwords can be created using
Create phonetic password. You can define how many syllables and letters they should contain.
284
Password analysis
With a click on carry out password analysis you receive detailed information about the safety of the
created password. Of course you can also directly enter a password into the field for the analysis.
8.8
Seal
With the sealing function you can seal datasets. So a user has no longer direct access on the data but
first has to break the seal. According to the setup the user has to receive a certain amount of unblocking
to do so. This principle is called four-eyes principle and can be configured at the setup of a seal. All
sealing actions will be recorded in the logbook (in case it is activated). Via the context menu or the
"sealing messages" you can access the sealing options, like for example the unblocking.
Seals can also be set via the workflow. So you have for example the possibility to protect all new
passwords automatically in a folder. You can find further information on that under the following links:
General information on the workflow system:Workflow Management
Example for the automatic sealing via a workflow: Workflow examples
Notice:
Handling
285
8.8.1
Seal a dataset
To seal a record you have to switch to the list outlook. By clicking on a record with your right mouse
button you can open the context menu. Choose the menu item "seal" in the context menu to add a seal.
In general
After pushing the button an entry mask opens. Enter the reason for the sealing of the dataset in the
"general" array. Then change to the tab "edit seal".
286
Edit seal
In the tab "edit seal" you can define which users or groups are allowed to delete the seal without
unblocking. If you do not want to set up a four-eyes or multiple-eyes principle you can seal the dataset
with "add seal". For the set-up of the four-eyes-principle change to the tab "unblockings".
Choose releases
Seals can be saved via releases optionally. So you can decide which users or groups do have to agree in
Handling
287
order that the seal can be broken and the data can be seen. Only after breaking the seal the dataset can
be seen and used by a certain person. Click on set up seal after the configuration in order to seal the
dataset.
You can also use several releases for a seal. Then they will be processed hierarchically, that means
bottom-up. So you for example have got the possibility to get the releases of the department manager
first before the release of the management board is needed.
288
Light seal
Via the tab light seal you can define users and groups which are allowed to read, edit (according to
right configuration) and use the sealed dataset without breaking the seal.
Notify
Here you can define which users and groups are messaged if the seal has been changed or a release
has been required.
Handling
With a click on
289
all users and groups, that are filed under the tab edit seal are taken over
History
Via the history you can reconstruct at any time, which locks have been created for this dataset in the
past. The history contains the points of time in which a seal has been started, broken or deleted. The
executing user is displayed as well.
290
8.8.2
Require to unseal
If a dataset has been sealed it can not be seen by users. If the data of the record are required the seal
must be broken first. At the setup of the "four-eyes principle" an unblocking must be requested first.
Via the unblocking overview the user can request an unblocking for breaking the seal. Via a double click
on the dataset the sealing options open.
Handling
291
After the confirmation of the button break seal the window for breaking the seal opens. Here you can
require the releases from other users in order that the seal can be broken with enough releases. In
order to require the releases click on the button require releases.
Afterwards the release overview opens in which you have to enter the reason for the release. In the
upper array it will be shown to you how many of the required releases have already been given:
In this example there is no release given from the three necessary users. (0/3)
Furthermore you can find a list of all users at whom you can require releases. The "reddish" marked
users have to agree. In this example it is Mr. Anderson. The missing releases can be given by any
"yellow" marked users. Via a click with the right mouse button in the user list you can also select or
deselect all users.
292
If an unblocking has been requested you can see the current status of the unblockings in the overview.
With a double click you can get further information on the unblocking, for example the reason for the
acceptance or the refusal.
If the releases have been given you will be informed via a system message. Afterwards do a double click
on the dataset again and then the window break dataset seal appears on break seal
Handling
293
After you have entered a comment you can break the seal and therefore access the dataset. Via the tab
releases you have an overview of the stauts of the releases. A double click on the release opens the
release overview for a detailed outlook.
294
As soon as the seal is broken you can open the dataset. Please notice that only the user who has broken
the seal is authorized to open the dataset.
8.8.3
You can open the task directly in the window or switch to the unblocking system. If you switch to the task
you can see all relevant data.
Via the button release you switch directly to the release system.
Handling
295
Unconfirmed releases can be seen and edited via file -> my profile -> open releases.
In the lower array you can set the release status on given or refused. Besides you can not a comment for
the user. Via the tab involved users you can see who still has to agree on that release. Notice that you
can not edit or change your agreement afterwards.
After the necessary releases have been given the user who required the releases receives a system
message. The users who get messaged according to the seal settings, receive a message if the seal is
broken.
The unblocking can also be made via the context menu of the record. To do so click on "seal" to open
the unblocking dialogue.
8.8.4
Break seal
If enough unblockings have been made the unblocking initiator will be informed with a system message.
296
Handling
297
Via a double click on the dataset the window sealing options opens
Break seal
Opens the dialogue to break the seal.
Open releases
Opens the release overview. Here you can see, who agreed or refused and when and why he/she did.
Cancel
Aborts the process.
Choose the option break seal in order to break the seal. Afterwards enter a reason why you want to
break the seal and confirm with break seal. If the seal has been broken the user can access the data.
298
8.8.5
Handling
299
In order ot delete the seal a reason has to be given. Afterwards confirm with delete seal in order to
delete the seal. Then the seal can be started again.
300
If the button seal again is clicked the window delete dataset seal also appears. Therefore the seal is
deleted first and then started again.
8.8.6
Sealing logbook
All sealing actions are always recorded, so all steps can be consistently reconstructed. To do so the
logbook has to be activated.
Activate logbook
Reporting and logbook
Handling
301
The process will as well be recorded in the seal under the tab History.
8.8.7
Sealing templates
You can also create so-called sealing templates. You can find the accordant menu under edit ->
manage sealing templates. When you seal a dataset you also have got the possibility to save the seal
as a template. To do so click in the menu dataset seal on the accordant button:
302
Via both ways you get to new sealing template in which all necessary settings can be made. Directly in
the first tab you can give the sealing template a name and describe it more detailed.
Handling
303
Under the tab edit seal you define which users or user groups have got the right to edit the sealing
template.
304
With a click on the tab permissions you can define which persons or groups are allowed to give
necessary releases for this dataset, in order that the seal can be broken.
Handling
Via the button add release you can select the required release from the existing ones.
305
306
Under the tab light seal you can define which users or groups are allowed to edit the dataset behind the
seal, without breaking the seal before.
Handling
307
If you want to define who is informed about changes at the seal or at release requests, you can do that
under the tab notify.
308
Handling
309
Click here on the marked push-button to choose a seal template. You can also use the seal templates in
the workflow system. You can find further information on that udner the following links:
General information on the workflow system: workflow management
Information on the automatic sealing via a workflow: Workflow examples
8.9
Lock/unlock
If you want to refuse access to data you have the possibility to lock records. The lock also offers the
possibility to unblock the data for users or groups for the automatic password entry, despite the active
lock. Thus the data remains secured, however the data will be entered automatically in the application.
The lock can be set up via the context menu in the list outlook.
Tip:
The lock can optionally be applied to one or several records. Highlight several records in the list to use
the lock repeatedly
310
8.9.1
Install lock
Choose "lock/unlock" in the context menu to lock a dataset. Afterwards the entry mask opens to start
record lock-outs. The lock-out can be applied to one or several highlighted records. At multiple selection
the function always starts from the first selected dataset.
Enter the reason for the lock of the record in the tab "general" and confirm with "lock".
In the tab "unlock" you can select the users and groups who can offset the lock. Users who can offset
the lock are automatically able to edit the record without deleting the lock. To do so click on "edit
record" in the array below.
Handling
8.9.2
311
Delete lock
Select "lock/unlock" in the context menu to unlock the dataset. Afterwards the lock dataset mask will
be displayed. Enter a reason for deleting the lock-out and confirm with "unlock" to unlock the dataset.
312
8.9.3
Use lock
Password Safe offers the possibility that the dataset can be used for the automatic password entry also
when it is locked. Add the users and groups who are allowed to use the dataset when creating the lock.
Thereby the dataset can not be seen or edited, only the automatic password entry is made at the users
or groups.
Handling
8.9.4
313
Locking templates
In order to use identical lockings on several datasets or recurrently, you have got the possibility to create
locking templates. You can find the accordant menu under edit -> manage locking templates.
314
In order to create a new locking template just click on the accordant pushbutton. Under general you give
away the name and the description of the locking template. Furthermore you can name the reason for
the locking:
Handling
Under the tab unlock you define which users or groups are allowed to delete the locking:
315
316
Password Safe offers the possibility that the dataset can be used for the automatic password entry, even
if it is locked. Add the users and groups that are allowed to use the dataset at the creation of the locking
template. The dataset can however not be seen or edited, only the automatic password entry is carried
out at the users or groups.
Handling
317
Because all of the options have already been adopted, you only need to enter the name and a description
and can then directly save it.
318
As all of the options have already been copied over here, it is only necessary for you to issue a name and
a description and you can then directly save it.
Handling
319
With a click on the accordant pushbutton you get to a dialogue in which you can select the desired locking
template with a double click.
8.10
Releases
Via releases you can realize that workflows and seal can only be executed after an agreement of one or
several users. The agreement can be required via the internal messaging system at the accordant users.
In a release it is defined which users have to agree to break a seal or to carry out a workflow.
In the release system the releases can be started administratively and made available to the users.
Therefore authorized users have got the possibility to access predefined releases in order to protect
sealings or workflows with a few mouse clicks. You can access the release system via edit in the main
menu. Here already created releases can be opened for editing per double click. With a click on a release
with your right mouse button a context menu opens with which you can add, edit or delete releases. Via
release and safety it can be defined which users are allowed to edit the release.
320
General
Under the tab general you can give away the name of the new release, and also describe the release
more detailed.
Furthermore you define here how long the release is valid.
Release without validity
If all values are set to "0" (zero) at the validity the release is valid without a time restriction.
Handling
321
Four-eyes principle
In the tab several-eyes principle you define which users and/or groups are allowed to give the
release.
Number of the required releases
Define how many users have to agree in order that the release can be given. The number of "3" means
that in this case three users have to agree, that means here a six-eyes principle has been chosen.
Number of days for the validity of a release
Choose here how long the release run is valid that means how much time the authorized users have to
do their release. If the release run is expired the users have to do the release again.
The denial of the release by a user causes abort
If this option is active the release will be denied if one user does not agree.
Persons and groups that can give a release
Here it is defined which users are allowed to give the releases. In this example Mr. Anderson as well as
2015 MATESO GmbH
322
the group IT has been chosen. Since the option obligation has been activated at Mr. Anderson, his
agreement is compulsory. All further agreements are to be made from the users from the group "IT"
here. Who that is irrelevant.
With a click with your right mouse button on a group you will see the following context menu:
Via number of the required releases you can define how many users from the accordant group have
to agree.
Handling
Set the value to "2" for example, so two users from the group have to agree.
Allocations
Here you can be displayed which seals and workflows a release is assigned to.
323
324
Releases
Under this tab you can see the current status of a release. In this example the release has been given to
Mr. Smith. He is allowed to break the seal, however, the release is only valid until 14.03.2011 13:47
o`clock and expires afterwards. For Mr. Jones the release has been denied. The release which Mr.
Moore has required is still open. So not all agreements have been given yet. With a click on the
accordant pushbutton you can also take back a release.
Handling
325
With a double click on a release the following overview window is displayed. You can see the details of
the release. Here the release has been denied by Mr. Johnson. Due to the configuration of that release
this causes the refusal of the complete release.
326
You can get an even more detailed outlook with a double click on one of the users, e.g. on Mr. Anderson.
Besides the data when the release has been required by who, you can see the reason for the denial her.
Handling
327
8.11
328
You can access the administration menu of the applications via edit -> applications
Here all started application will be shown to you. Via the search field you can let them be searched
through.
Via the push-button add applications a context menu opens:
Handling
329
After the installation of an addon the Password Safe push-button is available in the accordant browser:
With a click on that symbol the login data will be entered in the application manually (if properly
deposited). Please notice that the symbol can vary according to the browser used and its settings.
The Internet Explorer is an exeption. To that we have a direct native port and therefore no addon is
needed. After the installation of an addon the lock symbol of Password Safe appears in the accordant
browser. With a click on that symbol the deposited data will be entered to the loaded website, however,
this is only necessary if the automatic entry does not take effect due to the configuration.
Via extras -> install browser addon you have got the possibility to install the accordant addons
directly in your browser. The menu is dynamic and shows you the right addon to every browser that is
installed on your system.
For the installation just choose the accordant addon per mouse click. The further proceeding in the
individual browsers is described more detailed in the following chapters:
Mozilla Firefox
Google Chrome
Opera
Safari
Mozilla Firefox
After you have started the installation, Firefox opens and in it the following window:
330
Please click on the button install after the timer in it has run off.
Please click on restart Firefox in the following window in order to conclude the installation.
Handling
Click on ADD TO CHROME here and confirm with a click on Add afterwards.
A notice window appears and shows you that the addon has been installed. At the same time the
Password Safe symbol appears in the menu bar.
331
332
8.11.1.3 Opera
After you have started the installation, Opera opens and in it the following window:
After a click on install the installation of the addon is shown to you with a notice window
In the menu bar of the browser the lock symbol of Password Safe is displayed on the right side.
8.11.1.4 Opera Next
After you have started the installation, Opera Next will open with the following message:
Confirm this message by clicking on OK. Then click on the very top left on Opera and afterwards on
Extensions. The Password Safe add-on will be displayed to you as follows:
Handling
333
Then click on Install and in the following window once again on Install.
8.11.1.5 Safari
The installation of the Safari addon starts with the following window:
Please click on istanll. The successful installation is shown to you by the lock symbol of Password Safe
in the menu bar
Mozilla Firefox
In Mozilla Firefox it is enough to install the new addon via the Password Safe menu. Older addons are
therefore overwritten.
334
Google Chrome
Before the installation of a new addon we suggest to uninstall the existing addon in Google Chrome,
because they are not overwritten or automatically uninstalled. After uninstalling the old addon the new
addon can be installed as usual.
Safari
For updating the addon in Safari just install the new addon. Existing addons are overwritten.
Opera
Since existing addons in Opera are not overwritten, they have to be uninstalled before the installation of
a new update. As soon as the existing addon is uninstalled you can install the new addon.
Firefox
In order to uninstall the Firefox addon please click on extras -> addons directly in the browser. In the
following window please search the Password Safe addon and click directly next to it on uninstall
Google Chrome
If you should want to delete the addon from Google Chrome, open the browser and click on the screw
wrench symbol
Afterwards click on tools -> extensions. You are now in the menu of extenstions.
Handling
335
Here you can click uninstall directly under the Password Safe addon in order to delete the addon
Safari
In Safari you click on the cog wheel symbol
With a click afterwards on settings you get to a menu in which the installed addons will be shown to
you
336
Search the Password Safe addon here and click directly next to it on uninstall
Opera
In order to delete the addon from Opera, click on menu -> extensions -> manage extensions in the
browser
Handling
337
All installed addons will be shown to you. Choose the Password Safe addon and click next to it on
uninstall
338
Handling
339
Please choose fill in form fields here and click on edit afterwards. The window for allocating fields
opens
340
In this window the fields from the Password Safe datasets are assigned to accordant fields of the
website. The most fields can be assigned automatically. In the field list on the left side you can see by
the green check marks which fields have already been assigned. The red cross signalizes that the
allocation has not been made yet. Furthermore you will be shown by markings in terms of color how the
allocation has been made. The user name in the left column has for example been assigned to the field
email. Both fields have a blue background. The field form click (which causes a mouse click) could not
be assigned in this example, because two fields come into consideration on the website. In order to
allocate this field just drag the field form click to the button login. In the field list this field will be
marked with a green check mark as well.
Handling
In order to complete you need to click on save. The application is now converted for version 6.
341
342
General data
under this tab the data of the logins are managed
Handling
343
Data link
Here it is defined in which way the data should be transmitted to the accordant program.
No data link is chosen if the application should only be available in quick access and no data link is
desired
Fill in form fields (web browser) transfers the application data to the web browser
Script for entry sequence creates a sequence of hot keys in the configured application
Controls transfers the data to Windows applications
By clicking on the edit buttons you get to the accordant allocation forms. You can find information on that
344
Settings
Since every website is programmed differently and the entry masks differ very much at the moment it
could be necessary to change the performance of an applicatin in detail. You can set these settings under
this menu item.
Automatic entry without demand causes that the data is entered fully automatic as soon as the
accordant program or website is opened
Never enter data in the same window several times: If a website is for example opened in several
tabs, Password Safe enters the login data in every tab which can cause problems with the website. In
order to avoid that this function can be activated. You also have the possibility to set up a time frame in
Handling
345
which this function is active. Furthermore there are websites in which the login mask appears again
directly after you logged off. Here this function avoids that you get logged in again directly after you
logged off.
Deactivate window after entry for all data causes that after the first login no more data is
transfered. Only after a reboot of the application data is entered again.
Activate graphical window content recognition in order to identify a login clearly with the help of a
screen capture.
Holding time before the entry of data some programs or websites need a bit of time to load. Here
you can set up a delay in order that the data are not entered too early.
Simulate keyboard entry creates a simulated human entry.
Own fields
For some application cases it is necessary to define own fields. You can configure them under this tab.
After a click on add field you can choose different field types via a context menu
Links
Under this tab you can see with which datasets the application has been linked. If the user has no right
on the dataset he/she can see that the dataset is linked, but not with which.
8.11.5.1 Fill in form fields (web browser)
By means of this function you can realize an automatic login on internet sites. After you have clicked in
the menu start application under the tab data link at fill in form fields (web browser) on the
button edit, the following window opens, in which the accordant website is shown.
346
In the left part of the window you see the field list. This is dynamic and shows you all available fields in
the form.
On the right side you see an integrated webbrowser. This shows you the chosen website of the
application. Furthermore the browser has the following push-buttons:
one page back in the browser
one page forward in the browser
loads the page again
loads the web address which has been entered in the address field
Handling
347
Here for example the blue marking demonstrates that the field user name has been assigned to the
field email.
The red marking demonstrates that the two fields password have been recognized and linked.
Drag the field form click on the accordant button in the form of the website for sending the form This
field activates a mouse click.
Drag for example the button script on the first field of the web form (e.g. email, user name, etc.) in
order to do the login with the help of a script.
You can find further information on scripts under script for entry sequence.
2015 MATESO GmbH
348
Display available variables: Lists all available variables (form fields) of the linked dataset
URL
Here the URL is displayed. A manual change is not possible.
Field type
Here the field type is displayed. A manual change is not possible.
Handling
349
Field ID
This is the ID of the determined field. Via regular expressions also randomly generated fields can be
allocated correctly.
Field name
This is the name of the determined field. Via regular expressions also randomly generated fields can be
allocated correctly.
Field value
Via the field value you can directly allocate data from the dataset. It works via variables. Either enter the
field value directly or click on the push-button next to the field and choose the variables that are available
at the dataset. However, the allocation of variables is only possible if the application is already linked with
a dataset.
Commands as field values
Also the following commands can be allocated as field values:
[check] -> Sets a check mark into a check box or activates a radio button.
[uncheck] -> Deletes a check mark in a check box (via this for example the option stay logged in can
be deactivated permanently) or deactivates a radio button
[click] -> Carries out a click on a button or a symbol
[submit] -> Transfers a submit to a button or a symbol
Example:
In this example the command [uncheck] is transmitted. This causes that the option stay logged in is
deactivated at every automatic entry. Here it is not important if a check mark is set or not at the call up
of the page.
350
Drag the commands per Drag and Drop from the right side to the left side to the script window here.
Notice that all characters, also blank lines, in the script window have to be passed to the end window as
well. You can also revert to own forms and own fields here, which are contained in the dataset.
Example
The following script writes the tha value from the field UserName to the end window, afterwards
"pushes" the key TAB to get to the next field for example, enters the password there and confirms with
enter.
Handling
351
Hint!
Please note, that scripts wont work with the safari addon.
8.11.5.3 Controls
By means of this function you can realize an automatic login on Windows applications / -programs.
After you have clicked on the button edit in the menu start applications under the tab data link at
controls, the following window opens
Now open the desired program and click on it. Another window opens
352
As soon as the focus was on the desired program for at least 3 seconds, it will be recognized by
Password Safe and taken over to the window controls
Handling
353
desired field. If several field types should be displayed at the accordant field, always choose the edit field
(if available).
After the allocation it will be shown to you in terms of color which fields were linked how.
Afterwards you can drag the fields to the login window per Drag and Drop. During the allocation you can
see a cross line in that case. Position it in the desired box. We suggest to put the single fields among
each other as exactly as possible. The allocation will be shown to you with colored crosses:
354
8.11.5.4 htaccess
In order to give login data to a htaccess window, no application is necessary. For this only two own fields
have to be created in the dataset and the accordant web page has to be opened in a Password Safe tab.
You can find further information in the chapter htaccess connection.
Handling
355
Here you can open the menu for editing with a double click on the desired application. With a right
mouse button click you can open the context menu:
356
With a click on the no longer needed application with your right mouse button you can delete the
application in the following context menu:
8.11.8 Examples
8.11.8.1 Browser application
In the following chapters the browser applications are described by means of examples. For the
automatic entry in Chrome, Firefox, Safari and Opera the accordant addon has to be installed before.
You can find notices on the installation of addons here: Install browser addons.
8.11.8.1.1 Existing passw ord
In this example it is described how an application is newly created and linked with an existing password
via the Firefox addon. The Firefox addon is already installed.
The user Thomas Anderson has already started the following password in his private folder:
Handling
357
In the next step Mr. Anderson visits the website and enters his access data there:
Password Safe now recognizes thate this password has already been started, but yet no application
exists for it. Afterwards Password Safe offers the user the possibility to link the password with the
application, to create an automatic login. If for example the login data goes with several websites, the
dataset will be linked with several applications.
358
With a click on link password an application will be created fully automatic and the password will be
linked with it. In the future the access data will be entered automatically.
Ignore page excludes the called up website from the recognition. In the future you will no longer be
asked if a link should be created. The ignored pages can be deleted again in the user menu globally "file"
-> "my profile" -> "reset settings" -> "reset ignored browser URL".
Analyse internet form opens the window for website analysis after a click on link password.
Open password directly brings you to the dataset to adjust its settings.
Via the symbol
you get to the dialogue window to create a new password. This is helpful if Password
Safe and Repository wants to link the new application with an existing password but a new password is
required. You can find further information on recording new passwords under the following link: New
password via addon
You can find further information on this example under the following links
Install browser addons
Add dataset
Website analysis
Handling
359
There is the possibility to create new passwords and the accordant applications via the browser addons.
In this example Mr. Anderson surfs with Safari. The Safari addon has already been installed. He gets to a
website for which neither password nor application are deposited in Password Safe. He logs on the
website as usual.
360
The login data are taken over by the website here. With a click on start password the menu edit
dataset is shown.
Handling
After a click on save the dataset and the accordant application are created. At the next visit of the
website the login data will be entered automatically.
You can find further infomation on this example under the following links
Install browser addons
Add dataset
In this example a new dataset is started in Password Safe and is linked with a website and an
application.
Via
361
362
After the data has been entered a click on links is made. Here you can see that the dataset has no links.
A click on add link is made. Then a request appears to save the new dataset. This is made directly in
the message box with a click on yes.
Handling
363
The window for the allocation of fields from web forms opens:
In this window Password Safe opens the website which has been deposited in the dataset. Since there
is no login window on this page the fields can not be allocated automatically. Via a click on login you are
directly navigated to the accordant page in the integrated browser:
364
Via a click on analyse Password Safe scanns the current website. The appropriate fields in the login
mask are found and allocated accordingly. The allocation will be displayed with colored markings.
Handling
365
Concluding a click on save is made. The dataset is now captured including the necessary application. At
the next visit of the website the login data will be enterd automatically.
You can find further information on that example under the following links
Install browser addons
Add datasets
8.11.8.2 Windows application
In this example it is demonstrated how a Windows application is started with a .htaccess window.
Via
366
After the entry of the data the desired website will be called up in the Internet Explorer. Since the page is
protected the following Windows login window appears:
Handling
367
In Password Safe it is now clicked on links -> add link -> capture application.
You will be asked to choose the application, afterwards click on the login dialogue:
Stay in the login window for 3 seconds. Afterwards the window controls opens, which shows the login
window for allocation:
368
Per Drag and Drop the fields can now be allocated. At this a context menu appears in which you need to
choose edit.
After the fields have been allocated, the process will be completed with save.
You can find further information on this example under the following links
Add dataset
Controls
8.11.8.3 Parameter passing to application
By means of the Password Safe "applications" you can pass data (according to configuration) at the call
up to external application like for example putty via parameter passing. For this you only need to know
which parameters the application supports. Enclosed we show you a configuration of the automatic
password entry via parameter passing with the help of putty.
For the putty use case we start a new form with the help of the form assistant at first. You can open the
form assistant via edit -> manage forms -> add forms. Configure a form with the following fields.
The field contents, so to speak the field values, you always approach with the field name.
At this always stick to the following spelling:
{FRM:host} = FRM stands for "form". Notice that you spell the field names correctly in order that the
Handling
Save the form data and start a new folder afterwards and choose the putty form there.
Now an accordant dataset can be started in the folder.
369
370
Afterwards switch to the tab links and add a new application here with the button add link. Choose
search application in the context menu and afterwards the button add application in the manage
dialogue in order to start a new application. Only enter a description, as well as application and
parameters at the configuration of the application:
Handling
371
Here the path of the application you want to start will be entered under application (execute). In the
field parameters the parameters which should be passed to the external application are described.
With a click on save the process is completed.
With a click on the dataset and application -> putty with your right mouse button putty is now started
at which the parameters are directly passed.
Notice:
The parameters can be different according to the application. Search for "parameters" or "command
line" in the description of the application. Alternatively you can also contact the producer of the thirdparty software. The passed parameters "-ssh {FRM:Host} -l {FRM:UserName} -pw {FRM:Password}"
are replaced by the field values later. So for example the call up "c:\putty.exe -ssh 192.168.1.1 -l root pw password" occurs with only one click.
Under the following link you can find an explanation of the used putty parameters:
http://the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter3.html
372
You can find further information on this example under the following links
Insall browser addons
Add dataset
8.11.8.4 Login with script
You can use a script for every kind of entry. At this kind of entry a keyboard entry is simulated, therefore
almost every login can be linked up. If the cursor should not be inthe right field at the beginning you have
to inform Password Safe where the entry starts. You can configure this in the application under settings
-> automatic entry without demand.
Alternatively you can let login data be entered easily and uncomplicated via hot keys in every application
and every browser. For this normally nothing has to be configured additionally.
In order to configure a login per script you have to start a new dataset first or edit the existing one. In
this example the self-created form: putty is used.
Click on the button start new dataset in the list view.
Start new dataset
Afterwards a new window opens, in which you can enter the data for the dataset. Here at the example of
putty with the form putty. /
Handling
373
After you have captured the data, click on the tab links to start an application. Click on add links.
However, bofore a link can be started the dataset has to be saved. Confirm the message for saving the
dataset with yes. To do so click on add link -> search application.
374
Afterwards a new dialogue opens. Please click on add application -> add application.
Now a new window opens in which you can accordingly configure the application. But first Password Safe
has to know in which window the data should be entered. To do so open the accordant program (putty):
Handling
375
Let the putty window opened in the background and afterwards click on the button search application
in Password Safe.
Search application: Opens a new window in which an application can be chosen.
Select the accordant window in the search dialogue. Afterwards you should receive a similar
configuration.
376
In our case we start the program putty out of the directory C:\. Additionally we pass over putty a ssh
server as a parameter at the start. So the connection to the server will be immediately be built up when
opening putty.
Since we carry out the entry using the example of putty we select script for entry sequence as a kind
of entry under the tab data link and click on the button edit afterwards.
Handling
377
Afterwards the script editor opens, in which you can define the script, how the data should be entered.
The script editor simulates the keyboard entry. You can drag the predefined scripts to the editor via
Drag&Drop. The current script in the editor does the following entry. At first the user name {FRM:
UserName} is written, afterwards the entry is confirmed with [enter]. Due to the [wait] Password Safe
waits a second and afterwards enters the password {FRM:Password} followed by an [enter].
378
How do you know how the variable you need is called? Click here to watch the article.
Afterwards confirm with save and go to the tab settings. Do you want to execute the script for example
manually, because the cursor does not stand at the beginnig of the field, then deactivate the option
automatic entry without demand. At the call up of the program a new dialogue appears in which you
can accoringly select the dataset and start the accordant script manually. Otherwise the script will be
started directly at the program start.
Handling
379
After the call up of putty a selection dialogue appears in which you can choose the dataset. Click on
manual to carry out the script manually.
380
Tip:
Via the quick access you can immediately call up the software, the automatic entry starts automatically
afterwards.
Notice:
If the data should be entered to the same window (several tabs) several times, you have to deactivate
the check mark never enter data to the same window several times in the application under
settings
8.11.8.5 Password entry with hot key
A very simple, but effective way to automatically enter passwords in applications and browsers without
configuring, is the possibility of using our hot key function, together with the script-engine.
First of all you have to fit the hot keys to your desires. You can find the setup of the hot keys in the menu
"edit" -> general settings" -> "shortcut keys"
The hot keys can be set up like in the following example:
Handling
381
Are the hot keys configured to your desires they are available globally. The hot keys used here are simply
serving as an example and you can suit them to your desires.
More information on the configuration of the kot keys you find at kot keys.
Now click on the first array in the browser (in the example we use Firefox), in which the login data
should be entered.
The cursor is now flashing in the first box. Now carry out the first hot key CTRL+ALT+S. The script will
382
be processed and the data will be automatically entered. The variables used for user name and
password will be automatically replaced by the data of the record selected.
Now you only have to click on the login button with the mouse to finish the login. Alternatively you can
also carry out CTRL+ALT+R and that way let the click on the login button made automatically.
This way of data entry even works with a remote desktop access. This way also passwords on remote
PCs can be entered without any problems, without having to use the clipboard.
Requirements
In order to be able to use the automatic entry without application function, it must firstly be activated
under Edit -> General Settings -> Browser Addons.
In addition, you can also define a colour here to highlight those fields in which data has been entered.
This is useful if you also use the entry with application function in parallel because the coloured
markings directly indicate whether the data entry has been carried out with or without application.
If you are using Google Chrome, Mozilla Firefox, Opera or Safari, the relevant Addon must be installed
and activated.
Furthermore, a record must be created that contains both the user name and password, as well as the
URL of the desired website. For example, if the login information is to be entered on Ebay, the relevant
record needs to be saved under the Internet address www.ebay.de. You can find further
information on this subject under notes.
Handling
383
As soon as the automatic entry without application function has been activated, Password Safe checks
each time a website is accessed whether a record exists for the opened URL and whether a login mask
exists on the website.
If both of these conditions are fulfilled, the user name and password are entered. The fields are
correspondingly highlighted in colour. Now check whether the data has been entered in the correct fields
and then click on the relevant button to log in.
384
Handling
385
8.12
Anmeldung an SAP
Logging into SAP can be achieved via parameter passing. The prerequisite here is for the login process
to be carried out via "SAPshortcut".
Firstly create a form with the desired fields. Then create the corresponding record.
The application for entering the parameters could, for example, look like this:
The field Application (Execute) is used here to execute "sapshcut.exe" in the installation directory.
The following parametersare then transferred for logging in:
Password Safe Field name
System
Client
UserName
Password
Language
Logon Parameter
user
pw
language
system
386
client
sysname
guiparm
Example
With the following paramters, the standard login can be configured:
Execute
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\sapshcut.exe
Paramter
-maxgui -system={FRM:System} -client={FRM:Client} -user={FRM:UserName} -pw={FRM:Password} language={FRM:Language}
8.13
Menu items
Handling
387
Connect
Builds up the connection with the remote computer in the current dataset.
Connect with console
Builds up the connection with the console with the remote computer in the current dataset.
Connect without autologin
Builds up the connection with the remote computer in the current dataset, but does not log in.
Connect in the tab
Opens a new tab in Password Safe and builds up the connection with the remote computer in it in the
current dataset.
Connect in the tab with the console
Opens a new tab in Password Safe and builds up the connection with the console with the remote
computer in it in the current dataset.
Connect in the tab without autologin
Opens a new tab in Password Safe and builds up the connection with the remote computer in it in the
current dataset, but does not log in.
Connect via hot keys
Remote desktop connections can also be built up via hot keys. CTRL + R opens an RDP connection of the
current dataset, CTRL + Shift + R opens a connection in the tab.
388
Handling
389
Defines the own widht for the desktop. In order that this works, the variable "DesktopSize" has to be set
to the value "4" (own value).
DesktopCustomSizeHeight (Number - numeric field)
Defines the own height for the desktop. In order that this works, the variable "DesktopSize" has to be set
to the value "4" (own value).
ColorDepth (ComboBox - choice box)
0 = 256 colors
1 = HighColor 15 Bit
2 = HighColor 16 Bit (requirement)
3 = TrueColor 24 Bit
4 = TrueColor 32 Bit
ConnectToConsole (CheckBox - Yes/No)
Connects directly with the console on the remote computer.
RedirectDiskDrives (CheckBox - Yes/No)
Local drives are available on the connected remote computer.
RedirectPorts (CheckBox - Yes/No)
Local ports are available on the connected remote computer.
RedirectPrinters (CheckBox - Yes/No)
Local printers are available on the connected remote computer.
RedirectSmartCards (CheckBox - Yes/No)
Local SmarCards are available on the connected remote computer.
Audio (ComboBox - choice box)
0 = give out at the local PC
1 = give out at the remote computer
2 = no sound
EnableWindowsKey (CheckBox - Yes/No)
The Windows key is available on the remote computer.
KeyboardHookMode (CheckBox - Yes/No)
Commits key combinations to the remote computer.
RDPVersion (ComboBox - choice box)
0=Version 4
1=Version 5
2=Version 6 (default)
DesktopSizeFitToFrame (ComboBox - choice box) This field is only contained in new v7 databases.
If you use a v6 database you have to create the field manually.
0=Remote session is displayed in original size.
1=Remote session is adapted dynamically.
Notice:
If the connection with the console should not work this could be because of another RDP version. Create
390
the additional option RDP version and set it to the correct RDP version at the client, in order to create a
connection with the console.
Notice:
A remote desktop connection is only possible if the network level authentication (NLA) is deactivated.
This authentication method is part of the Windows operating systems from Windows Vista on. In order
to deactivate NLA please click on start -> right button click on computer -> properties ->
remote settings. Under the tab remote please select "allow connections of computers on which
any version of remote desktop is carried out".
8.14
Workflow management
If the standard functions of Password Safe should not be enough for a use case, you can access the
workflow system. It offers the possibility to automate operations in order to fit Password Safe to your
personal desires.
The system consists of events and actions which are linked with each other in a way that an event
causes a certain action. An event is caused by a user and can for example be the opening of a certain
dataset. Every time an event is carried out by a user, the workflow system starts the configured action,
for example the sending of a message.
A workflow is required if the standard functions of Password Safe are not enough.
You can find the workflow system under the main menu item edit.
In the left half of the workflow configuration you can find all events, while you can find the available
actions in the right half.
Handling
391
Attention!
The structure of the workflow system has been deliberately designed very open in order to
cover as many use cases as possible. Through this a lot of scenarios can be mapped.
However, this brings about that not all possible workflows are reasonable. Via some
combinations you can lock yourself out of parts of Password Safe! The combination of "edit
before workflow" and "dialogue" with the setting "close workflow after dialogue" for
example effects that you can no longer open the workflow system. The combination of the
event "after internal mail" with the action "internal mail" each with the same user for
example effects and infinite loop in which infinitely many messages are generated.
Therefore please consider before creating a workflow which effects it will have. We are
pleased to offer you training courses in order to get to know the workflow system better.
For this please address: sales@passwordsafe.de
392
User/group filter
Every workflow can be assigned to one or several user(s) and/or group(s). (More on that under start
workflow. You have the possibility to filter the workflows in a way that only those action which have been
assigned to users or groups are displayed. For this the following push-buttons are available:
Handling
393
To this the following dialogue window on adding users and/or groups was opened
394
Handling
395
This window is dynamic. That means depending on which action has been chosen different fields will be
displayed in this window, because every action has got different functions.
In the field description you can give the new workflow a name in order provide for the clearness in the
main menu of the workflow system. In this example it is called "open notice before logbook".
In the lower part of the window you can see two tabs. In the active tab dialogue the options of the
action are defined. In this example the text of the dialogue field and the further process after the
dialogue window are defined. In the field headline we enter "notice". In the field message the text of
the dialogue field is stated: "Via the blue double arrow the filter function within the logbook can be
shown." In the last field we choose "continue workflow".
396
Under the second tab condition it can be defined under which conditions the workflow is activated. This
outlook is also dynamic and depends on the functional range of the particular action.
In the right halft you can find a wildcard character. (See as well: wildcard character). In this example
from user. You can now drag this wildcard character to the condition in the left half of the window:
Handling
The wildcard character is now added to the condition and can be edited per double click:
397
398
For this example we enter the user name "Anderson". Afterwards the workflow can be saved via the
accordant push-button.
Every time the user "Anderson" now opens the logbook the started workflow shows the following
message box:
Deactivating a workflow
Handling
399
400
-> is replaced by the name of the user who carries out the workflow
-> describes the status of the task
-> describes the subject of the task
Handling
Created by
Originator email
401
402
Via the menu item new bracket logical links can be summarized. Change condition gives you the
possibility to edit conditions. For example folder or user names. Via delete the condition will be deleted
from the list.
Furthermore you can find in this context menu the logical links logical "and", logical "or" and logical
"not". In the lower part of the context menu you can choose the relational operators "contains" and
"same".
In order to furthermore make the logical connection clear, we use an example. The following folder
structure has been started:
Handling
403
Relational operators
These operators specify in which way the condition should be compared with the linked object. There are
the possibilities "same" and "contains". With "same" the strings have to be absolutely identical. With
the operator "contains" the condition has to be found in the linked object. So the string in the object
can also be longer.
Relational operator "contains"
404
Here the condition "passwords" has been linked with the operator "contains". All folders from our
example are brought up because all of them contain the item "passwords".
Relational operator "same"
Handling
405
This combination only approaches the folder "passwords 1", because only this folder exactly conforms
to the condition.
Logical parameter
Scenario 1 - without logic
406
If the workflow is started without any logic, a dialogue window appears when a password is opened.
Absolutely independent from which folder the dataset is in.
Handling
407
In this example two folders have been linked with "or". So the workflow takes effect if a password is
opened in the folder "passwords 1" or in the folder "passwords 2". If a password is opened in another
folder the workflow does not take effect.
408
The first condition in this scenario requires that the workflow takes effect if a password is opened which
exists in another folder that has "passwords" in its name. So all folders of our example would be
concerned.
The second condition, however, excludes all passwords which exist in the folder "passwords 2".
Scenario 4 - "and" link
Handling
409
This scenario contains a special feature. If you drag the wildcard character "password" to the conditions
the following window opens. Here any form can be selected in the left half. Then all fields which are
contained in the selected form appear in the right half.
410
Consequently the workflow shows the dialogue window, if a dataset is opened in the folder "passwords
4" which accesses the URL "www.passwordsafe.de".
Scenario 5 - Combination of several logical links by means of brackets
Handling
411
Several links have been combined here. The first bracket causes that the workflow takes effect if the
user administrator accesses the folder "passwords 1". The second bracket takes effect if Mr. Anderson
accesses the folder "passwords 2".
412
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
Information of a disciplinarian about the deletion of an application per message.
8.14.5.3 After new application
Description
Is activated after a new application has been successfully created.
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
Via an email employees can be informed as soon as a new application has been created.
8.14.5.4 Edit before application
Description
Is activated as soon as an application is opened for editing.
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
Via a dialogue notices for the editing of applications can be given.
8.14.5.5 Delete before application
Description
This event is activated as soon as an application should be deleted.
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
The deletion of applications can be avoided, the user receives a notice on that.
Handling
413
Subject
414
Status
Subject
Handling
415
416
Handling
Group
membership
s
417
the name.
Names the groups of which the user is a member.
418
Handling
Wildcard
character
From user Describes which user has caused the workflow.
Group
Gives the name of the group.
Typical use case
Via yes/no confirmation for example a security query can be realized.
8.14.5.30 Before adding group
Description
Causes an action before a group is added
Wildcard
character
From user Describes which user has caused the workflow.
Group
Gives the name of the group.
Typical use case
Via dialogue for example notices can be shown.
8.14.5.31 Before opening group
Description
Event is activated before the group information is shown.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Via enter user password it can be for example realized that a certain user has to agree.
8.14.5.32 Before opening the user and group management
Description
Event is activated before the user and group management opens.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Protection of the user and group management via a release.
Example
Before opening the user and group management a release is necessary
8.14.5.33 Before deleting private data
Description
This event is activated before the private data of a user is deleted.
419
420
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Typical use case
Additional security query before deleting.
8.14.5.34 Before new user
Description
Is activated before a new user is created.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
Typical use case
Notices about company policies that should be considered at the start of a new user.
8.14.5.35 Before changing the user memberships
Description
This event is activated if a change has been made under member of at the editing of a user.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Group
Names the groups of which the user is a member.
membership
s
Typical use case
Information of disciplinarians about the changes of a group membership.
8.14.5.36 Before changing the group memberships
Description
Event is activated when a user is added or deleted at the editing of a group.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Group
Names the groups of which the user is a member.
membership
s
Handling
421
422
Handling
423
424
Handling
425
426
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
Handling
In folder
name
In folder
From user
427
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
From user
428
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with its ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
Handling
429
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
430
In folder
name
In folder
From user
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
Handling
431
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
From user
Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.
432
Handling
433
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
In folder
Describes the folder with its name in which the password concerned in the workflow is
name
contained.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
434
In folder
name
In folder
Original
folder name
-> Describes the folder with its name in which the password concerned in the workflow is
contained.
-> Describes the folder with its ID in which the password concerned in the workflow is
contained.
-> Describes the original folder. Recognition of the folder per name.
Origninal
-> Describes the original folder. Recognition of the folder per ID.
folder
Destination -> Describes the destination folder. Recognition of the folder per name.
folder name
Destination -> Describes the destination folder. Recognition of the folder per ID.
folder
Created by -> Describes which user has created the folder.
Originator e--> Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example in order to open the dialogue on editing rights directly afterwards.
8.14.5.76 After redefining folder
Description
An action is activated after a folder has been redefined.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
In folder
Describes the folder with its name in which the password concerned in the workflow is
name
contained.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Per SMTP mail for example a responsible person can be informed.
8.14.5.77 After removing folder
Description
After a folder has been removed to another folder the action is activated.
Wildcard
character
From user Describes which user has caused the workflow.
Handling
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Destination Describes the destination folder. Recognition of the folder per name.
folder
Destination Describes the destination folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example to let the rights be edited.
8.14.5.78 After opening folder
Description
Event acitvates an action after opening a folder
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
With this for example an information on the folder can be shown per dialogue.
8.14.5.79 After opening folder properties
Description
Event causes an action after opening the properties of a folder.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
2015 MATESO GmbH
435
436
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
A dialogue can provide additional information.
8.14.5.80 Before changing folder release
Description
Event is activated after changes have been made among the releases of the folder.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example to inform the administrator per SMTP mail.
8.14.5.81 Open after folder logbook
Description
Is activated after a folder logbook has been opened.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Handling
437
438
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder
mail
Typical use case
Via yes/no confirmation for example a security query can be realized.
8.14.5.85 Before copying a folder recursively
Description
This event causes the action before a folder is copied recursively.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder
mail
Typical use case
Via dialogue it can for example be given notice that the rights have to be adapted after the copying.
8.14.5.86 Before redefining folder
Description
Is caused before a changed folder name is saved.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Handling
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Via dialogue for example a guidance for giving a name can be shown.
8.14.5.87 Before removing folder
Description
This event is caused before a folder is removed.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Destination Describes the destination folder. Recognition of the folder per name.
folder name
Destination Describes the destination folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Per dialogue it can be given notice that the rights can change by removing.
8.14.5.88 Before opening folder
Description
Action is caused before a folder can be opened.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
2015 MATESO GmbH
439
440
mail
Typical use case
For example to protect the opening per several-eyes-principle.
8.14.5.89 Before opening folder properties
Description
Action is caused before the properties of a folder can be opened.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Via enter user password the agreement of a certain user can be made necessary.
8.14.5.90 After changing folder release
Description
Event is activated before changes are made among the releases of the folder.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example to point out to a message of the administrator per dialogue.
Handling
441
442
Handling
443
Mail subject Describes the subject of the mail sent in the workflow.
Mail text
Describes the text of the mail sent in the workflow.
Typical use case
Via yes/no confirmation it can be realized that the user has to confirm the reception of the message.
8.14.5.99 Before disconnecting database connection
Description
Is activated before the connection with the database is actually disconnected.
Wildcard
character
From user Describes which user has caused the workflow.
Database
name
444
Wildcard
character
From user Describes which user has caused the workflow.
Database
name
Handling
445
Via enter user password the adoption of data to the clipboard can be secured.
8.14.5.105After managing workflow system
Description
Is activated after closing the workflow system.
Wildcard
character
From user Describes which user has caused the workflow
Typical use case
A note that the workflow system has been edited per SMTP mail to the administrator.
8.14.5.106Before managing workflow system
Description
Is activated before the workflow system opens.
Wildcard
character
From user Describes which user has caused the workflow
Typical use case
Certain persons have to agree for opening the workflow system.
Example
Before opening the workflow system Mr. Anderson and two users from the group IT have to agree
directly at the PC
446
8.14.6.2 System-Task:HTML-WebViewer
The export of the HTML WebViewer can also be carried out as a system task on the server. This does
not cause any load for the client.
Compared to the action HTML WebViewer there is no export filter field here. All data which the user can
access are exported.
In the field export file there is no possibility to choose a folder structure. Here the desired path has to
be entered. Please notice that the task runs on the server and therefore the folder structure is based on
the one of the server. In this example a dynamic path with the wildcard character from user has been
chosen. So every user can carry out the export to his/her personal network share.
Handling
447
8.14.6.3 Dialogue
This action outputs a dialogue. So for example notices or warnings can be output.
Please notice that you can completely lock yourself out of the function or the event if you choose at after
dialogue -> close workflow.
Headline
Message
After
dialogue
448
In this example the user will be informed that afterwards another workflow will be started, which informs
the administrator on the opening of a password.
8.14.6.4 Yes/No confirmation
Sometimes it is reasonable to ask the user for approval before carrying out an action. This can be simply
realized with this action.
Headline
Question
Handling
449
The user will be shown a window in which he/she will be asked if he/she really intends to open a
password. If the user clicks on "yes" the workflow will be continued and the dataset will be opened. A
click on "no" causes the abort of the workflow.
8.14.6.5 Enter user password
If you want to protect an object with a user password you can realize that with this action. At this the
password does not necessarily have to be from the user logged in, because every user can be chosen.
Differing Here is the title of the login dialog are set
headline
Inquiry for Here you can specify, which user must enter his password
user
450
If a user wants to open a certain password it is -due to this action- only then possible, if Mr. Anderson
has directly entered his password at the computer.
8.14.6.6 Event seal
This action gives you the possibility to seal all events which are available in the workflow system. Here
the event will be sealed in the moment in which you save the workflow. Here you have got all possibilities
which the seal system offers. If the accordant event is opened again after the breaking of the seal you
have the possibility to delete the broken seal or set it again. You can find further information on that
under seal.
Seal Specify the seal
Handling
451
The event open before logbook has been sealed. That means the user has to break a seal first, before
he/she can open the logbook. If any releases are deposited in the sealing template, they have to be
required in advance. After the seal is broken the user has got exclusive access to the logbook. If the user
closes the logbook and opens it again, he/she gets the possibility to seal it again.
Here you can find an example for the configuration of the seal on a folder: Workflow examples
8.14.6.7 Release system
Another possibility to protect events is the use of release systems. You can choose every release which
has already been created. Then the user has to require and receive the necessary releases before he/
she can carry out the event. You can find further information under Releases
Permission Select the release here
452
If the user wants to open the logbook he/she has to receive the release from Mr. Anderson first.
8.14.6.8 Four-eyes-principle
Via the four-eyes principle any event can be protected in a way that before carrying out two users have
to enter their key words at the computer.
User
Group 1
Group 1
number of
users
Group 2
Group 2
number of
users
Here, another group can be set from which the user must consent
Here you can specify how many users must agree from Group 2
Handling
453
This action causes that Mr. Anderson, as well as any two other users from the group "IT" and any user
from the group "It - RDP and licenses" have to enter their passwords directly at the computer.
Note:
When the option "Username must match with Windwos logon name" is activated at a user from the
Active Directory, the user cant grant releases.
454
This workflow ensures that a user login is only possible when a previously defined certificate is available
and trusted.
8.14.6.11 Event viewer
This action enables you to create entries in the Windows event viewer.
Event type
Computer
name
Message
Handling
message
455
456
This example sends an internal mail to the user Anderson with the priority "middle". The subject is called
"logbook". In the message text the user will be entered.
8.14.6.13 MAPI mail
One possibility to send emails is the action "MAPI mail". Here the standard email program (outlook,
Lotus Notes, Mozilla Thunderbird etc.) as well as a pre-assembled email in it will be opened for the
sending of the email. Therefore this messaging function is "potentially" unsafe, because the user could
stop the sending of the message in the standard email program.
E-Mail:
Address
E-Mail:
Subject
E-Mail:
Message
Handling
457
458
Handling
459
460
SMTP user
Enter the user name of the return address here
name
SMTP password Enter the SMTP password of the return address here
SMTP
Choose the authentication method of the return address here
authentication
E-mail:
Enter the return address here
Addresser
E-mail: Address Enter the receiving address here
E-mail:
If the record has been saved with a field named WFEMail, the e-mail will be sent to
Recipient from the address stored in this field.
the record
E-mail: Subject Enter the subject of the email here
E-Mail:
Enter the message text here
Message
Handling
461
462
In this example the accordant browser application will automatically created after the setup of a new
password.
8.14.6.18 Link application
Via this action applications can automatically be linked.
Password
Application
Here you decide for which passwords the action takes effect.
Select the accordant application here.
Handling
In this example it is automatically linked with an application after the creation of a new password.
8.14.6.19 Dataset seal
This action offers the possibility to set seals automatically
Set seal on
Reason for
seal
Seal
template
On broken
seals
Choose what you want to do with seals which are already broken
463
464
In this example a new password is automatically sealed according to the selected seal template. Via the
menu item at broken seal it can be defined if a dataset with a broken seal should be sealed again with
the current seal or according to the seal template. There is also the possibility not to carry out any action
at a broken seal (not consider broken seal).
Lock template
Here you can select the lock template you want to use.
At formerly
Define how datasets which already have been locked should be handled.
locked datasets
Locking reason
Handling
465
In this example a new password will automatically be locked with a selected template. Via the menu
item at formerly locked datasets it can be defined if a dataset which already has been locked should
be locked with the current lock or according to the lock template. There is also the possibility to carry out
no action at existing lockings.
8.14.6.21 Predefine password
With this action you have got the possibility to carry out certain settings for new passwords.
Password
Here it is defined that passwords are concerned by the workflow.
Expiration
Enter an expiring date for the new password here.
date
Expiring days If the password should not expire at a date, but after a certain time, you can define that
here.
Tags
Here tags can be stated, which are automatically allocated.
Comment
Here comments can be stated, which are automatically allocated.
466
Due to this workflow it is realized that all new passwords expire after 5 days. An accordant tag is set
(which relieves the search for these datasets) as well as an entry in the comment field is created.
8.14.6.22 Edit rights
There is also the possibility to open a right dialogue via the workflow system
Open
privilege
dialog for
Handling
467
The example opens the right dialogue password after the setup of a new password
8.14.6.23 Standard browser
This workflow enables you to allocate a standard browser to a password so that the saved website is
always opened in the preselected browser.
Set the
standard
browser to
Browser
This workflow ensures that all new passwords in a certain folder (filter for folder under Conditions)
have Mozilla Firefox allocated as the standard browser.
468
The wildcard character password is dragged to the field set seal to. This causes the seal to be set on
the password itself.
In the field seal reason the reason for the sealing is described.
Under seal template a seal template created before is selected. To do so click on the seal symbol.
In the next step click on the tab conditions. The following window opens:
Handling
469
Here you drag the wildcard character in folder to the condition field. Via a double click on the condition
"domain passwords" can now be entered. In doing so you decide that the workflow only takes effect at
the desired folder. With a click on save you complete the process.
470
Via a click on the symbol add user the accordant dialogue is opened in the field addressee and the two
addressees are selected. After defining the message priority you define the subject. Afterwards the
message can be written. In the message field the text is written. The wildcard characters password, in
folder and from user then fill the message with the necessary data. A following click on the tab
conditions opens the following window:
Handling
471
Here the name of the desired folder (here "online shops") is defined as a condition again. Afterwards you
can save the workflow. In order to inform the user about the sending of the message a second workflow
is necessary. To do so drag the action dialogue on the event open before password. In the workflow
system it is described as follows:
472
Enter the headline and the message text here. In the field after dialogue you choose continue
workflow. Afterwards the condition on the lines of the action internal mail has to be set to "online
shops". After a click on save the workflow is complete.
Handling
473
If the user and group management is now opened the necessary release has to be required first.
474
There are several configuration possibilities here. In the field user users can be chosen independently
from their group membership. In this example Mr. Anderson. In the fields group 1 and group2 there
are groups given from which users have to agree. In the fields group 1 number of users and group 2
number of users you define how many users from the accordant group have to agree. In our example
Mr. Anderson as well as any two users from the group IT have to give their approval.
If a user wants to open the workflow system he is shown the following window:
Handling
475
In the left half of the window you can see which users have to agree. The status says how many
releases are still not provided. After Mr. Anderson has entered his password the frame view changes.
In the left half of the window you can wee by the green check mark that the release by Mr. Anderson has
been given. The "0" says that no further releases are missing. After the first user from the group IT has
entered his/her name and password the window looks as follows:
476
You can see that one release from the group IT is missing. As soon as it is given you can see the
following window:
Handling
477
8.14.8 Attention
Attention!
The structure of the workflow system has consciously been designed preferably open in order to cover
as many use cases as possible. Due to this reams of scenarios can be mapped. However, this causes
that not all possible workflows make sense. Via some combinations you can lock yourself out of some
parts of Password Safe! Therefore please keep in mind before you create a workflow which effects it
will have. We are pleased to offer you courses of instruction in order to get to know the workflow
system better. For this please contact per e-mail: sales@passwordsafe.de
Critical workflows
Before manage workflow with dialogue with option end after workflow
This workflow would avoid the opening of the workflow system!
Before maximizing from the systemtray with dialogue with the option close workflow
Password Safe could no longer be maximized!
After internal mail with the action internal mail with each the same user
This workflow causes an infinite loop which generates an endless amount of messages!
After user login with the aciton several-eyes-principle with only one user being provided for the
consent
The provided user can no longer log in because he/she cannot give himself/herself a consent. Especially
critical in combination with the administrator!
8.15
System tasks
The task system is a service which carries out tasks like sending an e-mail in defined intervals. For this a
task is made available client-sided via the task system, in which the task that has to be carried out is
478
defined. The server check within the defined intervals if a task is provided by the client and carries it out
afterwards. If a task is created it is carried out with the rights of the task creator.
Preconditions
At least an Enterprise server with configured and active task system.
Notice:
The task service should only be made accessible to administrative users because this system can also
cause damage if it is used wrongly. So with a wrong configuration for example all passwords could be
sealed.
Starting a task
For the configuration of a task open the task system via edit -> manage system tasks. With a click on add
tasks a context menu opens in which the type of the new task can be selected (SMTP mail, WebViewer
export, etc.):
After a task has been selected the task configuration window opens:
General settings
Handling
479
Under the tab general a name of the task as well as a description are configured. Under interval
history it can be reproduced later when the task has been carried out. In the below array you can see
when the next run of the task will be and when the last run took place. At the new start of a task the
current date including the current time is entered for the next run in the overview. That requires that
the task is carried out the first time directly after it has been created.
Interval
480
Under the tab interval it is defined when the task should be carried out. For this different intervals can
be used and also be combined with each other. With a click on the accordant pushbutton you can add a
new interval. The following window opens in which the settings of the intverval can be set:
Handling
481
Every minute: Here intervals can be configured that run for example every 5 minutes
Hourly: For the configuration of intervals that should be carried out for example every 12 hours
Daily: For intervals that should be carried out for example every 5 days
Weekly: Intervals that run at intervals of one or several weeks. Additionally one or several days can be
stated. An interval can for example be set up, which runs every two weeks always on Monday and
Wednesday
Monthly: Here intervals are defined which run monthly. The individual months can be defined as well as
the days on which the task should run.
End: If this option is activated you can name an end date or end point in time for the task. As soon as
the end date is reached, the task will be deleted from the overview and no longer be carried out.
Settings
According to the selected type the settings which describe the task in detail can be made here. These are
for example the data for the configuration of the mail server at the task SMTP mail or the storage
location for the WebViewer export. For a more detailed explanation about the individual menus please
refer to the following chapters:
2015 MATESO GmbH
482
SMTP mail
WebViewer export
Seal
Active Directory synchronization
Lock
You can find configuration possibilities under examples.
Rights
Here it is defined which users or user groups are allowed to manage the task. By default always the
administrator as well as the administrator group is named here:
For adding users or user groups just click on the accordant symbols. A context menu can also be opened
with a click with your right mouse button, which also contains the items add user or groups as well as
delete user or groups.
Handling
483
484
According to the desired report different variables are taken on the e-mail:
Broken seals:
Expired passwords:
Soon expiring passwords:
Password logbook entries:
(example: report for 5 days)
Password logbook entries:
Database overview:
Quality check of passwords:
PoliciesReportHTML}
{Rep:BrockenSealsHTML}
{Rep:ExpiredPasswordsHTML}
{Rep:ExpiresPasswordsHTML}
{Rep:PasswordLogsHTML}5{/Rep:PasswordLogsHTML}
{Rep:PasswordLogsHTML}
{Rep:DatabaseOverviewHTML}
{Rep:PoliciesReportHTML}[1];[2];[3];[4]{/Rep:
The parameters stand here for:
[1] = Folder ID
[2] = Password guideline ID
[3] = Take into account subfolder using the format 1 or 0
(1=Yes, 0=No)
[4] = Also show passwords that correspond to the guidelines?
(Format: 1 for Yes, 0 for No)
The variable can of course also be combined with a free text. You can find further information under the
example examplel SMTP mail.
Handling
485
In order to setup the sending of internal mails, it is merely necessary to save the following access data
for the mail account:
Host name: Name of the mail server
Port: port used by the mail server
Authentication: Select here (depending on the configuration of the mail server) none, standard or
SASL
Sender: e-mail address of the sender
User: user name of the mail account
Recipient: e-mail address of the recipient for the test mail The actual e-mails are sent to the address
saved for the user.
Password: password for logging into the e-mail account
486
Um den Versand der internen Nachrichten einzurichten, mssen lediglich die folgenden Zugangsdaten
zum Mail Account hinterlegt werden:
Hostname: Name des Mailservers
Port: verwendeter Port des Mailservers
Authentifikation: Whlen Sie hier (je nach Konfiguration des Mailservers) keine, standard oder
SASL
Absender: Emailadresse des Absenders
Benutzer: Benutzername des Mail Accounts
Empfnger: Emailadresse des Empfngers fr den Testversand. Die eigentlichen Emails werden an die
beim Benutzer hinterlegte Adresse verschickt.
Passwort: Passwort zur Anmeldung am Email Account
Handling
487
Precondition for the synchronization of the task system is that accordant profiles have been created in the
user and group management. Just select the profile that should be synchronized here.
8.15.5 Seal
Via the task system you can set seals in defined cycles. It is checked at every run which passwords are
not sealed or which seals are broken, these are then sealed again. The necessary settings are made in
the following window:
488
After the reason for the seal has been stated you can select a seal template. In the menu item on
broken seals you define what should happen to broken seals. Here ther are three different
possibilities:
Handling
489
Create new seal with the current seal: The broken seal is protected again with the original seal
Create seal with seal template: For the sealing the selected seal template is used
Not consider broken seals: Broken seals are not resealed
In the menu item Reseal broken seals after you define for how long a seal has to be broken at least
before it is resealed. This option avoids that a user breaks a seal and it is set again before he/she had
the possibility to open the password. Please allow for a certain time here (e.g. 60 min).
In the folder filter you define to which folders the task should refer.
8.15.6 Locking
Via this option you can let datasets be locked automatically (in intervals). This makes for example sense
if you want to realize that a dataset is only unlocked for a certain time.
490
After the reason for the locking has been stated you can select a locking template. Afterwards you define
what happens to datasets which already had a locking:
Lock again with locking template: The datasets are locked with the selected template. No matter
which locking has been used before.
Lock again with recent locking: The datasets are locked the same way they already where locked, no
matter what the template may be.
Not consider formerly locked datasets: There is no locking.
It can also be stated for how long formerly locked datasets should remain unlocked. So you can give
employees that have unlocked a dataset enough time to edit the dataset.
In the folder filter you define in order to conclude, to which folders (possibly including all subfolders)
the task should refer.
Handling
491
Server path: Here the storage location of the WebViewer as well as the name of the file is stated.
WebViewer password: Give the WebViewer a password here in order to be able to decrypt it later
Repeat: Repeat the WebViewer password here for safety reasons
Notice:
Please consider that the export is carried out by the task service. Therefore choose a server path on
which the server-sided task service has got write rights. Otherwise the file can not be created.
492
8.15.9 Examples
8.15.9.1 Example task for SMTP mail (expiring passwords)
Scenario:
The administrator needs an e-mail with reports. It should be transmitted which passwords are expired or
which password expire in the next 5 days. The administrator needs this e-mail every Monday at 08:00
o`clock a.m. as well as always on the last day of a month at 04:00 o`clock p.m.
Precondition:
At the server the task system has to be configured and activated.
Handling
493
Configuration:
First of all it is defined which passwords are defined as soon expiring. Under edit -> database
settings the accordant inscription can be made (in this case 5 days):
All other settings are directly made in the task system. This is opened via edit -> manage system
tasks. With a click on add task the context menu is opened in which SMTP mail is selected then. In the
following menu the name of the task as well as a description is stated. The time of the next run is
deliberately not changed. So the task is directly carried out once after the completion.
494
Under the tab interval now two intervals have to be set up. First of all an interval is started under
"weekly", which runs every Monday at 08:00 o`clock a.m.:
Handling
495
Under the interval preview the next 10 runs are listed. With a click on the calender symbol on the right
side next to the interval preview, a calender opens, which also shows the runs graphically:
496
In order to send the e-mail additionally on every last day in a month a second interval is necessary. For
this in the menu interval "monthly" is selected first of all. Afterwards all months will be selected under
months while under days only the last one is selected:
Handling
497
498
If you now open the task overview all planned runs are displayed graphically. The 31. October as well
as the 30. April are marked in red here. That means that on that day two tasks meet. However, the task
will only be carried out once here.
Handling
499
Now it is switched to the tab settings. Here the parameters of the mail server are entered and the email is issued:
500
In the tab rights the CEO Mr. Anderson is taken in yet, in order that the task can still be configured if
nobody from the administrator group is on the premises:
Handling
The task is now completed and shown in the menu system task:
501
502
Handling
Under the tab interval it is defined that the run should happen every 5 minutes:
503
504
The options of the seals are set under the tab settings. First of all the reason for the seal is entered.
Afterwards the seal template is selected. In the menu item on broken seal it is defined that broken
seals can be resealed with the current seal. At reseal broken seals after the required 20 minutes are
set:
Handling
505
506
In order to conclude you have to switch to the tab rights, where first of all the user Anderson is added
and afterwards the administrator as well as the administrator group is deleted:
After all settings have been saved the new task will be shown together with the task from the Example
task for SMTP mail (expiring passwords):
Handling
507
In the future it will be checked every 5 minutes if one of the domain passwords has to be sealed. If one
of the passwords should not have a seal yet it will be sealed with the seal template. If the seal of a
password is broken it is checked first of all if the seal has been broken for 2o minutes or longer. In this
case the dataset will be immediately resealed with the current seal. If the seal is not broken for 20
minutes yet the password is not resealed, however, it will be checked again in the next run.
8.16
WebViewer
The Password Safe WebViewer enables to export your database to a highly encrypted HTML file. So you
can access your data reading with another PC or MAC. To do so you only need an up-to-date browser.
You can also use the data on the way on a smartphone or tablet. The HTML file can for example be
made easily accessible via a FTP directory or with Dropbox.
Notice:
Please notice that the relaying of the HTML WebViewer or the encrypted HTML file to a third person is
not permitted. The HTML WebViewer and all other exported data can only be used by the license holder
(the originator).
8.16.1 Preconditions
The WebViewer creates an HTML site, which is encrypted with AES 256 bit. You can provide that HTML
file for example via your webspace, an FTP server or also the free service "dropbox", and you can access
it with a smartphone or a tablet. So you always have your passwords with you. If you should not have a
possibility to provide the file online, you can of course also directly copy it to the mobile device and open
it there directly with the browser.
508
The decryption is made on-the-fly by the displayed browser. So please keep in mind that the browser
has to support Java-Script. Since the HTML site is decryted directly by the browser it can come to a
performance deficit on mobile devices. Therefore we suggest to export only the datasets which you
actually need on the way.
Of course access is also possible from any PC or MAC via the browser. So you can for example swap out
a part of the database which you use occupationally to your computer at home.
With a click on the folder symbol you define first of all in which storage location and under which name
the WebViewer should be stored. Please notice that you need write rights for the path!
Handling
509
If you want to use the HTML file on a mobile device it is advisable for performance reasons not to export
the complete data stock, but only the necessary datasets. To do so click on export filter in the next
window
510
After a click on next and afterwards on complete a dialogue appears in which you define the password
with which the export should be encrypted
Handling
511
After a click on next now the WebViewer.html file is created. According to the amount of data this can
take some time. The progress is shown to you with a progress indicator.
512
Via the marked push-buttons you can activate or deactivate the automatic export. Furthermore you can
define here if you want to be asked for agreement before the automatic export. With a click on the
marked folder symbol you can choose the path under which the HTML file should be saved. Please notice
that you need writing privileges for the path! If you do not want to export the complete database, but
only a part of it, you can create a standard export filter under the tab general:
Handling
513
Via the marked push-button the standard export filter can be activated or deactivated as needed. With a
click on export filter you get to the folder structure, in which you can select or deselect the desired
datasets.
514
After you have saved the settings an export will be made every time you have logged off the database.
Handling
515
After you have entered your personal password in the password field you can open the WebViewer file
with a click on login.
516
In the main window you can see information like the database name, the number of records, the creation
date and the user. Next to the title a timer runs. This timer starts with 60 seconds and counts down to 0.
Afterwards the file will be locked again for safety reasons. After each entry the timer starts again.
It appears a list of all entries. Via the input line, you can filter them. The filter works live. If two or more
characters are entered, all relevant results will be displayed automatically.
Handling
517
In the results list, you can open the record view with a click in the description field. A click in the
password field displays the password. By clicking in the URL field, the appropriate Web page will be
opened.
Dataset view
In the dataset view all fields of the dataset are shown.
518
Automatic entry
If the relevant Browser Add-on has been installed and activated, the login data will be automatically
entered when a website is called up and Password Safe finds a login mask. One click on the
corresponding button is sufficient to log in.
Handling
8.17
519
Right management
8.17.1 In general
Password Safe has an integrated comprehensive management of privileges including privilege descent.
This works in a similar way as the unblocking of folders in Windows and is therefore very easy and
simple to operate. With the management of privileges you grant a huge group of users access to a
database. Every user is recorded in the database and can own individual privileges.
Preconditions
To be able to use the management of privileges of Password Safe you need a full version of
Password Safe Professional
or
Password Safe Enterprise
Furthermore you have to create a multi user database. This can lie on a network share in the
Professional Edition or can be administrated by the Enterprise Server in the Enterprise Edition.
520
Enterprise Server.
You can find in the chapter "first steps" -> "set up database" how to start a database.
That several users can access the database it has to be filed in a network share.
Handling
521
As soon as you have entered your password and clicked on "Ok" you immediately recognize the
difference compared to a singleuser database without management of privileges. Since the management
of privileges is activated now you receive a second login window after the database login, in which you
have to enter the user and the user password.Hereby you sort of take on a kind of "role" in the database.
Please note that the user name has to be entered with exact spelling also considering the case
sensitivity.
Notice: The initial password of the administrator is "admin". As soon as you have logged in the first time
you have to enter a new safe password for the user "administrator".
Important: In bigger companies it is advisable not to publish the database password. Every user must
login with his/her user account. But since the database is encrypted with the database password it is
not possible to login only with the user password. For this purpose we offer two possibilities of
authentication:
1. Auto login
The auto login is directly set up at the client by the administrator. Thereby the database and the
database password will be saved in the registry in encrypted form. If the user starts PSR he/she will
be connected immediately to the database and the user can only see the user login. The data in the
registry is encrypted with the machine code of the PC and can therefore not be read out or
transmitted to another PC.
The auto login is set up via the menu "file" -> "my profile" -> "set up auto login".
522
You can find further information on the auto login in the chapter "auto login".
2. Plugin for authentication:
Via our plugin port basically every authentication method can be tied up. Examples are the USB
token, or Smartcards or also biometry hardware like fingerprint scanners and employee identification
badges. We currently offer a plugin for a standard USB stick for the demonstration. The advantage is
that you do not have to hand out the database password to the user. The user logs in by plugging in
the USB stick to a not used USB port. The user then only has to login at the database with his/her
user name and the accordant password. The USB stick can be additionally saved with a PIN that it
can not be misused at a loss.
Currently available plugins:
- Standard USB stick
- PKCS#11 (Tokens, Smartcards, and many more with PKCS#11 port)
- Password Key USB key (only for Version 4 with Windows XP, the development has been stopped for
lack of Vista support)
Further plugins for USB tokens, Smartcards, biometry hardware and employee identification badges
will follow in the next months and years.
You can find further information on plugins in the chapter "plugins".
3. Modul Network Logon
The Professional and the Enterprise Version can be extended by the network logon with this modul.
The login can optionally be made via the network and therefore no password for the login has to be
entered. The modul has to be purchased once for a licence file and then applies to all clients that
login to this licence file.
Administrate the login for your clients centrally on your server. If the management of privilege is
2015 MATESO GmbH
Handling
523
activated the user only has to login with his/her own login data. Therefore you no longer have to hand
out the password of the database to your users. The modul is a cheap alternative to hardware
authentication like for example USB tokens.
Licence info: The modul has to be purchased once for a licence file and then applies to all clients that
login to the licence file. The modul is (if licensed) only usable in the full version, in the demo version
the modul is deactivated and can not be set up.
You can find further information on the modul "Network Logon" in the chapter "Network Logon".
After you have logged in the database at the first login the administrator account appears. You can set up
further users later on via "administrate users and groups". The administrator account has "admin" as
initial password. Now enter the initial password "admin" and confirm with "OK". Afterwards you will be
required to set a new password for the administrator account. Choose a meaningful and good password
nobody can guess easily. Here the database password guidelines directly take effect, which you can
define under the menu "edit" -> "database settings" -> "password". You can also receive tips for
safe passwords via the password analysis in the password generator.
524
In the left array you can select the user or groups and in the right array you can edit them. Use the right
mouse button, like usual under Windows, to edit or reset entries.
Icons in the toolbar
Opens the search bar. The search bar works the same way in all arrays.
Adds a new user (or with groups a new group)
Edits the user selected in the list
Handling
525
526
Handling
527
On the tab members members can be directly assigned to this group. Since we set up the groups first
we directly assign the group to the accordant user later.
If now all groups are started now the users have to be added.
528
Now start all users and define the basic rights. According to your management or group structure you
can also start the groups before.
Handling
529
Enter the user name and all other required data in the tab general. At this the user name is the login
name and the displayed name in the whole system. At new users it makes sense to set an initial
password and set the check mark at user has to change keyword at the next login. So the user is
forced to give away a new safe password at the first login.
Define password
In order that a user can log in you have to allocate the user an initial password. This is possible via the
context menu in the user list. Select one or several users and choose "define password" in the context
menu. Then enter a safe password in the password assistant and follow the instructions of the assistant.
8.17.4.2 General settings for the user account
Change password at the next login
If you activate this option the user will be directly asked to create a new, safe password, according to the
database password guidelines set by you. If the user does not create a new password the login process
will be aborted.
User can not change password
If you activate this option the user can not change his/her password himself/herself. The login password
can normally be changed in the main window, in the menu file -> my profile -> change my
password.
Account is deactivated /locked
If you activate this option the user can no longer log on at the database. This is also displayed visually in
the login window and in the search list.
User password never expires
If you activate this option the user will never be asked to change his/her password after a certain time.
Password expires after a specified number of days
You can specify here how many days the password remains valid.
Deactivate account after a specified number of days without logging in
This option enables you to automatically deactivate an account if the user has not logged in for a
specified number of days.
Deactivate account on a specified date
This option can also be used to automatically deactivate a user account. However, a fixed date is
specified in this option.
Only allow logging in with a certificate
If this option has been activated, the user can only log in using a certificate. The alternative process for
logging in using a password is deactivated. Please note here that it is necessary for the PKI module to be
licensed for logging in with a certificate.
8.17.4.3 Membership to a group
On the tab membership you can assign the user to the previously created groups.
530
Click on add to assign the user to one or several groups. You can also mark several groups and assign
them per multiple choice.
8.17.4.4 Define general basic rights of the user
On the tab rights you can define basic rights of the user. These rights are overall-data and are therefore
directly configured at the user.
Handling
531
532
Handling
533
534
Handling
535
536
8.17.4.8 Miscellaneous
On the tab "miscellaneous" you can find information when the user has been created or changed and
who did it. Furthermore you can see when the user has logged in the last time and from which IP
address the login was made.
Create a new folder or use an already existing folder. In the example we use the folder "Internet". Click
on the folder with your right mouse button and choose the menu item "sharing and security" in the
context menu.
Handling
537
Now you see the tab "Permission" with the dedicated users and groups in the upper array and the
dedicated permissions in the below array.
The account "administrator" and the group "administrators" is assigned by default to every record. Those
can not be deleted for safety reasons because the administrator must have permanent access to all
records to exclude the possibility that passwords are no longer dedicated to anybody and therefore get
lost..
Click on a user or a group, so you can see the dedicated rights. The rights apply to the displayed folder
"Internet".
Via the button "Add" you can allocate further groups or also single users and give away individual rights
on this folder.
538
Via the buttons in the toolbar you can switch between groups and users. A search within these groups
and users is also possible. Highlight individual or several objects for the multiple selection to quickly
allocate several groups or users.
Handling
539
If you added a group or a user click on it in the list to set the permissions in the below array.
At a newly allocated group there are no permissions assigned as a start. Now enter the rights for this
group.
540
Therefore you can assign individual rights to every group and every user. Even if a user is part of a group
but should even so have individual rights compared to the others in the group, you can add the user and
allocate these individual rights which then take precedence over the group rights.
The same possibility of privilege allocation you also have at the password records itself. Just click on the
record in the password list with your right mouse button and choose "unlockings and rights". Then
again these settings take precedence over the ones of the folder.
To save the changes click on the button "OK"
8.17.5.1 Inheritance of rights
Inheritance of rights
One of the outstanding functions of the right management is the inheritance of rights. With this you can
define privileges for a superior folder and alienate them to all sub folders and records. So you can save a
lot of time because not every folder and every record has to be changed manually if the structure of
rights changes.
If you start a new record (e.g. a password) in a folder the rights of the folder will be automatically passed
on to the record. Therefore no new allocation has to be made, except you intend individual settings for
this new record.
Handling
541
After you have added groups or users or changed a right when clicking on "Ok" the dialogue for the
inheritance of rights appears automatically.
542
Require rights
Here it is detected who can grant access to the desired dataset or the authorization. All groups/users
who are responsible for this, will be messaged per task.
Notify administrator
The administrator receives the task, to grant the required right.
If it is a dataset that should be released the administrator can directly give the releases for this dataset
via the received task, by clicking on the pushbutton edit within the task. The administrator can also
reject the request using the relevant button. The user will be informed in this case.
8.17.5.3 Right templates
Via the administration of right templates you can define how rights can be given to datasets and folder by
default. At this you can also distinguish between root rights and normal dataset rights. the configuration
is carried out via the database settings.
Handling
543
544
For this you set the releases as desired and then click on templates -> save. A new window opens in
which you can enter a name and a description for the new template. On the second tab release already
all releases are adopted, if you do not want to change anything you can now save the template.
Handling
545
If you now want to adopt the template to another folder or dataset, select templates -> load in it. Now
you receive a selection of all templates and can load the template with a double click on the accordant
entry. All existing releases are overwritten in doing so.
546
Handling
547
As soon as a right template for the folder is active only these rights from the right template are valid for
subordinated new folders and datasets. Even an administrator could not add any datasets here if he/she
is not contained in the right template.
8.17.5.5 Private and public datasets and documents (user choice)
With Password Safe you can also allow your users easily create personal passwords and documents. The
user can decide if the newly created password is only accessible for himself/herself, or if it is a public
password and therefore the normal folder inheritance of rights takes effect. It is the same with adopted
documents.
How to activate personal passwords:
Go to the database settings -> right management.
Activate the option users can choose between private and public datasets.
Go to the right management and assign to all or only to certain users the right user can choose
between private and public datasets.
Go to the folder properties in which you want private datasets or documents to be allowed and select
one of the three options under private and public datasets.
If now a user starts a new password in that folder or adopts a document he/she is asked at saving,
according to the setting, if he/she wants to start a private or a public password.
548
Handling
549
The user logs on with his/her name and his/her password. When the user logs on the first time he/she
2015 MATESO GmbH
550
If the user has no rights for the right management he/she can make no changes in permissions or rights.
If a user starts a password in a folder himself/herself, he/she is registered as the owner of that record
and can manage the permissions and rights for his/her record himself/herself. The same also applies to
the capture of categories. The user will be set up automatically with full access for his/her own record.
If a user can see no data at all after the login, neither folders nor records you have not given the
accordant folder rights to that user. In order that a subordinated folder is being displayed you have to give
at least the right to read on the superior folder, otherwise the folder structure can not build up.
Handling
551
8.17.10 Licensing
For every user a licence of the software is required. The number of licenses also defines the number of
users you can apply for the right management as well as the number of simultaneously logged on users.
According to the configuration the restrictive user can be given certain rights. For the
restrictive user we suggest the following rights:
User may change the database settings
User may manage users and groups (rights) (suggested)
User may change the main password
User may change the PUK
User may export backups
User may import backups
User may manage the logbook (suggested)
User may copy databases
User may change the database password rules
User may change the seal notifications
User may manage the Auto Backup feature
User may manage applications
User may manage forms
User may manage label
User may use the USB-Stick feature
User may manage the Auto-Login function
User may use the Remote Desktop connection
User may manage the active user list
User may export records in list (XML data exchange)
User may import records in list (XML data exchange)
Several restrictive users can be created with different rights to map different scenario of the revision.
Cofiguration:
You can get information on the configuration of the restrictive user under "Manage users and groups".
Rights:
In order that the restrictive user can manage the rights he/she has to own the right "Manage
2015 MATESO GmbH
552
permissions". We suggest to include the restrictive user to the group "administrators". Hereby the
restrictive user automatically has the right to manage permissions. Alternatively you can also carry out
the giving away of rights manually.
8.18
Tip:
Create own groups for Password Safe in your Active Directory, which you then import and synchronize.
You can then use these groups for the giving away of rights within Password Safe.
You can of course also combine groups created in Password Safe with groups from the Active Directory.
If a Password Safe group is defined as a member from an Active Directory group, this link will be deleted
at the next synchronization of the accordant Active Directory group. If, however, an Active Directory
group is in a Password Safe group, the link remains.
In order to configure the Active Directory connection, open the right management first (edit -> user
and group management). In the right management a click on
is enough to call up the Active
Directory menu, or rather to read out the Active Directory.
Handling
553
In order that the users from the Active Directory can log in it is also necessary to enter the domain at
the Enterprise server under the safety parameters.
8.18.1 Settings
You can directly open the Active Directory settings in the right management dialogue. If you use the
Active Directory Integration for the first time you will be automatically directed to the configuration.
Notice:
If possible take a user as an Active Directory user who has a password that never expires.
554
Profile name: Here you give away the name for the new profile
User name: Enter a user here who has got the necessary rights on the Active Directory in the domain
Password: Here the password is entered with which the user logs on the domain
Domain: Enter the domain here from which you want ot read out the Active Directory
Add new profile
Delete profile
Carry out access check
Handling
555
This option effects that all new users are directly deactivated. With this option you can unhurriedly edit all
new users and only activate them when they are completely configured.
Disable LDAP users and groups, which are not marked as synchronization able:
All users and groups that are eliminated from the synchronisation in the menu item Readout Active
Directory are deactivated.
Run LDAP search directly:
Hides in the menu Read out Active Directory the tree structure and shows the search results directly.
This setting is recommended, if there are groups or organizational units with more than 1000 elements
in the Active Directory.
Activate automatic user login:
The activating of the automatic user login causes that the users with the Windows user name will be
validated and through this will be automatically logged in at Password Safe. Therefore it is not necessary
to enter the user data manually. Please notice that under every Windows user account the automatic
user login can only be created once. You can find further information on the automatic login and its
configuration in the chapter user login.
Username must match with Windows logon name:
If this option is set, it will be assigned to all newly imported users. Then a user can only log in Password
Safe when he is logged on at the operating system.
Synchronisations logbook:
Here the logbook of the Active Directory synchronisation can be called up.
556
Handling
557
With this selection the organisational unit "California" including all contained users and groups is read in.
The organisational unit "USA" is not imported. In the future all elements which are new in "California",
"PSR_Admins_CA" or "PSR_Sales_CA" are also imported to Password Safe with synchronization.
558
At this selection the organisational unit "USA" is not imported. The organistational unit "Texas" as well as
all contained groups and all users, except "Julia Wirth" are synchronized. Furthermore new users in the
organisational unit "Texas", as well as in the groups "PSR_Sales_TX" and "PSR_Admins_TX" are
automatically started in Password Safe.
Via this selection the organisational unit "USA" as well as the organisational unit "California" and all users
except "Phil Rudd" are imported. Since "Phil Rudd" should also not be imported in synchronization runs in
the future the pushbutton before the group "PSR_Sales_CA" is marked grey. Therefore new elements
are not started in the group "PSR_Sales_CA", however, existing ones are synchronized.
Handling
559
All datasets which contain the searched string are displayed in the search result list. With a single click
on the accordant element it is called up or selected in the tree structure. Afterwards the element can be
marked for import there. A click on "Brian Johnson" shows for example the following result:
560
In the tree structure you can directly mark the elements for synchronization. Furthermore you can search
for different elements in several search runs, mark them accordingly and in order to conclude import
together with OK.
Notice:
At the first readout of an update to version 6.3 it can happen that all elements appear unmarked at
first. In this case the tree structure only has to be opened once.
Handling
561
import here. This art of search is recommended for large active directorys.
Manual synchronisation
In order to synchronise the data with the Active Directory manually, just open users and groups
managing dialogue. You can call up and carry out the synchronisation via the context menu. You can also
carry out the synchronisation in the read out Active Directory dialogue. To do so click on the button
2015 MATESO GmbH
562
If you have got several domains linked, of course all ofthem will be synchronised.
Automatic synchronisation
A fully automated synchronisation is possible via the task system. The task system is a service that
carries out tasks in defined time intervals. For this a task is provided from client by the task system, in
which the task that should be attended is defined. The server checks within the defined time intervals if a
task has been provided and then carries it out. You can find further information on the task system and
its configuration in the chapter system tasks.
Start a new task for the synchronisation:
Handling
563
Here you can give the task a name and a description. At an active task you can see all synchronisations
that have been made so far in the interval history. Since the task is just created in this case, the column
is blank. In the overview you can see when the next run should happen and when the last run happend.
In the tab Interval it is defined when and in which time intervals it should be synchronised. You can find
information on this at the system tasks.
Under the tab settings you define which profile should be synchronised. In this example the profile
One is chosen:
564
Please notice that the task service has to be configured and activated server-side.
Handling
565
Automatic login
If this option is activated, the user can log on Password Safe automatically, that means without
password. Please notice that this option also has to be configured at the server.
User name must match with Windows logon name
This option causes that only the user that is also logged on the domain at the computer can log on
Password Safe. If you for example want to log on the computer with the administrator account and with
a user account on Password Safe, this option has to be deactivated. Please notice that this option only
applies for the manual login. At the automatic login it is compulsory that the accordant user is logged on
the domain, because Password Safe can otherwise not authenticate towards the Active Directory.
566
Here you can see the the users "ANDHI", "JANWI", "JULWI" and "TATJA" are members of the
organisational unit Germany. Furthermore the groups "PSR_Admins_DE", "PSR_Einkauf_DE" and
"PSR_Verkauf_DE" are in the group.
Handling
As you can see here the organisation unit Germany is in the organisation unit Europe.
Via this information the structure from the dialogue Active Directory is shown:
567
568
Handling
569
570
Notice:
If an Active Directory group is deleted and added again afterwards it is - technically - a new group.
According rights have to be set again.
Backup
First of all create a backup of your database in order to have a valid backup if there are any problems.
LDAP configuration
Make sure that server as well as client are up-to-date and that the necessary patchlevel update of the
database has been carried out. Afterwards log on the database with administrator rights and open the
user and group management. With a click on the arrow next to the button to the Active Directory
import a context menu opens in which you open the window for the Active Directory configuration via
Active Directory settings.
If you should have used the native connection so far give away a name for the connection in the Active
Directory configuration under profile name. This can for example be the name of the Active Directory or
also the name of the server. Underneath you enter a user and his/her password who is authorized for
the Active Directory. (optional / not necessary according to LDAP configuration). Under domain you enter
the name of the domain. Please enter the domain here including its TLD (in this example .test). Please
mind case sensitivity here. If you have used the LDAP connection so far the necessary settings are
already made. If the connection could be tested successfully, please save the settings.
2015 MATESO GmbH
Handling
571
572
Attention!
Only change the domain after you have checked it carefully. If necessary refer to the domain
administrator in order not to make any wrong statements here.
Handling
Then select the correct domain in the following window and confirm with OK.
573
574
Notice:
Do not forget to check and if necessary change the domain also at the groups!
Attention!
If the domain which is assigned to the users and groups does not conform to the domain from the
configuration the concerned elements will be set again at the next synchronization and then exist twice.
In this case you necessarily need to delete the new elements, because otherwise you will lose the
rights of the users. After the deletion of the elements adapt the domain and import again.
Deleted users and groups have to be reproduced via a backup, because at another import the accordant
rights get lost.
Handling
575
In this outlook different markings can occur which are described under import/readout
users and groups.
Notice:
Before the version 6.3 there was no recursive group synchronization in Password Safe. Therefore all
groups are excluded from the synchronization after the update. If you want to synchronize the groups in
the future as well you can set the accordant markings. Consider that all users that exist in the Active
Directory in the group are therefore imported. If more users should be imported than licenses exist they
will be automatically deactivated.
Via a concluding click on OK now all accordingly marked elements are imported or synchronized. The
LDAP connection is now completely configrued.
576
8.19
8.19.1 Reports
In Verbindung mit dem Enterprise Server knnen statische Reports erstellt werden. Diese enthalten
wertvolle Informationen zur Administration der Datenbank.
Unter Bearbeiten -> Reports ffnet sich ein Kontextmen, in welchem die einzelnen Reporte
ausgewhlt werden knnen:
Nachdem ein Report ausgewhlt wurde, wird dieser erstellt und in der Druckansicht geffnet. Von dort
aus, kann er direkt gedruckt oder auch gespeichert werden:
Handling
577
ber das Task System besteht die Mglichkeit, die Reports in fest definierten Intervallen erstellen und
direkt per Email versenden zu lassen. Ein Beispiel hierzu finden Sie im Kapitel: Beispiel Task fr SMTPMail (ablaufende Passwrter)
578
Via a click on report you will receive a report of the rights of all users and groups. The rights are
displayed per user.
To keep the space within the report to a minimum, the individual rights in the title bar of the report
Handling
579
-> Read
-> Edit
-> Delete
-> Move
-> Print
-> Export
-> Manage permissions
Hint:
In the reports is presented, through which directly associated group a user is authorized. Subgroups
will not be shown. It is therefore possible that a user is not directly in the group, but rather in a
subgroup.
8.19.3 Logbook
Via the logbook you can search systematically for entries or screens. To open the screen menu you have
to click on the blue arrows (in front of search). The hit list can be exported in the CSV format via the
context menu (click on a record with your right mouse button). The logbook has to be activated in the
database settings in order that logbook entries can be created. You can find the database settings in the
menu "edit".
Do you want to know in which folder a dataset is or do you want to open that folder directly, just click on
2015 MATESO GmbH
580
the dataset in the logbook with your right mouse button. Then select go to and the accordant folder.
Via the same context menu you can also export log entries as CSV:
Export current outlook as CSV: Exports the information from the logbook which can be seen at the
moment. If you for example search for a certain user this search result is exported
Export all log entries as CSV: Exports the complete logbook
Notice:
If the logbook option see/open is activated, the passwords in the lists are automatically hidden and
can not be shown. In order to see passwords the dataset has to be selected explicitly.
Important!
If you exclude the administrator from the releases for folders or datasets, this data is private data and
is therefore not taken in the logbook.
8.19.3.1 Dataset logbook
If the logbook is activated you can open the dataset logbook with a click with your right mouse button on
a dataset and a click on logbook afterwards. Here all entries which belong to the accordant dataset are
shown.
2015 MATESO GmbH
Handling
581
8.20
Icons
Password Safe offers a choice of predefined icons. Besides you can upload and use "own icons" in
Password Safe. With a double click you can select an icon. Via the context menu change between a large
and a small outlook of icons. To select an icon click on the icon symbol, for example at the "folder
properties".
582
Afterwards the icon management opens, in which you can select the icon.
Own icons
For this change to "own icons" in the left array. Click on the white array with your right mouse button to
open the context menu. Choose "Add new icon" in the context menu to open the file browser for the file
choice. If the smaller or the bigger icon should be of bad quality you can simply replace it "replace big
icon (32x32 pixel)", or input it again.
Handling
583
Under Add new favicon, you have the opportunity to use the favicon for a website as an icon.
After clicking on this option, you will receive the following dialogue screen:
Simply enter here the URL for the desired website. The favicon can be read by clicking on the icon and
displayed under Preview. Assign an Image name and then save the icon.
8.21
Labels
What are labels?
With labels you can highlight the records in terms of colour and therefore they are easier to distinguish.
Also a grouping according to the label is possible in the list outlook.
To do so first of all start a label.
Administrate label:
Via "edit" -> "administrate labels" you can add, edit or delete labels.
584
Handling
585
After right-clicking with the mouse on a record, you will have another opportunity to link a label to the
record. It is also possible to separate a label from a record in this way.
8.22
Import
You can comfortably import already existing data in Password Safe. The import assistant supports you
with the single steps of the import. The import is called up via the menu file ->import.
In the second window of the import assistant you select if you want to import form data or users or
groups. The course of the import is described in the following chapters.
Form data (passwords, etc.)
With the form data import you can for example import a CSV file (values separated by comma) to
Password Safe. Furthermore also export files of external products like Keepass can be imported
directly. The import is made to an opened database.
Right management (users and groups)
Existing right structures, groups and users including their affiliations can be imported to Password Safe.
This makes the configuration and the setup of several similar databases with the same users easier, so
for example the Active Directory does not need to be read out again.
Notice:
Please notice that the user needs the right import backup in order to be able to start the import
assistant.
586
Notice:
PSX backups can only be imported at the start of a new database assistant.
Handling
587
In the next window you can define the settings of the import format. This will depend on how the .csv file
is structured. If you want to import data from a Password Safe database into another Password Safe
database, it is recommended to maintain the suggested settings.
588
Now you have to set, in which category (folder) the data to should be imported.
Handling
589
Then it will be displayed how Password Safe would assign the appropriate fields. In this example the
"URL" field is assigned to the "Internetaddress".
If you do not agree with the proposed assignment, you can delete the assignments. You can then assign
the new fields as you liking. To do simply mark the matching fields on both sides. Via the right arrow, the
fields are then assigned. To correct, use the left arrow.
590
Handling
591
Via the special field Category folder structures can also be read. The folder must contain a separator
(such as ->) .
Example field content for folder structure:
Folder 1 -> subfolder 1 -> subfolder 1.1
592
Handling
593
Next, select the category (folder) in which the data should be imported.
Simply follow the wizard. It needed no further adjustments. Once imported, you can find the imported
folder structure, including their passwords.
594
Handling
595
596
Now follow the wizard. Other settings are not required. The users and groups are imported, including the
user rights.
Note:
Only the user rights will be imported. Rights to folders and records can not be taken over, as they
belong to the appropriate record and therefore have no connection to the users. An import, including
the relevant records, folders and related rights is possible via the restore of a backup in *.psx format a
new database.
8.23
Export
Saved data can be exported as a backup. An "export assistant" supports you at the individual steps of the
export. You can call up the Export via the menu "file" -> "export".
Backup (all data) - PSX
By means of a PSX backup you can restore your complete database. The PSX backup is a highly
encrypted XML similar file. Therefore the PSX backup can only be imported at the start of a new
database, directly in the "database assistant".
Backup (all data, binary) - PBB
The PBB backup is a binary backup. The binary backup needs less disk space compared to the PSX
backup. Data can be restored via the "database assistant" when creating a new database.
Notice:
The PBB format out-of-date and should not be used anymore. Use the PSX format for your backup
instead.
Values separated by comma - CSV
Individual folders/subareas or also the whole structure can be exported with the CSV export. Please note
that hereby the CSV file is not encrypted. The data can be imported again to Password Safe via the
import function (form data).
Export all users - XML
With this export you can export existing Password Safe users. You can import the users again via the
import function (right management).
Export all groups (without users) - XML
With this export you can export existing Password Safe groups without users. You can import the groups
again via the import function (right management).
Export all users and groups - XML
With this export you can export existing Password Safe users and groups. You can import the users and
groups again via the import function (right management).
Handling
597
Notice:
you can find furhter information on the backup here.
8.24
8.25
Enterprise Server
If you are connected to a server database and have logged in with a user who has the right User can
manage server functions, you will find under File the menu item Enterprise Server.
598
8.25.1 Sessions
Under Sessions, you can check at any time which user is accessing the database from which computer.
Handling
599
You also have the possibility of ending a session by right-clicking on an entry. This may be useful, for
example, when carrying out maintenance work.
Update list Reloads the information. The Automatically update list function ensures that you are
always up-to-date. This option also makes it possible to use the window for monitoring.
The different statuses are illustrated for you using icons:
User is connected to the database
User has been synchronised
User is in the queue
600
Right-clicking will open a context menu which you can use to edit the locked user parameters:
Edit lock
Lock user
Unlock user
You can edit an existing lock. For example, to change the duration of the lock
You can lock individual users here
Unlock the user here before the locked period expires.
Update list Reloads the information. The Automatically update list function ensures that you are
always up-to-date. This option also makes it possible to use the window for monitoring.
Miscellaneous
9.1
Removal on a new PC
If you buy a new PC, of course you want to take over your data from the old PC to the new PC.
To do so act as follows:
Install the software on the new PC
Input the license certificate or the license file on the new PC. If you should use the license file it is
possible that you will have to deactivate the old PC via the license overview first, in order that the
license is free again for the new PC.
Copy all databases (*.ps7) on the new PC. It is also suggestive that you export a PSX backup from all
databases and therefore have a valid backup which you can import in a newly created database in the
case of an incompatibility.
Then you can set up the databases as existing databases via the database assistant. Afterwards you
can log in at your database as usual.
9.2
Updates
Updates are software updates and can be installed at any time. Please notice that you can only use
updates if your software maintenance is still active and has not expired yet. You can check this in the
license overview. If the software maintenance has expired no updates can be used and the software
starts in the demo mode. So before you install an update you should make sure that the software
maintenance has not yet expired and let extend it before if necessary.
Miscellaneous
601
So you can request an extension of the software maintenance "before expiration" out of the
software:
602
Miscellaneous
9.3
603
Everything else then works like on the client. Just copy the databases to the stick and set them up as an
existing database. In the configuration file the drive letter will be automatically replaced by "{DRIVE}" and
will be automatically determined. For auto backup please use the variable "{DRIVE}" as a drive letter in
the settings.
Example:
{DRIVE}:\PasswordSafe\Backup\backup.psx
Example configuration file psr.pc7:
Edition 1
Edition 2
Edition 3
Edition 4
= Personal Edition
= Standard Edition
= Professional Edition
= Enterprise Edition
The new setup assistant, which will be available in a short time, automatically takes on these steps.
604
9.4
Basically
Via the additional module "Network Logon" you can centrally provide a database configuration at the
clients. For this a profile file will be created in which one or several database configurations are
maintained encrypted.
Configuration
In the menu "extras" you can find the menu item "configure network logon". Afterwards the window, in
which you create the profile file or edit existing ones, opens.
Create new profile
2015 MATESO GmbH
Miscellaneous
605
Click on "add profile" -> "add database" and carry out the database assistant to add the configuration.
Generally you will only add databases of the type "Enterprise". But you can also configure Standard and
Professional databases. To do so it is necessary to set the database password in the list via the context
menu afterwards.
Edit profile
Click on an entry in the list and then choose "edit profile" in the context menu. Alternatively you can do
this with a double click on the accordant entry. If only the password of the database has changed you can
reset it in the list directly via the context menu.
606
should be named "psr.nlc". Following you can see the order listed in which places the profile file is
searched for.
1. In the environment variable of the client (PSR_NLC_FILE). Here you can define the path including the
file name yourself.
2. In the registry. Here you can define the path including the file name yourself.
Sector:
HKEY_CURRENT_USER\Software\MATESO\PasswordSafe\Options
Entry:
NetworkLogonFile
3. In the configuration file of the client (psr.pc7) under <Common> <NetworkLogonFile>. Here you can
define the path including the file name yourself.
4. In the program path of the application. The file name has to be "psr.nlc".
5. In the personal document directory. Under XP in "own files". The file name has to be "psr.nlc".
6. In the AppData directory of the user, where also the configuration file of Password Safe lies. The file
name has to be "psr.nlc".
Windows Vista/Windows 7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc7
Windows XP:
C:\documents and settings\user name\application data\PasswordSafe\psr.pc7
Notice:
After an upgrade to a later version (e.g. from version to Version 7), the network logon has to be
configured again.
If one of the following points changes, the network logon file has to be configured again, or updated:
- Database name
- IP address of the server
- Port of the server
- Client server initial connection password
9.5
Configuration file
The configuration file contains all settings of the client. This file will not be deleted when the software is
uninstalled, so that your settings will not get lost when you want to do an update.
You can find the configuration file in the following directory:
Windows Vista/Windows7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc7
Windows XP:
2015 MATESO GmbH
Miscellaneous
607
= Personal Edition
= Standard Edition
= Professional Edition
= Enterprise Edition
LicenceFile:
Path to the licence file (For example: "D:\Password Safe\psr7.lic" or "\\MyShare\Password
Safe\psr7.lic")
ShowSplashScreen:
The Splash Screen briefly shows licence information and version when starting Password Safe. You can
show or deactivate the Splash Screen.
UseSecurityZones:
Activate security zones (private, workplace, public). This option is mainly used for notebooks or also with
USB sticks. Hereby you can choose different settings per place of location. For example if you run
Password Safe on a USB stick you can use different settings on public PC`s like on private/secure PC`s.
SetSecurityZoneAtStart:
Request choice of security zones at every software start. For example when you are on the way with the
notebook.
UserOptionsAvailable:
When deactivating the same settings apply to all users. This can lead to considerable delays because
many users access the same file, and is therefore a disadvantage that the setting effects all users. We
only suggest this setting for smaller teams.
ShowProgramOptions:
Configuration of the dialogue "general settings"
(0=menu item/toolbar button is not displayed, 1=menu item/display toolbar button, 2=menu item/display
toolbar button, but configuration is not possible, but instead a notice text for the user appears).
ShowAddNewDatabase:
Configuration of the button "start new database". With this you can hide the button for the start of a new
database. The button will not be hidden until at least one database has been started.
(0=menu item/toolbar button is not displayed, 1=menu item/display toolbar button)
608
WindowsUserAsDefault:
The actual windows user will be entered in the login window automatically
Example of a minimal configuration file without settings and without databases (do not use
TAB`s!):
<?xml version="1.0" encoding="windows-1250" ?>
<Data>
<Common>
<Edition>4</Edition>
<LicenceFile>psr7.lic</LicenceFile>
<ShowSplashScreen>0</ShowSplashScreen>
<UseSecurityZones>0</UseSecurityZone>
<SetSecurityZoneAtStart>0</SetSecurityZoneAtStart>
</Common>
</Data>
Following an example of a configuration file which has been configured user-dependent. You need this
for example to give it out to the users. Accordingly adapt a configuration file "psr.pc7" in the directory, by
means of an editor and afterwards open Password Safe to carry out the settings. The settings will be
saved in the configuration file so that you can give it out to the users.
<?xml version="1.0" encoding="windows-1250" ?>
<Data>
<Common>
<Edition>4</Edition>
<LicenceFile>\\path_to_the_licenze_file_on_the_server\psr7.lic</LicenceFile>
<ShowSplashScreen>0</ShowSplashScreen>
<UseSecurityZones>0</UseSecurityZone>
<SetSecurityZoneAtStart>0</SetSecurityZoneAtStart>
<UserOptionsAvailable>0</UserOptionsAvailable>
</Common>
</Data>
Notice:
Generally, options can be with
0 = deactivated and with
1 = activated.
Do not use TAB`s for insertion, use space characters!
Miscellaneous
609
Sector:
HKEY_CURRENT_USER\Software\MATESO\PasswordSafe\Options
Entry:
ConfigFile
4. In the program path of the application. The file name has to be "psr.pc7".
5. In the AppData directory of the user. The file name has to be "psr.pc7".
Windows Vista/Windows 7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc7
Windows XP:
C:\documents and settings\user name\application data\PasswordSafe\psr.pc7
9.6
Environment variables
With Windows environment variables some settings can be influenced. Following the environment
variables which are currently available are listed.
PSR_CONFIG_PATH
With this you can influence the path to the Configuration file "psr.pc7". Only the path can be entered. The
file name can not be changed.
PSR_LICENCE_FILE
Enter the complete path including file name here. Then the license file will be loaded from this entered
place.
PSR_NLC_FILE
Enter the complete path including file name her.Then the Network Logon profile file will loaded from that
entered place.
PSR_OFFLINEDB_PATH
Enter the path here in which the Offline databases should be saved.
610
- In the next step configure the required variable. Click on "new" to set up the variable.
9.7
Miscellaneous
611
psrX.lic
Ending for the license file of Password Safe
Data base name.ps7 (until version 5 *.ped / in version 6 *.ps6)
Ending of a database file
Database name.prvkey
Ending of a private key file for the decryption of a backup (Enterprise server)
Database name.ps7n
In this file the connections to a multiuser database are stored
9.8
Terminal server/citrix
Terminal server / Citrix
To run the application under Microsoft terminal server or Citrix the module "terminal server/citrix" is
necessary.
Warning!
We recommend the Enterprise Edition in combination with the Enterprise Server. In this case the
Enterprise Server must not be installed directly on the Terminal Server.
The use of the Professional Edition in Terminalserver/Citrix-mode is on your own risk and cannot be
supported in a problematic scenario.
The Seamless Mode is not possible.
9.9
Problem solving
Problem: Password Safe starts in Demo mode
solution: Make sure that the license file "psr7.lic" is not write-protected, hidden or archived. Furthermore
612
the license file must not be directly deposited in the program directory from Windows Vista on. We
suggest to deposit the license file at a single place installation under "own files" (XP) or under
"documents" (Vista/Windows 7). At an installation with several users the license file has to be deposited
in a network share. Check if all users have write access to the license file.
Problem: Automatic password entry does not react
Solution: Activate the automatic entry in the general settings. Furthermore it can be neccessary to
release the Addon Port in the Firewall (also Firewall of third party providers), because some Firewalls
can block the communication between the client and the addons.
Problem: Computer name has been changed/re-installation of the computer -> demo mode
Solution: The computer names will be saved in the license file provided that it is not deactivated by the
module "without client licensing". Not current or not needed computers can be deactivated and activated
at any time via the license overview. If you only have one license and the computer name has been
changed, Password Safe starts in the demo mode. You can call up the license overview in the activation
assistant or at the login via the hot key "CTRL+F9". Call up the structure in the license overview by
clicking on the small dark arrows in front of the folder symbols. Under the folder "number of licenses per
computer" all saved computers are listed. By clicking on the computer name with your right mouse button
you can activate and deactivate it. Afterwards there are free licenses again so that new computers can
enter to the license.
Miscellaneous
613
configuration file of Password Safe should definitely lie off line. At a server saved profile all profile data
will be administrated on the Windows server and and kept automated synchronous, what gets extremely
slow due to that. We suggest that you define in this case, that the configuration file of Password Safe
will be saved off line in another directory. You can find further information here.
Problem: Connection problems between client and server (only Enterprise)
Solution: Check the Firewall properties. The protocol is based on UDP. So activate TCP for the port
12008. However, if the connection should not work, it could be possible, that the host name can not be
broke down. In that case, configure the WINS settings of the computer.
614
has to be renewed. To do so reorganize the database via file -> edit database account ->
reorganize database
At this also defect datasets are deleted.
Problem: When starting Password Safe, the icon is shown on the task list but the application
itself does not appear.
Solution: This problem is experienced with some graphics card drivers. The application is displayed on a
monitor which has been incorrectly recognised yet is not actually connected.
Firstly click on the Password Safe icon on the task bar. By pressing the Windows button + shift +
left/right arrow buttons, the application can be returned to the visible area.
9.10
Error codes
If any problems should arise, against our expectations, and an error prompt is displayed, it contains an
error code. By means of the list below the error codes can help you with the solution of the problem. If a
problem occurs regularly, or if you can not solve the problem on your own, please contact the support
and name the accordant error code for the diagnosis of the problem.
Error code: 4
Error: "Error at opening the database."
Proposals for solution:
- Check if the databases are configured properly.
- Try to connect the database again.
Error code: 5
Error: "The database is not opened."
Proposals for solution:
- Check if the databases are configured properly.
- Try to connect the database again.
Error code: 6
Error: "The database could not be opened. Check the database path and the password."
Proposals for solution:
- Check the database path and the password.
- Check if the databases are configured properly.
- Try to connect the database again.
Error code: 10
Error: "Error at connecting with the server database."
Proposals for solution:
- Make sure that the server is started.
2015 MATESO GmbH
Miscellaneous
615
- Make sure that the database configured at the client is started at the server
Error code: 11
Error: "Error at open/execute."
Proposals for solution:
- Please contact the support
Error code: 12
Error: "No database has been found."
Proposals for solution:
- Check via the Windows Explorer if the database actually exists.
- If the database lies on a network share, make sure that there can be built up a connection with the
share.
- Have you got write privileges for the database?
Error code: 13
Error: "Wrong database password."
Proposals for solution:
- Check if the caps lock key is active.
- Make sure that the right password is used. The database password is required, the user password
does not work here.
Error code: 14
Error: "KeyFile could not be opened."
Proposals for solution:
- Check via the Windows Explorer if the KeyFile *.pedkey actually exists.
- If the keyfile lies on a network share, make sure that there can be built up a connection with the share.
- Have you got write privileges for the keyfile?
Error code: 15
Error: "Error at opening the database (SQL engine)."
Proposals for solution:
- Please contact the support
Error code: 16
Error: "Wrong password for the network protocol."
2015 MATESO GmbH
616
Error code: 17
Error: "The database server does not react."
Proposals for solution:
- Make sure that the server is started.
- Check the settings of the Password Safe firewall
- Are the server ports as well as the service port activated in the network firewall?
- Check your network configuration
Error code: 20
Error: "Execute could not be carried out in the time given."
Proposals for solution:
- Please contact the support
Error code: 22
Error: "The multiuser network file can not be opened."
Proposals for solution:
- Check if the file *.ps7n is in the database folder and if you have got right privileges for it.
- If the database folder lies on a network share, make sure that the share is accessible.
Error code: 23
Error: "Access to this database has been denied."
Proposals for solution:
- Check the settings of the Password Safe firewall
Error code: 24
2015 MATESO GmbH
Miscellaneous
617
Error: "The maximum number of sessions has been achieved. Connection with the database not
possible."
Proposals for solution:
- Wait until another session has been closed.
- Purchase further licenses.
Error code: 25
Error: "The database is already opened and can therefore not be opened again."
Proposals for solution:
- A single user database has been opened by another user and has to be closed by that user first.
Error code: 26
Error: "Error at open/execute."
Proposals for solution:
- This message is sent at a hacking suspicion. Therefore check imperatively if anybody wants to gain
access to your data.
- Check the log files of the server.
Error code: 31
Error: The server certificate is not trusted.
Proposals for solution:
Export the certificate from the server and then import it to the client.
Ensure that the current certificate is used and not an outdated one.
Check whether the certificate is saved in the correct certificate space.
You can find further information on this subject under: Enterprise Server Connection Certificate
9.11
Support
Contact us...
MATESO GmbH
Daimlerstrae 15
86356 Neus
Germany
Telephone
Hotline:
618
E-mail:
support@passwordsafe.de
9.12
2. Definitions
2.1 Licensed products refer to all software products offered by MATESO GmbH.
2.2 Licensing material includes updates and documentation provided by the Licensor to the Licensee.
3. Allocation of rights
3.1 The Licensor shall retain ownership of all rights to the licensed product even if the Licensee should
modify the licensed product without authorization or connect it to their own programs or to those of a
third party. The above shall also apply if the reseller modifies the license key so that it bears a name
other than that of MATESO, with the exception of rights granted in accordance with these terms and
conditions.
2015 MATESO GmbH
Miscellaneous
619
3.2 The Licensor shall grant the Licensee a non-exclusive, simple right of use to the licensed products
and documentation that excludes the granting of sublicenses.
3.3 The Licensee shall have to right to create a backup copy of the provided licensed products for backup
purposes only. The Licensor shall hold all rights to these copies unless these terms and conditions specify
that such rights are to be transferred to the Licensee. The Licensee has the right to use the licensed
products on their data processing system as specified in the terms and conditions even if doing so
involves the creation of backup copies in the system's RAM. The creation of additional copies is not
permitted.
3.4 If applicable national law and/or jurisdiction states that licenses may be sold to third parties, the
original Licensee is under the obligation to make sure that any copies that have been downloaded onto
their data processing system are unusable at the time of resale. Further use of the product by the
original Licensee constitutes a violation of the Licensor's exclusive right of reproduction and shall be
subject to persecution under civil and criminal law.
3.5 Individual editions containing several licenses may not be split up and sold separately.
3.6 The software and licenses may only be sold to another party after MATESO has first transferred the
license. Should the original license holder decide to sell the license, a fee must be paid to MATESO
before the license can be transferred, modified or before a new license can be granted.
5. Special provisions regarding rights of use for demo versions (test phase)
5.1 Licenses can be provided on a test basis. The right of use for demo versions of software is limited to
the test phase period (30 days). The right of use for demo versions is a non-exclusive, simple right of
use that excludes the granting of sublicenses and is granted for a limited period of time only.
5.2 The Licensee has the right to provide the demo software to other computer users for test purposes
during the test phase. If the Licensee intends to provide the demo software to other users, the Licensee
2015 MATESO GmbH
620
must inform said users of the duration of the test phase and of the consequences of continuing to use the
software once the test phase has come to an end. The Licensee is responsible for compliance with these
and any legal provisions, also when it comes to third-party use of the software.
5.3 Once the test phase has been completed, further use of the software shall be considered an
infringement of copyright punishable by law, and the Licensor expressly reserves the right to prosecution
for such use.
5.4 Once the test phase has been completed, the customer can use a license key to activate the
software. By doing so, the Licensee shall be granted a right of use covering the scope described in these
licensing terms and conditions. In addition to the other provisions, no. 3 of these licensing terms and
conditions particularly applies to the scope of use for full versions.
7. Documentation
Documentation (user manual) is available online at www.passwordsafe.de under Support in the
Download Center and can be printed or downloaded as a PDF.
8. Software support
8.1 The Licensee has the choice of different software support plans. The right of use granted applies to
updates, etc., depending on the plan selected (Private, Company Classic, Company Premium).
8.2 The right of use to the original software purchased does not expire with the expiration of the
software support plan. The customer can continue to use the software that was originally purchased
without having to take any additional steps. However, the customer must renew the software support
plan if they wish to receive further updates, upgrades or support.
8.3 Within the scope of software support, the Licensee shall be granted a non-exclusive, nontransferrable, simple right of use to the software support products that excludes the granting of
sublicenses a for a period of twelve months. The software support plan cannot be interrupted.
8.4 The Licensee may renew the software support plan 30 days before the software support period
expires. If the Licensee decides to renew software support they will be granted another non-exclusive,
non-transferrable, simple right of use to the software support products that excludes the granting of
sublicenses for another twelve months.
Miscellaneous
621
8.5 The Licensee can purchase software support retroactively if they forget to renew their software
support plan by the deadline. The twelve-month period of the renewed software support plan will begin
as of the date on which the previous software support plan expired.
8.6 Private software support plan
The Private plan is only available for the private products and comes with updates of one version for the
next 12 months. It does not include any upgrades to the next version up. Email support is also provided
working days from Monday through Friday at support@passwordsafe.de. The maximum response time
generally does not exceed 72 hours. In some cases, however, the response time may be longer.
8.7 Company Classic software support plan
The Company Classic plan comes with updates of one version for the next twelve months as well as an
upgrade to the next version up if an upgrade of that version is available within the twelve-month period.
It also comes with email support working days from Monday through Fridayat support@passwordsafe.de.
The maximum response time generally does not exceed 48 hours. In some cases, however, the response
time may be longer.
8.8 Company Premium software support plan
The Company Premium plan comes with updates and upgrades within the next 12 months. Company
Premium software support also includes free email support (support@passwordsafe.de) working days
from Monday through Friday, phone support and remote assistance (pcvisit or TeamViewer). The
maximum response time generally does not exceed 24 hours. In some cases, however, the response
time may be longer.
8.9 Product training may be purchased separately.
8.10 The sole purpose of support provided via phone, email or remote access is to provide support and/
or advice regarding product use or in determining the cause of an error. There is no guarantee that the
problem will be resolved. Success is not guaranteed.
8.11 The customer is under the obligation to pay the fee for software support regardless of whether or
not they choose to utilize the software support products.
9. Liability
9.1 MATESO shall only be liable for customer claims to damages arising from injury to life, body or
health or the violation of critical contractual obligations (material obligations). MATESO shall also be
liable for other damages that can be attributed to intentional or negligible violation of obligations on the
part of MATESO, MATESO's legal representatives or vicarious agents. Material contractual obligations are
defined as obligations that must be fulfilled so that the purpose of the agreement can be accomplished.
Any further liability is excluded.
9.2 Liability for the violation of material contractual obligations is limited to foreseeable damage that is
typical to an agreement if said damage was caused as the result of negligence unless the matter at hand
involves customer claims to damages arising from injury to life, body or health.
9.3 Should claims be made directly against MATESO's legal representatives or vicarious agents, the
limitations discussed in the previous section shall also apply in their favor.
622
9.4 The provisions stipulated in the German Product Liability Act shall remain unaffected.