Manual

Password Safe and Repository

2015 MATESO GmbH

Inhalt

Contents
Preface

13

Questions and answers

13

Safety

16

Licensing

17

Usage scenarios

20

Editions

22

1 Personal
Edition
..............................................................................................................................................
23
2 Standard
Edition
..............................................................................................................................................
24
3 Professional
Edition
..............................................................................................................................................
26
4 Enterprise
Edition
..............................................................................................................................................
30
5 Enterprise
Server
..............................................................................................................................................
34
6 iOS App
(iPhone, iPad, etc.)
..............................................................................................................................................
36
7 Android
App
..............................................................................................................................................
37
8 Web Access
.............................................................................................................................................. 38

First steps

39

1 System..............................................................................................................................................
preconditions
39
2 Quick Start
Guides
..............................................................................................................................................
40
Singleuser ............................................................................................................................................................................ 40
Multiuser
............................................................................................................................................................................ 40
Client- / server
............................................................................................................................................................................ 41

3 Download
and installation
..............................................................................................................................................
42
Local installation
............................................................................................................................................................................ 43
Netw ork share
............................................................................................................................................................................
/ netw ork installation
43
Term inal server
............................................................................................................................................................................
/ citrix installation
44
Databases m em
............................................................................................................................................................................
ory location
44

4 Update.............................................................................................................................................. 44
5 Upgrade
v5, v6 to v7
..............................................................................................................................................
45
6 Import..............................................................................................................................................
of PSX backups (v5, v6, v7)
45
7 Demo version
.............................................................................................................................................. 46
8 Activation
.............................................................................................................................................. 47
Activation of Personal
............................................................................................................................................................................
and Standard Edition
47
Activation via Softw
...................................................................................................................................................................
are Activation Assistant
47
Extend w ith a module
...................................................................................................................................................................
key
51
Activation w ith a...................................................................................................................................................................
License Certificate
51
2015 MATESO GmbH

Password Safe and Repository

Embedding an existing
...................................................................................................................................................................
License File
53
Activation of Professional
............................................................................................................................................................................
and Enterprise Edition
54
Creating a license
...................................................................................................................................................................
file
54
Distribution of the...................................................................................................................................................................
license file to the clients
58
Extend w ith module
...................................................................................................................................................................
key
59

9 Database
concept
..............................................................................................................................................
60
10 Set up..............................................................................................................................................
database
62
Singleuser database
............................................................................................................................................................................ 63
Multiuser database
............................................................................................................................................................................ 70
Link w ith an existing
............................................................................................................................................................................
database
77

11 Enterprise
server connection certificate
..............................................................................................................................................
83
12 Backup.............................................................................................................................................. 85
Single and m ultiuser
............................................................................................................................................................................
databases
85
Client- /server............................................................................................................................................................................
databases
86

13 Database
login
..............................................................................................................................................
86
14 User Login
.............................................................................................................................................. 87
Login w ith Passw
............................................................................................................................................................................
ord Safe users
90
Login w ith active
............................................................................................................................................................................
directory users
91
Login via PKI /............................................................................................................................................................................
certificate
95
Login problem
............................................................................................................................................................................
s
97

15 Basic settings
.............................................................................................................................................. 99
General settings
............................................................................................................................................................................ 99
General
................................................................................................................................................................... 100
Safety
................................................................................................................................................................... 101
Folders
................................................................................................................................................................... 102
Clipboard
................................................................................................................................................................... 104
Passw ord
................................................................................................................................................................... 105
Hot keys
................................................................................................................................................................... 108
Quick access ................................................................................................................................................................... 111
Internet Brow ser
................................................................................................................................................................... 112
Brow ser addons
................................................................................................................................................................... 113
Documents
................................................................................................................................................................... 114
Messaging
................................................................................................................................................................... 118
Search
................................................................................................................................................................... 119
Dow nload
................................................................................................................................................................... 119
Records
................................................................................................................................................................... 119
Database settings
............................................................................................................................................................................ 120
General
................................................................................................................................................................... 120
Auto backup ................................................................................................................................................................... 121
Currencies
................................................................................................................................................................... 122
Logbook
................................................................................................................................................................... 123
Passw ord
................................................................................................................................................................... 125
Seal
................................................................................................................................................................... 126
Locking
................................................................................................................................................................... 128
Release system................................................................................................................................................................... 128
Right management
................................................................................................................................................................... 128
USB stick
................................................................................................................................................................... 129
Offline mode ................................................................................................................................................................... 130
Mobile devices ................................................................................................................................................................... 134
Reports
................................................................................................................................................................... 136
HTML-Webview................................................................................................................................................................... 139
Personal settings
............................................................................................................................................................................ 139
2015 MATESO GmbH

Inhalt

Language
................................................................................................................................................................... 139
Color scheme ................................................................................................................................................................... 140
Auto login ............................................................................................................................................................................ 140
Plugins
............................................................................................................................................................................ 141
Standard USB stick
................................................................................................................................................................... 147
PKCS#11
................................................................................................................................................................... 150
Passw ord key USB
...................................................................................................................................................................
key (outdated)
155
Modules
............................................................................................................................................................................ 156
Netw ork logon ................................................................................................................................................................... 156
Terminal server...................................................................................................................................................................
/ citrix
156
Without client licensing
................................................................................................................................................................... 156

Handling

157

1 User interface
..............................................................................................................................................157
Folder and navigation
............................................................................................................................................................................ 160
Detail area ............................................................................................................................................................................ 161
Tabs
............................................................................................................................................................................ 163
Quick access............................................................................................................................................................................ 164
Quick access............................................................................................................................................................................
toolbar
166
Data sheet functions
............................................................................................................................................................................ 167
Quick search ................................................................................................................................................................... 167
Show or hide columns
................................................................................................................................................................... 168
Arrangement ................................................................................................................................................................... 168
Sorting
................................................................................................................................................................... 169

2 My profile
..............................................................................................................................................170
3 Handling
of data
..............................................................................................................................................
172
Folders
............................................................................................................................................................................ 172
Add folder
................................................................................................................................................................... 172
Redefine folder ................................................................................................................................................................... 174
Copy folder
................................................................................................................................................................... 175
Move folder
................................................................................................................................................................... 176
Delete folder ................................................................................................................................................................... 177
External links ................................................................................................................................................................... 177
Favourite folders
................................................................................................................................................................... 178
Edit folder
................................................................................................................................................................... 179
Folder quick search
................................................................................................................................................................... 183
Search folders ................................................................................................................................................................... 184
Private folders ................................................................................................................................................................... 186
Datasets (e.g.
............................................................................................................................................................................
passw ords)
188
Add dataset ................................................................................................................................................................... 189
Edit dataset
................................................................................................................................................................... 195
htaccess connection
............................................................................................................................................................... 196
Move dataset ................................................................................................................................................................... 199
Copy dataset ................................................................................................................................................................... 201
Delete dataset ................................................................................................................................................................... 201
Print dataset ................................................................................................................................................................... 201
Use datasets ................................................................................................................................................................... 202
Copy user name................................................................................................................................................................... 203
Copy passw ord................................................................................................................................................................... 203
Copy URL
................................................................................................................................................................... 203
Copy array
................................................................................................................................................................... 203
Clear clipboard ................................................................................................................................................................... 205
Go to folder
................................................................................................................................................................... 205
2015 MATESO GmbH

Password Safe and Repository

Add attachment/documents
................................................................................................................................................................... 206
Quick view (space
...................................................................................................................................................................
bar)
207
History
................................................................................................................................................................... 208
Unblocking and ...................................................................................................................................................................
safety
210
Extras
................................................................................................................................................................... 210
Properties
................................................................................................................................................................... 213
Change Form ................................................................................................................................................................... 213
TAN m anagem
............................................................................................................................................................................
ent
215
Bank management
................................................................................................................................................................... 216
Add bank
............................................................................................................................................................... 216
Edit bank/accounts
............................................................................................................................................................... 218
Delete bank ............................................................................................................................................................... 218
Add TAN block ................................................................................................................................................................... 219
Edit TAN block ................................................................................................................................................................... 220
Delete TAN block
................................................................................................................................................................... 220
TAN menu
................................................................................................................................................................... 221
Add TAN`s ............................................................................................................................................................... 221
Edit TAN`s ............................................................................................................................................................... 222
Delete TAN`s ............................................................................................................................................................... 222
Use TAN/iTAN/highlight
...............................................................................................................................................................
as used
222
Import TAN list............................................................................................................................................................... 225
Tasks
............................................................................................................................................................................ 228
New task
................................................................................................................................................................... 229
Edit task
................................................................................................................................................................... 230
Task advice note
................................................................................................................................................................... 231
Mementos
................................................................................................................................................................... 231
Messages ............................................................................................................................................................................ 232
New message ................................................................................................................................................................... 233
Read message ................................................................................................................................................................... 234
Reply message................................................................................................................................................................... 235
Forw ard message
................................................................................................................................................................... 236
Message advice...................................................................................................................................................................
note
236
Docum ents ............................................................................................................................................................................ 236
Add documents................................................................................................................................................................... 238
Edit documents ................................................................................................................................................................... 240
Link documents................................................................................................................................................................... 245
Documents parameters
................................................................................................................................................................... 247
Documents history
................................................................................................................................................................... 250
Run/open documents
................................................................................................................................................................... 251
Documents settings
................................................................................................................................................................... 252
External links ................................................................................................................................................................... 252

4 Search..............................................................................................................................................253
Global search
............................................................................................................................................................................ 254
Extended search
............................................................................................................................................................................ 254
User filter
................................................................................................................................................................... 256
Search for passw
...................................................................................................................................................................
ords
256
Search for documents
................................................................................................................................................................... 259
Search for messages
................................................................................................................................................................... 260
Search for tasks
................................................................................................................................................................... 260
Search for banks
................................................................................................................................................................... 261
Search for seals
................................................................................................................................................................... 262
Search profiles/recurrent
...................................................................................................................................................................
search
262
Change form ................................................................................................................................................................... 263

2015 MATESO GmbH

Inhalt

5 Forms ..............................................................................................................................................264
Create a form
............................................................................................................................................................................ 264
Export / im port
............................................................................................................................................................................
form s
273
Edit/extend a............................................................................................................................................................................
form
275
Delete form ............................................................................................................................................................................ 277

6 Password
guideline
..............................................................................................................................................
278
Manage passw
............................................................................................................................................................................
ord guidelines
278
Check passw
............................................................................................................................................................................
ord guidelines
281

7 Single ..............................................................................................................................................
password generator
282
8 Seal ..............................................................................................................................................284
Seal a dataset
............................................................................................................................................................................ 285
Require to unseal
............................................................................................................................................................................ 290
Sealing m essages
............................................................................................................................................................................
and unseal
294
Break seal ............................................................................................................................................................................ 295
Delete seal /............................................................................................................................................................................
seal again
298
Sealing logbook
............................................................................................................................................................................ 300
Sealing tem plates
............................................................................................................................................................................ 301

9 Lock/unlock
..............................................................................................................................................309
Install lock ............................................................................................................................................................................ 310
Delete lock ............................................................................................................................................................................ 311
Use lock
............................................................................................................................................................................ 312
Locking tem............................................................................................................................................................................
plates
313

10 Releases
..............................................................................................................................................319
Create and m
............................................................................................................................................................................
anage releases
320
Use releases............................................................................................................................................................................ 327

11 Automativ
entry (Applications)
..............................................................................................................................................
327
Install brow ser
............................................................................................................................................................................
addons
328
Mozilla Firefox ................................................................................................................................................................... 329
Google Chrome................................................................................................................................................................... 330
Opera
................................................................................................................................................................... 332
Opera Next
................................................................................................................................................................... 332
Safari
................................................................................................................................................................... 333
Update brow............................................................................................................................................................................
ser addons
333
Delete brow ser
............................................................................................................................................................................
addons
334
Convert older
............................................................................................................................................................................
applications
337
Create applications
............................................................................................................................................................................ 341
Fill in form fields...................................................................................................................................................................
(w eb brow ser)
345
Script for entry ...................................................................................................................................................................
sequence
350
Controls
................................................................................................................................................................... 351
htaccess
................................................................................................................................................................... 354
Edit applications
............................................................................................................................................................................ 354
Delete applications
............................................................................................................................................................................ 355
Exam ples ............................................................................................................................................................................ 356
Brow ser application
................................................................................................................................................................... 356
Existing passw...............................................................................................................................................................
ord
356
New passw ord
...............................................................................................................................................................
via addon
359
New start of a...............................................................................................................................................................
dataset
361
Window s application
................................................................................................................................................................... 365
Parameter passing
...................................................................................................................................................................
to application
368
Login w ith script
................................................................................................................................................................... 372
Passw ord entry...................................................................................................................................................................
w ith hot key
380
Autom atische
............................................................................................................................................................................
Eintragung ohne Anw endung
382
2015 MATESO GmbH

Password Safe and Repository

12 Anmeldung
an SAP
..............................................................................................................................................
385
13 Remote
desktop connections
..............................................................................................................................................
386
14 Workflow
management
..............................................................................................................................................
390
Filter function
............................................................................................................................................................................ 391
Start w orkflow
............................................................................................................................................................................ 393
Wildcard character
............................................................................................................................................................................ 399
Logical links............................................................................................................................................................................ 401
Workflow Events
............................................................................................................................................................................ 411
Edit after application
................................................................................................................................................................... 411
Delete after application
................................................................................................................................................................... 411
After new application
................................................................................................................................................................... 412
Edit before application
................................................................................................................................................................... 412
Delete before application
................................................................................................................................................................... 412
Before new application
................................................................................................................................................................... 413
After task status
...................................................................................................................................................................
change
413
After new task ...................................................................................................................................................................
for user
413
Before task status
...................................................................................................................................................................
change
413
After user editing
................................................................................................................................................................... 414
After printing user
................................................................................................................................................................... 414
After opening user
................................................................................................................................................................... 414
Nach Benutzerpassw
...................................................................................................................................................................
ort ndern
414
Edit after group................................................................................................................................................................... 415
After printing group
................................................................................................................................................................... 415
After deleting group
................................................................................................................................................................... 415
After adding group
................................................................................................................................................................... 415
After opening group
................................................................................................................................................................... 416
After deleting private
...................................................................................................................................................................
data
416
After new user................................................................................................................................................................... 416
After changing ...................................................................................................................................................................
the user memberships
416
After changing ...................................................................................................................................................................
the group memberships
417
Edit before user................................................................................................................................................................... 417
Before printing ...................................................................................................................................................................
user
417
Before opening...................................................................................................................................................................
user
418
Before changing
...................................................................................................................................................................
user passw ord
418
Edit before group
................................................................................................................................................................... 418
Before printing group
................................................................................................................................................................... 418
Before deleting ...................................................................................................................................................................
group
418
Before adding group
................................................................................................................................................................... 419
Before opening...................................................................................................................................................................
group
419
Before opening...................................................................................................................................................................
the user and group management
419
Before deleting ...................................................................................................................................................................
private data
419
Before new user
................................................................................................................................................................... 420
Before changing
...................................................................................................................................................................
the user memberships
420
Before changing
...................................................................................................................................................................
the group memberships
420
After saving database
...................................................................................................................................................................
settings
421
Before saving database
...................................................................................................................................................................
settings
421
Before opening...................................................................................................................................................................
database settings
421
Create after USB
...................................................................................................................................................................
stick
421
Synchronize after
...................................................................................................................................................................
mobile device
422
Create before USB
...................................................................................................................................................................
stick
422
Synchronize before
...................................................................................................................................................................
mobile device
422
After new mail ................................................................................................................................................................... 422
After deleting logbook
................................................................................................................................................................... 423
2015 MATESO GmbH

Inhalt

After opening logbook

................................................................................................................................................................... 423
After logbook entry
................................................................................................................................................................... 423
Before deleting ...................................................................................................................................................................
logbook
424
Before opening...................................................................................................................................................................
logbook
424
Open history after
...................................................................................................................................................................
passw ord
424
Open logbook after
...................................................................................................................................................................
passw ord
424
After editing passw
...................................................................................................................................................................
ord
425
After printing passw
...................................................................................................................................................................
ord
425
After copying passw
...................................................................................................................................................................
ord
425
After deleting passw
...................................................................................................................................................................
ord
426
After closing passw
...................................................................................................................................................................
ord (w ithout saving)
426
After linking passw
...................................................................................................................................................................
ord
426
After removing ...................................................................................................................................................................
passw ord
427
After changing ...................................................................................................................................................................
passw ord release
427
After new passw
...................................................................................................................................................................
ord
428
Open history before
...................................................................................................................................................................
passw ord
428
Open before passw
...................................................................................................................................................................
ord logbook
428
Before editing passw
...................................................................................................................................................................
ord
429
Before printing passw
...................................................................................................................................................................
ord
429
Before copying...................................................................................................................................................................
passw ord
429
Before deleting ...................................................................................................................................................................
passw ord
430
Before linking passw
...................................................................................................................................................................
ord
430
Before removing
...................................................................................................................................................................
passw ord
431
Before opening...................................................................................................................................................................
passw ord
431
Before changing
...................................................................................................................................................................
passw ord release
432
Before show ing...................................................................................................................................................................
the passw ords
432
Before new passw
...................................................................................................................................................................
ord
432
After copying folder
................................................................................................................................................................... 432
After deleting folder
................................................................................................................................................................... 433
After copying folder
...................................................................................................................................................................
recursively
433
After redefining...................................................................................................................................................................
folder
434
After removing ...................................................................................................................................................................
folder
434
After opening folder
................................................................................................................................................................... 435
After opening folder
...................................................................................................................................................................
properties
435
Before changing
...................................................................................................................................................................
folder release
436
Open after folder
...................................................................................................................................................................
logbook
436
After new folder
................................................................................................................................................................... 437
Before copying...................................................................................................................................................................
folder
437
Before deleting ...................................................................................................................................................................
folder
437
Before copying...................................................................................................................................................................
a folder recursively
438
Before redefining
...................................................................................................................................................................
folder
438
Before removing
...................................................................................................................................................................
folder
439
Before opening...................................................................................................................................................................
folder
439
Before opening...................................................................................................................................................................
folder properties
440
After changing ...................................................................................................................................................................
folder release
440
Before new folder
................................................................................................................................................................... 441
After seal messaging
................................................................................................................................................................... 441
After breaking seal
................................................................................................................................................................... 441
After user login................................................................................................................................................................... 442
After copying to...................................................................................................................................................................
clipboard
442
After request of...................................................................................................................................................................
rights
442
After remote-desktop-connection
................................................................................................................................................................... 442
After new system
...................................................................................................................................................................
message
443
Before disconnecting
...................................................................................................................................................................
database connection
443
2015 MATESO GmbH

10

Password Safe and Repository

Before remote-desktop-connection
................................................................................................................................................................... 443
Before maximizing
...................................................................................................................................................................
from the systemtray
443
Before starting ...................................................................................................................................................................
the quick access bar
444
Before starting ...................................................................................................................................................................
quick access
444
Before copying...................................................................................................................................................................
to clipboard
444
After managing...................................................................................................................................................................
w orkflow system
445
Before managing
...................................................................................................................................................................
w orkflow system
445
Workflow actions
............................................................................................................................................................................ 445
HTML-WebView...................................................................................................................................................................
er
445
System-Task:HTML-WebView
...................................................................................................................................................................
er
446
Dialogue
................................................................................................................................................................... 447
Yes/No confirmation
................................................................................................................................................................... 448
Enter user passw
...................................................................................................................................................................
ord
449
Event seal
................................................................................................................................................................... 450
Release system................................................................................................................................................................... 451
Four-eyes-principle
................................................................................................................................................................... 452
Enter passw ord................................................................................................................................................................... 453
Certificate verification
................................................................................................................................................................... 454
Event view er ................................................................................................................................................................... 454
Internal mail
................................................................................................................................................................... 455
MAPI mail
................................................................................................................................................................... 456
Start program ................................................................................................................................................................... 457
SMTP mail
................................................................................................................................................................... 458
System-Task: SMTP
...................................................................................................................................................................
Mail
459
Start application................................................................................................................................................................... 461
Link application ................................................................................................................................................................... 462
Dataset seal ................................................................................................................................................................... 463
Dataset lock ................................................................................................................................................................... 464
Predefine passw
...................................................................................................................................................................
ord
465
Edit rights
................................................................................................................................................................... 466
Standard brow ser
................................................................................................................................................................... 467
Workflow exam
............................................................................................................................................................................
ples
467
Attention ............................................................................................................................................................................ 477

15 System..............................................................................................................................................
tasks
477
SMTP m ail (reports)
............................................................................................................................................................................ 482
Sending SMTP
............................................................................................................................................................................
m essages
485
Sending SMTP
............................................................................................................................................................................
tasks
485
Active Directory
............................................................................................................................................................................
synchronization
486
Seal
............................................................................................................................................................................ 487
Locking
............................................................................................................................................................................ 489
WebView er export
............................................................................................................................................................................ 490
Logbook export
............................................................................................................................................................................ 491
Exam ples ............................................................................................................................................................................ 492
Example task for
...................................................................................................................................................................
SMTP mail (expiring passw ords)
492
Example seal ................................................................................................................................................................... 502

16 WebViewer
..............................................................................................................................................507
Preconditions
............................................................................................................................................................................ 507
WebView er export
............................................................................................................................................................................ 508
Handling of the
............................................................................................................................................................................
WebView er
514

17 Right management
..............................................................................................................................................519
In general ............................................................................................................................................................................ 519
First steps ............................................................................................................................................................................ 519
First login ............................................................................................................................................................................ 520
2015 MATESO GmbH

Inhalt

11

User and group

............................................................................................................................................................................
m anagem ent
523
Setup of groups...................................................................................................................................................................
and user accounts
525
General settings...................................................................................................................................................................
for the user account
529
Membership to a...................................................................................................................................................................
group
529
Define general basic
...................................................................................................................................................................
rights of the user
530
Group rights ................................................................................................................................................................... 533
Active Directory................................................................................................................................................................... 533
Restrictive users
................................................................................................................................................................... 534
Miscellaneous ................................................................................................................................................................... 536
Manage perm
............................................................................................................................................................................
issions and rights
536
Inheritance of rights
................................................................................................................................................................... 540
Ask for rights ................................................................................................................................................................... 542
Right templates ................................................................................................................................................................... 542
Right templates ...................................................................................................................................................................
for private folders and datasets
546
Private and public
...................................................................................................................................................................
datasets and documents (user choice)
547
Inform ation on
............................................................................................................................................................................
datasets
548
User login ............................................................................................................................................................................ 549
Blocking of a............................................................................................................................................................................
user
550
Delete a user............................................................................................................................................................................ 550
Licensing ............................................................................................................................................................................ 551
Restricitve users
............................................................................................................................................................................ 551

18 Active ..............................................................................................................................................
Directory connection
552
Settings
............................................................................................................................................................................ 553
Readout/im port
............................................................................................................................................................................
users and groups
556
Active Directory
............................................................................................................................................................................
synchronisation
561
Active Directory
............................................................................................................................................................................
elem ents
564
Activate / deactivate
............................................................................................................................................................................
elem ents
568
Update to version
............................................................................................................................................................................
6.3
570

19 Reporting
and interpretation
..............................................................................................................................................
576
Reports
............................................................................................................................................................................ 576
Report User ............................................................................................................................................................................
Rights
577
Logbook
............................................................................................................................................................................ 579
Dataset logbook................................................................................................................................................................... 580
Folder logbook ................................................................................................................................................................... 581

20 Icons ..............................................................................................................................................581
21 Labels..............................................................................................................................................583
22 Import..............................................................................................................................................585
Im port form ............................................................................................................................................................................
data
586
Im port users............................................................................................................................................................................
and groups
594

23 Export..............................................................................................................................................596
24 Set up..............................................................................................................................................
USB stick
597
25 Enterprise
Server
..............................................................................................................................................
597
Sessions ............................................................................................................................................................................ 598
Gesperrte Benutzer
............................................................................................................................................................................ 599

Miscellaneous

600

1 Removal
on a new PC
..............................................................................................................................................
600
2 Updates
..............................................................................................................................................600
3 Set up..............................................................................................................................................
USB stick manually
603

2015 MATESO GmbH

11

12

Password Safe and Repository

4 Configure
network logon
..............................................................................................................................................
604
5 Configuration
file
..............................................................................................................................................
606
6 Environment
variables
..............................................................................................................................................
609
7 Overview
file endings
..............................................................................................................................................
610
8 Terminal
server/citrix
..............................................................................................................................................
611
9 Problem
solving
..............................................................................................................................................
611
10 Error codes
..............................................................................................................................................614
11 Support
..............................................................................................................................................617
12 Licensing
terms and conditions
..............................................................................................................................................
618

2015 MATESO GmbH

Preface

13

Preface
Password Safe and Repository Version 7
A cordial welcome to Password Safe and Repository. Password Safe is the leading complete solution
within the range of password and identity management. The highly modern and intuitive user prompt, as
well as the functional range, which has no competition so far, are making an immediate construction of a
protected password database possible to every beginner. Our software has been awarded several times
by the specialized press. Password Safe exists in many editions for the most various intended uses, from
the private user to the enterprise sector for large companies. Password Safe and Repository Version 7
continues this successful way and extends the software by important functions like the Apps for iOS and
Android.

Password Safe saves time!

Every day there are new applications, web pages and access, that a user has to remember. But who can
still keep an overview of all that. You may surely know the problem of unsafe passwords, password
notes that stick to the screen or underneath the keyboard. With Password Safe you can make your
company considerably more secure, and first of all decrease the "human security risk", by using
absolutely safe passwords. By the use of the automatic password registration in entry forms
(applications, web pages, etc.) you can not only save time and therefore reduce costs, besides you
always keep an overview of the use of safe company data, by means of the interior logbook.
Minimize costs with Password Safe!
By the central management of passwords, plus the automation, with Password Safe you can save time,
and finally reduce costs in your company. The operator does not have to search long for passwords in
Excel or in a batch of paper, but always have important information within reach with Password Safe. It
is not rarely possible that the loss of a password means to change the established configuration of a
system. This can be a very extensive process, depending on the system. In some cases, the system even
has to be reconstructed. With Password Safe, these longsome processes are a thing of the past. By the
automatic registration of the data, even the wrong input can be prevented. Besides, the password can be
much more complex and thereby raise the safety of the data in the company considerably.

Questions and answers

How does Drag&Drop work?
Drag&Drop works at almost every array with a blue arrow. To activate Drag&Drop, you only have to click
on the blue arrow (left mouse button) and keep the mouse button pushed until you stand above the array
in which you want to enter the data. With an active Drag&Drop your mouse pointer will be presented
differently. Arrays, which support Drag&Drop, will show you this visually, or rather a small plus appears
at the mouse pointer. Then stop pushing the mouse button and the data will be automatically entered on
the array.
Tip:
Some arrays do not support Drag&Drop. But here there is a little trick. When activating Drag&Drop, so
to speak when clicking on the blue arrow, hold the CTRL key down. If the array supports this, the data
will be entered.

2015 MATESO GmbH

14

Password Safe and Repository

What are applications?

Applications are programs, in which Password Safe enters data automatically. The applications have to
be added in Password Safe before, so that Password Safe knows where to enter data. The data will be
selected by the shortcuts due to the allocation. So you can for example use an application, a website for
several passwords/datasets.

What are forms?

Forms sort of reflect your entry mask during the recording of data. Forms can be accordingly changed,
extended and adapted at will via the form management. If you should for example miss an array in one
of the about 40 predefined forms, or you would prefer a different order, you can comfortably change this
in the form management. You can access the form management via "edit" -> "administrating forms".
Choose the form you want to work on and follow the steps in the wizard.

What are shortcuts?

Shortcuts are used to avoid double captures, whether for scripts, documents or also for the password
entry. In the record itself you can select the shortcuts, or also newly add them. If later on for example a
website (application), to which several data records are linked to, changes, you only have to change that
one application.

When does the automatic entry of passwords on web pages work?

In order to use the automatic entry the following conditions have to be fulfilled:
- The according addon needs to be installed for the browser used (for the Internet Explorer no addon is
necessary)
- The service port (standard: 12001) has to be unblocked in the firewall
- There has to be internet access
- Under edit -> general settings -> browser addons the addons have to be activated
- A password has to be created.
- The password has to be linked with an application
or
- The password can also be automatically saved at the login on the website. When visiting the website
the next time, the login will be carried out automatically.
If the preconditions are given, Password Safe automatically enters the deposited access data, as soon as
the according website is being opened. If several passwords are deposited for a login, or if under edit > manage applications -> application -> settings the check mark is not set at automatic entry
without enquiry, a window appears when visiting the website in which the desired dataset can be
chosen for the entry.

What are own fields?

To every dataset any amount of "own fields" can be added. Thereby similar functions are offered, like
the ones that have already been offered in the form management. Therefore you can adapt data records
additionally fast and individually to your requirements, without having to adapt the basic form.

2015 MATESO GmbH

Questions and answers

15

What does FRM stand for in the variable name?

FRM stands for form. With that code you tell Password Safe that the next value is a value from a form.
You can use the variables for example with the automatic password entry, or also as a parameter value
for documents.

What does UDF stand for in the variable name?

UDF stands for "UserDefinitionField". With UDF you can activate own arrays, which you have already
recorded, for example {UDF:Host}. Please pay attention to correct spelling, otherwise the array can not
be found.

How do I know the name of the variable, e.g. {FRM:Password}?

The name of the variable you can find out via the form management. Open the form management via
"edit" -> "administrate forms". Then choose a form and go through the steps up to the step "edit form
fields". In that survey you see all form fields of the form. You can activate all form fields with the field
name, for example {FRM:Password} for password, or {FRM:Email} for EMail. The form itself you can
extend and work on as desired.

What is the workflow system?

Via the workflow system you can automate different processes. Every workflow consists of an event and
an action. The actions are carried out as soon as the accordant event occured. You can find further
information on this under the following link: Workflow management

2015 MATESO GmbH

16

Password Safe and Repository

Which ports does PASSWORD SAFE use?

In order to assure a frictionless operation it has to be made sure that the following TCP ports are
released in the network firewall:
12008 -> communication between server and clients
12010 -> service port for communication between server configuration and server service
12001 -> communication between clients and browser addons
12008 to 12018 -> Via this the single clients communicate in the multiuser operation. At this the first free
port is used

Safety
We have integrated a lot of security technologies into Password Safe to save and protect your data from
access without authority.

Following an overview of security technologies used in Password Safe:

We only use standardized and absolute safe algorithms AES (256 Bit) and RSA (1024 Bit).
By hash-algorithms the full strength is used for the encryption. Thus, Brute-Force-Attacks are
complicated.
By the use of password guidelines only secure passwords are accepted, e.g. for the master password
of the data base. The password guidelines can be adjusted to your desires and can also be used for
forms (entry masks).
Every password array (that means all boxes with asterisk) have an integrated protection. The data are
kept encrypted in the memory. The readout of the arrays with "Password Revealer" is not possible,
because not the data are in that array, but only asterisks. These password arrays have an additional
key logger protection, which refuses access to most of the software-key loggers. Also at many
password arrays a screen keyboard is available, which can optionally be used with randomly generated
arrangements.
For the automatic password entry on the Internet Explorer and Windows Dialoge (Controls) we offer
two ways, that no key logger can supervise.
For the automatic password entry via our Script-Engine and shortcuts we have as well integrated a
blocker for key logger.
The clipboard is supervised by Password Safe. If you pass data from Password Safe to the clipboard
you will be informed about programs, which supervise the clipboard, and you can terminate the
action, uniquely allow it, or also license the software permanently/or exclude it.
Security relevant data will be encrypted in the memory (e.g. master password) and also deleted again
from the memory securely by overwriting. Same also applies to documents, which will be saved by you
on the fixed disc, these will also be deleted securely by the Gutmann-method.
There are many security options for the setting of the display of passwords. So passwords can be
generally hidden and only be displayed when actually needed. If you are not at your workplace for a
longer time you can have the data base locked. These security options are generally activated.
There are 3 different security zones (private, workplace, public). For each security zone you can adjust
all settings and if you are for example at a different PC with a USB stick, you can make use of
considerably more exact settings than at your home PC or workplace.
Furthermore we use technologies which avoid that certain programs which are relevant to security can
be activated.
Besides the software is protected from external manipulations and in addition digitally signed.

2015 MATESO GmbH

Safety

17

We are constantly searching for new security technologies, so that we are always up-todate with the best available technology.
Despite all these technologies it is important that an active virus protection is installed, because here
normally all known software key loggers and destructive programs are cut off from the outset. This
should be understood for every PC that is out on the internet. Like for all algorithms the use of a safe
master password is very important, so you can forbid from the outset that someone can guess your
password or find out by dictionaries (Dictionary-Attack) and Brute-Force-Attacks would take millions of
years to calculate the password.
Tips for secure passwords
Sometimes you need a password you can keep in mind, but it should as well be absolutely safe, for
example for the master password of the data base. The following guidelines give you some hints, how
you can create yourself a safe and as well easy to memorize password.
A safe password should at least be 10 characters long. But it is not really safe until 16 characters.
A safe password consists of numbers, punctuation marks and special signs. Moreover it contains upper
and lower case.
If you can look up your password in a dictionary, it is not safe enough. Password cracker programs
(Brute-Force-Attack) work with such dictionaries and have a crack at their entries systematically.
The own name, names of relatives, the name of the pet, telephone numbers, car numbers, birthdays
and other data that can be found out by a research about you are unusable as a password. The same
applies to numbers like pi.
Avoid keyboard patterns like asdf and jkl.
Create passwords in which you use the initials from sentence you can easily memorize. "Starting from
now I only want to use safe passwords for my PC" makes Sfn1owtuspfmP (additionally here for
example I was replaced by 1).
A further way is to mix up numbers and words: K2e9n1n0w2o0r0t1 out of keyword and 29.10.2001.
Thereby the date should not be a common birthday.

Licensing
In this chapter it is described which licenses exist and for which use cases they are necessary
- Licensing per PC/user named user license model
- Extension with plugins / modules

Personal Edition
License
A license is always valid for one user and one computer
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
2015 MATESO GmbH

18

Password Safe and Repository

this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.

Standard Edition
License
A license is always valid for one user and computer
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.

Professional Edition
License
A license is alway valid for one user and computer (except in connection with the module "without client
licensing")
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.
Module: Network logon
This module extends your installation by a central database login. Therefore the login at the corporately
used database can optionally be made automatically via the network and therefore no password for the
database login has to be entered by the user. The user only identifies with his/her personal password.
The module has to be bought once for a license file and is then valid for all existing clients that log in at
this license file.
Module: Terminal server / citrix
With this module you can run the software on a terminal server or under citrix. However, generally you
need a user license for every employee or user who accesses Password Safe. The module has to be
purchased once for a license file and is then valid for all existing clients that log in at this license file. If
2015 MATESO GmbH

Licensing

19

you should use more than one terminal server (or citrix farm) you additionally need the module "without
client licensing".
Module: Without client licensing
With this module the licensing is only made per user. The counting of the clients (computers) is
deactivated and you can install Password Safe on any computers in your company. However, generally
you need a user license for every employee or user who accesses Password Safe. This kind is
appropriate for small administrator teams who need the access to Password Safe on every PC in the
company. The module has to be purchased once for a license file and then is valid for all existing clients
that log in at this license file.

Enterprise Edition
License
A license is alway valid for one user and computer (except in connection with the module "without client
licensing")
Plug-In standard USB stick
The login can be made via this plug-in optionally via a USB stick and therefore no password has to be
entered for the login. For the use of the plugin you need a usual USB stick which can be used as a
removable hard disk storage and which can be activated as a drive. Per computer/user license one plugin
license has to be purchased.
Plug-In PKCS#11
This plugin enable the login with a token or a smartcard. Therefore the login can be optionally made via
this token and you do not need to enter a password for the login. For the use of the plugin you need a
token which supports the standard port PKCS#11. Per computer/user license one plugin license has to be
purchased.
Module: Network logon
This module extends your installation by a central database login. Therefore the login at the corporately
used database can optionally be made automatically via the network and therefore no password for the
database login has to be entered by the user. The user only identifies with his/her personal password.
The module has to be bought once for a license file and is then valid for all existing clients that log in at
this license file.
Module: Terminal server / citrix
With this module you can run the software on a terminal server or under citrix. However, generally you
need a user license for every employee or user who accesses Password Safe. The module has to be
purchased once for a license file and is then valid for all existing clients that log in at this license file. If
you should use more than one terminal server (or citrix farm) you additionally need the module "without
client licensing".
Module: Without client licensing
With this module the licensing is only made per user. The counting of the clients (computers) is
deactivated and you can install Password Safe on any computers in your company. However, generally
you need a user license for every employee or user who accesses Password Safe. This kind is
appropriate for small administrator teams who need the access to Password Safe on every PC in the
company. The module has to be purchased once for a license file and then is valid for all existing clients
that log in at this license file.

2015 MATESO GmbH

20

Password Safe and Repository

Enterprise server
Module workflow system
Via this module the software can be adapted to the requirements of the company. Therefore you can
react to certain events with the workflow system like for example the sending of e-mail messages if a
certain password has been opened. Furthermore Password Safe functions like for example the
"administration of users and groups" can be protected by different actions like the "several-eyesprinciple". Only possible in combination with the Enterprise server. The module has to be purchased once
for a license file and is then valid for all existing clients that log in at this license file.
Module web access
Via the module web access you easily and quickly have got live access per browser (SSL) to the saved
passwords. Like in a search machine, the authorized passwords can be searched. According to the
authorization it is also possible to change datasets or create new ones. So employees can access the
passwords in the company network cross-platform. Also an external use can be configured without
problems, so that also a sales representative has got live access to passwords. The Password Safe Web
Access is an additional module for the Enterprise server. In order to be able to use the module you need
an installed IIS server (Internet Information Services).

Software maintenance and support

Why software maintenance?
The MATESO GmbH explores and develops new safety technologies and product extensions all the time.
In order that we can make them available for you relatively quick and do not have to release new main
versions all the time we decided for the very fair way of software maintenance packages. So you receive
large extensions considerably earlier and do not have to wait for a new and chargeable main version.
Does the software expire?
No, the software does not expire. You can only no longer install any updates if your software
maintenance expired and if you do not want to extend it afterwards. However, you can still use the
software without additional costs.
Software maintenance Privat
Contains 12 months of updates (e.g. if you have bought version 7, within 7.x.x; Upgrades to the next
higher version are not included in Privat).
Software maintenance Company Classic
Contains 12 months of updates and upgrades (e.g. if you have bought version 7, within version 7.x.x and
8.x.x)
Software maintenance and support Company Premium
Contains 12 months of updates and upgrades (within version 7.x.x and 8.x.x), furthermore telephone
support via a normal landline number and help per remote maintenance (pcvisit or TeamViewer).

Usage scenarios
Password Safe enables you the central management of passwords, identities, license data, customer
data and other important information. Due to the many practical features the management of safety

2015 MATESO GmbH

Usage scenarios

21

critical data is made much easier for you. The high flexibility enables to adapt Password Safe to your
individual work environment so that also complex processes can be carried out easily.
In this chapter we want to introduce to you four typical application scenarios in order to relieve the
introduction to Password Safe for you.

Scenario IT sector
With structures getting more complex in the company the issue of safety gets more and more relevant.
The work of the system administrators is an important safety factor, because the configuration of
firewalls, servers and accesses is a highly sensitive area of responsibility. Here Password Safe offers
unbeatable advantages: It enables the authorization role-based up to dataset level.
Due to the integrated remote desktop connection as well as the automatic entry (SSO) the administrators
can authenticate effectively with complex passwords. Furthermore Password Safe enables the use of the
data for the automatic login with the user not being able to see the password.
Adaptable system tasks send emails periodically and inform the users about the up-to-dateness oft he
data. For example email can be generated at the beginning of the week in which the expiring or expired
passwords of the coming days are listed.

Scenario system house

Data management and data safety in system houses are highly complex areas of responsibility. This is
not only about company-owned data, but first of all about the customers. Every customer has got
individual data security specifications according to which the data and accesses have to be organized.
This happens in highly encrypted databases.
For this Password Safe offers an efficient and safe possibility how to manage the highly encrypted data
centrally. The adaptable data structure enables the capture of every kind of data: for example contact
data or complex passowords, up to simple license files which can be loaded to the database.
If passwords are needed on location of the customer your employee has got the possibility to access the
data via offline mode. Alternatively he/she can work with the WebViewer or with the USB stick. Every
access to the customer data is recorded and can immediately be presented to the customer if requested.
The central password management with Password Safe offers a flexible and safe work basis for highly
encrypted databases.

Scenario bank
Banking houses are high safety areas concerning data. A specially high data encryption and its release
only by authorized persons are standard here. By means of the Password Safe and Repository
Enterprise Edition passwords can be digitized and managed safely. The password letters with out-dated
passwords which are still used in banks today now belong to the past.

2015 MATESO GmbH

22

Password Safe and Repository

Our seal system at the giving away of passwords is a several eyes principle which enables a complete
logging. According to the access the fetch of a password can only be made with a release defined
before. The taking of a password must be reasoned with one or several digital signatures. Optionally a
security administrator is informed via email when a seal is broken or certain passwords are opened.
Password Safe does not only increase data safety. Digital password management deskews safety
structures in your company. This creates flexibility and efficiency.

Scenario company wide rollout

Every employee that works in the data system has to remember many passwords. The more complex the
systems get the bigger the challenge gets not to forget one. Therefore you use handwritten memos,
password documents saved on the desktop, or simple passwords. This is how a safety risk for the whole
company is generated.
The right management integrated in Password Safe for example makes sure that employees can only
access data for which they are authorized. In order to safe your system additionally, the master
databases can be mirrored on an additional server instance, the slave. If the master drops out, the
slave server takes over. Furthermore there is a time-controlled backup system with which the data can
be reproduced quickly after a possible hardware breakdown. This is how safety becomes multiple
safety. And by means of our workflow system Password Safe can be adapted to your special safety
requirements.
That is what we call individualized all-round safety: Your specially configured Password Safe protects
your systems automatically and relieves your employees.

Editions
Password Safe is available in many editions for the most various intended use, from the private user up
to the enterprise sector for huge companies.

Which editions are there?

Personal Edition Free
Free version for private users with up to 20 datasets

Standard Edition
High-quality single place password management with with an enormous functional range

Professional Edition
Password and identity management in a team with network and mains operation (up to 20 users)

2015 MATESO GmbH

Editions

23

Enterprise Edition
Administrates all passwords and accesses of a company an its employees centralized, highly safe and
simple

You can find further information in our Feature matrix

6.1

Personal Edition
The Personal Edition of Password Safe and Repository is the ideal solution for the simple use. With the
Personal Edition you have all basic functions for the setup of a secure data safe for your data. Therefore
you will never forget a password again or give it away by writing it down. PASSWORD SAFE
administrates a password protected database of your access data. You only have to remember one main
password to have direct access to your secret data. The Personal Edition is available in the free version
(Personal Free), which is limited to records and in the Personal Edition, in which the limitation to records
can be lifted for the little amount of 9,90 euros.

Highlights of the Personal Edition

Password management with over 40 predefined forms (entry masks)
Forms are entry masks matched to certain topics. Therefore additional arrays, specific to the topic, are
at your disposal to administrate your data in an optimal way.
TAN management
Substantial bank and TAN management, multiple account compatible. San in your TAN block and
import it to PASSWORD SAFE, that is how you can avoid formal and defective typing in. Always control
your expenses and see how much you have already spend with one TAN block.
Administrate several databases
Even from the Personal Edition for only 9,90 euros you can administrate as many databases as you
want and even leave them open simultaneously and "on the fly" change between these databases.
USB stick compatible
The application can be set up with your database on a conventional USB stick, so that you always have
your data with you. A U3 stick version is also available.
Important safety features
Safety is important and that is why every Edition is equipped with all safety features. Secured
password arrays, clipboard control, key logger protection, digital signature of the application, password
guidelines, encryption with AES, automatic database lock in the case of absence, to give only some
examples...
Extensive password generator
Let absolute safe passwords be generated automatically, so you are always safe and create
unbreakable passwords.
Reporting
Of course you can also print your passwords on paper, to archive the data for example in a safe.
Comfort functions
PASSWORD SAFE memorises a lot, e.g. column widths, sorting, grouping, detail array, and many
more. The next time you open the folder this information will be reset the way you set it before. In
addition these settings will be saved individually per database and user.
No redundancies
Double entry should be avoided. That is why you can create any links to folders and other data in
PASSWORD SAFE, so that one password can be contained in several folders. But you will not lose track

2015 MATESO GmbH

24

Password Safe and Repository

of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.

6.2

Standard Edition
The Standard Edition of PASSWORD SAFE is the professional and comfortable solution for the
management of your data (passwords), TAN blocks and documents. The newly designed user interface is
conformed to Outlook and therefore offers an excellent overview and usability. An optional number of
databases can be opened simultaneously and "On The Fly" you can change between these databases.
Besides different folders can be opened in tabs and you can also change between them. In addition own
forms can be written or already existing forms can be edited. Your data will be secured in an optimal
way by the 12 latest encryption algorithms. Among them of course the famous and extremely safe
standard "AES" with 256 bit (Rijandel) is provided. Also the password which you use to encrypt the
database will be extrapolated by hash functions to the maximum crypto length of the encryption
algorithm used. Consequently a Brute-Force-Attack to the database file is no longer possible.

Highlights of the Standard Edition

Password management with over 40 predefined forms (entry masks)
Forms are entry masks adapted to certain topics. So additional arrays, which are specific to the topic
are available for you in order to administrate your data in an optimal way.
TAN management
Extensive bank and TAN management, multiple account capable. Scan in your TAN block and import it
to Password Safe, so no laborious and defective typing in is necessary. Have your expenses under
control and see how much you have already spent with one TAN block.
Administrate several databases
Even from the Personal Edition you can administrate as many databases as you want and even leave
them open simultaneously and "on the fly" change between these databases.
USB stick compatible
The application can be set up with your database on a conventional USB stick, so that you always have
your data with you. A U3 stick version is also available.
Important safety features
Safety is important and that is why every Edition is equipped with all safety features. Secured
password arrays, clipboard control, key logger protection, digital signature of the application, password
guidelines, encryption with AES, automatic database lock in the case of absence, to give only some
examples...
Extensive password generator
Let absolute safe passwords be generated automatically, so you are always safe and create
unbreakable passwords.
Reporting
Of course you can also print your passwords on paper, to archive the data for example in a safe.
Comfort functions
PASSWORD SAFE memorises a lot, e.g. column widths, sorting, grouping, detail array, and many
2015 MATESO GmbH

Editions

25

more. The next time you open the folder this information will be reset the way you set it before. In
addition these settings will be saved individually per database and user.
No redundancies
Double entry should be avoided. That is why you can create any links to folders and other data in
PASSWORD SAFE, so that one password can be contained in several folders. But you will not lose track
of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
Password management with over 40 predefined forms (entry masks)
Change forms as desired or create own forms that suit your purpose.
Rapid access
Use the new comfortable and intelligent rapid access to have your data always readily available. Data
will be selected automatically if they have been linked to applications or web pages. Thus there is no
need to search.
Rapid access bar
With the comfortable rapid access bar you have access to your passwords and TAN blocks. Dock the
space saving bar at the edge of the screen and benefit from the automatic selection, if for example
your password is linked to a website or an application, the appropriate record will be automatically
displayed.
Automatic password entry
Let data automatically be entered easily and securely in other applications and browser, e.g. Internet
Explorer.
Labels
Use coloured labels to categorise records and distinguish them better. Arrange records that were
assigned to a label.
Tags
Supply records with tags to further categorise them and to find them more easily.
Tasks
Organise the expiration date of passwords by automatically written tasks. You will be automatically
reminded when a password expires or other important events occur.
Messages
The system automatically sends you messages at certain occasions.
management of documents
Protect your most important documents with Password Safe. You can download any files and
documents to the database. These do not have to remain on your hard disk then. Boot and edit
documents directly out of Password Safe. Link remote desktop access or remote maintenance software
with passwords and boot these including parameter passing.
Affix/documents
Link documents with any passwords.
History
By the new history you always have an overview of the past. See how a record or a password has
changed in the course of time. Rebuild accidentally overwritten records. Compare different version
levels with each other.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Own icons
2015 MATESO GmbH

26

Password Safe and Repository

There are aldready many standard icons available. Are these not sufficient, just download own icons to
the database and use these in folders and records. So you can further individualise the database and
especially bring out records.
Own arrays
Individualise records with own arrays. If once a record should not have a required array, just simply
and quickly add it. There are different types of arrays available (e.g. secured password array or also a
memo array). Start own arrays on the folder and benefit from the fact that when starting a new record
the arrays are already available.
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.

6.3

Professional Edition
The Professional Edition contains the same functionality like the Standard Edition. The Professional
Version differs in the possibility to even better suit the program to your purposes and contains extended
professional functions like for example the seal and lock function. All password arrays are protected from
Trojan and key loggers by different latest technologies. Also the readout of the password arrays with
tools like "PantsOff!" or diverse key loggers is not possible. The highly modern and intuitive operator
guidance, conformed to Outlook 2007, as well as the functional range which has no competition so far,
enable every first-time user the immediate installation of a secured password database.

2015 MATESO GmbH

Editions

27

Highlights of the Professional Edition

Password management with over 40 predefined forms (entry masks)
Forms are entry masks matched to certain topics. Therefore additional arrays, specific to the topic, are
at your disposal to administrate your data in an optimal way.
TAN management
Substantial bank and TAN management, multiple account compatible. San in your TAN block and
import it to PASSWORD SAFE, that is how you can avoid formal and defective typing in. Always control
your expenses and see how much you have already spend with one TAN block.
Administrate several databases
Even from the Personal Edition for only 9,90 euros you can administrate as many databases as you
want and even leave them open simultaneously and "on the fly" change between these databases.
USB stick compatible
The application can be set up with your database on a conventional USB stick, so that you always have
your data with you. A U3 stick version is also available.
Important safety features
Safety is important and that is why every Edition is equipped with all safety features. Secured
password arrays, clipboard control, key logger protection, digital signature of the application, password
guidelines, encryption with AES, automatic database lock in the case of absence, to give only some

2015 MATESO GmbH

28

Password Safe and Repository

examples...
Extensive password generator
Let absolute safe passwords be generated automatically, so you are always safe and create
unbreakable passwords.
Reporting
Of course you can also print your passwords on paper, to archive the data for example in a safe.
Comfort functions
PASSWORD SAFE memorises a lot, e.g. column widths, sorting, grouping, detail array, and many
more. The next time you open the folder this information will be reset the way you set it before. In
addition these settings will be saved individually per database and user.
No redundancies
Double entry should be avoided. That is why you can create any links to folders and other data in
PASSWORD SAFE, so that one password can be contained in several folders. But you will not lose track
of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
Password management with over 40 predefined forms (entry masks)
Change forms as desired or create own forms that suit your purpose.
Rapid access
Use the new comfortable and intelligent rapid access to have your data always readily available. Data
will be selected automatically if they have been linked to applications or web pages. Thus there is no
need to search.
Rapid access bar
With the comfortable rapid access bar you have access to your passwords and TAN blocks. Dock the
space saving bar at the edge of the screen and benefit from the automatic selection, if for example
your password is linked to a website or an application, the appropriate record will be automatically
displayed.
Automatic password entry
Let data automatically be entered easily and securely in other applications and browser, e.g. Internet
Explorer.
Labels
Use coloured labels to categorise records and distinguish them better. Arrange records that were
assigned to a label.
Tags
Supply records with tags to further categorise them and to find them more easily.
Tasks
Organise the expiration date of passwords by automatically written tasks. You will be automatically
reminded when a password expires or other important events occur.
Messages
The system automatically sends you messages at certain occasions.
management of documents
Protect your most important documents with Password Safe. You can download any files and
documents to the database. These do not have to remain on your hard disk then. Boot and edit
documents directly out of Password Safe. Link remote desktop access or remote maintenance software
with passwords and boot these including parameter passing.
Affix/documents
Link documents with any passwords.
History
2015 MATESO GmbH

Editions

29

By the new history you always have an overview of the past. See how a record or a password has
changed in the course of time. Rebuild accidentally overwritten records. Compare different version
levels with each other.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Own icons
There are aldready many standard icons available. Are these not sufficient, just download own icons to
the database and use these in folders and records. So you can further individualise the database and
especially bring out records.
Own arrays
Individualise records with own arrays. If once a record should not have a required array, just simply
and quickly add it. There are different types of arrays available (e.g. secured password array or also a
memo array). Start own arrays on the folder and benefit from the fact that when starting a new record
the arrays are already available.
Tasks
Send tasks to groups and users. Receive system messages as the administrator, for example if a user
has entered a wrong password and it hast to be set again.
Messages
The system automatically sends you messages at certain events (e.g. break of seal). Use messages for
the safe communication in your company. The messages never leave the database and are therefore
always encrypted and can not be seen by other persons.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Network compatible
From the Professional Edition on the software is network and multiple user compatible. It is about a
real network data base with simultaneous user access (reading and writing). The database simply has
to be filed on a windows network share and is therefore available to every user. Extensive network
functions, like for example automatic record locking, are provided. Get informed about e.g. the internal
message system, by the time a user finished the revision of a record.
management of users, groups and privileges
Organise your password database into operator groups. Assign rights to user and group level.
Privileges like for example reading, editing or deletion can be assigned to folders and almost any
records.
Sealing
The new extended sealing system now also offers the four-eyes principle. Seal passwords and define
who is allowed to deblock and crush them. With the task and message system the persons concerned
will be informed automatically.
Locking
Lock passwords from the access of other users. Even if you have locked a password you can provide it
to specific persons for the automatic password entry. So the users do not have any access to the
password but can automated log in applications or Internet portals without knowing the password.
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.

2015 MATESO GmbH

30

6.4

Password Safe and Repository

Enterprise Edition
The Enterprise Edition in combination with the Enterprise Server offers the optimal solution for a central
password management in your company. With the Enterprise Edition you have the possibility to run
Password Safe in the client-/server mode. Of course the TCP/IP communication is encrypted in the
network, so that nobody can read along data between client and server (for example through a network
sniffer). Following a small extract of the functionalities.

2015 MATESO GmbH

Editions

31

Highlights of the Enterprise Edition

Password management with over 40 predefined forms (entry masks)
Forms are entry masks matched to certain topics. Therefore additional arrays, specific to the topic, are
at your disposal to administrate your data in an optimal way.
TAN management
Substantial bank and TAN management, multiple account compatible. San in your TAN block and
import it to PASSWORD SAFE, that is how you can avoid formal and defective typing in. Always control
your expenses and see how much you have already spend with one TAN block.
Administrate several databases
Even from the Personal Edition for only 9,90 euros you can administrate as many databases as you
want and even leave them open simultaneously and "on the fly" change between these databases.
USB stick compatible
The application can be set up with your database on a conventional USB stick, so that you always have
your data with you. A U3 stick version is also available.
Important safety features
Safety is important and that is why every Edition is equipped with all safety features. Secured
password arrays, clipboard control, key logger protection, digital signature of the application, password
guidelines, encryption with AES, automatic database lock in the case of absence, to give only some
2015 MATESO GmbH

32

Password Safe and Repository

examples...
Extensive password generator
Let absolute safe passwords be generated automatically, so you are always safe and create
unbreakable passwords.
Reporting
Of course you can also print your passwords on paper, to archive the data for example in a safe.
Comfort functions
PASSWORD SAFE memorises a lot, e.g. column widths, sorting, grouping, detail array, and many
more. The next time you open the folder this information will be reset the way you set it before. In
addition these settings will be saved individually per database and user.
No redundancies
Double entry should be avoided. That is why you can create any links to folders and other data in
PASSWORD SAFE, so that one password can be contained in several folders. But you will not lose track
of it that way, because PASSWORD SAFE shows you where to find your data via the tab "links".
Favourites
You can mark often used passwords as favourites. These are available in the search folder
"favourites", so you always have quick access to your most important data. Folders can also be marked
as favourites and are available at any time as favourite folders in the left array.
Home page
On the clearly arranged home page you always see all important information on your opened
database. For example, if a password expired or a data backup is due, and much more.
Password management with over 40 predefined forms (entry masks)
Change forms as desired or create own forms that suit your purpose.
Rapid access
Use the new comfortable and intelligent rapid access to have your data always readily available. Data
will be selected automatically if they have been linked to applications or web pages. Thus there is no
need to search.
Rapid access bar
With the comfortable rapid access bar you have access to your passwords and TAN blocks. Dock the
space saving bar at the edge of the screen and benefit from the automatic selection, if for example
your password is linked to a website or an application, the appropriate record will be automatically
displayed.
Automatic password entry
Let data automatically be entered easily and securely in other applications and browser, e.g. Internet
Explorer.
Labels
Use coloured labels to categorise records and distinguish them better. Arrange records that were
assigned to a label.
Tags
Supply records with tags to further categorise them and to find them more easily.
Tasks
Organise the expiration date of passwords by automatically written tasks. You will be automatically
reminded when a password expires or other important events occur.
Messages
The system automatically sends you messages at certain occasions.
management of documents
Protect your most important documents with Password Safe. You can download any files and
documents to the database. These do not have to remain on your hard disk then. Boot and edit
documents directly out of Password Safe. Link remote desktop access or remote maintenance software
with passwords and boot these including parameter passing.
Affix/documents
Link documents with any passwords.
History
2015 MATESO GmbH

Editions

33

By the new history you always have an overview of the past. See how a record or a password has
changed in the course of time. Rebuild accidentally overwritten records. Compare different version
levels with each other.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Own icons
There are aldready many standard icons available. Are these not sufficient, just download own icons to
the database and use these in folders and records. So you can further individualise the database and
especially bring out records.
Own arrays
Individualise records with own arrays. If once a record should not have a required array, just simply
and quickly add it. There are different types of arrays available (e.g. secured password array or also a
memo array). Start own arrays on the folder and benefit from the fact that when starting a new record
the arrays are already available.
Tasks
Send tasks to groups and users. Receive system messages as the administrator, for example if a user
has entered a wrong password and it hast to be set again.
Messages
The system automatically sends you messages at certain events (e.g. break of seal). Use messages for
the safe communication in your company. The messages never leave the database and are therefore
always encrypted and can not be seen by other persons.
Logbook
With Password Safe nothing remains unnoticed. Log nearly every action (Look, Edit, Delete, etc.). See
which user logged in when and which actions he or she carried out in Password Safe. Assess the
actions with the extensive interpretation tool or analyse the data in Excel.
Network compatible
From the Professional Edition on the software is network and multiple user compatible. It is about a
real network data base with simultaneous user access (reading and writing). The database simply has
to be filed on a windows network share and is therefore available to every user. Extensive network
functions, like for example automatic record locking, are provided. Get informed about e.g. the internal
message system, by the time a user finished the revision of a record.
management of users, groups and privileges
Organise your password database into operator groups. Assign rights to user and group level.
Privileges like for example reading, editing or deletion can be assigned to folders and almost any
records.
Sealing
The new extended sealing system now also offers the four-eyes principle. Seal passwords and define
who is allowed to deblock and crush them. With the task and message system the persons concerned
will be informed automatically.
Locking
Lock passwords from the access of other users. Even if you have locked a password you can provide it
to specific persons for the automatic password entry. So the users do not have any access to the
password but can automated log in applications or Internet portals without knowing the password.
Active Directory Integration
From the Enterprise Edition on existing users and groups can be adopted from the Active Directory. An
automatic authentication of the user is possible.
Client-/Server
With the Enterprise Server you can arrange a client-/server architecture. Use the optimal speed to also
use WAN or VPN connections and that way easily link up home office or working offices. That way the
users no longer access a database on a network share but on the Enterprise Server, which
administrates the databases by itself and provides them via a encrypted TCP/IP connection. This is
2015 MATESO GmbH

34

Password Safe and Repository

about a SQL server, which receives enquiries from the client and only transfers the sample spaces to
the client. Since the users do not have access to the database files, they can not be abstracted from
the company.
Workflow system (only in combination with the Enterprise Server)
and much more...
Also look at our feature array. There the most important functions of all editions are opposed and
compared to each other.

6.5

Enterprise Server
The Enterprise Server in combination with the Enterprise Edition Client is offering the optimal package for
your company. At this the database file is deposited on a server (alternatively it can also be saved on a
redundant SAN). Therefore a user has no longer direct access to database file and can not abstract it
from the company. Here the users only access the server via an encrypted TCP/IP connection.
Furthermore the Enterprise Server is offering the best performance with larger amounts of data. The
server is running in the background as a service and with the comfortable management panel the
administrator can arbitrarily set many server parameters. This is the most secure possibility to work with
Password Safe within a network with several users.

2015 MATESO GmbH

Editions

35

By means of the database assistant as many databases as you want can be quickly and easily created.
Via the database management the databases (database password, database encryption, etc.) can be
accordingly adapted and edited. A backup service provides the daily data backup.
More information about the connection to the server and its security can be found on following link:
www.passwordsafe.de/download/connectiondetails

2015 MATESO GmbH

36

Password Safe and Repository

You can find continuative information in the manual on the Enterprise Server.
http://help.passwordsafe.de/v7/sds/en

6.6

iOS App (iPhone, iPad, etc.)

The iOS app allows you to access your data from an iPhone or iPad. The app is available through the
Apple App Store and works on all devices that use the operating system iOS 5 or later.
Of course you can synchronize your data between your mobile device and your Password Safe Client. It
is also possible to sync via the iCloud or Dropbox or to store encrypted backups there.
The iOS Help can be found on following Link:
http://help.passwordsafe.de/iOS/EN

Feature Overview
Your safety is our aim
- Encryption with 256-bit AES algorithm
- Generates secure and complex passwords at the push of a button

2015 MATESO GmbH

Editions

37

Deletion mode following too many logins (optional)

Expiry date for the database (optional)
Managing multiple databases
Automatic transfer of rights for Professional and Enterprise Edition
Encrypted backup in iCloud and Dropbox

More than just passwords

- Managing credit cards, debit cards, PINs and passwords
- Customizable input masks
- Folder structure to easily organize data
Favorites and Geo-favorites
- Highlight your most important data as a favorite with just one click
- GeoFav for location-based access to favorite passwords. For example, you need/have different favorites
at work and at home
Automatic registration and integrated browser
- Integrated browser with new automatic password entry
- Web bookmarks for faster browser access
Extension for Safari
- Call up the Password Safe App directly from Safari and allow the login data to be transferred.
Synchronization and cloud
- Synchronization with Windows Password Safe version (from Standard Edition version 7)
- Cross-device Secure-Cloud-Sync with iCloud (iOS), iTunes and Dropbox, for example from iPhone to
iPad
- When synchronising with a company database, other security settings are possible, as well as the
deactivation of the cloud function
Temporary Access (release)
- The innovation in mobile Password Manager
- airPass for temporary passwords secure browser-based access with external PC's and Mac's
General
- Individual optimized layout for smartphones and tablets
- Runs on iPad, iPhone and iPod touch
- No ongoing fees or InApp purchases
- Supports TouchID

6.7

Android App
Via the Android app, you can access with any Android smartphone or tablet to your data. The installation
is running - as usual - via the Google Play Stores and is available on all mobile devices with Android 2.2
or later.
To ensure that your data is always up to date, a synchronization between your mobile device and your
Password Safe client is possible. However, you can also sync via Dropbox, or even store encrypted
backups there.
The Android Help can be found on following Link:
http://help.passwordsafe.de/android/EN

2015 MATESO GmbH

38

Password Safe and Repository

Feature Overview
Your safety is our aim
- Encryption with 256-bit AES algorithm
- Generates secure and complex passwords at the push of a button
- Deletion mode following too many logins (optional)
- Expiry date for the database (optional)
- Managing multiple databases
- Automatic transfer of rights for Professional and Enterprise Edition
- Encrypted backup in the Dropbox
More than just passwords
- Managing credit cards, debit cards, PINs and passwords
- Customizable input masks
- Folder structure to easily organize data
Favorites and Geo-favorites
- Highlight your most important data as a favorite with just one click
- GeoFav for location-based access to favorite passwords. For example, you need/have different favorites
at work and at home
Automatic registration and integrated browser
- Integrated browser with new automatic password entry
- Web bookmarks for faster browser access
Synchronization and cloud
- Synchronization with Windows Password Safe version (from Standard Edition version 7) Danke
- Cross-device Secure Cloud Sync with the Dropbox, for example from Smartphone to Tablet
- In Sync with a corporate database other security-related settings are possible, as well as the
deactivation of cloud features
Temporary Access (release)
- The innovation in mobile Password Manager
- airPass for temporary passwords secure browser-based access with external PC's and Mac's
General
- Individual optimized layout for smartphones and tablets
- Runs on Smartphones and Tablets with Android
- No ongoing fees or InApp purchases

6.8

Web Access
With the new Password Safe Web Access you can now access your passwords independent of a platform
using a browser.
For this purpose, we have been inspired by the most successful search engine in the world. For the first
time we have changed the design concept completely. Folders are secondary. In line with the motto find
and not search. Of course you can also edit entries or add new ones. As usual, users can access the
data to which they are entitled.
The help for the Web Access can be found on following link: http://help.passwordsafe.de/v7/pwa/en/

2015 MATESO GmbH

Editions

39

Feature Overview
Password Safe Web Access login
Is a database for the Web Access configured the user are able to log into the available database. Also
login with a Active Directory user, as shown in the example, is possible.
Folders are secondary - find and not search
In the upper section, you can easily search for a desired record. The hits are marked in yellow. By
clicking on the folder directory path one is directly taken to the folder.
Access and edit passwords
Records can be easily opened with a click and changed at will. The password is only transmitted and
displayed when you press the corresponding button. All record changes or password requests are
recorded in the logbook accordingly.
Enter new records easily and quickly
Naturally the Web Access can be used to create new records. The rights from the parent folder are
automatically adopted. Using the search folder, or the folder selection, you can select the desired folder.
In this example you can see how the form is dynamically displayed on the basis of the folder. Once you
have decided on a folder, the stored form of the folder is automatically displayed to create the data set.
General
The Password Safe Web Access is a paid add-on module and is only available in combination with the
Enterprise Edition and the Enterprise Server.

First steps

7.1

System preconditions
Password Safe is run capable on almost every Windows system, older systems like for example Windows
ME and even older ones, are excluded.
Operating systems:
Windows XP (32Bit & 64 Bit)
Windows Vista (32Bit & 64 Bit)
Windows 7 (32Bit & 64 Bit)
Windows 8 (32Bit & 64 Bit)
CPU and main memory:
Due to the encryption and decryption a certain processing power is required. According to CPU load and
processor speed the performance of the client can vary.
Notice (terminal server/citrix):
The client can be processed on a Windows server operating system or also under a terminal server or
a citrix environment. To do so the terminal server/citrix module has to be licensed.
The Seamless Mode on citrix installations isnt supported.

Notice:
We basically suggest the Enterprise edition with the Enterprise server in the terminal server operation.

2015 MATESO GmbH

40

Password Safe and Repository

USB stick mode:

Out of the software a USB stick can be created. To do so you need a conventional USB stick with approx.
30 MB free memory (according to database size).
WebViewer:
The encrypted HTML file can be opened with every Java script capable browser (MAC, Linux, BlackBerry,
iPhone, etc.). The performance for the decryption of the file depends on the terminal used.

File sharing:
In principle, the database can be saved on a local hard drive using the file systems NFTS, FAT32 or FAT.
The same also applies to network shares in Windows. Only network shares on Windows Server 2003
(32Bit & 64 Bit), Windows Server 2008 R2 (32Bit & 64 Bit) and Windows Server 2012 (32Bit & 64 Bit) are
supported.
It is possible that other network shares (e.g. on some NAS devices) may not function in multi-user
operation in certain circumstances. The use of DFS file shares is also not possible.
Miscellaneous:
Only the default font sizes are supported.

7.2

Quick Start Guides

7.2.1

Singleuser
For the quick start with a singleuser database (possible in all editions) you act as follows:
1. Download of the software
First of all download the software under http://www.passwordsafe.de/download/psrdetail
2. Installation of the software
Start the installation assistant with a double click on the downloaded file
3. Activation of the software
Start Password Safe after the installation with a double click. The software directly starts with the
activation assistant which supports you at the activation
4. Creating the database
After the activation the database assistant appears, via which you can start a database

7.2.2

Multiuser
For the quick start with multiuser database (only possible in the Professional and in the Enterprise
Edition) you act as follows:
1. Download of the software
First of download the software under http://www.passwordsafe.de/download/psrdetail herunter.
2. Installation of the software
Start the installation assistant with a double click on the downloaded file. The perfect storage location
is a network share to which all clients are authorized.
3. Activation of the software
After the installation you start Password Safe with a double click. The software starts directly with the
activation assistant, which supports you with the activation process.
Further information is also available in the chapter Creating a licence file
2015 MATESO GmbH

First steps

41

4. Creating the database

After the activation the database assistant appears via which you can start a database
5. Configure network logon (if licensed)
If you have licensed the module network logon we now suggest to create an accordant network logon
file and therefore distribute the database configuration among the individual clients
6. Checking the network configuration
First of all check if all clients can log on at the database. If there should be any problems please make
sure that the clients can communicate with each other via the ports 12008 to 12018 TCP.

7.2.3

Client- / server
For the quick start with an Enterprise server database (only possible in the Enterprise Edition with
Enterprise server) you act as follows:

Installation server
1. Download of the software
First of download the software under http://www.passwordsafe.de/download/sdsdetail
2. Installation of the software
Start the installation assistant with a double click on the downloaded file.
3. Activation of the software
After the installation you start Password Safe with a double click. The software starts directly with the
activation assistant which supports you with the activation
4. Creating the database
Via a click on start new database the database assistant appears via which you can start a
database
5. Configure database firewall
In order to enable the individual clients the access the firewall has to be deactivated or the firewall
rules have to be given away. Also enter the IP address of the server so that the backup service can be
started.
6. Configure network logon (if licensed)
If you have licensed the module network logon we now suggest to create an accordant network logon
file and therefore distribute the database configuration among the individual clients
7. Configuration of the backup time schedule
In order to have backups created automatically in the future a backup time schedule has to be created
8. Configuration of the task service
If you want to use the task service it needs to be configured and activated
9. Configuration of the hacker protection
Define if messaging mails should be sent at a hacker suspicion. Furthermore a whitelist can be created
if you work with debugging tools

Installation client
1. Download of the software
First of download the software under http://www.passwordsafe.de/download/psrdetail
2. Installation of the software
2015 MATESO GmbH

42

Password Safe and Repository

Start the installation assistant with a double click on the downloaded file. The perfect storage location
is a network share for which all clients are authorized
3. Activation of the software
After the installation you start Password Safe with a double click. The software starts directly with the
activation assistant which supports you with the activation.
You can find further information in the chapters activation via license overview, activation via license
file and automatic activation
4. Linking the database
After the activation a database assistant appears via which you link the already created database. If
you use the module network logon the linking is made automatically at the first start

7.3

Download and installation

You can always download the current version of Password Safe via the internet site. Via the update
function, which you can call up via the menu "help" -> "search for update...", you can get to the current
version as well.
Download PASSWORD SAFE all editions (suggested):
http://www.passwordsafe.de/download/psrdetail
Download PASSWORD SAFE all editions MSI package:
Alternatively we also offer an MSI package as a download for the installation. Please notice that this is
only an MSI wrapper which contains the normal setup. You can load it down under the following link:
http://www.passwordsafe.de/download/psrmsidetail
After the download of the setup you can start the installation with a double click. Afterwards follow the
steps of the installer. After the successful installation you can carry out the software via the icon on the
desktop or in the start menu.
Silent Install - Parameter
The Password Safe installer can also be carried out invisibly in order to be able to e.g. automatically
deliver it to the user via a packaging software.
Silent Mode Parameter "/q" and "/q2"
- psr-7.X.X.XXXX.exe /q:
Silent Install. The status of the installation is shown in a window.
- psr-7.X.X.XXXX.exe /q2:
Invisible Install. The installation is carried out completely invisibly for the user.

Silent Deinstall - Parameter

Password Safe can also be deinstalled invisibly. Use the following command or parameter for this
process:
Silent Mode Parameter "/q" and "/q2":
- C:\ProgramData\InstallMate\{7B6F4DF3-57DA-49AD-8A6B-5639E9D66E8B}\Setup.exe /remove /q:
Silent Deinstall. The status of the deinstallation is shown in a window.
- C:\ProgramData\InstallMate\{7B6F4DF3-57DA-49AD-8A6B-5639E9D66E8B}\Setup.exe /remove /q2:
Invisible Install. The deinstallation is carried out completely invisibly for the user.

2015 MATESO GmbH

First steps

7.3.1

43

Local installation
Single place installation (personal and standard edition for private user)
In doing so Password Safe will be installed locally on a computer. Password Safe will be saved to the
program directory of Windows by default. According to desires the installation place can also be
adjusted. The configuration file "psr.pc7" will be automatically stored in the application data directory.
At the first start of the software you can decide which editions you want to test. If you should have
already bought a license, please choose the edition which you have bought. You can enter the license at
the release assistant.
More information on release: Release and activation
More information on configuration file: Configuration file

Multi user installation (Professional and Enterprise edition for companies)

Password Safe can be installed locally on the work stations, and can also be rolled out. If desired an MSI
installer is also available for a packaging.
At the local installation it has to be considered how the client reads in the license and how it can access
the network logon profile file, if licensed.
License file:
There are several possibilities how the client can access the license file. We suggest to deposit the
license file as centrally as possible via network share, so all clients can benefit from possible license
changes (e.g.: renewal of the software maintenance). By means of a environment variable the client
knows, where the license file has been stored and can load and use it from there. Alternatively the
license file can also be rolled out. At this it has to be considered that the license file should not be stored
in the "program" directory from Windows Vista on, because that directory is mostly write-protected. We
suggest, if the license file should be rolled out, to store it in "own documents", "documents" or
application data directory.
Network logon profile file (if licensed and available):
The network logon profile file can for example be made known to the client via environment variable. By
means of that profile the databases will be automatically configured at the client. If the license file
"psrX.lic" is stored in the network share, it has to be made sure that all users who use Password Safe,
have write access to the license file.

7.3.2

Network share / network installation

PASSWORD SAFE does not have to be installed on the workstations. If desired the client can also be
stored on a network share and be started from there with a desktop connection. Install Password Safe
locally once, in order to copy the files to the network drive afterwards.
The network share should contain the following files:
psr.exe - Password Safe application file
psr.nlc (optional) - module network logon profile file
psrX.lic - Password Safe license file (Notice write privileges for user)
psr.EN - Language file for switching the user interface to english
Data - directory with program data, e.g.: pictures.
Etc.

2015 MATESO GmbH

44

Password Safe and Repository

If the directory has been built up as described above, Password Safe will be licensed automatically when
starting the application, due to the module "network logon" the database connection will be set up
automatically and the user can authenticate at the database. An automatic user login via AD is basically
not possible in the multi user operation, for this the Enterprise server is required. Also with the
Enterprise server the automatic user login is only possible if the user has authenticated at a client with
his/her Active Directory password once.

7.3.3

Terminal server / citrix installation

For a terminal server installation the module "terminal server/citrix" is necessary. Password Safe will be
accordingly installed on the terminal server. Furthermore the directory should contain the same files
(psrX.lic, psr.nlc, etc.) as at the network share installation, in order that the licensing as well as the
automatic database configuration can be carried out.
Warning!
We recommend the Enterprise Edition in combination with the Enterprise Server. In this case the
Enterprise Server must not be installed directly on the Terminal Server.
The use of the Professional Edition in Terminalserver/Citrix-mode is on your own risk and cannot be
supported in a problematic scenario.
The Seamless Mode is not possible.

7.3.4

Databases memory location

Standard, at single place installations (personal and standard edition) the database file should be stored
in a directory, which is backed up regularly. For this purpose we suggest the "my documents" or
"document" directory, provided that it is backed up regularly.
In order to use Password Safe together in a team, that means as a central Password Safe, there are
different possibilities, according ot the edition.
Professional Edition (or Enterprise Edition without server)
Copy or create the databases (*.ps7) in a network share. Then all clients can set up a connection via the
client to the databases in the network share, via set up database.
Enterprise Edition with Enterprise server
The database itself does not lie in the network share, because access can be built up per TCP/IP via an
IP address of the server. Direct access to the database file is not intended here.

7.4

Update
Later versions can be installed by means of the setup via the existing installation. At this the version
installed before will be deleted, but not the configuration file "psr.pc7". Therefore all settings are
preserved. With the menu under "help" -> "search for updates..." you can check if a later version is
available for download.
Every time before an update a backup has to be made and it has to be checked if the software
maintenance is still valid. If the software maintenance has expired, please connect the sales team
(sales@passwordsafe.de). Please wait with the update until you have a valid software maintenance
again. Afterwards download and install the new version.
First login at the database after an update:
2015 MATESO GmbH

First steps

45

Confirm the message that the database can only be opened with the current version.
Carry out random data checks.
Notice for multi user databases:
All clients always need to have the same version, in order that they can access Password Safe. Clients
with a lower version level can not build up a connection with the database. According to that all clients
have to be updated at an update.

7.5

Upgrade v5, v6 to v7
At the further development of our products we attach great importance to the update capability.
Therefore it is possible to migrate even older database states of Password Safe in a current version. The
migration of the data is made by means of a PSX backup, which can be created from version 3.5 on. The
backup can always be stated in the database assistant at the creation of a new database (client and
server).
Before you migrate your database to the current version, you have to create a backup with the older
version. We suggest a copy of the database file as well as a "PSX backup", which you can also use for
the migration later. Besides you have to make sure that you own the necessary passwords (database
password, administrator password, etc.). Also notice that a migration of older versions, e.g. v4 and older
can also involve a manual effort.
You can find more information on the import of PSX backups under the following link: Import of PSX
backups (v5, v6, v7)
If you should already be a version 6 customer with silver or gold software maintenance, please check
before an update if your software maintenance is still valid. If yes, you can upgrade to the current
version for free.
If you are v5 customer or v6 customer with bronze support, please buy the according new licenses
before the update. Our sales team will be pleased to make you an offer (sales@passwordsafe.de).
Download and install the new Password Safe version. The clients of the old version can remain installed
until you do not need them anymore. The clients of both versions will run on one computer parallel
without problems. The older version can just be uninstalled later. In case you have licensed the module
"network logon", please notice that this has to be configured again after an update. Make sure that the
client can read in the profile file. Start the client and log in at the database as "administrator". Confirm
the message that the database can only be opened with the current version.
Attention:
An Enterprise server installation can not be operated parallel to older versions! If the
server from version 7 will be installed, an existing Enterprise server from version 6 will be
automatically uninstalled.
If you use Password Safe in the network share, only all program files can be exchanged. If Password
Safe should be be installed locally on the workstation, you can roll out Password Safe as usually.

7.6

Import of PSX backups (v5, v6, v7)

Notice:
The import of a PSX backup is possible at the start of a new database in the database assistant. A PSX
backup can not be imported to an existing database subsequently.

2015 MATESO GmbH

46

Password Safe and Repository

How to create a PSX backup

Export a backup in the PSX format in v5, v6 or v7 via the menu item "file" -> "export".
How to import a PSX backup
Create a new database in version 6 and directly import the backup in the database assistant. Then the
data will directly be imported and migrated to the new database. Afterwards you can log on at the
newly created database.
Because of the new data structure and the new application recognition (autom. password entry from
standard edition on), the existing applications have to be converted.

Notice:
If you should already be version 6 customer with silver or gold software maintenance, please check
before an update, if the software maintenance is still valid. If it is you can upgrade to the current
version for free. If you are v4, v5 or v6 customer with bronze support, please buy the according new
licenses via the online shop. Without license, an import is not possible, because the demo version is
limited to 20 datasets.

7.7

Demo version
You can test our software as a demo version for 30 days. There you have all functions in the different
editions available. When starting Password Safe you can choose the edition you want to test. You can
change the test edition via the menu "extras" later on.

If you buy an edition later the bought edition will be automatically chosen by the licence.
If you choose the Personal Edition the application is not temporally limited. Therefore you can use the
application as Personal Edition Free. There you can start up to 20 records. If you need more records you
can buy the Personal Edition or any other edition. Of course your data will be taken over to the version
you have bought.
At all other editions the software activation assistant starts in the demo version. Choose "start as demo
2015 MATESO GmbH

First steps

47

version" and then close the assistant via "continue" and "complete" to start the software in the demo
mode.
Here you can read how to activate the software.
Note:
For technical reasons, the databases are not backward compatible.
If you change the edition (for example, from the Personal Edition to Standard Edition) you must convert
the database. The database can then no longer be opened with the lower edition.

7.8

Activation
After you have ordered Password Safe you will receive an email from the MATESO GmbH sales team,
which includes a license certificate. With this certificate you can create a license file. Depending on the
used Edition the license file needs to be distributed to the individual clients. The exact procedure is
described in the following chapters:

Activation of Personal and Standard Edition

Activation via Software Activation Assistant
Extend with a module key
Activation via license overview
Embedding a existing license file

Activation of Professional and Enterprise Edition

Creating a license file
Distribution of the license file to the clients
Extend with module key

Activation of Enterprise Edition incl. Enterprise Server

Enterprise Server Help

7.8.1

Activation of Personal and Standard Edition

If you have purchased a Personal or Standard Edition, you will receive a email with a license certificate.
With this certificate you can create a license file that unlocks the software.

7.8.1.1

Activation via Software Activation Assistant

As soon as you have been sent the license certificate you can immediately activate the software with it
via the software activation assistant. At a demo version the assistant starts automatically at the start of
the application.
Copy the license certificate from the email to the clipboard. To do so mark the complete license

2015 MATESO GmbH

48

Password Safe and Repository

certificate with your mouse from "-----BEGIN LICENCE CERTIFICATE-----" to "----- END LICENCE
CERTIFICATE -----" and choose the menu item "copy" in the context menu with your right mouse button.
Alternatively you can also use the hot key CTRL+C. .

Since the license certificate is in the clipboard now you can now do the activation in the assistant. To do
so click on "continue" in the first step in order to start the process.

In the second step choose the item "add license certificate (activate software)", if you own a license
certificate. If a license file (for example psrX.lic has been given to you, choose the option "add license file
2015 MATESO GmbH

First steps

49

(*.lic) and afterwards confirm with "continue".

If the license certificate already is in the clipboard it will be automatically pasted in. If the license
certificate is not pasted in automatically, you can now paste it in yourself via the clipboard. In the lower
array you can define where the license information is saved on the hard disk. The license information is
stored in the license file "psr.X.lic" and should be considered in your security concept. Afterwards click on
"continue" to start the check.

2015 MATESO GmbH

50

Password Safe and Repository

If the license certificate has passed the test and is therefore valid you receive the following note. Confirm
this note with "Ok". Afterwards you can click on "complete". The application is automatically started again
afterwards and is activated as a full version from that point on.

Thank you very much for having chosen Password Safe. We hope you will take much pleasure in the use
of Password Safe...
If the license certificate is not accepted please notice that you choose the directory of the license file in a
way that write access is allowed there. Under Vista you should store the license file in the personal
document directory. Usually the suggested memory location is the best choice.
If a problem should arise with the activation please contact support@passwordsafe.de per email.

2015 MATESO GmbH

First steps

7.8.1.2

51

Extend with a module key

If you purchase an extension like for your existing Password Safe installation, you receive a so-called
module key. This can be imported in the license overview. First of all open the license overview via help > license overview. There you please choose the item adding module key. Afterwards you copy the
module key from the email to the accordant window and confirm with OK. After a reboot of Password
Safe the extension is entered in the license overview.

7.8.1.3

Activation with a License Certificate

If you has run the software already in the demo mode, its possible that the activation wizard wont
appear. In this case yo can activated via the license overview.

Activation with license certificate

After you have received the license certificate you can activate the software via the license overview.
Copy the license certificate to the clipboard. To do so mark the complete license certificate with your
right mouse button from "----- BEGIN LICENCE CERTIFICATE -----" to "----- END LICENCE CERTIFICATE
-----" and choose the menu item "copy" with your right mouse button in the context menu. Alternatively

2015 MATESO GmbH

52

Password Safe and Repository

you can also use the hot key "CTRL+C". Click on the button add license certificate in the license
overview in order to activate the software with the certificate.

The license certificat is displayed automatically if it is in the clipboard. Otherwise now paste it in manually
via "CTRL+V". In the lower array you can define where the license information is saved on the hard disk.
The license information is stored in the license file "psr.X.lic" and should be considered in your security
concept. Afterwards click on "continue" to start the check.

2015 MATESO GmbH

First steps

53

If the license certificate has passed the test and is therefore valid you receive the following note. Confirm
this note with "Ok". Afterwards the data is updated in the license overview.

7.8.1.4

Embedding an existing License File

If you all ready have a license (e.g. from an older installation), you can embed this directly via the license
overview. You can call up the license overview via "help" -> "license overview". Afterwards click on "file"
-> "open license file" in the license overview in order to add the license manually. Afterwards close the
license overview and start Password Safe again.

2015 MATESO GmbH

54

Password Safe and Repository

If the license wont be accepted, be sure that you have the rights to edit the file. If the license is from
another computer or the computer name has changed, you have to look for the old computer name in
the license overview. Rightclick on it and deactivate it.

7.8.2

Activation of Professional and Enterprise Edition

There are different ways to activate Professional and Enterprise Editions, depending on the used
database.
The activation for multi-user databases (Professional Edition and Enterprise Edition without server) is
described in the following chapters.
If you use a Enterprise Server Database, you will find all information in the help file of the Enterprise
Server.

7.8.2.1

Creating a license file

First, you should create a license file. This file can then be centrally provided, in a share. This has the
advantage that all clients have access to one file. If there are any changes thus only one file needs to be
adjusted. To do this, follow these steps:
Copy the license certificate from the email to the clipboard. To do so mark the complete license
certificate with your mouse from "-----BEGIN LICENCE CERTIFICATE-----" to "----- END LICENCE
CERTIFICATE -----" and choose the menu item "copy" in the context menu with your right mouse button.
Alternatively you can also use the hot key CTRL+C. .

2015 MATESO GmbH

First steps

55

Since the license certificate is in the clipboard now you can now do the activation in the assistant. To do
so click on "continue" in the first step in order to start the process.

In the second step choose the item "add license certificate (activate software)", if you own a license
certificate. If a license file (for example psrX.lic has been given to you, choose the option "add license file
(*.lic) and afterwards confirm with "continue".

2015 MATESO GmbH

56

Password Safe and Repository

If the license certificate already is in the clipboard it will be automatically pasted in. If the license
certificate is not pasted in automatically, you can now paste it in yourself via the clipboard. In the lower
array you can define where the license information is saved on the hard disk. The license information is
stored in the license file "psr.X.lic" and should be considered in your security concept. Afterwards click on
"continue" to start the check.

2015 MATESO GmbH

First steps

57

If the license certificate has passed the test and is therefore valid you receive the following note. Confirm
this note with "Ok". Afterwards you can click on "complete". The application is automatically started again
afterwards and is activated as a full version from that point on.

Thank you very much for having chosen Password Safe. We hope you will take much pleasure in the use
of Password Safe...
If the license certificate is not accepted please notice that you choose the directory of the license file in a
way that write access is allowed there. Under Vista you should store the license file in the personal
document directory. Usually the suggested memory location is the best choice.
If a problem should arise with the activation please contact support@passwordsafe.de per email.

2015 MATESO GmbH

58

7.8.2.2

Password Safe and Repository

Distribution of the license file to the clients

After you have created a license file you must distribute it to the your clients. For this you have got
different possibilities.

License file in the installation directory

For this just copy the license file psr7.lic to the installation directory of PASSWORD SAFE. At the start the
license is then found and used automatically.

Notice:
Since Password Safe writes the names of the single computers into the license file, it is necessary that
all users have got writing access to the file psr7.lic. In the standard installation folders (e.g.: C:/
programs/) there is no writing access.

License file in the documents folder

You can store the license file in the documents folder, too. Note that the file must be named psr7.lic. The
license will be automatically found when starting the client.

Allocate license files via environment variables

There is the possibility to make the license file available in a network share. In order that the clients can
find the file, it is pointed out per environment variable PSR_LICENCE_FILE. Enter the complete path
including file name here. Then the license file is loaded from that place.
How to configure the Windows environment variables:
- Open the system properties (Advanced system settings)
- Click on environment variables (below)

2015 MATESO GmbH

First steps

59

- Configure the necessary variable in the next step. Click on new to start the variable.

Allocate license file via the configuration file

If the license file lies on a network share it can also be pointed to it via an adaption of the configuration
file. That makes sense if you can distribute the configuration file to the individual clients per software
distribution. You can find out in the chapter configuration file how to adapt the configuration file
accordingly.

Allocate license file via the Registry Mode

Another possibility to allocate the license file ist the registry mode. A white paper about that can be found
on the following link: Password Safe Registry Mode
7.8.2.3

Extend with module key

If you purchase an extension like the workflow system for your existing Password Safe installation, you
receive a so-called module key. This can be imported in the license overview. First of all open the license

2015 MATESO GmbH

60

Password Safe and Repository

overview via help -> license overview. There you please choose the item adding module key. Afterwards
you copy the module key from the email to the accordant window and confirm with OK. After a reboot of
Password Safe the extension is entered in the license overview.

7.9

Database concept
In Version 7 there are three different database concepts. Normally the choice of the edition
depends on the usage and the number of users.
Singleuser (1 user, not network-compatible, only database login)
Multiuser (1-20 users, database login and user login)
Client-/Server (1-n user, only user login)
Which databases you can use depends on which edition you have bought.
Standard Edition -> Singleuser
Professional Edition -> Singleuser, Multiuser, maximally 10 databases per PC
Enterprise Edition -> Singleuser, Multiuser and Client-/Server

2015 MATESO GmbH

First steps

61

Advice for Standard Edition:

Due to the database concept the Standard Edition is no longer network-compatible from version 5 on.
Customers that still use the Standard Edition in version 4 in the network with several users, need the
Professional Edition in the future.
Advice for multi user operation (Professional and Enterprise Edition without server):
If you want use Password Safe with more than 20 users, this is only possible with the enterprise server.
Please notice that the database account in the multi user operation has to be started with the same
name on all clients.

2015 MATESO GmbH

62

7.10

Password Safe and Repository

Set up database
At the first start of the software the database assistant will be started automatically, which leads you
through the single steps for the setup of a database. Every individual step will be described detailed in
the assistant. You can also call up the database assistant manually to set up a new database or also an
existing one.
Please notice that you can not start more than 10 databases per computer in the Professional Edition.
Via the toolbar, or via the menu file -> create database account, you can directly create a new
database:

Database assistant: Set up new database or already existing database.

Edit database: Edit database subsequently (mapping, name, etc.).

2015 MATESO GmbH

First steps

63

7.10.1 Singleuser database

In this chapter it is explained how to create a new singleuser database step by step
Via the toolbar, or via the menu file -> set up database account you can call up database assistants

Database assistant: Start a new database or an existing database.

The database assistant starts with the welcome window

After a click on continue you can decide if you want to configure an existing database or create a new
database. For a new start just click on continue

2015 MATESO GmbH

64

Password Safe and Repository

In the next step you define which type of database should be created. The singleuser database can only
be accessed by one user at a time while the multiuser database enables 20 users to access the database
simultaneously. The Enterprise database can not be selected here because it is directly created at the
server.

2015 MATESO GmbH

First steps

Now give the database a significant name. In this example we decided for "PSR-Database"

2015 MATESO GmbH

65

66

Password Safe and Repository

It is important to select the an appropriate storage location for the database. Please notice that you need
the write privileges in the accordant directory. This is not the case in the program directory. The
document directory is suggested to you by default. However, we decide for an own folder on the hard
disk D:, which has the name "database"

In the next step you define how you want to secure the database from foreign access. This can be made
with a password, a password file or a combination of both. Please notice that you can not access the
database if you forget the password or if the password file is deleted. We decide for the protection via
password and click on continue

2015 MATESO GmbH

First steps

67

Now the password has to be entered and confirmed. Under password quality you can see how hard your
password is to guess. For your security the password should be at least 12 characters and exist of capital
and small letters as well as of numeric characters and ideally special characters.

2015 MATESO GmbH

68

Password Safe and Repository

Tip:
The database password should offer as much security as possible but should also be easy to
remember, so that you do not forget it. Create the password for example by using the initial letters of a
sentence you can easily remember. "From now on I only want to use safe passwords for my PC" is
Fno1owtuspfmP (additionally I has been replaced by 1 here)
After a click on continue you can select the language of the database. Alternatively you can also import a
backup (for example from an older version)

2015 MATESO GmbH

First steps

In the last step please click on finish

2015 MATESO GmbH

69

70

Password Safe and Repository

7.10.2 Multiuser database

In this chapter it is explained how to create a multiuser database step by step.

Setup of a new multiuser database

In order to create a multiuser database just start an arbitrary PASSWORD SAFE client. Via the toolbar or
via the menu file -> setup database account you can call up the database assistant

Database assistant: Start a new database or an existing database.

The database assistant starts with the welcome window

After a click on next you can decide if you want to link an already existing database or start a new
database. For starting a new one just click on next

2015 MATESO GmbH

First steps

71

In the next step you define which kind of database should be created. Only one user can connect with the
singleuser database while 20 users can access the multiuser database at the same time. The Enterprise
database cannot be selected here, because it is created directly at the server.

2015 MATESO GmbH

72

Password Safe and Repository

Now give the database a significant name. In this example we choose PSR database

2015 MATESO GmbH

First steps

73

It is important to select a proper storage location for the database. At a multiuser database it is
necessary that all clients that should connect with the database need writing rights in the accordant
share.
Notice:
You can deposit the multiuser database on every standard SMB share (Windows share). However,
notice that the DFS shares are not supported.

In the next step you define how you want to protect the database from foreign access. This can be made
via a password, a password file or a combination of both. Please notice that no access to the database is
possible if the password has been forgotten or the password file is deleted. We choose the protection via
password and click on next

2015 MATESO GmbH

74

Password Safe and Repository

Now the password has to be given away and be confirmed. Under password quality it is shown to you
how hard it is to crack your password. For your security the password should be at least 12 characters
long and should contain capital and small letters as well as numbers and special signs.

2015 MATESO GmbH

First steps

75

Tip:
The database password should on the one hand offer a very high security but on the other hand it
should be easy to remember, so you do not forget it. For example create the password by using the
initial letters from an easy to remember sentence. From now on I only want to use safe passwords for
my PC is Fno1owtuspfmP (additionally I has been replaced by 1 here)
In every multiuser database there is a local administrator account. Now give away the password for it.

2015 MATESO GmbH

76

Password Safe and Repository

After a click on next you can select the language of the database. Alternatively you can also read in a
backup (for example from an older version). If a backup is read in the database receives its language.

2015 MATESO GmbH

First steps

77

In the last step pleas click on Finish

The multiuser database is now started and can be configured or used.

Notice:
Also at a multiuser database only one client can log in. In order to enable the concurrent access of
several users, the first client that logs on at the database acts as the server and makes the connection
for the other clients available. For this it is necessary that the clients can communicate with each other
via the ports 12008 12018 TCP. So please make sure that this connection is not blocked by a firewall
in your network and that the communication between the computers is possible. If you should have any
problems at connecting you can find accordant notes under the following links:
Problem solutions
Error codes

7.10.3 Link with an existing database

In this chapter it is explained how to connect with an existing multiuser database from a client. With a
sinlgeuser database its the same procedure.

Link with an existing multiuser database

In order to link with an existing multiuser database start the accordant PASSWORD SAFE client. Via the
toolbar or via the menu file -> set up database account you can call up the database assistant

2015 MATESO GmbH

78

Password Safe and Repository

Database assistant: Start new database or an existing database.

The database assistant starts with the welcome window

Since the database already exists select configure existing database

2015 MATESO GmbH

First steps

79

In the next step you have to enter which kink of database it is about. So you select Professional (multiuser mode, Peer to Peer) in this case

2015 MATESO GmbH

80

Password Safe and Repository

Now you select the storage location of the database

Notice:
Please notice that all clients that want to access the database need writing rights in the accordant
share.
The name of the database has to be entered, however, the current database name is already suggested.
It is recommended to keep that name.

2015 MATESO GmbH

First steps

81

Notice:
A multiuser database necessarily has to be linked under the same name at all clients. Also notice case
sensitivity here.
Now it has to be stated how the database has been encrypted

2015 MATESO GmbH

82

Password Safe and Repository

In the last step please click on Finish

2015 MATESO GmbH

First steps

83

The multiuser database is now completely set up and can be used.

Notice:
Also at a multiuser database only one client can log in. In order to enable the concurrent access of
several users, the first client that logs on at the database acts as the server and makes the connection
for the other clients available. For this it is necessary that the clients can communicate with each other
via the ports 12008 12018 TCP. So please make sure that this connection is not blocked by a firewall
in your network and that the communication between the computers is possible. If you should have any
problems at connecting you can find accordant notes under the following links:
Problem solutions
Error codes

7.11

Enterprise server connection certificate

In order to provide a most high security, the server authenticates with a cerfificate towards the clients.
This certificate is created server-side. The clients have to trust this certificate. In order to make the
certificate available at the clients there are two possibilities:

Installation via the Password Safe Client

If the accordant certificate has not yet been installed at the client, the following window appears at the
first connection with a server database:

2015 MATESO GmbH

84

Password Safe and Repository

Here a simple click on yes is enough to install the certificate.

Installation / allocation without the Password Safe Client

If you do not want the users to install the certificate or not want to install it manually on every computer
you can also allocate it via a group guideline. To do so act as follows:
Export of the certificate
Start the console administration via start -> mmc.
Select file -> add snap in.
Select certificates and click on add.
Select computer account in the following window and afterwards complete.
Now you can see the item certificates in the console administration on which you do a double click.
Via own certificates -> certificates you get to the certificate Password Safe Enterprise
server.
Click with your right mouse button on the certificate and then select all tasks -> export.
Now follow the assistant. You do not need to change any settings here. You only have to give away
memory location and file name.

Allocate per group guideline (only possible at a domain controller)

Click on start, point to administration and then click on group guideline administration.
Do a double click in the console structure of the overall structure and domains. Afterwards you do
a double click on the desired domain and then select group guideline objects.
Click on the group guideline object standard domain guideline with your right mouse and click on
edit afterwards.
Switch to computer configuration -> guidelines -> Windows settings and safety settings in
the group guideline administration console, and then click on guidelines public key.
Click on the memory trusted root certification authorities tab with your right mouse button.
Click on import and follow the steps of the certificate import assistant in order to import the
certificate.

Manual installation via the MMC console

Start the console administration via start -> mmc.
Select file -> add snap in.
Select certificates and click on add.
Select my user account in the following window and afterwards complete.
Now you can see the item certificates in the console administration on which you do a double click.
Navigate to Trustet root Certification Authorities -> certificates
Rightclick in the mainwindow and select all tasks -> import
Follow the assistent and specify the certificate you have exported on the server

2015 MATESO GmbH

First steps

7.12

85

Backup

7.12.1 Single and multiuser databases

Your data is the most important property. Therefore just set up a backup, because a hard disk typing
error, hard disk malfunction or also a virus can destroy any kind of files, also databases. Therefore it is
important that you always create a functional and up-to-date backup of your databases. Password Safe
already offers automatable backup mechanisms, so that you can easily set them up and always have an
updated backup available for case of emergency.

Possibilities for the backup without server

Copy of the database
For the protection of your data the database <%DATABASE%> can be copied on file system level. Please
notice that during the copying the database must not be accessed. Therefore all users have to be logged
off the database. If you use a backup software in your system you can also let the database copy with it,
if it is sure that during the copying nobody is connected with the database. At a hardware malfunction
you can directly link the copy of the database as existing database.
Backup via the automated backup
If you use a local or a network database (on network share) you can set up the automatic backup (PSX
format) via the menu edit -> database settings -> auto backup. As soon as the backup is set up
every time you close the database a backup will be automatically created for the whole database.
Therefore you always have the current backup as a PSX backup available and can create a new database
from that at any time.
Further information on the setup of the auto backup

Backup concepts
Singleuser database
If you use a singleuser database we suggest to create an automatic backup every time you close
Password Safe locally on your computer. Please notice that the backups are each overwritten if you do
not annex date and time. Therefore you receive a backup file which is updated every day. If you annex
date and time you receive a new backup daily and can therefore also get back to older backups. If you
want to continue to increase safety you can copy the backup file to file system level after the creation. As
a storage location we suggest a NAS here or another computer, but also the copying to another hard disk
makes sense because that way you do not loose your data in the case of a hard disk crash. The backup
file can either be copied manually or also via a backup. If you should use a tool please make sure at its
configuration that the backup has to be completely created before you copy it.
Multiuser database
At the use of a multiuser database we suggest to define an employee who creates manual backups daily.
It is also possible here to use the option automatic backup when closing, however, here every user
would be asked to create a backup when closing. Additionally it makes sense to copy the database file
2015 MATESO GmbH

86

Password Safe and Repository

daily with a backup software or manually.

Further information on the setup of the auto backup

Restoration at the client

A backup (PSX backup file) can only be imported to a new database. An import to an existing database is
not possible.
Act as follows:
1.Create a new database with the database assistant and enter the backup file which you want to restore
directly in the database assistant.
2.After the database has been created the data in this database will be automatically reproduced.
3.Afterwards you can log on at the database.
Note:
If the restore process for a backup fails, a log file containing the relevant information with be created
under the name import.err with the file path C:
\Users\Benutzername\AppData\Roaming\PasswordSafe\psr.pc7.

7.12.2 Client- /server databases

Backup with Enterprise server

Via the Enterprise server you can directly create backups automatically via special time schedules,
independently from the client. Therefore the client does not notice the backup and does not have to be
configured for it. You can find further information on the setup of backup time schedules in the manual
for the Enterprise server.
Further information on the setup of the backup can be found in the help to the Enterprise Server

Restoration at the server

You can find further information in the manual of the Enterprise server

7.13

Database login
In the database login you can choose the database in the upper array on which you want to log on. If you
have started several databases you can just switch between them. If you have found the database on
which you want to log on, enter the database password in the next step and confirm with "Ok".
According to the database status an accordant symbol will be displayed. If the database should not be
accessible it will be accordingly displayed.
Database exists, login possible.
Already logged on the database

2015 MATESO GmbH

First steps

87

You can call up the database properties with the button next to the database name and accordingly
change them if necessary.
Database properties: Change or see database properties.
Configure plugin: Configuration of the plugin chosen in the menu
Call up screen keyboard
Protection status: Deactivate or limit keylogger and protection mechanisms for the login array.

Hint:
You can realize an automatic database login with the module network logon.

7.14

User Login
Password Safe offers different possibilities for the user authentication. At this there are the following
different user types:
Password Safe users: These users are stored locally in Password Safe and can be in multiuser as well
as in Enterprise server databases.
Active Directory users: You have got the possibility to take over users from the Active Directory.
These users can then log in with their domain password.
Acitve Diretory users with PKI: Optionally users can

According to the user the logins differ in the process. The single processes are illustrated with diagrams
here.

Login with Password Safe users

In a client server installation a Password Safe user is logged in as follows. The login at a multiuser
database (without server) is carried out the same way. Here, however, the first client that has logged on
at the database takes over the role of the server. At a singleuser database no user login is necessary.

2015 MATESO GmbH

88

Password Safe and Repository

Login with Active Directory users

At the login of users which have been taken over from the Active Directory it is authenticated towards the
Active Directory. Also here at a multiuser installation the client who has connected first with the database
takes over the role of the server. In singleuser databases this login process does not come up.

2015 MATESO GmbH

First steps

89

Login via PKI / certificate (only with module "PKI")

The login via PKI or a certificate is only possible with the accordant module. This login process only exists
in Enterprise server installations.

2015 MATESO GmbH

90

Password Safe and Repository

7.14.1 Login with Password Safe users

According to the database concept chosen the user login appears. In the upper array the database is
shown on which you want to log on as a user. Underneath the user name can be entered. Please
consider case sensitivity here. The initial password, that means the administrator password will be
created when the database is set up.
Call up screen keyboard
Protection status: Deactivate or limit keylogger and protection mechanisms for the login array.

Notice:
You have given away the password for the administrator account at the start of the database.
2015 MATESO GmbH

First steps

91

7.14.2 Login with active directory users

In an Enterprise server installation you have got the possibility to take over users from the Active
Directory to Password Safe. The advantage of that is that the user does not have to remember a further
login name or keyword, because the Windows login data is used. If requested an automated login can be
made possible for the Active Directory users. Please take advices on the necessary settings on the server
page from the server help. The user and group structures can be imported via the Active Directory
integration, available in the user and group management.
The authentication of the users is carried out server-side. As long as the server is in the accordant
domain and can be accessed from the clients the users can log on, and it does not matter if the client is
in the domain or not.
Notice:
In order to log on at an offline database, either the client has to be in the accordant domain or the user
profile has to be on the computer.
In the online mode the authentication of the users towards the Active directory is realized through the
Enterprise server. Therefore the Active Directory has to be accessible from the Enterprise server.

At the users taken from the Active Directory, the tab Active Directory can be found in the properties
(when editing the user).

2015 MATESO GmbH

92

Password Safe and Repository

If the function automatic login is activated, the user can log in automated, that means without
password entry. Please notice that this function also has to be activated and configured at the server.
The function user name has to conform to Windows login name effects that only the user that is
logged on at the operating system is allowed to log on at Password Safe. Generally the automatic login is
only possible for the logged in domain user.

Manual login with an Active Directory user

For the login with an Active Directory user please enter the user name including the domain. Please
notice that you have to use the Windows user password here.

By means of the button behind the user name you can let your currently logged in user name including
the domain be entered automatically.

Automatic login by means of the Windows authentication

Precondition for the automatic Windows authentication is that this function is activated in the user
properties and also configured at the server. There are two variations here. On the one hand the RSA
encryption and on the other hand the SID encryption. The login is carried out similarly in both cases.
Please notice that the computer and the user have to be in the same domain for the automatic login.

Automatic Windows authentication with RSA encryption

If the automatic Windows authentication with RSA encryption has been configured at the server, you can
log in as follows:
First login
At the first login you enter your Windows user name including the domain. Via the push-button next to
the user name you can also take over the user name directly. Also the user name can be taken over via
a hot key (by default CTRL + ALT + W). Afterwards click into the field password and enter your
Windows login password there. Push the button login in order to log on at Password Safe.
2015 MATESO GmbH

First steps

93

Second login
At the second login a push-button appears in the login mask below to activate the automatic login. Set a
check mark here and log in like you did at the first login.

Third login
The third login is now carried out automatically. In the left corner below the encryption is shown to you
via a symbol, here the RSA encryption.

2015 MATESO GmbH

94

Password Safe and Repository

Automatic Windows authentication with SID encryption

If the automatic Windows authentication with SID encryption has been configured by the administrator at
the server you can log in as follows:
First login
At the SID encryption the push-button log in automatically in the login mask already appears at the
first login. Activate the option for the automatic login in the lower array and log in with your Windows
login data.

Second login
The second login is already carried out automatically. In the left corner below the SID encryption will be
2015 MATESO GmbH

First steps

95

shown to you with a symbol.

Notice:
Especially in the test run it can happen that a user wants to log on at Password Safe that does not
comply with the user logged in at the operating system. In this case consider the option user name
must match with Windows logon name. You can find further information on this in the chapter
manage users and groups.
Tip:
If you have activated an automatic login but want to log in with another user, keep the Shift key (upper
case) pushed. Therefore the automatic login is deactivated and you can carry out a manual login.

7.14.3 Login via PKI / certificate

A login at Password Safe by means of certificates via token or smartcard is possible as well. A
precondition for this is a public-key-infrastructure in your company as well as the licensing of the module
PKI (only available in combination with the Password Safe Enterprise server.
First of all it has to be defined at the Password Safe Enterprise server how the users should be identified.
You can find further information on this in the help of the PASSWORD SAFE Enterprise server under
configuration -> server options -> certificate

Automatic allocation of the user certificate

If the accordant option has been activated at the Password Safe Enterprise server the domain as well as
the user name from the certificate will be adjusted with the user name from Password Safe in order to
allocate the accordant user. This option only works with users which have been taken over from the
Active Directory and therefore have a domain affiliation.

2015 MATESO GmbH

96

Password Safe and Repository

Manual allocation of the user certificate

In order to allocate the certificate manually select file -> my profile -> user certificate at the
Password Safe client.

Here first of all the used provider has to be selected. If you should not know the provider please contact
your system administrator. Afterwards you can you can select the accordant certificate. In this example
the certificate has got the name of the user. According to the configuration of the PKI the certificates can
also be called differently.

Login via the certificate authentication

For the login with token or smartcard please select the item certificate authentication in the login
dialogue.

2015 MATESO GmbH

First steps

97

Afterwards the desired certificate can be selected under certificate.

At the first login via a certificate the key word or the PIN of the token or the smartcard has to be entered.
For this a dialogue of the accordant provider appears.
Notice:
Especially in the test run it can happen that a user wants to log on at Password Safe that does not
comply with the user logged in at the operating system. In this case consider the option user name
must match with Windows logon name. You can find further information on this in the chapter
manage users and groups.
If a user wants to log in using a token, the PIN for the token needs to be entered. If the Password Safe
client is blocked and needs to be unblocked again, this PIN request does not appear. Therefore, the
token should be configured in such a way that it is automatically blocked.

7.14.4 Login problems

If a problem should arise at the login, you can find notes about the reason and the solution in this
chapter.
2015 MATESO GmbH

98

Password Safe and Repository

ProblError at the user authentication. Please make sure that you log in with domain/user.
em: Client error.
Reas Client could not carry out the login. Usually the password is wrong here.
on: Make sure that the right password is used, that the shift key is not activated and that keyboard
Soluti language is not altered.
on:
ProblError at the user authentication. Please make sure that you log in with domain/user.
em: Server error
Reas Server could not carry out the login. Usually the password is wrong here.
on: Make sure that the right password is used, that the shift key is not activated and that keyboard
Soluti language is not altered.
on:
ProblNo authorization for the user authentication.
em: User must not be used for the AD login, because he/she does not comply with the user logged in at
Reas the operating system.
on: Log off at the operating system with the right user. Alternatively the option can be deactivated in
Soluti the user settings.
on:
ProblLogged in Windows user cannot be used for the user authentication.
em: The login cannot be carried out because the user logged in at the operating system does not
Reas comply with the user that wants to log in at Password Safe.
on: Log off at the operating system with the right user. Alternatively the option can be deactivated in
Soluti the user settings.
on:
ProblNo authorization for the automatic user authentication.
em: The user does not have enough rights for the automatic login.
Reas Make sure that the user has got the appropriate rights.
on:
Soluti
on:
ProblThe configuration of the user authentication is not correct. Therefore the auto login
em: cannot be carried out.
Reas Automatic login with an Active Directory user failed, because the Public Key is not correct.
on: Try to configure the automatic login again.
Soluti
on:
ProblError at the user authentication. Client locked.
em: The user that should be logged in could not be found, therefore the IP address of the accordant
Reas client has been locked.
on: Make sure that the user name is spelled properly and that the user is installed in Password Safe.
Soluti
on:
ProblThe used certificate cannot be used for the user login because the signature has not
em: been confirmed.
Reas Error at checking the signature.
on: Check if the client and the server have got the same version.
2015 MATESO GmbH

First steps

99

Soluti
on:
ProblThe used certificate cannot be used for the user login because it is not trusted.
em: Server does not trust the certificate.
Reas Check the certificate.
on:
Soluti
on:
ProblThe used certificate cannot be used for the user login because it is expired.
em: The certificate is expired.
Reas Renew the certificate.
on:
Soluti
on:
ProblThe used certificate cannot be used for the user login because the fingerprint does not
em: comply.
Reas Server could not confirm fingerprint.
on: Check the certificate and issue it again if necessary.
Soluti
on:
ProblThe used certificate cannot be used for the user login, because the CA cannot be
em: reached.
Reas The necessary certificate authority cannot be reached.
on: Check the connection with the accordant server.
Soluti
on:
ProblThe used certificate cannot be used for the user login because no user has been found
em: for it.
Reas User from the certificate has not been found in Password Safe.
on: Make sure that the user in Password Safe has got the same name as the user in the certificate.
Soluti
on:
ProblThe user found for the certificate is not logged in at the system. Login at Password
em: Safe is not possible.
Reas The login cannot be carried out because the user logged in at the operating system does not
on: comply with the user that wants to log in at Password Safe.
Soluti Log off at the operating system with the right user. Alternatively the option can be deactivated in
on: the user settings.

7.15

Basic settings

7.15.1 General settings

The general settings are saved user-dependent and can therefore be fitted individually by every user.
Furthermore you can individually configure the the general settings via the safety zone, according to the
zone. By the different zones (private, workplace, public) you can perfectly set up the security. To set up
the particular array click on the accordant "tab", for example "safety", to configure security settings.

2015 MATESO GmbH

100

Password Safe and Repository

7.15.1.1 General
In the tab "general" you can carry out basic settings for Password Safe.

Start automatically with Windows

With this you have the possibility that Password Safe will be opened automatically at the start of
Windows.

Immediately minimize in traybar after login

As soon as you have logged on a database Password Safe minimizes in the traybar on the right side
below. The traybar of course also works if you have activated the auto login and therefore no manual
action is necessary.

Minimize program when clicking on X in the main window

As soon as you click on the X in the window bar the software is normally closed. With this option you
have the possibility that the software will not be closed but instead will be minimized in the traybar.
2015 MATESO GmbH

First steps

101

Display info and notes in the traybar

Password Safe With this option Password Safe shows different happenings (e.g. if a password has been
entered in an application) as a balloon hint in the traybar.

Play sound at the reminding of tasks

As soon as the reminder window opens which reminds you of a due task a soundfile will be played.

Keep application in the task bar when minimizing

The application also remains in the task bar after minimizing.

Alternative path for auto backup

If the auto backup is activated in the database settings, an alternative path can be stated for the current
user/client. This can be necessary if the path is not available in the database settings at the client or has
been mapped differently.
Update test
With the update test you can test from time to time if later version is available
7.15.1.2 Safety
In the array "safety" you can choose and configure settings, which you think are safety relevant. Due to
the combination of different settings in combination with the safety zones you can configure the
maximum safety per zone.

Lock database at anergic state after

If this option is activated the database will be locked after the configured time. The anergic state hereby
directs to the system anergic state, that means the absence of the workstation.
Disconnect database at anergic state after
This option includes that Password Safe disconnects the connection to the database after the expiration
of the set time.
Hide passwords and protected data
Passwords, as well as form fields marked as protected will always be displayed protected (hidden) after
activating this option. Via the list menu "lock icon" the data can be shown or hidden. The data can also
be shown with the space bar (quick view).
Hide automatically at anergic state after
If this option is activated the data will be shown protected, hidden after the configured time.
Hide data with exact character length
By activating this option protected data are hidden with the exact character length. If this option is
2015 MATESO GmbH

102

Password Safe and Repository

deactivated the data is always hidden with a character length of 10 characters. A conclusion to the length
of the password is therefore not possible.
Hide passwords and data in the quick view
With this option you can hide the data when calling up quick view (space bar). The data will be dumped
unprotected in the quick view by default.
Hide detail array when it`s locked
If the detail array is for example locked due to the logbook setting "view/open", the detail array can be
completely hidden with this option.
Minimize automatically at anergic state
If this option is activated Password Safe minimizes automatically at anergic state after the configured
time.
Minimize automatically at user change
Password Safe will be automatically minimized at a user change.
Minimize automatically at Standby or idle state
Password Safe will automatically be minimized at Standby or idle state of the computer.
Lock databases after automatic minimizing
If this option is activated the database will be automatically locked if Password Safe is minimized
automatically for example at anergic state or user change.
Lock databases after minimizing
By activating this function the database will be locked after every minimizing
Lock database when maximising
This option only locks the database when it is maximised. As long as Password Safe remains minimised,
it is possible, for example, for passwords to be automatically entered.
7.15.1.3 Folders
The folder settings affect all folder lists. Note that some settings can affect the performance.

Set up folder with the assistant

The folders have many different functionalities. That these are already adjustable at the setup of a
folder, a new folder can be directly set up with the new folder assistant to guide you through the
necessary steps. That way a folder is quickly configured to the new requirements.

Show user name in folder structure

Shows the accordant folder owner at task and message folder directly behind the folder name. This is
suggestive if a colleague wants to unblock his task folder to another colleague, for example because he/
she is on holiday, so that he/she can take on holiday replacement without problems.

2015 MATESO GmbH

First steps

103

Break down folder mapping

Here you can have the folder structure be displayed a a headline in the lists, that means the mapping
from the highest to the lowest folder. Furthermore the folder mapping will also be displayed in the
overview directly in the record (in the tab "links"). Please note that the loading time thereby gets slightly
longer (in the password list and when editing records).

Always completely open folder list

Here the folder list will be displayed in the entire structure and therefore fully expanded. Therefore the
navigation in individual subordinated folders is possible more quickly and easily, because the whole
structure is always apparent.
Show comments in the folders in the header of the list
Shows comments of the folders in the header

Open the last folder opened when starting the software

When you start Password Safe, the last folder opened will be displayed.

Show number of new messages and tasks

If this option is activated it will be displayed to you directly next to the accordant folder name, how many
tasks or messages are in the folder and how many of them have not been read yet.
Here you can see that there are no tasks. However, the user has got 2 messages, and one of them has
not been read yet:

Close all other folders after searching for a folder.

This option ensures that the entire folder structure is closed after searching for a folder so that the folder
being sought is displayed more clearly.

2015 MATESO GmbH

104

Password Safe and Repository

7.15.1.4 Clipboard
Change to the tab "clipboard" in the left array to configure the clipboard.
Delete clipboard when hiding passwords
When hiding passwords the clipboard will be automatically deleted.
Delete clipboard when minimizing
If Password Safe is minimized the clipboard will be deleted.
Delete clipboard when closing
Before closing Password Safe the clipboard will be deleted.
Automatically delete data from the clipboard after
If this option is activated the data will be automatically deleted after the configured time.
Activate monitoring of the clipboard
The activation of this option causes that Password Safe monitors the clipboard. If another application
also uses the clipboard you will be advised of it. You can automatically enter applications in the "allowed
programs" by selecting the option "always ignore this application" in the clipboard dialogue. Alternatively
you can also add and delete the applications manually via the buttons. Via the context menu (click on an
application with your right mouse button) you can also delete the program again from the allowed
programs.
Always ignore this application
By confirming the button the application will be entered in the list of the "allowed programs". Afterwards
Password Safe ignores the application and immediately writes the data in the clipboard.
Ignore application once
The application will be ignored and Password Safe writes the data to the clipboard once.
Abort
The action is aborted an no data will be written to the clipboard.

2015 MATESO GmbH

First steps

105

7.15.1.5 Password
In the array password you can define the password guidelines and policies yourself. According to the
configured criteria the password will be created and also tested if it conforms to the guidelines and can
therefore be used. In the array below you can define which characters the "password generator" should
use. With these settings absolutely safe and unbreakable passwords can be generated.

2015 MATESO GmbH

106

Password Safe and Repository

Here you have got the possibility to create one password guideline for new databases as well as one for
administration passwords. At the first start already two standard guidelines are predefined, which can be
changed with a click on the accordant key symbol. Under the tab general you define name, description
as well as the guideline yourself. Furthermore symbols can be excluded here.

2015 MATESO GmbH

First steps

107

Under the tab exclusion list you can state words which must not be used in passwords. Besides you
have got the possibility here, to export or import already created lists in the format *.csv. You can also
download a list of commonly used passwords. For this use buttons marked in the screenshot.

2015 MATESO GmbH

108

Password Safe and Repository

What are safety points?

The safety points reflect the complexity of a password. If numbers, small and capital letters and special
characters are used in a password it is quite complex and therefore receives the required safety points
more quickly. The safety points are calculated for every password, at this also redundancies and direct
repeats are considered. So it can be made sure that the passwords are saved complex enough.
7.15.1.6 Hot keys
By means of the hot keys you can quickly call up certain functions of Password Safe. To change the hot
keys click on the description field and act out the hot key. Afterwards confirm with "save" to take over the
settings.
Hot keys for the insertion of form data and scripts
The hot keys for the insertion of form data and scripts are used take over for example a password, user
name or any array to another application by means of a hot key. Hereby always the data of the chosen
2015 MATESO GmbH

First steps

109

record is used. If you have for example opened the quick access, the quick access bar as well as the
Password Safe main window the data from the quick access are used. If you use the quick access and
the main window the data from the quick access bar is used. If you have only opened the main window
the data from the selected record from the list will be used.

Where does the data come from and what configuration possibilities are there?
You can deposit a certain command for every hot key, even whole scripts to be able to act individually
and quickly.

{FRM :UserNam e} or {FRM :Passw ord} or {FRM :...}

Through this the user name, the password or any array will be written in the chosen array in which you
are by pushing the hot key.
{FRM :UserNam e}[tab]{FRM :Passw ord}[enter]
By means of scripts you can create actions like for example the insertion of the user name {FRM:
UserName}", skip to the next array with Tab "[tab]" , insertion of the password "{FRM:Password}" and
afterwards confirm with enter "[enter]".
{UDF:M yPassw ordS cript}
Own arrays can also be chosen via hot key. In the "own arrays" you can deposit any data, even scripts.
So you can for example deposit an own script for every password and that way individually act out
different scripts with a hot key per record. In the following screenshot an "own array" named "Card
Number" with the array name "CreditNo" has been started as "Edit (description field)". In addition the
real array for the script named "Script" with the array name "MyPasswordScript" has been started as
2015 MATESO GmbH

110

Password Safe and Repository

"Memo (multiline description field)". Here the script which should be acted out at the hot key has been
deposited. In this script it is possible to access the "general data" as well as "own arrays".

{A ppS cript}
If an application is linked with the record also the scripts of applications can be directly executed with the
hot key.

2015 MATESO GmbH

First steps

111

Tips and notes:

In order that the deposited hot keys take effect the arrays which you want to read out have to be
accordingly deposited at the chosen record. In this example we emanate from the standard form
"password".
What does FRM and UDF stand for?
How can forms be adapted?
What are applications?
You can find a little tutorial under password entry with hot keys.
7.15.1.7 Quick access
In the array "quick access" you can configure and adapt the quick access bars. In the upper array you
can define the transparency of the bar. The changes immediately effect the bar, that means you can
leave the bar opened during the configuration and do not have to close it.
Automatically create application link when starting passwords
If a password (record) is started with a filled URL the application will be automatically linked. So the
2015 MATESO GmbH

112

Password Safe and Repository

record will already be selected when opening the internet page in quick access. Note that this is not
about a automatic entry.
Automatically select record at the change in the list outlook
At the opened quick access bar and the navigation in the password list the quick access bar will be
automatically updated and the selected record will be loaded from the password list.
Recreate window status and position when opening or unlocking
When starting Password Safe or re-open the quick access or the quick access bar it will be displayed at
the position recently used.
Recreate data when opening the quick access
When opening the quick access or the quick access bar the data of the recently chosen record will be
displayed again.
Quick access bar
You can also "flatten" the quick access bar in the functional range or rather deactivate functions not used.
Through this the quick access bar is also shortened
7.15.1.8 Internet Browser
In the array "Internet Browser" you can configure the browser settings as well as the recognition of the
automatic field assignment.
Standard browser
All browsers installed are listed here. Choose the browser which you want to use as a standard browser
for Password Safe.

Display all installed browsers in the menu

Password Safe finds out all browsers installed on the system and offers you them as a selection.

Highlight arrays at allocation

The array with the array ID "username" has been selected in the list outlook. On the Internet Explorer it
will be shown to you visually what array it is.

2015 MATESO GmbH

First steps

113

7.15.1.9 Browser addons

In the array browser addons the settings of the addons are managed.

Here you can activate or deactivate the addon functionality. There are differences in the different
editions:
Personal Edition: No addons contained
Standard Edition: Addons activated by default
Professional Edition: Addons deactivated by default
Enterprise Edition: Addons are deactivated by default
Furthermore you have got the possibilty to activate or deactivate the capture of the new passwords via

2015 MATESO GmbH

114

Password Safe and Repository

the addons.
If the option load favicon of website at the capture of new passwords is active Password Safe
automatically loads down the symbol which is displayed next to the address bar in the browser and tags
the newly started dataset with it.
If you should have any problems with the addons you can also adjust the port. But usually the standard
port 12001 can be retained.
The option automatically use favicon of URL as dataset icon causes that at the manual start of a
dataset the favicon of the website is used as a dataset icon.
7.15.1.10 Documents
Change to the tab "documents" in the setting dialogue, to make the configuration of the document
management. In the upper array of the setting menu you can change between three arrays.

Directory settings
Here you can define in which directory the documents should be swapped out. This setting refers to all
documents, however in the document itself a swapping path can be defined. You can get more
information on that under edit documents.
Own swapping directory:
Every document that has to be swapped out for the start or for opening/editing will be swapped out for
this purpose in the configured path. The documents will be swapped out in the user application directory
by default.
Automatically create directory and delete after the change:
Through this the directory will be created before the document is swapped out and securely deleted
again after the application, the document has been closed.

2015 MATESO GmbH

First steps

File settings
In the file settings you can define basic settings for the document management.

2015 MATESO GmbH

115

116

Password Safe and Repository

Always automatically re-backup changed document:

Password Safe ePassword Safe recognizes when a document has changed and can rewrite the
document in the database afterwards. When activating this option the document will be automatically
rewritten in the database after the changing. If this option is deactivated you will be asked at every
change of the document if you want to rewrite it in the database.

2015 MATESO GmbH

First steps

117

Delete file after change:

If you do not want to delete the files after swapping out you can deactivate this option. Otherwise the
swapped out document will always be destroyed and securely deleted from the hard disk.
Display status when deleting the document:
Shows you how long the deletion of the document will take, if you should have chosen a higher amount
of overwritings according to the Gutmann method.
Number of overwritings according to the Gutmann method:
Define how often the file should be overwritten with a special sample to destroy it. The higher the
number the bigger the document, the longer the deletion of the document takes.
File changed documents in the history:
Hereby changed documents will be filed in the history and can be recreated by the history.

2015 MATESO GmbH

118

Password Safe and Repository

List options
Define in the list option how Password Safe should act at a double click on a document in the detail
outlook "affix/documents".

7.15.1.11 Messaging
If you receive a new task or a message you will be informed about it.

Messaging at events
If this option is activated you will be informed about new messages and tasks.
Time interval for the testing of new events
This setting defines the time interval for the testing of new events.
Display duration of the message
2015 MATESO GmbH

First steps

119

Define how long the message should be displayed.

Position of the messaging window
Here you can define the position of the messaging window yourself. Just choose the desired position.
Play sound at messaging
If you want to receive an acoustic message, activate this option.
Message at...
Define when you want to receive a message.
7.15.1.12 Search
Define the settings for the search function.
Start global quick search in a new tab
Opens every search with a new tab. Please note that this only works if the "global quick search via
extended search" is deactivated.
Start global quick search via extended search
When activating this option the search will be carried out via the "extended search". If this option is
deactivated the search will be carried out via the folder "all passwords". .
7.15.1.13 Download
If you should use a proxyserver for internet access (for example in a company network), you can state it
here. This proxy is used to update help.
7.15.1.14 Records
Search in the displayed records
If this option is active, a new search will be carried out in the search results from the last search. This is
very helpful if you want to further refine the search results.
Display favourites on the home page
This option enables you to display all of the records marked as favourites directly on the home page.
Automatically adjust the window to the size of the form
When a record is opened, the size of the window (depending on the form stored in the system) is
adjusted so that all of the records can be displayed.
Automatic password entry (autofill)
When calling up a website or application, the access data are automatically entered.
Automatically offer the favicon from the URL as a record icon
When a record is manually entered, you are offered the opportunity to use the favicon from the website
as a record icon.
Setting up an RDP connection by double clicking
If this option has been activated, an RDP connection will be setup by double clicking on a record. In the
selection field, you can define how this connection will be setup. Please note that the record can only be
opened for editing via the context menu in this case.
Download the favicon without enquiry
When a record is manually entered, the favicon from the website is used as the record icon without you
2015 MATESO GmbH

120

Password Safe and Repository

being asked first.

7.15.2 Database settings

The database settings are aimed at all users within a database. For the setup of the particular array click
on the accordant "tab", for example "logbook" to configure logbook settings.

7.15.2.1 General
In the general area you can configure general database settings, for example the maximum document
size.
Maximum document size in MB
Configure the maximum file size for documents.
Display passwords as soon expiring, where remaining days are less than
A time period is defined here in which a password is classified as "soon expiring". 5 days are set as a
standard.

2015 MATESO GmbH

First steps

121

Forms
Here you define which form is chosen as a standard when creating a new folder.
General export settings
The folders selected here are included in an export as a standard.
Applications
When this option is activated, Password Safe automatically looks for a suitable application when
generating a new password. If one or even more suitable applications are found, they are displayed to
enable the correct application to be selected.
Folders
This option has the effect of creating a personal folder for every new user added. You can select whether
the folder is created in the root directory or in a directory of your choice.
If this option has been activated, you can also create a private folder in the user and group management
section by right-clicking on the relevant user.
7.15.2.2 Auto backup
Password Safe offers you the possibility to automatically start a backup when closing. In the array "auto
backup" you can configure the backup.

Automatic backup when closing Password Safe

By means of the automatic backup you can create a backup when closing Password Safe. Enter the
mapping of the backup directory in the description field below, by clicking on the folder icon.

Annex date and time

If the option is activated an new file will be created for each backup. In the file name the point of time of
the backup will be annexed.
Query before a backup
This option causes that you have to agree before the start of backup when closing Password Safe.
Allow deviant mapping
If you want to use an alternative backup mapping per user you can activate the deviant mapping. It can
be deposited in the "general settings" under "general". If no mapping has been deposited there the
deposited main backup mapping will be automatically used.
Display error message for false mapping statement
If you activate this option you will be informed about faulty backups, for example at a wrong directory
mapping of the backup.
Message group(s) at backups
Define if certain users or groups should be informed about the setup of new backup. This information will
be send and provided in the form of a system message.
Automatic webviewer export
2015 MATESO GmbH

122

Password Safe and Repository

If this function has been activated, an encrypted HTML page will be created when Password Safe is
closed that contains a list of all passwords to which the registered user has access. If desired, you can
directly define the password and the location where the file is saved here. If this information is not
saved, the password and the location where the file is to be saved will be requested when the file is
created. In addition, it is also possible to configure whether a request appears before the creation of the
file.

Query before the HTML Webviewer export

Set this check mark if you want to be asked every time you close Password Safe if the webviewer should
be exported.
7.15.2.3 Currencies
Currencies are for example used in the TAN and bank management. An exchange rate translation is
currently not available. By means of the buttons in the upper array you can add new currencies and edit
existing ones.
Create new currency
Edit currency
Delete currency

With a double click or via the context menu (click with the right mouse button) you can edit existing
currencies. Afterwards confirm you change with "save".

2015 MATESO GmbH

First steps

123

7.15.2.4 Logbook
By means of the integrated logbook functionality all events can be recorded.

Activate and configure logbook

Activate the logbook by activating the option active logbook. Afterwards you can configure which
actions should be recorded. You can find further information under analysis and reporting.

If the option create logbook entry with reason at RDP connection is activated, at the build-up of
an RDP connection the following window opens:

2015 MATESO GmbH

124

Password Safe and Repository

Here you can state the reason of the RDP connection. This is then taken over to the logbook.

Clear logbook
Via clear logbook you open a further dialogue:

Here you can directly delete the entries of the logbook via delete all. The option delete after days
2015 MATESO GmbH

First steps

125

only deletes the datasets which are older than the configured number of days.
In addition, it is also possible for you to firstly export all of those entries to be deleted into a CSV file.

Logging options
The following logging options are available in the logbook:
New
Change
Duplicate
Delete
Print
Move
Export
Import
Login
Logout
Clipboard
Connection to the
internet site
Automatic entry
View / open
Events
User changes
Permissions and
rights
Offline mode
Database settings

Log the creation of new records

Log changes to existing records
Log the duplication of records
Log the deletion of records
Log the printing of records
Log moved records
Log exported records
Log imported records
Log user logins
Log user logouts
Log the copying of data to the clipboard
Log connections to the internet site
Log the automatic entry of data
Log the viewing and opening of records
Log events for a record
Log user changes
Log all changes to permissions/rights
Log records in offline mode
Log changes to database settings

In addition, events from the following modules will be logged:

seal and permission systems
Workflow system

Notice for "see/open":

The activation of this option locks the detail array of the list outlook and furthermore the passwords can
not be displayed in the list outlook. The detail array is not available if you want to record the look of the
records.
Tip:
From the Enterprise edition on including the server, the deletion of the logbook can be protected with a
workflow action, e.g.: Release or several-eyes-principle.
7.15.2.5 Password
In the array password you can define the password guidelines and policies yourself. According to the
configured criteria the password will be created and tested if it confirms to the guidelines and may
therefore be used. In the below array you can define which symbols the "password generator" should
use. With those settings absolute safe and uncrackable passwords can be generated.

2015 MATESO GmbH

126

Password Safe and Repository

You have got the possibility here to create a global password guideline, as well as one for new user
passwords and one for export passwords. At the first start already three standard guidelines are
predefined. With a click on the accordant key symbol you get to the password guideline management.
There you can select predefined guidelines or add new ones.
What are safety points?
The safety points reflect the complexity of a password. If numbers, small letters, capital letters and
special signs are used in a password, it is quite complex and therefore receives the required safety
points more quickly. The safety points are calculated for every password, at this also redundancies and
direct repeats are considered. So it can be made sure that the passwords are saved complex enough.
7.15.2.6 Seal
Password Safe offers the possibility to "seal" records. According to the seal it can also be about a sealing
according to the four our more eyes principle, that means so called permissions from other Password
Safe users are necessary to break the seal. Only after the breaking of the seal the date can be seen.
Here you can define how you want to send the sealing messages. You can choose between task and
message system here. The task system offers the advantage that you will be reminded of the permission
via the reminder function.
2015 MATESO GmbH

First steps

127

The administrator can be deleted from the seal

When creating the seal the administrator can be deleted from the list "delete seal".
The administrator group can be deleted from the seal
When creating the seal the administrator group can be deleted from the list "delete seal"..
All seals can be edited
If this option is activated, the users can edit the seals in the offline or USB mode. Changes are also
synchronized.
Only seals without release can be edited
Due to this option the user gets access to all datasets which have not been assigned to a release in the
offline or USB mode. Changes are also synchronized.
No seals can be edited
In the offline or USB mode all seals are locked for editing.

2015 MATESO GmbH

128

Password Safe and Repository

7.15.2.7 Locking
The administrator can be deleted at locking
When starting the locking the administrator can be deleted from the list "lift the locking".
The administrator group can be deleted at the locking
When starting the locking the administrator group can be deleted from the list "break seal".
7.15.2.8 Release system
Do not edit task automatically
The task will be automaticall opened as soon as it is assigned to a user.
Set task to completed if release is completed
After the task is completed its status will be set to completed automatically.
Delete task when release is completed
After the task has been completed it will be automatically deleted
7.15.2.9 Right management
In the array "right management" settings concerning privileges and permissions can be managed.
Display menu items without rights
If this option is activated, the menu items for which the user is not authorized will be shown in the single
menus. That enables the user to require missing rights. At the attempt to open a menu item without
rights, the accordant dialogue appears:

Users can request missing rights

If this setting is active users can ask for missing rights. See Manage permissions and rights.
Only a member of the administrator group can manage the Administrator group
Activate this option if only members of the administrator group are allowed to manage them. Through
this users, which own access to the "user and group management", can only manage administrators if
they are a member of the administrator group.
Enable user login outside of the domain (e.g.: USB stick modus)
If this option is activated the Windows login password of the Active Directory user will also be saved as
an internal Password Safe password. So the user can log on the database with his/her Active Directory
password also if he/she is not linked with the domain.
Administrator and Administrators group can be removed from the shares
2015 MATESO GmbH

First steps

129

It is possible to completely delete the administrator and the administrator group from the permissions.
Hereby also completely private passwords/records are possible. Consequently the administrator has no
longer access. Please also notice that without an administrator in a permission no logbook entries will be
written for that record.
Inherit change to shares in subfolders and records
If this setting is deactivated the question of inheritance will no longer be displayed and changes of
permissions will no longer be passed on to subordinated folders and records. The automatic inheritance
to a new record is not concerned by this and is still carried out.
Users can choose between personal and public records
If this setting is active you will be asked for every new record if this record should be personal or public.
With the choice "personal" only the current user will be lodged in the rights of the record. With the choice
"public" the normal inheritance of rights from the superordinate folder takes effect. In both cases the
rights can be adapted manually afterwards. A personal record can therefore however be made
accessible to other users later on.
Template for root folder
Is required to define the folder rights in the root (highest level for folders). If no template is deposited
here every user can start a folder in the root.
Record template
This template only applies if no inheritance of rights is carried out to the record. As an example we can
name the bank because it is not allocated to any folder but exists overall. This is exactly when this
template takes effect. If no template is deposited the administrator and the administrator group will be
added in addition to the user that receives full access.
System messages
Here it is defined to who the system messages are sent. If no designation is made the administrator
receives the messages. You can choose single users as well as groups.
The configuration in the database settings is only available if the user has the right "... can manage users
and groups". Generally it is suggestive to possibly only give this right to the administrator.
You can find further information in the chapter right templates.
7.15.2.10 USB stick
Configure the USB-Stick settings for the user which have the right to export and use this feature.

Only the originator of the USB stick can log on the database
Activate this option if only the originator of the USB stick is allowed to log on the database.
Start passwords without folders when search folders are exported
If the option is active passwords will be additionally exported, which are not linked with any folder. You
can find the records in the search folders, which also have to be exported.
Only copy records with export privilege on the USB stick
If this option is active only records, for which the user set the privilege "export", will be exported to the
USB stick.
Use expiration date
Here you can set an expiration after a certain number of days after the setup of the USB stick, or also a
2015 MATESO GmbH

130

Password Safe and Repository

general expiration date. If the USB stick, or rather the database, has expired, the user can no longer log
on, but has to create a new USB stick.
Notify users about expiry (in days)
Define here whether and when a user is notified about the expiry of the USB stick.
USB stick can be synchronized
If this option is active changes which have been made on the USB stick can be synchronized back to the
main database.
Destroy and finally delete database after expriation
Alternatively you have the possibility to destroy the database after the expiration and delete safely.
Attention:
Hereby the database will be deleted irrevocably with the Gutmann method. A recreation of the data is
not possible anymore!
7.15.2.11 Offline mode
The offline mode is only available in the Enterprise Edition if a connection to an Enterprise server exists.
With the offline mode it is possible to work without access to the Enterprise server. Hereby the data will
be buffered in an offline database. So you can carry all your data with you with a notebook at a field
work. If you are back in the company you can work again online and your changes will be synchronized
with the server.

Setup
In the Enterprise Edition with the Enterprise server the offline mode is available to you. To use the offline
mode it has to be configured first. You can do this in the database settings under "offline mode". This
point is only available in the online mode, that means when you are connected to an Enterprise server. In
an offline database the point is not available. The offline mode can also only be used in connection with
an Enterprise server. For normal multi user databases on a network share the offline mode is not
available for technical reasons.

2015 MATESO GmbH

First steps

131

Activate offline mode

Activate this option, so that the offline mode can be used. As soon as the first client goes into offline
mode the database will be set into synchronization mode. All clients have to reboot then, because only
then all changes will be recorded.
Number of days after a synchronization is suggested
Here you can set up since when a synchronization will be suggested. You should not wait to long with a
synchronization because other colleagues will also have no access to the new data then. In addition the
synchronization data will get more and more, so that the synchronization will take longer.
Synchronize automatically with offline database before disconnecting the server connection
If an offline database is set up on the client but you work online, the offline database can be
automatically adapted if you disconnect the database connection. Then you have the status quo available
offline. If you are on the way you can access the offline database if no connection to the Enterprise
server is possible. Therefore it makes sense in every case to create an offline database, also if you
always work online. At a possible server breakdown you can anyhow continue to work off line.

2015 MATESO GmbH

132

Password Safe and Repository

Security query
Here you can define if a query appears before certain actions and therefore you can decide at any time if
an action should be carried out. if the security queries are deactivated the actions are carried out
automatically without previous enquiry.
Use expiration date
Here you can define for how long an offline database is valid. After the expiration date has been reached
the offline database is destroyed. Through this it should be avoided that employees outside the company
network can access the database. In order to enable a smooth access to the offline database within the
company network, the following logic is used:
The checking of the expiration date only takes place if you are logged in via login -> database
properties -> connect with offline database.
If it is synchronized in Password Safe via the menu file -> offline mode or if you go offline, the
expiration days are counted up, that means if the offline database should expire in 10 days, but the
user synchronizes after 9 days, the expiration date is extended by 10 days.
Also if the date already expired the user can, if he/she is connected with the database, still access his/
her offline database. Only if he/she connects with it again via the login (that means if he/she is not in
the company net) the database is destroyed.
Notify users about expiry (in days)
Define here whether and when a user is notified about the expiry of the USB stick.

Work offline
If you are connected with the Enterprise server you can activate the offline mode via the menu "file" ->
"offline mode" -> "work offline". Here all data, for which you have the right to access, are saved off
line in an offline database. At the first call this can take a few minutes according to the mounds of data.
As soon as the offline database has been created you can immediately continue to work offline. From the
second call on only the changes will be synchronized with the server, which normally does not take long.

In the status bar, next to the database name, you can see when you work offline.

2015 MATESO GmbH

First steps

133

Work online
When you are offline you can connect with the Enterprise server again at every time via the menu "file"
-> "offline mode" -> "work online", and the changes will be synchronized in both directions.
Afterwards your offline database is updated again and the changes you made have been reset with the
server. Normally this only takes a few seconds, but depends on how long you have been offline and how
many changes have been made meanwhile, off line and on the server.

Synchronize database
If you want to continue to work offline and only synchronize your changes on the server quickly, or want
to receive current data from the server, you can do that via the menu "file" -> "offline mode" ->
"synchronize database". Afterwards your offline database is updated again and the changes you
made have been reset with the server. Normally this only takes a few seconds, but depends on for how
long you have not synchronized and how many changes have been made meanwhile, off line and on the
server. The menu item is only available if you work offline.

Database overview
Via the menu "file" -> "offline mode" -> "database overview" you can see what the current status
of your offline database is. Here you can also reset the offline mode, afterwards the offline database can
no longer be synchronized and has to be newly created. Normally this step is only necessary if you want
to start an offline database on another computer. Only one offline database can be active for one user at
the same time. The menu item is only available if you are connected with the Enterprise server and
therefore work online.

Ticket system
The offline mode is linked with the ticket system. That means only one client can go online or offline at
the same time. If another client goes online or offline (or also several clients), you receive an information
window with waiting position. Normally a synchronization does not take long, so you do not have to wait
long.

2015 MATESO GmbH

134

Password Safe and Repository

Memory location of the offline database

The offline database is basically saved in the user directory. But you can also influence the mapping. This
makes sense if for example server saved profiles are used because here often not enough disk space in
the user directory is available. If you should want to define the path yourself you have got the following
possibilities:
1. You can create the environment variable PSR_OFFLINEDB_PATH and state the path in it, in which the
offline database should be stored.
2. In the configuration file psr.pc7 you enter the value <OfflineDBPath>gewnschter Pfad</
OfflineDBPath> in the array Common
3. In the registry in the sector HKEY_CURRENT_USER ->
Software\MATESO\PasswordSafe\Options the string OfflineDBPath is started and afterwards the
path is allocated as a value.

Notice:
If rights have been changed or given away in the online mode the offline database has to be created
again afterwards in order to take over the new right structure!

7.15.2.12 Mobile devices

In the array mobile devices you define the safety settings for the mobile databases. Please notice that
for the use of the mobile databases either the Password Safe iOS App or the accordant Android App are
2015 MATESO GmbH

First steps

135

necessary. These can be downloaded in the App stores or be purchased.

Note:
This dialog is only available in conjunction with multi-user and Enterprise Server databases up from the
Professional Edition. In Standard Edition, it is not necessary. The synchronization in the Standard Edition
is described in the help for the app.

Allow mobile database synchronization

This option defines if a database can be synchronized. So you have got the possibility to keep the data on
your PC or smartphone always on the same level.
Use expiration date
Here you can define that the mobile database is destroyed after a certain period or on a certain day. It is
also possible to destroy the database after a certain amount of failed login attempts.
Allow iCloud synchronization on iOS devices
The iCloud synchronization allows to adjust the database on your iPhone directly with the iCloud. You

2015 MATESO GmbH

136

Password Safe and Repository

also have got the possibility to create backups of the database in the iCloud.
Allow dropbox synchronization
Via this option you can synchronize your mobile databases with a dropbox account, or also create
backups.
Allow airPass release
With the airPass release you get the possibility to provide the data once on every PC from your
smartphone, via W-LAN / IP address.
7.15.2.13 Reports
Here you can change the image of the reports. It is also possible to integrate freely defined texts, like for
example the company name, in the reports.
It is possible to define the font in which the reports will be printed in the lower section.

The following arrays can be configured:

2015 MATESO GmbH

First steps

Also free texts can be taken into the settings (beside the standard varibles):

2015 MATESO GmbH

137

138

Password Safe and Repository

The above made settings display in the report as follows:

2015 MATESO GmbH

First steps

139

Beside free texts also the following variables can be used:

{REPORT_DATETIME}
{REPORT_USER}
{REPORT_TITLE}
{REPORT_CURRENTPAGE}
{REPORT_EDITION}

-> date & time

-> logged in user
-> title of the report
-> current page
-> edition of Password Safe

7.15.2.14 HTML-Webview
As an export to a WebViewer file can take some time in the case of very large data volumes, it is
possible to configure here whether the user should be issued with a warning. A threshold value can also
be configured.

7.15.3 Personal settings

7.15.3.1 Language
Password Safe can run in German as well as in English. By default Password Safe starts in English. Only
on those computers which have the country setting "Germany", "Austria" or "Switzerland", the software
is carried out in German.
You can change the language under extras -> language at any time.
Please notice that this setting only affects the client itself. The language of the database is not influenced
by this.
2015 MATESO GmbH

140

Password Safe and Repository

7.15.3.2 Color scheme

In Password Safe you can choose between different color schemes, to adapt the appearance of the
software to your requirements. According to the operating system different color schemes are available.
Please notice that Aero Theme takes over the color settings of the operating system. The Edition
Theme has got a different color according to the edition used.

Luna
Oliva
Black
IceBlue
Silber
Aero Theme
Edition Theme
Windows 8

Windows XP
contained
contained
contained
contained
contained
not contained
standard
not contained

Windows Vista
contained
contained
contained
contained
contained
not contained
standard
not contained

Windows 7
contained
contained
contained
contained
contained
contained
standard
not contained

Windows 8
contained
contained
contained
contained
not contained
contained
contained
standard

7.15.4 Auto login

By means of the auto login you can log on at the database automatically or also log on automatically as a
user afterwards. You can find the auto login under "file" -> "My profile" -> "Configure auto login".

Notice:
Please note that the auto login can only be configured for one database (settings are deposited on the
computer). If the auto login has already been configured you can accordingly change it via the menu.

2015 MATESO GmbH

First steps

141

Automatic database login

With this you will be automatically logged on at the selected database after the start, without having to
enter the database password. Please consider that also unknown persons can open your database
without a password that way. In a company the database should at least be additionally secured with a
user login.
Automatic user login
With this the selected user will be automatically logged on the database after the database login..

7.15.5 Plugins
Via our plugin gateway any PCs can be linked with Password Safe for the user authentication. In the
following all currently available plugins are listed. Further plugins for authentication tools like for example
Tokens, Smartcards, Biometrie and RFID employee identification badges are just being planned.
Licence info: For each computer/user licence a plugin licence has to be bought. So if you have 20
computer/user licenses you also have to buy 20 plugin licenses.

2015 MATESO GmbH

142

Password Safe and Repository

Available plugins
Standard USB stick (Standard gateway for USB stick, USB hard disk, USB memory stick)
PKCS#11 (Standard gateway for Tokens, Smartcards, Middleware, and many more)
No longer available plugins
Password Key USB key (out-dated flavor of the Password Key Edition v3 and v4 for Windows XP)

Setup of plugins
From Version 5.3 on plugins will be automatically offered in the setup program and can be installed.
Set the check mark at "plugins" in the setup program. Only then they will be installed and can be used in
the software.

If you have not installed the plugins at the first setup of Password Safe you can just reset the installation
program and "overinstall" so to speak. At this all settings and databases remain obtained, only the
program files will be updated and the plugins also re-installed..
Notice:
Older plugins (e.g. Password Key) have to be re-installed manually. The old plugins can be downloaded
in the download array in the category "plugins". At every old plugin a manual is added in PDF format,
which exactly describes the setup.

2015 MATESO GmbH

First steps

143

Setup
Set up a new database and choose the item "use plugin" in the step "define database protection". If the
item "use plugin" should not exist you either have not installed the plugins or you do not have a valid
licence for the plugin. Look in the licence overview if the licence for the desired plugin has been unlocked.

Afterwards carry out all further steps and in the end click on "Finish".

2015 MATESO GmbH

144

Password Safe and Repository

Now you see all installed plugins. In the first column you see the status of the plugins.
Red = Not active (no USB stick (or Token, Smartcard, and many more) sticks in the computer)
Yellow = No licence for the plugin available
Green = Aktive (the USB stick (or Token, Smartcard, and many more) sticks in the computer and is
ready)
The plugin is not configured so far. Click on the plugin, for example "standard USB key/memory", and
afterwards click on "properties" in the left array below.

Afterwards the configuration of the plugin opens. Here you can carry out different settings.

2015 MATESO GmbH

First steps

145

Please look up the settings at the accordant plugin:

Standard USB stick
PKCS#11
If you have made the changes, click on "Ok" to save the changes.

If the plugin has been properly configured and the USB stick (or Token, Smartcard, and many more)
sticks in the computer the attendance will be signalized with a green symbol.
Now click on "choose" or double click on the plugin to generate a new key for the database. If you use
the plugin for the first time you also receive a new PIN, generated by chance, for the USB stick (if
available according to the plugin). This PIN has to be entered every time you want to use the USB stick
with Password Safe, that means for every login at a database. According to the PC the PIN can be
changed via the settings of the plugin or via the software of the PC manufacturer. For example for the
plugin "PKCS#11" the key is generated with the help of the certificate that you choose.

You receive a PIN and an emergency key, which you may save securely please, for example in a safe.
The emergency key is needed if the USB stick (or Token, Smartcard, and many more) is defect or lost.
2015 MATESO GmbH

146

Password Safe and Repository

The emergency key then can be entered as a password in the database.

Afterwards the database will be started and you are in the login window.

Now click on "Ok" to log on at the database with the plugin. Now you are asked to enter the PIN.

Enter your PIN. Afterwards the database will be opened with the key of the plugin (USB stick, Token,
Smartcard, and many more).
If you should enter your PIN wrongly the acceptance of avoiding Brute Force attacks will be delayed.

2015 MATESO GmbH

First steps

147

Via the button "properties" you can see or change the settings of the plugin.
If you have entered the PIN correctly you are now logged on at the database and you are able to use it.

7.15.5.1 Standard USB stick

With a plugin the Personal, Standard, Professional and Enterprise Version can be extended by a login
with a USB stick. Therefore the login can be made via this USB stick and you do not have to enter a
password for the login. To use the plugin you only need a conventional USB stick which can be used as a
removable storage and can be activated as a drive.
License info: Per computer/user licence one plugin licence has to be bought. So if you have 20
computer/user licenses you also have to buy 20 plugin licenses.
Notice:
The plugin "Standard USB stick" has been designed for single-users. If you should work with many users
(employees) we recommend a real Token (e.g. eToken by Aladdin) in co-operation with the plugin
"PKCS#11".

Setup
You can see here how to set up a new database with a plugin.
To configure a plugin select a plugin in the choice box in the login window and click on the button on the
right side next to the choice box.

2015 MATESO GmbH

148

Password Safe and Repository

Afterwards click on the plugin "standard USB key/memory" and then click on "properties" in the left array
below.

Afterwards the setup of the plugin opens. Here you can carry out different settings.

2015 MATESO GmbH

First steps

149

General
Drive
Enter the drive, under which the USB stick is available, here, e.g. G
PollInterval
Enter here in milliseconds how often should be checked if the USB stick still plugs in the computer.
1 Second = 1000 milliseconds
MessageDelay
waiting time for the display of messages.

Insert card
Auto login
Here you have the possibility that Password Safe memorizes with which database and with which key a
login at the database has to be carried out. If you plug in the USB stick for the second time a database
will be opened automatically.

2015 MATESO GmbH

150

Password Safe and Repository

Delete auto login

With this you can delete the auto login. The auto login is not active until you logged in the next time.

Delete card
Nothing = No action completed
Lock = The database will be locked
Logout = The database will be closed
Change PIN
Click on the button to change the current PIN of the USB stick.

If you have carried out the changes click on "Ok" to save the changes.

If the plugin has been properly configured and the USB stick plugs in the computer the attendance will be
signalized with a green symbol
7.15.5.2 PKCS#11
With this plugin the Personal, Standard, Professional and Enterprise Edition can be extended by the login
with a Token, a Smartcard or another authentication tool. So the login can optionally be made via this
Token and therefore no password for the login has to be entered. For the use of a plugin you need a
Token, Smartcard or a Middleware which supports the standard gateway PKCS#11. This gateway is
supported by nearly all Token, Smartcard or Middleware producers. So you can integrate Password Safe
in already existing PKI scenarios in your company. But also private users benefit from increased security
by that.
Notice that Password Safe only works with certificates which are filed on the Token. Password Safe itself
can not create certificates and safe them on the Token. Password Safe only uses existing certificates. To
create and coast new certificates please use the tools of the Token producers or of the Middleware.
License info: One plugin license has to be bought for each computer/user license. So if you have 20
computer/user licenses you also have to buy 20 plugin licenses.
2015 MATESO GmbH

First steps

151

Notice:
Please get to know before if your device or Middleware producer has a PKCS#11 gateway. Basically we
can not take back licenses due to devices which are not supported. As a company you can receive a test
license in advance and therefore test your devices for the login at Password Safe.
Working manufacturers products which we have tested:
eToken Pro with eToken PKI Client (Producer: Aladdin, PKCS#11-DLL: eTPKCS11.dll)
CardMan 3121 by Omikey with SafeSign Middleware (Producerr: Omnikey, PKCS#11-DLL: aetpkss1.dll)
With substantial orders you can directly contact our reseller. Please directly address our sales
department. We are pleased to advise you.

Setup
You can see how to create a new database with a plugin here.
To configure a plugin choose a plugin in the check box in the login window and click on the button on the
right side next to the check box.

Afterwards click on the plugin "Standard PKCS#11" and then click on "properties" in the left array below.

2015 MATESO GmbH

152

Password Safe and Repository

Afterwards the configuration of the plugin opens. Here you can carry out different settings.

General
PKCS#11 DLL

2015 MATESO GmbH

First steps

153

Choose the DLL here, which the Token (or Smartcard, or Middleware, and many more) provides for the
PKCS#11 gateway. As an example we use an eToken Pro by Aladdin. If you do not know if your Token
has got a PKCS#11 gateway please directly ask the producer of your Token.
Name
Please enter any name here that you want to give your Token (or Smartcard, and many more). This
name will be shown to you in the whole program when you use the device.
MessageDelay
Waiting time in milliseconds for the display of messages.
1 second = 1000 milliseconds
Private keys
If the Token (or Smartcard, and many more) has got private keys please activate this option. Normally
only then a PIN entry is requested and only then it will be possible to access secured certificates on the
Token.

Insert card
Auto login
Here you have the possibility that Password Safe memorizes with which database and with which key a
login at the database has to be carried out. If you plug in the USB stick for the second time a database
will be opened automatically.
Delete auto login
With this you can delete the auto login. The auto login is not active until you logged in the next time.

Delete card
Nothing = No action completed
Lock = The database will be locked
Logout = The database will be closed
For safety reasons we generally recommend to use the option "Logout". Therefore the database will be
completely closed when pulling off the key.
Example for a configuration of an eToken Pro by Aladdin:

2015 MATESO GmbH

154

Password Safe and Repository

If you have carried out the changes click on "Ok" to save the changes.

If the plugin has been properly configured and the Token (or Smartcard, and many more) plugs in the
computer, the attendance will be signalized with a green symbol.
If a PIN should be required for the access to the Private Keys you have to enter that PIN when plugging in
the Token or at the login on a database.
2015 MATESO GmbH

First steps

155

As soon as the PIN has been entered the saved certificates for the use in Password Safe are available.

If you have mistyped the PIN only the Public Keys are shown to you. You can enter the correct PIN again
via the button "enter PIN", afterwards also the Private Keys will be shown to you. Then choose the
certificate which you want to use for the database. We basically recommend to use only private keys
because here you only need to enter one PIN. Public keys can be read at any time without PIN entry and
if you should loose your key it would be a security hole. So you better only use private keys for safety
reasons.
7.15.5.3 Password key USB key (outdated)
Plugin for Password Safe and Repository for the login with the Password Key USB key. The plugin is an
extension for Password Safe and Repository Standard v4 and Professional v4 for Windows XP. Per
license a plugin license has to be bought.
License info: For each computer/user license a plugin license has to be bought.
Notice: This plugin is only contained for compatibility reasons. It is no longer possible to buy it for
Version 5. The operation of the plugin is only possible under Windows XP. If you should have used the
plugin with v4 and to continue to use it under v5 and Windows XP, please contact the Support.

2015 MATESO GmbH

156

Password Safe and Repository

7.15.6 Modules
Modules are extensions of the software, only have to be bought once for a license file and then apply to
all users who access that license file.
7.15.6.1 Network logon
The Professional and the Enterprise Version can be extended by the Network Logon with this module. So
the login can optionally be made automatically via the network ond therefore no password has to be
entered for the database login. The module has to be bought once for a license file and then applies to
all existing clients who log on that license file.
Professional Edition:
The login at the Professional Edition can optionally also be made automatically via the network and
therefore you do not have to enter a password for the database login. If the right management is active
the user only has to login with his/her own login data. Therefore you do not have to give away the
password of the database to your users. With the right management the user only identifies with his/her
user name and his/her personal password.
Enterprise Edition:
At the Enterprise Edition basically no database password has to be entered, because here another
database management is the basis. In the Enterprise Edition the user login can also be automated via the
Active-Directory authentication, so that a login can be made fully automatic in combination.
Configuration:
You can find the configuration of the module under "extras" -> "configure network logon". Please notice
that you have to specify an UNC path for the database (if it lies on a network share), which is available
from every client. The menu item is only available at the client if the administrator logs on a database.
This can also be configured via the Enterprise server.
You can find further information in the chapter "Configure network logon".
Notice:
This module is liable to pay costs and is only available at the client if it has been bought.

7.15.6.2 Terminal server / citrix

With this module you can run the software on a terminal server or under Citrix.
However, you basically need a user license for every employee or user who can access Password Safe.
Notice:
This module is liable to pay costs and is only available at the client if it has been bought.
7.15.6.3 Without client licensing
With this module the licensing is only carried out per user.
Hereby only the counting of the clients is deactivated and you can install Password Safe on as many
computers in your company as you want. However you basically need a user license for every employee
or user who can access Password Safe. This way is suitable for smaller administrator teams that need to
have access to Password Safte on every PC in the company.
2015 MATESO GmbH

First steps

157

Notice:
This module is liable to pay costs and is only available at the client if it has been bought.

Handling

8.1

User interface
The newly designed user interface is conformed to Outlook and therefore offers an excellent overview
and usability. An optional number of databases can be opened simultaneously and "On The Fly" you can
change between these databases. Besides different folders can be opened in tabs and you can also
change between them.
If you go across a button with your mouse it will be shown to you visually which function will be called up
here.
In the upper area the main menu is placed. With the main menu you can start or configure functionalities
which are specific to the program. In the main menu for example the import, the settings and many
more are provided.

Among them is a button bar. The displayed buttons are in each case dependent on the Edition an if you
logged in the database.

Database login: Opens the login window to login in the database chosen.
Database logout: Disconnect database connection.
Database assistant: Start a new or an existing database.
Edit database: Edit database subsequently (path, name, etc.).
Lock database: Locks the database, afterwards login required.
Database user change: Database users change (also "On-The-Fly").
Update: The software is updated, including the settings.
Administrate applications: Enter, edit and delete applications (automatic entry).*
Administrate forms: Edit existing and new forms for the recording of the data.*
Administrate Labels: Design labels newly, or edit or also delete existing ones.*
Administrate users and groups
2015 MATESO GmbH

158

Password Safe and Repository

Logbook: Search, filter and export logbook entries as CSV.

General settings: User specific settings
Database settings: Basic settings which apply for all users
* Can be linked with a record via links (edit record).

Databases can be changed easily "on the fly" via the database assortment in the toolbar. In the upper
part of the choice menu you can find the databases with which you are currently connected. In the below
part you can find all the databases which are set up in Password Safe.

On the left side is the folder assortment. In the upper area the favourites are listed, which you can add in
the favourites array via Drag&Drop. Under it the folder array, here you can also displace the folders via
Drag&Drop and that way change the structure of the folders arbitrarily. You can call up further settings
and characteristics by clicking on a folder with your right mouse button.

2015 MATESO GmbH

Handling

159

On the right side, in the upper array is the tab menu. Here you can navigate between several folders.
You can open a new tab by clicking on a folder with your right mouse button and afterwards clicking
"open in new tab" ( * = locked tabs).
2015 MATESO GmbH

160

Password Safe and Repository

In the right array, underneath the tab menu is the menu to the open folder. According to the type of
folder other buttons and functions are shown here.

Underneath the menu is a list which shows your data. By clicking on the white array with your right
mouse button you can access different functions here. In the lower, right array is the detail display. You
can change the several arrays with a click, for example on preview.

8.1.1

Folder and navigation

By means of the folders (categories) you can represent your own data structure in Password Safe. Every
folder can take different functions. There are for example folders for TAN management, HTML sites,
forms and finally search folders (e.g. all passwords). According to the folder function chosen there are
accordingly other functions and ways of entry available.
You can find in the chapter "folders" how to start and administrate folders.
To show the data of a folder in the right array in a tab, click on a folder with your left mouse button. As
soon as the folder is selected the folder content will be shown in the right array, in the active tab.

2015 MATESO GmbH

Handling

161

Folders can take on different functions

Form
Assign a form to a folder, so the entry mask automatically adapts to the deposited data format when
providing a new record (e.g. passwords). Of course you also can create own forms or change existing
ones with a comfortable assistant (from Standard Edition on).
TAN management
Folders for the management of TANs and banks. Here any banks can be designed as master data and
assigned to TAN blocks. Consequently the capture of a bank is only necessary once. If you have not
designed a bank yet you will be automatically advised of it when you design the first TAN block.
Via the button "call up bank management", you can enter further banks or edit existing banks.
Call up bank management

HTML pages and internet pages

Demonstration of internal and external HTML pages, like for example www.passwordsafe.de, or the
automatically generated homepage. Via the homepage you are always currently informed which records
(passwords) soon expire or already are expired. Furthermore the homepage informs you on important
events, like for example the configuration of the auto-backup. From the Standard Edition on you can see
on the homepage, if a new or unread message is available. Of course you also see due tasks and from
the Professional Edition on you can additionally see on the homepage information on broken seals.
Search folders
By means of the search folders you can list all data on a data sheet and browse it with the quick search
(CTRL+F). Also the own favourites can be displayed as search folders.
Folder without data
This type of folder is an "empty" folder, which is only used for building up the structure. In this folder no
datasets can be saved.

8.1.2

Detail area
In the detail area different information on the selected record are displayed. With a click on an accordant
button below you can change between the detail areas. Every area offers another functionality.

2015 MATESO GmbH

162

Password Safe and Repository

Comments:
In the detail area comments any notes can be deposited to the record. You can enter the comments
under "edit dataset".

Preview:
The preview area shows the data of the selected entry. With a click on the blue arrow the different
functionalities are displayed, according to the type of area (password, e-mail, text, etc.). All areas can be
dragged into any areas via Drag&Drop (left mouse button pushed).

History:
In the history you can see which changes have been made when and who made these changes. Red
gives an account of the old condition and blue gives an account of the new condition. You can call up an
exact history as well as the reset of the record via the context menu (click on record with the right mouse
button -> history).

Logbook:
2015 MATESO GmbH

Handling

163

When the logbook has been activated via the database settings you can see very detailed here, who did
what and when with the dataset.

Affix/documents:
In the detail area affix/documents you can link documents with a record or also add new documents.
Furthermore you can start, run and edit a document directly out of the list.

Locked detail area:

If the logbook is activated the detail array is locked in order to avoid that users can see data without this
being registered in the logbook. In this case you find the following symbol in the detail array:
A click
on it allows you to show the information. At this the access is registered in the logbook.

8.1.3

Tabs
The integrated tab management makes it possible to always have the most important folder opened. So
you can quickly change between folders. By clicking on a tab with your right mouse button you get to the
context menu. Here you can for example lock, reload or also close the tab.

2015 MATESO GmbH

164

Password Safe and Repository

Tip!
Via "lock tab" you can sort of fix the selected tab. In this tab no other data can be loaded then. If you
change a folder a new tab will be opened. The locked tab remains. You recognise a locked tab by the
asterisk attached *.

8.1.4

Quick access
You can show the quick access with the hot key CTRL+Q or via "view" -> "quick access toolbar".

Brief description
The quick access works as follows:
1. Enter the search key, then press Return or Enter.
2. If only one record was found the record will be displayed immediately and Drag&Drop can be dragged
immediately to the target field in the browser with the arrows next to the box.
3. If several records were found with this search key a list appears, and with a double click on an entry
you get to the record and you can work with it as per description under the 2. point.
It works even better, if an internet page is linked with the record, that way the record will be
automatically displayed when quick access is unclosed and you can access the data immediately and
work per Drag&Drop without have made one single click.

In detail with screenshots

At the first boot the quick access will be displayed closed.
With the button next to the search field you can access the general menu of quick access and that way
for example collapse the quick access. In addition with a click on the button many further functions are
available.

2015 MATESO GmbH

Handling

165

If the search key conforms to several records, several hits are displayed. Afterwards you can choose
between these hits. Double-click the entry you need. Afterwards all details of the password are available
to you.

All data in quick access can be dragged to any arrays via Drag&Drop. To do so click on the blue arrow
and keep the mouse button pushed. Go across the array in which the data should be entered with the
mouse (the left mouse button still has to be pushed), and then let the mouse button loose. Afterwards
the data will be entered there provided that the array supports Drag&Drop.

Advice!
2015 MATESO GmbH

166

Password Safe and Repository

You can configure quick access in the general settings.

8.1.5

Quick access toolbar

You can show the quick access bar with the hot key CTRL+L or via "view" -> "quick access toolbar".

The quick access bar works as follows:

1. choose folders

2. Select/choose record. Afterwards you can drag the data into the required arrays using Drag&Drop or
using the buttons and access the unlocked functions.

Configure quick access bar start folder:

The quick access bar can be configured optionally with a predefined start folder. At this the defined
folder will always be loaded when opening the quick access bar. You can define the start folder by
clicking on "file" -> "my profile" -> "quick access bar" -> "set start folder". If you want to delete
the start folder, choose "delete start folder". lschen".

2015 MATESO GmbH

Handling

167

Notice!
You can configure quick access in the general settings.

8.1.6

Data sheet functions

To improve handling and comfort nearly all data sheets offer certain functionalities, like for example the
grouping. You can find out full particulars on this in the individual arrays.

8.1.6.1

Quick search
The quick search (DrillDown-search) enables the further browsing of an already determined sample
space. You are for example searching "Max". You enter "Max" in the search box and all records which
contain "Max" are being displayed. Now you recognise that there are too many entries with "Max" and so
you want to search for "Max Mustermann". For this just delimitate the already determined sample space
by entering the second search key "Mustermann" in the search box. Afterwards all entries in which "Max
Mustermann" is found will be displayed. With "ESC" you can reset or close the search.
To open quick search just click on the button with the "binoculars". Thereby the display widens and you
can enter the search key into the array.

2015 MATESO GmbH

168

Password Safe and Repository

Tip!
The option "search in displayed records" should basically be activated. Otherwise the searching via
the database can take a bit longer
8.1.6.2

Show or hide columns

With a click on the headline with your right mouse button the context menu opens. Here you can show or
hide columns arbitrarily.

Only columns out of forms can be used. You can simply change forms and add own arrays via "edit" ->
"administrate forms" (from Standard Edition on).
8.1.6.3

Arrangement
With a click on the headline with your right mouse button the context menu opens. Here you can arrange
data arbitrarily to have a better overview.

2015 MATESO GmbH

Handling

169

Beispiel: Gruppierung nach Benutzername

8.1.6.4

Sorting
Lists can be sorted for a better clear arrangement. If you click on a column overview, the list will be
sorted ascending according to that column:

2015 MATESO GmbH

170

Password Safe and Repository

Here for example the accordant column has been sorted alphabetically upward with a click on
description. Another click on description sorts the list downwards:

By right-clicking on a column heading, you can open a context menu in which you can delete the
sorting function.

8.2

My profile
Via file -> my profile you can carry out certain user concerned settings.

2015 MATESO GmbH

Handling

171

Edit my profile
Here you can manage your name, the description of your account as well as your email address.
Change my keyword
Here you can change your personal keyword. (Not for users from the Active Directory).
User certificate
Via this menu item you can allocate yourself a certificate and therefore automate the login. You can find
further information under Login via PKI / certificate.
Detail array
Show or hide the detail array here.
Quick access bar
Here you can define which start folder you want to use in the quick access bar.
Reset settings
Via this the user settings, the workflow display as well as the settings for the Windows authentication
(automatic login of AD users) can be reset.
Ignored browser URLs
In this menu you can accept web pages which should be ignored by the browser addons at the capture of
new passwords. In order to accept a new URL please just click on
.
You can also use RegEx here. The entry "ebay" causes that www.ebay.de as well as www.ebay.com,
2015 MATESO GmbH

172

Password Safe and Repository

and of course all other URLs that contain "ebay" are ignored.
Configure autologin
The autologin is described in a separate chapter.
Open releases
Here you can find all releases which you still have to edit (agree/refuse). You can find further information
in the chapter releases.

8.3

Handling of data

8.3.1

Folders
By means of the folders (categories) you can map your own data format in Password Safe. Every folder
can take on different functions. There are for example folders for TAN management, HTML pages, forms
and finally search folders (e.g. all passwords). According to the folder function chosen other functions
and ways of entry are available.
To record datasets (e.g. passwords, TAN blocks, etc.), you have to start an appropriate folder first of all,
which contains the accordant records. Data is basically in the folder designed for it. Without folders no
records can be filed in the database.

Notice rights:
In order that a user can see a folder, he needs at least the privilege to "read" for that folder. If the
folder is in a branched structure as a subfolder, the user needs the right to read on all containing
folders as well. Folders can only be started if the user has got "edit" right on the folder.
8.3.1.1

Add folder
If you want to start a new folder click on the blank array (on the left side beneath a folder) with your
right mouse button and then choose "new folder " in the context menu. Drag&Drop has been integrated
in the whole folder structure. So you can comfortably remove folders (push and hold the mouse button)
and therefore just change the existing structure.

2015 MATESO GmbH

Handling

173

In case you have not deactivated the folder assistant it is available when starting a new folder. In the
folder assistant you will be guided through all steps to directly start a folder with its properties.
Via the folder properties you can configure different settings at the folder chosen. Thereby folders can
take on different functions.
Use folder as:
Form
Assign a form to a folder, so the entry mask automatically adapts to the deposited data format when
creating a new record (e.g. passwords). Of course you also can create own forms or change existing
ones via a comfortable assistant (from Standard Edition on).
TAN management
Folders for the management of TANs and banks. Here any banks can be designed as master data and
assigned to TAN blocks. Consequently the capture of a bank is only necessary once. If you have not
designed a bank yet you will be automatically advised of it when you design the first TAN block.
Via the button "call up bank management", you can enter further banks or edit existing banks.
Call up bank management

HTML pages and internet pages

Demonstration of internal and external HTML pages, like for example www.passwordsafe.de, or the
automatically generated homepage. Via the homepage you are always currently informed which records
(passwords) soon expire or already are expired. Furthermore the homepage informs you on important
2015 MATESO GmbH

174

Password Safe and Repository

events, like for example the configuration of the auto-backup. From the Standard Edition on you can see
on the homepage, if a new or unread message is available. Of course you also see due tasks and from
the Professional Edition on you can additionally see on the homepage information on broken seals.
Search folders
By means of the search folders you can list all data on a data sheet and browse it with the quick search
(CTRL+F). Also the own favourites can be displayed as search folders. See also chapter search folder..
Folder without data
This type of folder is an "empty" folder, which only serves for building up the structure. No datasets can
be saved in that folder.
8.3.1.2

Redefine folder
You can directly redefine a folder in the folder structure. To do so click on the required folder with your
left mouse button and choose "redefine folder" in the context menu.
Thereupon the outlook changes so that the folder is displayed as a small box.

Now directly type the new folder name into that box and confirm the change with the enter key (Return
or Enter on the keyboard). If you want to abort the entry press the "ESC" key.
Alternatively you can also change the folder name in the folder properties. To do so click on the folder
with your right mouse button and choose "properties" in the contexgt menu.
On the tab "overall" you can edit the folder name directly in the first box and also change the displayed
icon for the folder by clicking on the button on the right side next to the box. You can find further
information on the management of icons in the chapter "icons".

2015 MATESO GmbH

Handling

8.3.1.3

175

Copy folder
Via the function "copy folder" you can copy the selected folder with its properties. Please notice that here
only the folder itself will be copied and no contained records.
To do so click on the folder you want to copy and choose "copy folder" in the context menu. Afterwards a
new folder will be started directly underneath the folder entry. This folder contains the name affix
"(copy)". A box will be displayed directly afterwards and you can type in the new folder name.

Save the new name by confirming the entry with the enter key (Return or Enter on the keyboard).

Copy folder (recursive)

You can also copy a folder with its whole structure. At this the folder and its subfolder will be copied.
To do so click on the folder you want to copy and choose "copy folder (recursive)" in the context menu. A
new window opens in which you can carry out several settings to this.
2015 MATESO GmbH

176

Password Safe and Repository

Folder
Here the currently selected folder is displayed. So you can be sure that you have chosen the right folder.
Copy to
Hereby you can define where the new folder structure will be inserted in the already existing folder
structure. Click on the button next to the box to comfortably choose the folder. There you also can
directly start a new folder and opt this one for target.
Copy recursively
Confirm herewith that not only the selected folder but also all subfolders are copied. With the option
update existing folders you can define that the folder structure is not created newly, but an existing
one is updated. If you for example have a folder structure in your database several times and want to
extend them all by the same folder you can start the new folder once and you can then take it over to the
other structures via this option. Please notice that here no records but only the folder structure is copied.
"No predecessor" means that the folder is started in the "Root" of the folder structure, that means
without predecessor.
Notice: The copying of a complete folder structure, with all rights and properties can take a bit of time.
8.3.1.4

Move folder
Folders can be moved in two ways in the folder structure. Either you move the folder to his new position
with the mouse per Drag&Drop or you use the function "move folder". With bigger folder structures,
moving with Drag&Drop is not really suggestive, because you may loose overview and the folder can be
stored faultily. A Drag&Drop operation can be aborted at any time with the "ESC" key.
To move a folder, click on the folder and choose "move folder" in the context menu.

2015 MATESO GmbH

Handling

177

Folder
Here the currently selected folder is displayed. So you can be sure that you have chosen the right folder.
Copy to
Hereby you can define where the new folder structure will be inserted in the already existing folder
structure. Click on the button next to the box to comfortably choose the folder. There you also can
directly start a new folder and opt this one for target.
"No parent" means that the folder is started in the "Root" of the folder structure, that means without
predecessor.
8.3.1.5

Delete folder
If you want to delete a folder, click on it and choose "delete folder" in the context menu.

At this the whole folder structure will be deleted. That means not only the selected folder but also all
subfolders will be deleted. If you also want to delete all records in the contained folders highlight the
option "Should all records in the folders also be deleted?". If this option is not set the folders and links to
the respective records will be deleted. Afterwards you still can find the records in the search folder "all
passwords" and so they can be relocated to another folder. If you activate the option all contained
records will be deleted irrevocably..
8.3.1.6

External links
You can create so-called external links for folders. These enable you to get to the accordant folder
directly from the desktop. In order to create such a link, click on the accordant folder with your right
mouse button and then select generate external link. Then you receive the following window:

2015 MATESO GmbH

178

Password Safe and Repository

If you take over the link to the clipboard, you can generate it per CTRL + V in every folder. Alternatively
you can also directly create a link on the desktop. An external link to the folder "IT" could then look as
follows:

The external link always carries the name of the folder plus a randomly generated ID. This ID causes that
existing links are not accidentally overwritten. An external link can be renamed at any time, also the ID
can be deleted from the name.
With a double click on the link the accordant folder opens in Password Safe in a new tab. If Password
Safe is minimized, the software is of course maximized in order to display the folder. If Password Safe is
not started or locked, you have to log in first.
8.3.1.7

Favourite folders
Folders can be stored per user as favourites in the upper area of the folder navigation. So you always
have quick access to your most important folders and folder often used.

2015 MATESO GmbH

Handling

179

You can drag the required folders simply per Drag&Drop from the folder structure to the folder
favourites. Alternatively you can add a folder to the favourites by choosing "add to favourites" via the
context menu.

You can delete the folder again from the favourites via the context menu in the folder favourites,
manually move folder in the order and change the sortation
8.3.1.8

Edit folder
Via the context menu "properties" you can edit the folder. To do so click on the required folder and
choose "properties" in the context menu. Then you receive a window with different tabs.

2015 MATESO GmbH

180

Password Safe and Repository

In general
Change folder names
Change the name of the folder in the first box.
Change icon
Via the button next to the box of the folder name you can change the icon for this folder.
Use as
Here you can change the purpose of use of the folder. You can find further information on the different
purposes of use of the folders in the chapter "folders".
You can define certain settings according to the purpose of use via the button next to the selection.
Form
Here you can change the form used for this folder. Please note that this only applies to new records. The
already contained records retain the form with which the record has been started.
Via the button next to the selection you can see the form and directly edit it.
Comments
Via this array you can give information to the user which is important for that folder. Here the text will be
displayed in the password list in the head array. You also can define the icon itself and therefore also
2015 MATESO GmbH

Handling

181

change the colour of the reference note to get more attention on the specification text. First specify the
number of the icon (0 to 3), followed by a semicolon; and afterwards the displayed text. Also see Forms.

Custom fields
Via the tab "custom fields" you can start a guideline for new records. The arrays recorded here will be
added automatically at a new installation of a record. So you do not have to retrieve additional arrays at
a new record and the underlying form does not have to be especially adapted.
To record own arrays click on the button "add field" and choose the kind of array afterwards.

Afterwards define the data of the new array.

2015 MATESO GmbH

182

Password Safe and Repository

Field label
This is the description that is displayed in front of the box.
Field name
This is the clear identification of the array. The array name may only appear once per folder. The array
name is also used as a variable name, e.g. for the password entry. So choose an appropriate and
significant name. Please note that here no special signs and umlauts can be used.
Field type
The type of array will already be set before by means of the type of array you have chosen and can not
be changed.
Mandatory field
Activate this option if the new array is a mandatory field. Then the record can only be saved if the array
has been filled in.
Internet link (URL)
Is the array for a URL, so activate this option. Then further functions at this array are available (e.g.
direct call in the browser).
Email address
If it is about an e-mail address at this array, activate this option. Then additional functions are available
at this array (e.g. sending e-mail).

2015 MATESO GmbH

Handling

183

Release
Under the tab release the rights for the folder are given away. You can find further information on that
in the chapter "Manage releases and rights".

Extended
The tab extended offers on the one hand the possibility to manage the inheritance of right templates,
and on the other hand you have got the possibility here to configure the folder for private datasets.
8.3.1.9

Folder quick search

With the folder quick search you can directly search for a folder in the folder structure without having to
open the folder tree/structure. The search is high-performance, so that the results will be displayed
immediately.

How to use the quick search:

Enter the desired folder name you want to search for in the array "enter search text here...".

The result of the search will be displayed immediately. In the first column the direct folder name will be
shown and in the second column the complete mapping of the folder will be shown. So you can quickly
navigate through many folders. Select the accordant folder with a "double click" or the "Enter" key. Of
course you can also page through the sample space with the cursor keys.

2015 MATESO GmbH

184

Password Safe and Repository

8.3.1.10 Search folders

By means of the search folders you can list all or only certain data in a data sheet and browse it with the
quick search (CTRL+F). Also the own favourites can be displayed as search folders. The search folders
serve as a powerful search tool and therefore help to keep an overview of capacious data banks.

Search folders: All data (forms)

Lists all passwords, for which the user has the privilege of reading.

Search folders: Favourites (forms)

Lists all passwords that the user has labeled as favourites. Only the own favourites will be listed.

Search folders: Own filters (forms)

Lists all passwords according to filter criteria determined by the user, for which the user has the privilege
of reading.

This search folder can be configured via the button next to the choice box.

Furthermore the setup is also possible directly in the data sheet.

2015 MATESO GmbH

Handling

185

In the screen settings many different restrictions can be set up.

User screen
Here you can choose a user. Only the records, which conform to the accordant user, will be listed.
Date screen
Here you can put on restrictions concerning the date. If you activate the "today" CheckBox then always
the current date will be used for the information retrieval. So it is for example possible to show all
records that have been written today.
Folder screen
Via the folder screen any amount of folders can be added. The folders are linked with OR, so that all
records which are contained in one of the specified folders, will be listed.
Set up screen for form fields

2015 MATESO GmbH

186

Password Safe and Repository

Hereby you have the possibility to search for every form field and therefore put on several restrictions.
There will be no exact search but each content of the array will be browsed for the search key. If the
search key exists in the array the record will be listed.
Screen settings for form fields
Hereby you can influence the search of form fields and therefore enable an AND or an OR link-up.
Besides you can activate the case sensitivity.
Tag screen
With the tag screen you can search for tags and let the records with the contained tags be listed. A
properly administrated database with tags is a big relief in order to find records. With tags you can easily
achieve a clear arrangement of topics. At a password record tags can be added on the tab "comments".
The tags can be linked with AND (all tags have to be contained) or OR (only one tag has to be contained)
.
Special screen
With the special screens certain functions can be enquired, e.g. if a record is sealed. The special screens
can be inverted via the CheckBox "reverse", e.g. if a record is not sealed.
We continuously extend the screen settings and enlarge them to a powerful search tool.
8.3.1.11 Private folders
The users in Password Safe have got the possibility to start private folders. Only the user that has
created the folder has got access or rights to it. Also the administrators or the members of the
administrator group do not have access. If a user is deleted, however, you have got the possibility to
delete all private data of the user as well.
In order to create private folders it is suggestive to create a parent folder at first. After the creation
switch to the settings of the folder by selecting "folder without data" under general at use as. Now
switch to the releases of the folder and there you give all users at least the rights "read" and "edit".
Under the tab extended you can then define if the folder is public or private. Furthermore you have got
the possibility to let the users choose if they create private or public subfolders.

2015 MATESO GmbH

Handling

187

The single users only see the created parent folder:

With a click with the right mouse button on the folder the users can create own, private subfolders:

2015 MATESO GmbH

188

Password Safe and Repository

The user that has created the private subfolder has full access to it. All other users can not see the
folder:

8.3.2

Datasets (e.g. passwords)

According to the end use of the folder different data can be stored in a folder. In this chapter we
describe the application of forms for the capture of datasets (e.g. passwords).

2015 MATESO GmbH

Handling

8.3.2.1

189

Add dataset
To add a new record first of all select the folder in which the new record should be started. To do so
click on a folder with your left mouse button. In the right array the content of the folder will be displayed
now.

Click on the blank array with your right mouse button and choose "add record" in the context menu. Then
a new window opens for the recording of the new record. According to the selected folder and the
dedicated form you can enter different data.
Following an overview of the most important arrays for the recording of records:

2015 MATESO GmbH

190

Password Safe and Repository

General data
Filed in folder
There all folders are listed, with which the record will be linked or already is linked. Click on the button
on the right side to directly get to the link-ups. There link-ups can be added, edited or deleted.
Valid until
Hereby you can define the validity of the record. As soon as you set the check mark you can set the date
for the validity or the record. Furthermore you will be asked if a task should be created therefor. You can
edit the task at saving. Further information on tasks you find in the chapter "Tasks".

Expires every X days

Hereby you can define how many days a record is valid. Via the button on the right side you can let the
date be set on the target value. In doing so the remaining days will be accordingly recalculated.
Remaining days
Shows the remaining days until the record expires.

Comments

2015 MATESO GmbH

Handling

191

Comments and notes

Paste in any length of texts here. The comments will also be displayed in the detail array in the list.
Tags
Enter any search keys in this array. In the data sheet you can search for these tags then and therefore
find the record more easily.

Own fields
You can start as many own arrays per record as you want and therefore suit the record to your individual
purposes. Click on the button "add array" to start own arrays. It is also possible to deposit "own arrays"
as a sample for a folder. You can find further information on these samples in the chapter "Edit folder".
There are three different types of of arrays for own arrays:
Edit (description field)
A description field is used for the entry of single-spaced texts.
Password (password array)
A password array is used for the entry of important data that has to be secured. The entered data will
be hidden in the presetting and displayed as an asterisk.
Memo (multiline description field)
A multiline description field is used for the entry of longer texts and notes.
If you should require further types of arrays you also can directly edit the form or start a new form for a
specific purpose of use. You can find further information on forms in the chapter "forms".
Afterwards set up the data of the new array.

2015 MATESO GmbH

192

Password Safe and Repository

Array inscription
This is the description which is displayed in front of the box.
Array name
This is the clear identification of the array. The array name may only occur once per folder. The array
name is also used as a variable name, e.g. for the password entry. So choose an appropriate and
significant name. Please note that here no special signs and umlauts can be used.
Type of array
The type of array will be preset with the help of the type of array you have chosen and can not be
changed.
Mandatory field
Activate this option if the new array is a mandatory field. The record then only can be saved if the array
has been filled in.
Internet link (URL)
If the array is for a URL activate this option. Then additional functions are available at this array (e.g.
direct call in the browser).
In URL fields following parameters can be added. Then documents or applications which are already
associated with the record are so involved that they can be opened by a click on the parameters.
startapp: Application -> by clicking on the entry the associated application is started
startdoc: Document -> by clicking on the linked documents en entry opens

2015 MATESO GmbH

Handling

193

EMail address
If this array is for an email address activate this option. Then additional functions are available at this
array (e.g. sending emails).

Link-ups
Here you can see with which other data the current record is linked. Link-ups are very practical because
thereby redundancies, that means double data management, can be avoided. Therefore folders,
applications, labels, etc. can be used repeatedly for various records.

In the list all link-ups of the current record are displayed, arranged according to the type (folders,
documents, favourites, labels, applications). To add further link-ups click on the button "add link".
That way records can be linked with as many folders, applications, etc. as desired without having to start
data repeatedly. If a password is required in several folders, for example because a co-operator member
has got no access to the other folder structure, then it is enough to additionally link the password with
the folder that the co-operator can access.

2015 MATESO GmbH

194

Password Safe and Repository

The following possibilities are currently available

Folders
Herewith you link the record with any folders.
Documents
Herewith you link the record with any documents. Then the documents are directly apparent in the
password list in the detail array to the particular record on the tab "affix/documents", and can directly be
edited or accessed.
Favourites (per user)
Every user can highlight his/her records as a favourite. This is a personal setting for every user and
therefore does not affect other users. Favourites have a green qualification in the record list, therefore a
sorting or grouping is also possible. Furthermore a search folder "favourites" can be started in which all
records marked as favourites are listed.
Label
With Label you can highlight records in terms of colour and therefore categorize records
Standard browser
If a dataset is linked with a browser, the accordant web page opens in the selected browser. If no
browser is deposited, the standard browser, which is defined in the general settings, is used.
Search application
Here you can create a new Windows login for the automatic entry and allocate it to the dataset. You can
find information under the following link: Control elements (Controls)
Capture application
Here you can re-capture a Windows login for the automatic entry and assign it to the dataset. You can
find information under the following link: Controls
Capture browser
The dialogue for the allocation of arrays opens. You can find help and information under the following
link: Fill in form fields (web browser)

Edit and delete link-ups

Already created link-ups can be deleted again. To do so you click on the desired link-up in the list with
your right mouse button and choose "delete link" in the context menu.

2015 MATESO GmbH

Handling

195

Also some link-ups can be edited directly. If you want to adapt an application for example you can access
the application directly with the password and edit the application via the detour over "administrate
applications".
8.3.2.2

Edit dataset
To edit an already existing record highlight the desired record in the list and choose "edit record" in the
toolbar or in the context menu. A double click on the desired record in the list also opens the respective
record for editing. In the chapter "Add record" the particular arrays and functions are described.
If you only have the privilege to read the record, the record will be opened in the ReadOnly mode. In this
mode it is only possible to read data. A changing of the data is not possible.
Furthermore it is possible to mark several datasets and edit them together. For this there are two
possibilities:
- click on the first dataset, keep SHIFT pushed, click on the last dataset
- keep CTRL pushed and mark the desired datasets
As soon as several datasets are selected, you can choose the item edit all marked datasets via a click
on your right mouse button. Then a blank entry mask appears. All data that is entered here will be taken
over to the selected datasets. So you have got for example the possibility to change the passwords for
several RDP connections in one operation.
After a change of a dataset, you can see in the context menu of a field when the change was carried out
and who did it. At a synchronization with a USB stick or an offline database the data will be adjusted with
this time stamp.

2015 MATESO GmbH

196

Password Safe and Repository

8.3.2.2.1 htaccess connection

On web pages with htaccess login the login data can be directly taken over (that means without
application), if the accordant web page is opened in a Password Safe tab.
First of all start an accordant dataset.

2015 MATESO GmbH

Handling

197

Here only a description and the URL is necessary. Now switch to the tab own fields, where you create an
own field in the format edit (text field) via add field. This must have the field name "hta_user".

2015 MATESO GmbH

198

Password Safe and Repository

Afterwards you create an own field of the type password (password field) in the same way. Then you
give it the name hta_pass. Now you see the accordant fields and can fill them in.

2015 MATESO GmbH

Handling

199

If you now call up the web page via right mouse click on the dataset -> open in tab, the login data
will be directly given over.
If you have a normal login on a web page afterwards, you can use the form to enter user name and
password there. For this both logins with only one form and an allocated application are required for the
second login.
8.3.2.3

Move dataset
Datasets can be moved to other folders per Drag and Drop or be linked with other folders. As soon as a
dataset has been moved the following dialogue appears:

Define here, if the dataset should be moved or linked.

2015 MATESO GmbH

200

Password Safe and Repository

Link
If a dataset is linked with another folder you can see it in both folders. At the linking you receive the
following selection dialogue:

Select maintain current rights here, so the dataset gets the same rights in the new folder as in the
old folder. Choose add rights of the destination folder, so the rights of both folders will be
accumulated. No rights will be deleted.
Notice:
If the rights are changed in one of the folders this also affects the rights of the dataset in the other
folder.

Move
If a dataset is moved to another folder it is no longer available in the original folder. When moving you
receive the following options for adapting the rights:

2015 MATESO GmbH

Handling

201

The option maintain current rights causes that the rights of the dataset do not change.
Via add rights of the destination folder the rights of the original folder as well as the rights of the
new folder are accumulated. No rights will be deleted.
Adopt rights of the destination folder allocates the dataset the complete right structure of the new
folder. If the original folder has got more rights, they will be deleted as well.
8.3.2.4

Copy dataset
If you require a similar record and only want to do a minimal change you can copy an already existing
record and accordingly change it. To copy a record select the accordant record in the list and choose
"copy record" in the context menu.

Afterwards a new record will be started just underneath the copied record, which contains all data and
link-ups like the original record. The history and the logbook are not copied because these now only
contain the changes of the new record. This record contains the name affix "(copy)". Now you can
directly edit the new record.
8.3.2.5

Delete dataset
To delete a record, select the accordant record and choose "delete dataset". Then you receive a
request for security if the record should really be deleted.
If the record is still linked with further folders it only will be deleted from the current folder. If the record
should definitely be deleted from all folders and therefore irrevocably be deleted from the database,
additionally activate the option "finally delete from all folders".

8.3.2.6

Print dataset
You can print a single record by selecting it from the list and choose "print dataset" in the context
menu.
It is also possible to print the whole list in the current outlook. To do so click on the printer icon in the

2015 MATESO GmbH

202

Password Safe and Repository

toolbar and choose "print list (active outlook)" or "print list (extensive)".

Print dataset
Only prints the currently selected record.
Print list (active outlook)
Prints a list of the passwords that are in the current list. The list will be dumped tabularly and contains all
columns of the displayed list.
Print list (extensive)
Prints every record that is in the current list separately.
8.3.2.7

Use datasets
If a field of the type "URL" is contained in a dataset you can open the accordant web page directly out of
Password Safe. For this there are several possibilities.

Open web page in a browser

With a click on the URL in the list outlook, the accordant web page will be opened in a browser. If not
configured differently for this the standard browser is used.
If the dataset has been linked with a browser, the page will open in that browser. Therefore you have
got for example the possibility to let a web page be opened in Firefox, while all other web pages are
called up in the Internet Explorer. With a click with the right mouse button on the dataset you can open
its context menu in which you can find further possibilities for calling up the web page:

Open web page in Password Safe

In the context menu of a dataset (accessible via a right mouse button click) you have got the possibility to
open a dataset in Password Safe. For this a new tab is opened and the internal browser (IE) is used.

2015 MATESO GmbH

Handling

8.3.2.8

203

Copy user name

To copy the user name to the clipboard choose "copy user name" in the context menu. Alternatively
you can click on the accordant button in the toolbar.
"Copy user name" only works if an array with the name "UserName" is available in the form.

8.3.2.9

Copy password
To copy the password to the clipboard choose "copy password" in the context menu. Alternatively you
can click on the accordant button in the toolbar.
"Copy password" only works if an array with the name "Password" is available in the form.

8.3.2.10 Copy URL

To copy the URL to the clipboard choose "copy URL" in the context menu. Alternatively you can click on
the accordant button in the toolbar.
"Copy URL" only works if an array with the name "URL" is available in the form.
8.3.2.11 Copy array
To copy an optional field to the clipboard, choose "copy field" in the context menu. Alternatively you can
also click on the accordant button in the toolbar.
Then you receive a new window in which you can select the desired field. With the click on the button
"copy" the selected field will be copied to the clipboard.
If you keep the CTRL button pushed here, several datasets can be marked and therefore copied. You also
have got the possibility to copy the field description if you set the accordant check mark.
If all fields of a dataset including the description are copied to the clipboard and afterwards a new
dataset is started, the data will be directly taken over from the clipboard to the new dataset.

Example:
The dataset you want to copy contains the following data:

2015 MATESO GmbH

204

Password Safe and Repository

In order to copy fields from that dataset please click in the main window with your right mouse button to
the accordant line:

2015 MATESO GmbH

Handling

205

In the context menu which opens next please select "copy field". Then you will be shown the following
window:

Here you can mark the desired field(s). In order to mark several fields please keep the CTRL key pushed.
If all fields from that dataset are copied, they will be taken over to the clipboard as follows:
eBay
purchase virtual company
0NX26pds3PDQ
http://www.ebay.com
If the descriptions are copied as well the following will be taken over to the clipboard:
Description: eBay
User name: purchase virtual company
Password: 0NX26pds3PDQ
URL: http://www.ebay.com
Email address:
8.3.2.12 Clear clipboard
You can clear the clipboard and therefore delete all contained data from the memory by selecting "clear
clipboard" in the context menu or clicking on the accordant button in the toolbar.
The clipboard can also be cleared automatically. Further information you can find in the chapter
"clipboard"..
8.3.2.13 Go to folder
Via "Move to folder" all linked folders are displayed in the context menu and you can directly skip to
that folder by clicking on an entry in the context menu. At this a new tab will be opened with the
selected folder. Therefore the active tab remains maintained and you quickly have the possibility to look
up the content of the other folder.
2015 MATESO GmbH

206

Password Safe and Repository

8.3.2.14 Add attachment/documents

Via the menu item "affix/documents" you can link documents with a record. Linked documents are
listed in the detail array under "affix/documents".

Add affix/documents
Via the menu item add affix/documents you get to the following menu

Here you can choose the desired document and link it with the dataset via choose.

List documents
Via this menu item all documents linked with this dataset will be shown to you. You can directly open
them with a double click.

2015 MATESO GmbH

Handling

207

You can find further information in the chapter Link documents.

8.3.2.15 Quick view (space bar)
The quick view is a practical possibility to quickly display the form data on the terminal. Here you select
the desired record and just push the space bar on the keyboard. Alternatively you can also access the
quick view via the context menu "quick view (space bar)".

Thereby you have the same functionalities as in the record outlook. Basically the quick view is only
apparent for 15 seconds. Via the button keep open you can intercept this automatic and leave the
window open unboundedly.
Via the button with the lock you can make hidden data apparent or hide it again.
You can directly close the quick view again with the space bar provided that the focus is still on the
button close.
Since the quick view is a dynamic window, the view can vary from dataset to dataset. If for example a
2015 MATESO GmbH

208

Password Safe and Repository

comment has been given at a dataset it will be shown in the quick view:

8.3.2.16 History
The history is a real producer of dataset versions. Thereby every change of the dataset will be saved as
a version. You have the possibility to skip back to a version of the dataset at every time. Furthermore you
have the possibility to compare datasets in the history and to see what has changed at this dataset in the
course of time.

Preview

If you select a record in from the list click on the tab "history" in the below outlook array, you can see
the accordant changes to the active record. According to this in our example the array "password" has
been changed. The text highlighted in red is the old field content and the blue text is the new field
content.
So you can see at a glance when a change at the record was made and, first of all, who made a change
and what has been changed by that user. Please note that here only form fields are taken into
consideration. Other changes of the record, like for example link-ups, comments, tags, etc., are not
contained in the history. But some of these changes are contained in the logbook, e.g. when a link-up is
deleted.

2015 MATESO GmbH

Handling

209

Saved data is displayed as dots according to the setting, that means it is hidden. To display the data in
plain text choose "show passwords and saved data" in the toolbar or push the F12 key.

Details
You can see the complete history when you select a record and choose "history" in the context menu.

Here you can see the individual versions of the record and therefore have an overview of the entire
history of the record. If you activate the option "highlight changes to the predecessor" the changes
compared to the last record will be displayed in terms of colour. You can delete individual versions from
the history if you click on the desired record in left list and click on the button "delete". Also all version
levels can be deleted at once by clicking on the button "delete all".

Undelete datasets
Via the button "undelete" the selected record can be undeleted. Please note here that the active record
will be overwritten. But the active record will be saved in the history as a record version so that it also
can be undeleted at every time. Therefore a data loss is impossible.

2015 MATESO GmbH

210

Password Safe and Repository

Compare datasets
Via the button "compare" you can display two versions of a record next to each other and directly
compare with each other.

Via the choice box you can load a record on every side and directly compare them with each other. If you
activate the option "highlight changes" the changes in the records will be highlighted in terms of colour
(before = red, afterwards = blue).

8.3.2.17 Unblocking and safety

Via the menu item unblocking and safety you can directly allocate groups and users to the selected
record and give them individual privileges on this record.
You can find further information in the chapter "Administrate unblockings and privileges".
8.3.2.18 Extras

Export as XML (encrypted export)

In Password Safe datasets can be exchanged between different databases. Select the datasets in the list
and open the context menu (click with your right mouse button on the selected dataset). Select extras ->

2015 MATESO GmbH

Handling

211

export as XML in the context menu in order to export one or several datasets. At the export the datasets
will be written into a highly encrypted XML file. You can set the password yourself at the export or also
use the existing database password. At this export all dataset information (except links and rights) are
also exported.

Import as XML
In order to import datasets from another Password Safe database, select extras -> import as XML in
the context menu after a click with your right mouse button on a dataset and follow the assistant.

Export as CSV

(unencrypted export)

Analogue to the XML export you can also export datasets in the format CSV. Here the datasets are not
encrypted. So you can create lists which can for example be continuously edited in a table processing
program.

Import as CSV
You can import CSV files by doing a click with your right mouse button in the list and select extras ->
import as CSV in the context menu. Also follow the instructions of the assistant here.
Notice:
In order that an export can be carried out the user has to own the export right of the dataset,
furthermore the user needs the general right to export datasets. An import can only be made if the user
owns the right to edit the folder and also the general right for dataset import.

Importing the favicon for all marked records

This function enables you to import the favicon for a website as the record icon. The prerequisites for
this are that a URL is saved in the record and a favicon can be found on the website.

Generate external link

Via the function create external links, you can create links to open the accordant dataset. You have
different possibilities at the creation:

2015 MATESO GmbH

212

Password Safe and Repository

You can either take over the external link to the clipboard or directly create a desktop link. If this option is
selected, the accordant link appears on the desktop:

If this link is clicked on the password opens and can be used or edited directly. Precondition for this is
that you are logged on the accordant database. However, Password Safe can be minimized for this.
You can also generate an external link by dragging the accordant password to the desktop with a pushed
CTRL button.

Generate external RDP link

If a RDP connection is saved in a dataset also links which directly build up the RDP connection can be
created. Therefore you can store all important RDP connections as links comfortably on the desktop or in
a folder. Via a context menu which opens after a click on generate RDP link, you have got the following
three possibilities:
Connect Creates an RDP link which builds up an RDP connection and which directly builds up the user
Connect with console Creates a link which builds up a connection with the console and logs on the
user
Connect without auto login A link is created which builds up the RDP connection but does not carry
out an auto login.

Generate external application link

If an automatic password entry has been created for an application, the automatic login can be made via
2015 MATESO GmbH

Handling

213

desktop icon. At this the application is started before, as soon as the login window appears the login is
carried out as usual. For this it is important that you are already logged on the database.
8.3.2.19 Properties
Normally the properties of records contain the information on the users who started, edited or have seen
the record. At this the user, the date and the exact time is listed.
8.3.2.20 Change Form
If you want to change the form allocated to a record because, for example, you require a new field, this
option is directly available to you in the record,

After clicking on the relevant button, a selection list will be displayed in which you can choose the desired
form. Confirm your selection by clicking on Select.

2015 MATESO GmbH

214

Password Safe and Repository

Then the Form converter will open. This function is used to allocate the fields.

2015 MATESO GmbH

Handling

215

You will see the fields in the new form on the left-hand side. The fields in the old form will be displayed
on the right-hand side. If both forms possess forms with the same names then these will be
automatically allocated. If a field cannot be allocated or does not correspond to the criteria for the
automatic allocation function, the desired field can be selected by clicking on the relevant field on the
right-hand side. If all fields have been allocated, it is sufficient to simply click on Save to accept the
changes.
If you find that the newly selected form is not the correct one then you can select a new form in the
bottom left.
If you want to change the form for multiple records simultaneously, you have this option under Extended
search

8.3.3

TAN management
By means of the TAN management you can start and administrate as many TAN lists as you want. But
before a TAN list can be started a bank has to be started to which the TAN block will be assigned in the
further course. When starting the first TAN block you will be automatically requested to start a bank.
After starting a bank you can start the accordant TAN block. By entering the bank management you can
connect any TAN blocks to a bank or rather a bank account, without having to start them twice.
If you start the first TAN list you will be automatically passed on to the bank asset form.

In the list outlook the following functions are available in the upper array. Alternatively you can also
access/call up the functions in the context menu (click with the right mouse button).
Create new TAN block
Edit TAN block
Delete TAN block
Use TAN/use iTAN/highlight TAN as used
Call up bank management

Notice:
Before you can start a TAN block you have to set up the use of the folder for the TAN management. How
you start a folder for the TAN management you can read in the chapter "Add folder (use as...)".

2015 MATESO GmbH

216

8.3.3.1

Password Safe and Repository

Bank management
You can call up the bank management via the menu in the TAN management. To do so switch to a folder
that is used as TAN management.
Bank management

After pushing the button the bank management opens. In the bank management you can start, edit and
delete new banks and accounts. You can call up the menu via the context menu (click on the right mouse
button).
Add new bank
Edit bank
Delete bank
Bank properties

8.3.3.1.1 Add bank

When starting the first TAN list you will be automatically passed on to the form "Add bank". In this form
you can record bank and account data. Furthermore you can enter further data of the bank, like for
example the URL, in the tab "address data". Therefore you can avoid so called Phishing, by always
using the URL deposited in Password Safe. To do so switch to the tab "address data" and enter the
URL of the bank in the array "Internet". Afterwards you can directly call up the internet page of the
bank directly out of the TAN list.

2015 MATESO GmbH

Handling

217

Add account
You have to deposit a bank account to the bank to save the bank data. In the further course this account
will be assigned to the TAN list. If you should have started several banks and bank accounts you can
select and allocate the accordant bank account in the TAN list. Click on the button "Add account" in the
tab "general". Afterwards you have to confirm the message to save the bank data, for starting a bank
account.

Start new bank account

Enter your account data in the following dialogue and confirm with "Add" to save the data.

After adding an account and entering the main information of the bank, you can save the bank with a
click on the button "save". Afterwards the bank accounts are available when starting a TAN list.

2015 MATESO GmbH

218

Password Safe and Repository

8.3.3.1.2 Edit bank/accounts

The deposited bank data and bank accounts can be changed at every time. But deleting the bank
accounts is only possible if they are no longer assigned to a TAN list. Open the bank management and
select the bank you want to edit with a double click. Alternatively you can also call up the bank edit form
via the context menu "edit bank" out of the bank management or the TAN list.
8.3.3.1.3 Delete bank

Via the context menu of the "bank management" you can delete the bank. The bank can only be
deleted if no bank account of this bank is linked with a TAN list. If a link-up with a TAN list should still
exist change the bank account of the TAN list or delete the TAN list.

2015 MATESO GmbH

Handling

8.3.3.2

219

Add TAN block

If bank accounts have already been recorded the TAN management directly opens. In the TAN
management you can create, edit, import TAN`s and also highlight them as used. Via the context menu
as well as via the "TAN menu" you can create and manage TAN`s.
Bank
Here you can choose the bank to which the TAN list should be allocated.
Available TAN's
Number of available TAN's
Used TAN's
Number of TAN's used
Total amount
Total amount of used TAN's
Tan list number
Number of the TAN list (arbitrary)

2015 MATESO GmbH

220

8.3.3.3

Password Safe and Repository

Edit TAN block

You can edit a TAN block by opening it in the TAN list with a double click. Alternatively you can also open
the TAN block via the context menu. Choose the menu item "edit dataset" in the context menu.
Afterwards the TAN block opens and you can edit it.
.

8.3.3.4

Delete TAN block

To delete a TAN block you have to highlight it and afterwards confirm deletion of the TAN block with the
button "delete dataset". Afterwards all TAN`s as well as the links/allocation with the bank will be
deleted. Alternatively you can also start deletion via the context menu.
Delete TAN block

2015 MATESO GmbH

Handling

8.3.3.5

221

TAN menu

8.3.3.5.1 Add TAN`s

To add a TAN you have to start a TAN block or edit an already existing TAN block. Click on the button
"TAN menu" in the TAN block. Alternatively you can also open the form via the context menu. Choose
the menu item "add TAN". Afterwards the entry mask opens with which you can record TAN`s.
Ser. no.
Enter the iTAN number here. The ser. no./iTAN can only be used once in every TAN block.
TAN
TAN number or iTAN
Confirmation number
Confirmation number (is only used rarely)
Used on
Enter when the TAN has been used up or used
Magnitude
Here you can enter the magnitude with which you have used the TAN
Add more
The entry window for TAN's remains opened after the "add" so that you can quickly enter several TAN`s
in a row.
Add
The TAN entry window closes after the "add" of a TAN.

2015 MATESO GmbH

222

Password Safe and Repository

8.3.3.5.2 Edit TAN`s

Choose a TAN in the TAN block with a double click or by means of the context menu "edit TAN".
Afterwards you can change the TAN.
8.3.3.5.3 Delete TAN`s

Highlight a TAN in the TAN block and delete it via the context menu "delete TAN". Alternatively you can
also work with the "TAN menu" and delete the TAN with it..
8.3.3.5.4 Use TAN/iTAN/highlight as used

A TAN can be marked as used in several ways.

Use a TAN in the TAN block list

For calling up/using a TAN click on the button "next free TAN (iTAN)". Afterwards the dialogue for using a
TAN opens.
Use TAN/Use iTAN/mark as used

Use a TAN in the TAN block

To use a TAN out of the TAN block click on the TAN with your right mouse button and choose the menu
item "mark TAN as used" in the context menu. This menu item is also available in the "TAN menu".

2015 MATESO GmbH

Handling

223

Use a TAN in the quick access bar

Choose the TAN folder and the TAN block in the quick access bar from which the TAN should be used.
Afterwards click on the button "copy next free TAN". Then the dialogue for using a TAN opens.
Use TAN/Use iTAN/mark as used

Use a TAN in quick access

Enter the name of the bank in the quick access. Afterwards all TAN blocks for this bank will be listed. If
only one TAN block exists the related TAN`s will be immediately listed. Choose a "ser. no." if you search
for a certain TAN. Click on the button "copy next free TAN".
Use TAN/use iTAN/mark as used

2015 MATESO GmbH

224

Password Safe and Repository

Use TAN
Enter the iTAN which you want to use in this dialogue. Leave this array blank and Password Safe
automatically searches the next free TAN for you.

With a click on "use TAN" the TAN will be written to the clipboard. Afterwards click on the array in which
the TAN is required. With the hot key "CTRL+V" you can paste the TAN from the clipboard.

2015 MATESO GmbH

Handling

225

8.3.3.5.5 Import TAN list

Choose the menu item "import TAN list" in the TAN menu to call up the import assistant.

With a click on "import TAN list" the TAN block import assistant opens. In this step choose the text file
which you have scanned in before via OCR program.

2015 MATESO GmbH

226

Password Safe and Repository

The text file which should be imported has the following format after converting/saving in a text file.

In the next step you have to configure the length of the TAN/confirmation number to create a search
mask. By entering "0" at the individual lengths these arrays will not be utilized. If your TAN or your
confirmation number contains numbers and letters please activate "alphanumeric".
Tip:
To keep the bit error rate down you should search the TXT file for characters which should not be
imported in an Editor and delete them.

2015 MATESO GmbH

Handling

227

By means of the configuration of the length descriptions a search mask is already defined. If the
automatically created search mask should not conform to your TAN block please change it. Click on
"continue".
X = wildcard character (space character)
N = serial number
T = TAN
t = TAN alphanumeric
B = Confirmation number
b = Confirmation number alphanumberic

2015 MATESO GmbH

228

Password Safe and Repository

Start the import of the TAN`s with complete. Afterwards the TAN`s will be listed in the TAN block and
are available.

8.3.4

Tasks
The integrated task system in Password Safe helps you to keep an overview. Here the expiring
passwords, system messages and also own created tasks will be displayed. The tasks can also be
passed out to several users and groups. This relieves the management of large databases considerably,
because several users have access to the tasks and can therefore quickly work them off. Password Safe
automatically creates system messages, for example when an account has been locked due to wrong
password entry, or when a user requests access to an array to which he/she has no access at the
moment.
In the upper array of the list outlook the following task functions are available:
Search for a task
Update list outlook
Start new task
Edit task

2015 MATESO GmbH

Handling

229

Delete task

Alternatively you can call up this function via the context menu.
8.3.4.1

New task
Switch to the array "tasks" and click on the icon with the green plus to start a new task. Alternatively
you can also start a new task via the context menu.
Start new task

Afterwards the entry mask opens in which you can start the task.
To:
Click on the button "To..." to allocate the task to several users or groups.
Subject:
Brief description of the task.
Priority:
Priority can be added to every task. This will be displayed in the list outlook.
Status:
Define in which status the task is at the moment. A change of the status can activate a new advice,
according to the setup.
Affix:
Click on the button behind affix to add an affix to the task. You can read more about this under document
link-ups.
Starts at:
Define when the task should start.
Due at:
Here you can name the date of maturity.
Reminder:
Choose here when you will be reminded of the due task before. In the reminder window you can
postpone the task again.

2015 MATESO GmbH

230

8.3.4.2

Password Safe and Repository

Edit task
With a double click on the task or via the "edit task" button you can open and edit the task. Alternatively
you can edit the task via the context menu, and also change the status of the task.

2015 MATESO GmbH

Handling

8.3.4.3

231

Task advice note

If a new task will be created for you our assigned to you will be visually advised of it by the message
system. Via the blue underlined link you can directly open the task. You can set up the message options
in the "general settings".

8.3.4.4

Mementos
The reminder window automatically appears if one or more tasks are due or if you want to be reminded
of tasks before. You can delay individual tasks, selected or all tasks in the reminder window or be
reminded of them later. To do so choose the desired point of time and confirm with the button "remind
again". If you do not want to be reminded of the task again confirm with the button "close task" or
"close all", to close all due tasks. With the button "open task" you can directly open and edit a task.

2015 MATESO GmbH

232

8.3.5

Password Safe and Repository

Messages
The integrated message system of Password Safe offers the usual functions like every email program. By
means of the message system messages can be sent to individual users or groups, can be answered and
finally also be forwarded. The messages are only organised within the Password Safe database,
therefore a safe communication can be guaranteed. Switch to the array "messages" to get to the list
outlook of the message. The "message" array is subdivided into three folders, "in-box", "transmitted
messages" and "deleted messages".
In-box:
In the in-box all messages you received are listed. System messages are also deposited in the in-box.
Transmitted messages:
All messages you have sent will automatically be deposited in the folder "transmitted messages".
Deleted messages:
Here all deleted messages are listed.

In the upper array of the list outlook you can access the message functions. Alternatively you can also
call them up with the context menu of the list (click with your right mouse button).
Search for a message
Update list outlook
New message
2015 MATESO GmbH

Handling

233

Answer message
Answer message to all
forward message
Delay message to the recycle bin
Finally delete message

In the below array of the list outlook you can change between the "preview" of the message and the
"affixes/files".

8.3.5.1

New message
You start new messages in the array messages. To do so click on the icon for new messages.
Alternatively you can also start a message via the context menu of the list.
Start new message

After pushing the button the entry mask opens and you can write the message.
Sending:
Click on "send" to send the message.
Affix:
Click on the button with the paper and the paper clip to add an affix to the message. You can read more
about this under document link-ups.
To:
Click on the button "To..." to allocate the message to several users or groups.
Subject:
Brief description of the message.
Priority:
Priority can be added to every message. This will be displayed in the list outlook.

2015 MATESO GmbH

234

8.3.5.2

Password Safe and Repository

Read message
If you have received a message you can open it and see it with a double click. Alternatively you can also
see the message in the below array "preview". In the upper array of the window you can immediately
answer or delete the message.

2015 MATESO GmbH

Handling

8.3.5.3

235

Reply message
After receiving a message you answer it with the button "reply message", "reply message to all".
Alternatively you can also answer the message with a double click, in the reading window or via the
context menu. The original text of the message will be enclosed below. Click on "send" after writing to
send the message.

2015 MATESO GmbH

236

8.3.5.4

Password Safe and Repository

Forward message
If you want to forward a message click on the button "forward message". The recipient of the
message stays blank and has to be named manually. The original text will be enclosed below. After
finishing click on "send" to send the message or rather to forward it to the accordant users or groups.

8.3.5.5

Message advice note

If you receive a new message you will be advised visually according to the setup. You can open and see
the message directly out of the advice window. To do so click on the blue underlined link. Afterwards the
advice not hides again automatically.

8.3.6

Documents
The document management can physically take files and applications into the database and therefore
safely encrypt them. The document management system (DMS) integrated in Password Safe is very
multifunctional, comfortable and besides complex workflows can be mapped, like for example the
automatic mounting and dismounting of of drives before a document is swapped or executed. The

2015 MATESO GmbH

Handling

237

parameter passing function makes it possible to already pass on information to the applications at the
boot, therefore a program can already be automated at the boot. Furthermore the document
management system offers an integrated history function and of course documents can be restrained
from unauthorized access within a database via privilege setup (unblocking and safety).
An overview of the features of the document management system:
Access safety of the documents due to the allocation of privileges including logging in the logbook
Distinguishable types of documents including automatic allocation to application programs (e.g. Word,
Excel, PDF, etc.)
Adaptable archive structure due to the the folder system
Adaptable meta data due to any amount of own arrays
Version control due to recoverable history
From-bin transfer to an directories including automatic restoring at a change and following safe
deleting according to the Gutmann method.
Run applications out of Password Safe, including any parameters. The embedding of an application in
the database is also possible (e.g. remote maintenance client)
Connectable with records (passwords, TAN blocks, messages, tasks,...)
Hold-file of documents via the message system
Document type "Link" can be linked with any files on the hard disk, FTP or also HTTP, and can directly
be called up.
and much more
Switch to "documents" in the left array to get to the list outlook of the documents. Via the buttons in the
upper array as well as via the context menu (click with your right mouse button in the list array) you can
add, edit new documents and call up further functions like the privilege and unblocking setup as well as
the history.
Search document
Update list outlook
Add document
Edit document
Delete document
Execute or open document
Open document for editing
Save document under...
Copy link to the clipboard
Clear clipboard
Unblocking and safety (set up privileges)
history

2015 MATESO GmbH

238

Password Safe and Repository

settings

8.3.6.1

Add documents
The document management offers two ways to add documents to Password Safe, hereby it is
distinguished between a so called "link" and a physical upload "add file". Clock on the button "add
document" above the list to open the form for adding documents. Alternatively you can call up the form
via the context menu in the document list. To do so click on the list array with your right mouse button
and choose "add dataset". Afterwards the form for adding documents opens.

Document folder:
Here you can define in which folder the document should be filed.
Document:
Click on the folder symbol to open the file browser for the file choice.
Document size:
The document size is defined automatically and can not be adapted manually.
Type of document:
The type of document will be automatically defined if the format is distinguished. If the type of document
should not be distinguished it is not fatal because in the end Password Safe is geared to the Windows
program allocations. This allocation only serves for the visualization. The choice of the program is made
according to the file extension.
Parameter:
Is the document an application (EXE file) you can pass parameters to it.
Description:
The description is made according to the document and can be changed if desired.
Comments:
You can deposit a comment to every document.

Examples for adding documents in Password Safe:

Add a Word document:
The document is physically adopted to the database and is therefore safely encrypted.

2015 MATESO GmbH

Handling

Add a link:
Here the document is not adopted to the database, only a link-up is made.

2015 MATESO GmbH

239

240

8.3.6.2

Password Safe and Repository

Edit documents
Already added documents can be selected and edited in the document management or in the password
list, in the detail array. The data of the document can be arbitrarily changed in the edit outlook. In the
upper array you can switch between different tabs and settings. In the below array you can open the
document with the buttons (Readonly) or also edit it. Hereby the document is swapped out without write
protection and can be edited afterwards.

General data
In the tab "general data" you can set up the most important document settings.
Document directory:
Click on the folder symbol to open the file browser for the file choice. Thereby the document is reloaded
to the database and is therefore changed.
Document information:
The document size as well as the document information are defined automatically and can not be
adopted manually.
Type of document:

2015 MATESO GmbH

Handling

241

The type of document will be automatically defined if the format is distinguished. If the type of document
should not be distinguished it is not fatal because in the end Password Safe is geared to the Windows
program allocations. This allocation only serves for the visualization. The choice of the program is made
according to the file extension.
Parameter:
Is the document an application (EXE file) you can pass parameters to it.
Description:
The description is made according to the document and can be changed if desired.
From-bin transfer directory:
If desired a document can be swapped out in a selected directory before it is opened or processed.
Window mode:
With the window mode you can covertly for example start BAT commands before processing a document
or not display the program at the operation.
Delete cache after a specified period of time
This option can be used to specify the period of time a document remains in the cache before it is
deleted.

2015 MATESO GmbH

242

Password Safe and Repository

Extended parameters
By means of the "extended parameters" you can start certain documents or also programs before and
after processing the real document.
Direct link:
The "direct link" refers to a file or a program which is not integrated in the Password Safe document
management. For example you could make a mount command via BAT file here.
Document:
The "document" link refers to a document which has already been added in the document
management.

Comments
Use the "comment" function to lodge a comprehensive description text to the selected document.

2015 MATESO GmbH

Handling

243

Own arrays
With the "own arrays" you can add any data to the document. For example a password protection has
been added to the Word document. By means of the "own arrays" you can create a password array to
safely lodge the password to the document. Of course you can also lodge other arrays and information to
the document.

2015 MATESO GmbH

244

Password Safe and Repository

Links
In the "links" it is displayed with which types and records the document is already linked. In the following
screenshot the document has already been linked with the folder "documents" and the password
"MySoftware".

2015 MATESO GmbH

Handling

245

Notice:
Open Office documents cannot be edited directly. For editing, such documents have to be saved locally
first. After editing you have to import the document again.
8.3.6.3

Link documents
Documents can be linked with passwords (datasets), tasks and messages to have the data quickly
available. Hereby no redundancies occur and the document can be linked with any amount of records,
tasks and messages. Due to the integrated privilege management an unauthorized access is impossible.

Link with password (record):

There are two ways to link a document with a record. Via the context menu of the record or via the
detail array "affix/documents". In the screenshot you can see a document which already has been
linked. records with a "paper clip" symbol have already been linked with one or several documents..
Via the record context menu: "right click on dataset" -> "add affix/documents".
Detail array: Change to the tab "affix/documents" in the detail array. Afterwards open the context
menu by clicking on the blank array with the right mouse button and select add link.

2015 MATESO GmbH

246

Password Safe and Repository

Link with task:

Change to the array "tasks". Create a new task to get to the task capture mask. With a click on the icon
behind "affix" you can link a document with the task. Save the task. Switch from "preview" to
"attachment/files" in the detail array of the task to switch to the list outlook of the documents.

Link with message:

Change to the array "messages" and write a new message. Click on the icon (document with paper clip)
in the entry mask and select the document. Switch from "preview" to "affix/files" in the detail array of
the message to change to the list outlook of the documents.

2015 MATESO GmbH

Handling

8.3.6.4

247

Documents parameters
The new document management of Password Safe supports the processing of program parameters.
Therefore you can pass on information when starting the program. Not every program supports
parameters. If you should not be sure if the desired program supports parameters look it up in the help
of the program or contact the producer. If you add or link an application the array "parameters"
becomes editable and you can accordingly define the parameters. These parameters can be fix or can be
replaced by any form values of the record. For example the server IP or password and login information.

Example "parameter passing"

The server IP address should be passed to the Windows remote desktop application at the boot. To do
so we start a new folder an allocate the folder for example the form "remote desktop access". Switch to
the form assistant via the folder properties to read out the form data. The "array name" is the name of
the variable value. If you want to pass for example the "domain" as a parameter the parameter variable
has to be as follows: "{FRM:Domain}". If you want to pass the "server" that parameter would be: "{FRM:
Server}". You can get more information on the forms under forms. Of course you can also pass "own
arrays". You can get more information on that in the questions and anwers.

2015 MATESO GmbH

248

Password Safe and Repository

With the form assistant you get to know the variable name with which you can access the data. In the
following example the server"{FRM:Server}" is passed to the remote desktop application with
"parameters".

2015 MATESO GmbH

Handling

249

In order that the variable is replaced by the value the document has to be linked with a record
(password). In our case the variable "{FRM:Server}" is replaced by the IP "192.168.0.45". So when you
call up applications you can simply pass on information to them.

2015 MATESO GmbH

250

8.3.6.5

Password Safe and Repository

Documents history
The documents history can be activated via the settings. You can get more information on the settings
under documents settings. After activating the history all changes of the documents are archived. Via the
history you can see all document changes and reset them if necessary. You can call up the history in the
array "documents" via the context menu. (Click on a document with your right mouse button).
Delete:
Deletes the selected entry after a security query
Delete all:
Deletes all entries after a security query
Reset:
Resets the selected document

2015 MATESO GmbH

Handling

8.3.6.6

251

Run/open documents
You can open or run the documents in different parts. You can open, run or save the documents at every
time in the array "documents" or, if linked, in the detail array "affix/documents". With a click on the
document with your right mouse button the following options are always displayed:
Open or run document
If the document has been loaded to the database it will be swapped out first and afterwards opened
"write-protected". If it is about an application, it will be started. If it is about an link, it will be called up.
Open the document for editing
The document will be swapped out and be opened without write protection. Thus the document can be
edited. After closing you will be asked if you want to adapt the change. Hereby the changed document
will be re-backed up to the database and destructed and afterwards deleted. You can configure these
settings in the document settings.
Save document under...
Hereby you can save the document in an optional directory.
Alternatively you can also run the document via edit document. You can find further information on that
under edit documents.

2015 MATESO GmbH

252

8.3.6.7

Password Safe and Repository

Documents settings
The document management can be set up via the "general settings". You can get further information on
the settings under documents.

8.3.6.8

External links
You can create so-called external links for documents. These enable you to get from the desktop to the
accordant document. In order to create such a link click on the accordant document with your right
mouse button and then select generate external link. Then you receive the following window:

2015 MATESO GmbH

Handling

253

If you take over the link to the clipboard, you can create it per CTRL + V in every folder. Alternatively
you can also directly create a link on the desktop. An external link for the document "data privacy" could
then look as follows:

The external link always has the name of the document plus a randomly generated ID. This causes that
no links are overwritten accidentally. An external link can be renamed any time, also the ID can be
deleted from the name.
With a double click on the link the window for editing the document opens in Password Safe. So you can
directly choose if the document should be opened write-protected or for editing. If Password Safe is
minimized while the link is carried out, the software will of course be maximized. If Password Safe is not
started or locked, you have to log in first.

8.4

Search
Password Safe offers several possibilites to search for records and folders. To user should always have
quick access to the desired record or also folder.
Global search
Use this search to quickly search for a record.
You can find information on the global search under "global search".

Search for a folder with the "folder quick search"

If you want to search for a folder you should use this kind of searching.
You can find information on that search under "folder quick search".

Quick search in the list

If you search a record within a list the quick search, which offers nearly every list within Password Safe,
is the right choice.
You can find information on the quick search under "quick search".
2015 MATESO GmbH

254

Password Safe and Repository

Search folders
Search folders are special folders which can display certain record amounts according to the setup (all
passwords, favourites, own screen).
You can find information on search folders under "search folders".

Extended search
With the extended search you can search for every records. With this search you can only browse certain
folders and considerably cut down the result with many setup possibilities.
You can find information on the extended search under "extended search".

8.4.1

Global search
With the global search, which you always find in the upper menu array, you can quickly search for
records within the currently opened database.
How to use global search
Enter the desired search key in the search box and activate the search with a click on the "search
button". Alternatively you can also use the enter key (Enter) to activate the search.

Setup of the global search

You can set up in the "general settings" if the "extended search" should be used for the search or if the
record should be searched via the search folder "all passwords".
You can find further information on the setup under "general settings --> search".

8.4.2

Extended search
With the extended search which is available from the Professional Editon on you can quickly search for
records within the opened database. The search can be limited considerably by means of the many setup
possibilities. Furthermore you can start "search profiles" for recurrent searchings. In the upper array of
the search dialogue you can find the screen settings. According to the search (passwords, documents,
etc.) the tabs and screen possibilities change. The screen settings can be shown and hidden via the
button with the blue arrow in the upper right array. In the middle array the results of the search are
displayed. In the below array of the search you can access saved search profiles, reset the search and
search again, as well as abort and close the search.

1:
2015 MATESO GmbH

Handling

255

The tab "general" is always available. Select in the tab "general" what you want to search for.
Additionally you can already set screen criteria here.
2:
The tabs in the middle array change the function in the tab "general", according to the selected search.
Click on the tabs to set the search key as well as further screens.
3:
The tab "miscellaneous" is always available, as well as the tab "general".

Show and hide search-/screen settings

Show and hide protected data in the result list

General
Under "general" you can choose what you want to search for, like for example passwords, documents,
etc. (search for). In the array "user screen" you can search for different user events, like for example
screen "written by" additionally. Use the "date screen" to further limit the result according to date
values.
For recurrent searchings you can for example always automatically have the date set at the beginning of
the week or today, by means of the button.
,

Opens the date screen choice

You can get information on the different searching possibilities under:

Search for passwords
Search for documents
Search for tasks
Search for messages
Search for banks

Result list
The search results are displayed in the result list. With a double click and a click with the right mouse
button you can access the functions of the record. According to the search (passwords, documents,
messages, etc.) other functions are available.

2015 MATESO GmbH

256

Password Safe and Repository

Status bar
In the status bar you can reset the search, administrate search profiles and also see the status of the
search at every time. You can stop the search with the button "stop" and and close it with "abort".

8.4.2.1

User filter
Via the user filter you have got the possibility to seach for data systematically for which a certain user is
authorized. Please notice that the individual filters can vary according to the search.

Created by: Via this you can search for all data which have been created by the selected user
Viewed recently by: Only searches for datasets which have been recently viewed by a certain user
Changed recently by: Only searches for datasets which have been recently changed by a certain user
User rights: Only datasets for which a certain user is authorized are searched
Group rights: Only datasets are searched for which a certain user group is authorized
8.4.2.2

Search for passwords

Use this search if you want to search for passwords/records. Select passwords in the tab "general"
under "search for" to search for passwords and records. Afterwards click on the tab "form fields" to
make the screen setup.

2015 MATESO GmbH

Handling

257

Form fields
Folder screens
Select in the left array which folder you want to browse. To do so click on the small boxes to set the
check mark. If a check mark is set on a node which has got subfolders, then automatically also all
subfolders are selected.

Form screens
Enter the accordant search keys in the arrays, which you want to search for. With the button below the
arrays you can add further form fields and also other forms to the search. After the screen setup activate
the search with the button "search" (on the right side below).

Add further form fields

Choose the arrays which you want to add a further screens form this overview. In the left array you can
access the saved forms. Afterwards choose the accordant form field, which you require as a search key
and confirm with "adopt". Afterwards this array is available as a search box. Every array which you
adopt in the search will be displayed as a column in result list.

2015 MATESO GmbH

258

Password Safe and Repository

Entry screen
Define how the entered conditions have to conform.

Miscellaneous
Switch to the tab "miscellaneous" to set up further screen criteria. Here you can search for tags or also
limit the search for sealed or locked records.
Tip:
If you want to search for all records that are linked with no folder, do not enter the search key and
choose the option "records without link to a folder".

Search settings
In the search settings you can set up how the result should be grouped. Additionally you can activate
optionally if the search key in the array "description" should as well be applied to folders. In the following
screenshot the grouping was made according to "folder structure".

2015 MATESO GmbH

Handling

8.4.2.3

259

Search for documents

Use this search if you want to search for documents. Select "documents" in the tab "general" under
"search for documents", to search for documents. Afterwards click on the tab "documents" to make
the screen setup.

Documents
folder screen
Select which folder you want to browse in the left array.

Search key and screen

Enter the search key here and accordingly set up the screen settings (document ending, type, etc.).
Afterwards activate the search with the button "search" (on the right side below).

Entry screen
Define how the entered conditions have to confirm.

2015 MATESO GmbH

260

8.4.2.4

Password Safe and Repository

Search for messages

If you search for messages, choose messages in the tab "general" under search for messages, to
search for messages. Afterwards click on the tab "messages" to make the screen setup.

Messages
Enter the accordant search keys in the arrays (subject, message, etc.) for which you want to search.
Activate the search with the button "search" (on the right side below).

Entry screen
Define how the entered conditions have to confirm.

8.4.2.5

Search for tasks

If you search for tasks select tasks in the tab "general" under "search for tasks", to search for tasks.
Afterwards click on the tab "tasks" to make the screen setup.

Tasks
Enter the desired search keys in the arrays (description, task, etc.). You also can limit the search by
means of the "date screen". Afterwards activate the search with the button "search" (on the right side
below).

2015 MATESO GmbH

Handling

261

Entry screen
Define how the entered conditions have to confirm.

8.4.2.6

Search for banks

Use this search if you want to search for banks. Select banks in the tab "general" under "search for
banks", to search for banks. Afterwards click on the tab "banks" to make the screen setup.

Banks
Enter the desired search keys in the arrays (bank, bank code number, etc.). Afterwards activate the
search with the button "search" (on the right side below).

Entry screen
Define how the entered conditions have to conform.

2015 MATESO GmbH

262

8.4.2.7

Password Safe and Repository

Search for seals

Use this search if you want to search for seals. Select seal in the tab general under search for in
order to search for seals. Afterwards click in the tab seal to do the filter configuration.

Seal
Enter the name of the searched seal in the array "description". If you are not sure if the seal has already
been deleted set the check mark at "display deleted seals". The search only gives the seals, which the
current user is allowed to edit.

8.4.2.8

Search profiles/recurrent search

In the extended search you can save often use search setting as a profile. This saves time because you
do not have to enter the screen criteria again. The search starts immediately after selecting the search
profile. The search profiles are saved per user and can be administrated underneath the result list.
Select the desired profile in the DropDown menu to start the search, in case a profile has been saved.

Add new search profile

Overwrite/save selected search profile with the current settings
Delete search profile

Tip:
By means of the "date screen" in the tab "general" you can set up date values for recurrent search
settings.

Search example for a recurrent search:

For example you always want to know what the administrator changed during a week, then you have to
set the screen under the tab "general" like displayed in the following screenshot.

2015 MATESO GmbH

Handling

8.4.2.9

263

Change form
Via the Extended search function, you also have the opportunity to allocate multiple records to a new
form. You can select the records to be processed via all of the options in the Extended search function.
Only the option Group according to password form in the tab Search settings needs to be active
In order to change the folder, mark the desired records in the search results. After right-clicking the
mouse, you can now select Change form. You can then select the desired form and allocate the fields
via the Form converter.
Note:
The option Group according to password form must be active. In addition, only records that are
allocated to the same form (found in a group after the search) can be processed at the same time.

2015 MATESO GmbH

264

8.5

Password Safe and Repository

Forms
More than 40 predefined forms (e.g. passwords, contacts, cards, licence keys, etc.) help you to optimally
and categorised administrate your data. Via "edit" -> "form management" you can change existing
ones but also create new ones. When starting a folder or also in the folder properties you can assign the
form to a folder and therefore build up your own data structure.
Via a click with your right mouse button on a folder and then a click on properties you get to the following
window. According to the type of folder and the privileges you can directly change the allocated form by
clicking on the highlighted button.

Alternatively you can also open the form management via "edit" -> "administrate forms". Hereby you
have to choose the accordant form yourself, or rather know which one you want to edit.

8.5.1

Create a form
If you want to create a new form, open the form management via edit -> manage forms. Afterwards
click on add form to open the form assistant.

2015 MATESO GmbH

Handling

265

After a click on continue you can choose if you want to create a new form or educe from an existing
one.

2015 MATESO GmbH

266

Password Safe and Repository

If you decide for the creation of a new form you get directly to the window of the form properties. If you
want to educe a form from an existing one you get the possibility before to choose the accordant form.
When educing from a form the fields are initialised and can be changed according to your requests. If
you create a new form the fields are blank.

Here you have got the possibility to give the form a name and to describe it. Furthermore you can choose
the icons for the linked folders and datasets here. In the next window you define the fields of the new
form. The field description is contained by default.

2015 MATESO GmbH

Handling

267

Via the push-button upwards and downwards you can change the order of the fields. Via the button
add you have got the possibility to integrate new fields to the form.

2015 MATESO GmbH

268

Password Safe and Repository

In the field properties you can define which kind of field it should be. You have got a selection of several
types of fields here. The field name is a clear allocation and can only appear once in a form. The field
name furthermore serves for the identification of the field, for example at the applications, and scripts as
variable name {FRM:field name}.

2015 MATESO GmbH

Handling

269

Default values
You can preset the corresponding fields under Default values for all records that have been created
with a form. Naturally, the fields can be also changed or extended at a later point in time.
For example, it is possible to enter a fixed date for date fields. Please note here that the date format
must correspond to the format used by the operating system.

2015 MATESO GmbH

270

Password Safe and Repository

"UserName" Fields can be filled with two variables:

{CurrentWin The field will be filled with the logged on windows user
dowsUser}
{CurrentDomThe field will be filled with the logged on windows user including the domain
ainWindows
User}

Date fields can be filled with the following variables:

[Today]
[Today+365]
[Today-365]

Issues the current date

Issues the current date plus a fixed number of days ([Today+1] corresponds to
tomorrow's date)
Issues the current date minus a fixed number of days ([Today-1] corresponds to
yesterday's date)

Description of the field properties

Field label: Title of the field which is indicated in the record.
Field name: Name of the field, must always be clear.
Field type: Here you define the field type. Depending on the field type, there are different functions
2015 MATESO GmbH

Handling

271

available:
Edit: Field type for texts of all kinds
Password: Field type for storing passwords. This field can be turned on and off.
Checkbox: Displays a box for checking (Yes / No).
Combobox: This draws a box with a selection list -> Caution, the order must not be changed, if data has
already been entered.
Date: Field type for dates including calendar function.
Header: For displaying sub-headings.
Memo: Multiline text box.
Decimal: Field for decimal numbers, including a calculator function
Number: field type for all numbers. Entering text is not possible.
All field types have a feature to take the content into the clipboard.
Description: In the field "description" you can deposit information which is displayed when editing a
dataset. For this there are several possibilities:
Description text without icon entry
Just enter a text, this will then be displayed as an information as follows.

Description text with icon entry

You can also define the icon itself and therefore also change the color of the notice in order to get more
attention on the description text. First enter the number of the icon (0 to 3) followed by a semicolon; and
afterwards the text that should be displayed.
Information (blue)
0;Describe briefly for what this password is used.

Tip (yellow)
1;As a user name also the email address can be used.

Warning (bright red)

2;ATTENTION! Give away a safe password with at least 15 characters.

Error (dark red)

3;The field should no longer be used.

Description of the extended field properties

2015 MATESO GmbH

272

Password Safe and Repository

Length (min./max.) Define the minimum and the maximum length of the passwords here.
Allowed symbols If specifications are set here, only the entered symbols can be used for a password.
Entry mask: Here a set phrase, a "regular expression" can be deposited for a check.
Internet link (URL) If this option is activated, the entry appears as a link and can be activated directly.
Email address Here it can be stated if it is about an email address.
In PWA always show (only in server databases) If this is activated the field will be shown in a
Password Safe WebAccess search always. Also wen theres no search result.
Password guideline: With this option it is made sure that the entered password fulfills the password
guidelines. Select an already created guideline here via a click on the key symbol.
Check password guideline: This option causes that newly created passwords have to accord the
guideline.
Generate password at new capture: If this option is activated, Password Safe automatically creates
a new password according to the password guideline, when a new dataset is started.

2015 MATESO GmbH

Handling

273

After you have saved your settings and completed the assistant the new form is available for you.

8.5.2

Export / import forms

In order to use self-created forms in several databases you have got the possibility to export or import
forms. To do so just open the form management via edit -> manage forms. By clicking on one of the
forms with your right mouse button afterwards a context menu opens in which you find the options for
export or import.

Export forms
For export just mark the desired forms (multiple choice is possible) and then select export in the context
menu. The data is saved in the format *.xml.

2015 MATESO GmbH

274

Password Safe and Repository

Import forms
For the import of forms select the item import forms via the context menu. Afterwards select the
accordant *.xml file.

2015 MATESO GmbH

Handling

275

If you should want to import a form which already exists in the database you will be asked if you want to
overwrite, add again or ignore the existing form.

Please notice that if you choose add again two forms with the same name are in the database. In this
case it is advisable to rename one of the forms. If you click on overwrite the old form is overwritten
irrevocably. Via ignore you achieve that the accordant form is not imported.

8.5.3

Edit/extend a form
For editing or extending of an existing form just open the form management via edit -> manage forms

2015 MATESO GmbH

276

Password Safe and Repository

With a double click on the desired form you get to the form assistant which guides you through the single
steps at the changing of the form.

Edit form fields

Here you can accordingly add new fields, edit or delete them. With a double click, or also with a click on
2015 MATESO GmbH

Handling

277

edit you can edit a field. This outlook reflects the outlook of the data capture. You can position the fields
arbitrarily. The description field (name) can not be changed.

8.5.4

Delete form
If a form should no longer be required, you can delete it via the form management. Call up the form
management via edit -> manage forms. Please notice that forms can only be deleted if they are no
longer used with a folder or a dataset.

2015 MATESO GmbH

278

Password Safe and Repository

After a click on the accordant form with your right mouse button it can be directly deleted.

8.6

Password guideline

8.6.1

Manage password guidelines

In the menu manage password guidelines different password guidelines can be created centrally,
which then can be used in the database settings. So it can be made sure that no unsafe passwords are
used.

2015 MATESO GmbH

Handling

279

Creating a password guideline

After opening the password guideline management via edit -> manage password guidelines click on
add password guideline first.

2015 MATESO GmbH

280

Password Safe and Repository

General
First of all give away a name for the guideline. In the field description you can give the users additional
information for the use of the guideline.
Password guideline
In this chapter the guideline is defined. If can for example be defined how long a password has to be at
least. Furthermore you can define how many safety points a password has to achieve. Besides you can
influence from which categories symbols in the password have to be used. Since for certain logins some
symbols are not accepted (e.g. the ""), symbols can also be excluded.
Guideline preview
In the preview you can see how a password that accords the guidelines could look and how safe it would
be.

2015 MATESO GmbH

Handling

281

Under the tab excluding list you can name words which must not be used in passwords. Furthermore
you have got the possibility here, to export or import already created lists in the format *.csv. For this
use the pushbuttons marked in the screenshot.

What are safety points?

The safety points reflect the complexity of a password. If numbers, small letters, capital letters ans
special signs are used in a password, it is quite complex and therefore receives the required safety
points more quickly. The safety points are calculated for every password. Also certain patterns are
recognized and accordingly valuated. So it can be made sure that the passwords are saved complex
enough.

8.6.2

Check password guidelines

By right-clicking with the mouse on a folder, you can select the menu option Check password
guidelines. The following dialogue screen opens:

2015 MATESO GmbH

282

Password Safe and Repository

After clicking on , initially select the relevant password guidelines with which the records in this folder
should be compared. If the records in the subfolder should also be checked, you can enter the relevant
check mark in the bottom left.
Only those records will be displayed that do not fulfil the password guidelines.
Under Fulfilled to, you will find out the percent to which the guidelines are fulfilled.
The column Info shows you which criteria are not fulfilled. It could be e.g. too few characters have been
used or the password has too few safety points because, for example, no special characters have been
used.
Under Points, you can see how many safety points the password currently achieves
The column Length shows how many characters are used in the password.
By clicking on the button Report, you can print out the report created.

8.7

Single password generator

Via the menu item extras you get to the single password generator. It offers you the possibility to
create safe passwords easily and quickly.

2015 MATESO GmbH

Handling

283

If you select create password according to own criteria, you can create the password manually or
automatically. In the array general you can define the criteria for the new passwords.
If you select the option create passwords according to password guidelines, the manual creation
is not possible. Here always the password guideline which has been configured under edit -> general
settings -> guideline for the database password.Pronounceable passwords can be created using
Create phonetic password. You can define how many syllables and letters they should contain.

Manual creation of passwords

First of all click into the colored field of the password generator. This now starts to jitter, which creates a
high amount of random data. Now move the mouse pointer over this field. Password Safe now collects
data and creates a password out of it. You can directly see the progress as well as the current safety.

2015 MATESO GmbH

284

Password Safe and Repository

Automatic creation of passwords

In order to create a password manually, just click on generate. The created password will directly be
shown to you.

Password analysis
With a click on carry out password analysis you receive detailed information about the safety of the
created password. Of course you can also directly enter a password into the field for the analysis.

8.8

Seal
With the sealing function you can seal datasets. So a user has no longer direct access on the data but
first has to break the seal. According to the setup the user has to receive a certain amount of unblocking
to do so. This principle is called four-eyes principle and can be configured at the setup of a seal. All
sealing actions will be recorded in the logbook (in case it is activated). Via the context menu or the
"sealing messages" you can access the sealing options, like for example the unblocking.
Seals can also be set via the workflow. So you have for example the possibility to protect all new
passwords automatically in a folder. You can find further information on that under the following links:
General information on the workflow system:Workflow Management
Example for the automatic sealing via a workflow: Workflow examples
Notice:

2015 MATESO GmbH

Handling

285

Seals can not be broken or edited in the Offline Mode

8.8.1

Seal a dataset
To seal a record you have to switch to the list outlook. By clicking on a record with your right mouse
button you can open the context menu. Choose the menu item "seal" in the context menu to add a seal.

In general
After pushing the button an entry mask opens. Enter the reason for the sealing of the dataset in the
"general" array. Then change to the tab "edit seal".

2015 MATESO GmbH

286

Password Safe and Repository

Edit seal
In the tab "edit seal" you can define which users or groups are allowed to delete the seal without
unblocking. If you do not want to set up a four-eyes or multiple-eyes principle you can seal the dataset
with "add seal". For the set-up of the four-eyes-principle change to the tab "unblockings".

Choose releases
Seals can be saved via releases optionally. So you can decide which users or groups do have to agree in

2015 MATESO GmbH

Handling

287

order that the seal can be broken and the data can be seen. Only after breaking the seal the dataset can
be seen and used by a certain person. Click on set up seal after the configuration in order to seal the
dataset.
You can also use several releases for a seal. Then they will be processed hierarchically, that means
bottom-up. So you for example have got the possibility to get the releases of the department manager
first before the release of the management board is needed.

Via a click on the icon

the release system opens. Here you can select one of the deposited releases
and safe the seal with it. If no accordant release should be available a new release can be started via
add release. The creation and management of releases is described in detail under releases.

2015 MATESO GmbH

288

Password Safe and Repository

Light seal
Via the tab light seal you can define users and groups which are allowed to read, edit (according to
right configuration) and use the sealed dataset without breaking the seal.

Notify
Here you can define which users and groups are messaged if the seal has been changed or a release
has been required.

2015 MATESO GmbH

Handling

With a click on

289

all users and groups, that are filed under the tab edit seal are taken over

History
Via the history you can reconstruct at any time, which locks have been created for this dataset in the
past. The history contains the points of time in which a seal has been started, broken or deleted. The
executing user is displayed as well.

2015 MATESO GmbH

290

8.8.2

Password Safe and Repository

Require to unseal
If a dataset has been sealed it can not be seen by users. If the data of the record are required the seal
must be broken first. At the setup of the "four-eyes principle" an unblocking must be requested first.
Via the unblocking overview the user can request an unblocking for breaking the seal. Via a double click
on the dataset the sealing options open.

2015 MATESO GmbH

Handling

291

After the confirmation of the button break seal the window for breaking the seal opens. Here you can
require the releases from other users in order that the seal can be broken with enough releases. In
order to require the releases click on the button require releases.

Afterwards the release overview opens in which you have to enter the reason for the release. In the
upper array it will be shown to you how many of the required releases have already been given:
In this example there is no release given from the three necessary users. (0/3)
Furthermore you can find a list of all users at whom you can require releases. The "reddish" marked
users have to agree. In this example it is Mr. Anderson. The missing releases can be given by any
"yellow" marked users. Via a click with the right mouse button in the user list you can also select or
deselect all users.

2015 MATESO GmbH

292

Password Safe and Repository

If an unblocking has been requested you can see the current status of the unblockings in the overview.
With a double click you can get further information on the unblocking, for example the reason for the
acceptance or the refusal.
If the releases have been given you will be informed via a system message. Afterwards do a double click
on the dataset again and then the window break dataset seal appears on break seal

2015 MATESO GmbH

Handling

293

After you have entered a comment you can break the seal and therefore access the dataset. Via the tab
releases you have an overview of the stauts of the releases. A double click on the release opens the
release overview for a detailed outlook.

2015 MATESO GmbH

294

Password Safe and Repository

As soon as the seal is broken you can open the dataset. Please notice that only the user who has broken
the seal is authorized to open the dataset.

8.8.3

Sealing messages and unseal

You automatically receive a message as soon as you can make a seal unblocking. Provided that you have
activated the messaging option you will be informed. You can open the task directly out of the message
and do the unblocking.

You can open the task directly in the window or switch to the unblocking system. If you switch to the task
you can see all relevant data.

Via the button release you switch directly to the release system.

2015 MATESO GmbH

Handling

295

Unconfirmed releases can be seen and edited via file -> my profile -> open releases.

In the lower array you can set the release status on given or refused. Besides you can not a comment for
the user. Via the tab involved users you can see who still has to agree on that release. Notice that you
can not edit or change your agreement afterwards.
After the necessary releases have been given the user who required the releases receives a system
message. The users who get messaged according to the seal settings, receive a message if the seal is
broken.
The unblocking can also be made via the context menu of the record. To do so click on "seal" to open
the unblocking dialogue.

8.8.4

Break seal
If enough unblockings have been made the unblocking initiator will be informed with a system message.

2015 MATESO GmbH

296

Password Safe and Repository

You can switch to the message directly in the info window:

Alternatively you can also see the releases:

2015 MATESO GmbH

Handling

297

Via a double click on the dataset the window sealing options opens

Break seal
Opens the dialogue to break the seal.
Open releases
Opens the release overview. Here you can see, who agreed or refused and when and why he/she did.
Cancel
Aborts the process.
Choose the option break seal in order to break the seal. Afterwards enter a reason why you want to
break the seal and confirm with break seal. If the seal has been broken the user can access the data.

2015 MATESO GmbH

298

Password Safe and Repository

Broken seals are highlighted in the list in terms of color.

8.8.5

Delete seal / seal again

If the seal has been broken it can be sealed again with the same settings via the button seal again. If
the seal should be created with different settings the seal has to be deleted and created again. A seal
can only be deleted by the users or the groups which has been chosen in the tab edit seal at the start of
the seal. When opening the dataset seal the seal editor receives the information via the context menu
who broke the seal and when it was broken. Afterwards the seal can be started again.

2015 MATESO GmbH

Handling

299

In order ot delete the seal a reason has to be given. Afterwards confirm with delete seal in order to
delete the seal. Then the seal can be started again.

2015 MATESO GmbH

300

Password Safe and Repository

If the button seal again is clicked the window delete dataset seal also appears. Therefore the seal is
deleted first and then started again.

8.8.6

Sealing logbook
All sealing actions are always recorded, so all steps can be consistently reconstructed. To do so the
logbook has to be activated.
Activate logbook
Reporting and logbook

2015 MATESO GmbH

Handling

301

The process will as well be recorded in the seal under the tab History.

8.8.7

Sealing templates
You can also create so-called sealing templates. You can find the accordant menu under edit ->
manage sealing templates. When you seal a dataset you also have got the possibility to save the seal
as a template. To do so click in the menu dataset seal on the accordant button:

2015 MATESO GmbH

302

Password Safe and Repository

Via both ways you get to new sealing template in which all necessary settings can be made. Directly in
the first tab you can give the sealing template a name and describe it more detailed.

2015 MATESO GmbH

Handling

303

Under the tab edit seal you define which users or user groups have got the right to edit the sealing
template.

2015 MATESO GmbH

304

Password Safe and Repository

With a click on the tab permissions you can define which persons or groups are allowed to give
necessary releases for this dataset, in order that the seal can be broken.

2015 MATESO GmbH

Handling

Via the button add release you can select the required release from the existing ones.

2015 MATESO GmbH

305

306

Password Safe and Repository

Under the tab light seal you can define which users or groups are allowed to edit the dataset behind the
seal, without breaking the seal before.

2015 MATESO GmbH

Handling

307

If you want to define who is informed about changes at the seal or at release requests, you can do that
under the tab notify.

2015 MATESO GmbH

308

Password Safe and Repository

Use sealing template

After you have created a seal template you can use it easily and uncomplicated on a dataset. To do so
click on a dataset with your right mouse button and afterwards click on seal. The following dialogue
opens

2015 MATESO GmbH

Handling

309

Click here on the marked push-button to choose a seal template. You can also use the seal templates in
the workflow system. You can find further information on that udner the following links:
General information on the workflow system: workflow management
Information on the automatic sealing via a workflow: Workflow examples

8.9

Lock/unlock
If you want to refuse access to data you have the possibility to lock records. The lock also offers the
possibility to unblock the data for users or groups for the automatic password entry, despite the active
lock. Thus the data remains secured, however the data will be entered automatically in the application.
The lock can be set up via the context menu in the list outlook.
Tip:
The lock can optionally be applied to one or several records. Highlight several records in the list to use
the lock repeatedly

2015 MATESO GmbH

310

8.9.1

Password Safe and Repository

Install lock
Choose "lock/unlock" in the context menu to lock a dataset. Afterwards the entry mask opens to start
record lock-outs. The lock-out can be applied to one or several highlighted records. At multiple selection
the function always starts from the first selected dataset.

Enter the reason for the lock of the record in the tab "general" and confirm with "lock".

In the tab "unlock" you can select the users and groups who can offset the lock. Users who can offset
the lock are automatically able to edit the record without deleting the lock. To do so click on "edit
record" in the array below.

2015 MATESO GmbH

Handling

8.9.2

311

Delete lock
Select "lock/unlock" in the context menu to unlock the dataset. Afterwards the lock dataset mask will
be displayed. Enter a reason for deleting the lock-out and confirm with "unlock" to unlock the dataset.

2015 MATESO GmbH

312

8.9.3

Password Safe and Repository

Use lock
Password Safe offers the possibility that the dataset can be used for the automatic password entry also
when it is locked. Add the users and groups who are allowed to use the dataset when creating the lock.
Thereby the dataset can not be seen or edited, only the automatic password entry is made at the users
or groups.

2015 MATESO GmbH

Handling

8.9.4

313

Locking templates
In order to use identical lockings on several datasets or recurrently, you have got the possibility to create
locking templates. You can find the accordant menu under edit -> manage locking templates.

2015 MATESO GmbH

314

Password Safe and Repository

In order to create a new locking template just click on the accordant pushbutton. Under general you give
away the name and the description of the locking template. Furthermore you can name the reason for
the locking:

2015 MATESO GmbH

Handling

Under the tab unlock you define which users or groups are allowed to delete the locking:

2015 MATESO GmbH

315

316

Password Safe and Repository

Password Safe offers the possibility that the dataset can be used for the automatic password entry, even
if it is locked. Add the users and groups that are allowed to use the dataset at the creation of the locking
template. The dataset can however not be seen or edited, only the automatic password entry is carried
out at the users or groups.

2015 MATESO GmbH

Handling

317

Save current lock as a template

When you configure a lock for a record, you can save this directly as a lock template. By clicking on the
marked button, you can access the dialogue screen described above New lock template. Because all of
the options have already been adopted, you only need to enter the name and a description and can then
directly save it.

Because all of the options have already been adopted, you only need to enter the name and a description
and can then directly save it.

2015 MATESO GmbH

318

Password Safe and Repository

As all of the options have already been copied over here, it is only necessary for you to issue a name and
a description and you can then directly save it.

Use locking template

After you have created a locking template you can use it simply and uncomplicated on a dataset. To do
so click with your right mouse button on a dataset and afterwards on lock/unlock. The following
dialogue opens:

2015 MATESO GmbH

Handling

319

With a click on the accordant pushbutton you get to a dialogue in which you can select the desired locking
template with a double click.

8.10

Releases
Via releases you can realize that workflows and seal can only be executed after an agreement of one or
several users. The agreement can be required via the internal messaging system at the accordant users.
In a release it is defined which users have to agree to break a seal or to carry out a workflow.
In the release system the releases can be started administratively and made available to the users.
Therefore authorized users have got the possibility to access predefined releases in order to protect
sealings or workflows with a few mouse clicks. You can access the release system via edit in the main
menu. Here already created releases can be opened for editing per double click. With a click on a release
with your right mouse button a context menu opens with which you can add, edit or delete releases. Via
release and safety it can be defined which users are allowed to edit the release.

2015 MATESO GmbH

320

Password Safe and Repository

8.10.1 Create and manage releases

For the creation of a release please choose the push-button in the main menu of the release system

The configuration of the release system opens.

General
Under the tab general you can give away the name of the new release, and also describe the release
more detailed.
Furthermore you define here how long the release is valid.
Release without validity
If all values are set to "0" (zero) at the validity the release is valid without a time restriction.

2015 MATESO GmbH

Handling

321

Four-eyes principle
In the tab several-eyes principle you define which users and/or groups are allowed to give the
release.
Number of the required releases
Define how many users have to agree in order that the release can be given. The number of "3" means
that in this case three users have to agree, that means here a six-eyes principle has been chosen.
Number of days for the validity of a release
Choose here how long the release run is valid that means how much time the authorized users have to
do their release. If the release run is expired the users have to do the release again.
The denial of the release by a user causes abort
If this option is active the release will be denied if one user does not agree.
Persons and groups that can give a release
Here it is defined which users are allowed to give the releases. In this example Mr. Anderson as well as
2015 MATESO GmbH

322

Password Safe and Repository

the group IT has been chosen. Since the option obligation has been activated at Mr. Anderson, his
agreement is compulsory. All further agreements are to be made from the users from the group "IT"
here. Who that is irrelevant.

With a click with your right mouse button on a group you will see the following context menu:

Via number of the required releases you can define how many users from the accordant group have
to agree.

2015 MATESO GmbH

Handling

Set the value to "2" for example, so two users from the group have to agree.

Allocations
Here you can be displayed which seals and workflows a release is assigned to.

2015 MATESO GmbH

323

324

Password Safe and Repository

Releases
Under this tab you can see the current status of a release. In this example the release has been given to
Mr. Smith. He is allowed to break the seal, however, the release is only valid until 14.03.2011 13:47
o`clock and expires afterwards. For Mr. Jones the release has been denied. The release which Mr.
Moore has required is still open. So not all agreements have been given yet. With a click on the
accordant pushbutton you can also take back a release.

2015 MATESO GmbH

Handling

325

With a double click on a release the following overview window is displayed. You can see the details of
the release. Here the release has been denied by Mr. Johnson. Due to the configuration of that release
this causes the refusal of the complete release.

2015 MATESO GmbH

326

Password Safe and Repository

You can get an even more detailed outlook with a double click on one of the users, e.g. on Mr. Anderson.
Besides the data when the release has been required by who, you can see the reason for the denial her.

2015 MATESO GmbH

Handling

327

8.10.2 Use releases

With the created releases seals as well as workflows can be protected from unauthorized access.
The protection of a workflow by a release is described under the item workflow: Workflow examples
How to safe seals with the help of a release is documented under seal dataset.

8.11

Automativ entry (Applications)

If you already fill in the URL at the start of a new dataset, Password Safe automatically generates an
accordant application for the use in quick access. However, without the automatic entry. In order to
configure the automatic entry for a dataset you can add a new application at the dataset via links. If
Password Safe should already have created an application under the links automatically, you can as well
keep those and accordingly edit and use them.
Via the link function you can assign an application to several datasets. That way data is no longer
captured twice. Therefore, at a change only one entry has to be conformed. You can capture and
configure as many applications as you want.
You can call up the administration window via "edit" -> "manage applications". Here you can start new
applications, or edit or delete existing ones. The already existing applications can be linked with a dataset

2015 MATESO GmbH

328

Password Safe and Repository

via links ("edit dataset" -> "links").

The application uses the data of the dataset, like for example user name and passwords and
automatically enters it in other programs. Therefore applications always have to be linked with datasets.

You can access the administration menu of the applications via edit -> applications

Here all started application will be shown to you. Via the search field you can let them be searched
through.
Via the push-button add applications a context menu opens:

Add applications brings you to the menu

Import applications enables to import applications from other databases

8.11.1 Install browser addons

The port between Password Safe and the Internet browsers are addons. They enable the automatic
entry of your passwords to the browsers. But they also make the start of new applications easier.
2015 MATESO GmbH

Handling

329

After the installation of an addon the Password Safe push-button is available in the accordant browser:
With a click on that symbol the login data will be entered in the application manually (if properly
deposited). Please notice that the symbol can vary according to the browser used and its settings.

The Internet Explorer is an exeption. To that we have a direct native port and therefore no addon is
needed. After the installation of an addon the lock symbol of Password Safe appears in the accordant
browser. With a click on that symbol the deposited data will be entered to the loaded website, however,
this is only necessary if the automatic entry does not take effect due to the configuration.
Via extras -> install browser addon you have got the possibility to install the accordant addons
directly in your browser. The menu is dynamic and shows you the right addon to every browser that is
installed on your system.

For the installation just choose the accordant addon per mouse click. The further proceeding in the
individual browsers is described more detailed in the following chapters:
Mozilla Firefox
Google Chrome
Opera
Safari

Addon Port / Firewall

The browser addons communicate via a encrypted TCP port with the Password Safe client. You can
define the port yourself under edit -> general settings -> browser addons. The port 12001 is set
up by default. That can normally be retained. If the automatic login with the help of the addons should
not work, it could be necessary to release that port in the Firewall (also Firewall of third-party suppliers
like e.g.: Symantec or McAfee), because some Firewalls could block the communication between the
client and the addons.
8.11.1.1 Mozilla Firefox

Mozilla Firefox
After you have started the installation, Firefox opens and in it the following window:

2015 MATESO GmbH

330

Password Safe and Repository

Please click on the button install after the timer in it has run off.
Please click on restart Firefox in the following window in order to conclude the installation.

The successful installation is shown to you with the following window:

8.11.1.2 Google Chrome

After you have started the installation of the addon the Chrome Webstore opens in Google Chrome.

2015 MATESO GmbH

Handling

Click on ADD TO CHROME here and confirm with a click on Add afterwards.

A notice window appears and shows you that the addon has been installed. At the same time the
Password Safe symbol appears in the menu bar.

2015 MATESO GmbH

331

332

Password Safe and Repository

8.11.1.3 Opera
After you have started the installation, Opera opens and in it the following window:

After a click on install the installation of the addon is shown to you with a notice window

In the menu bar of the browser the lock symbol of Password Safe is displayed on the right side.
8.11.1.4 Opera Next
After you have started the installation, Opera Next will open with the following message:

Confirm this message by clicking on OK. Then click on the very top left on Opera and afterwards on
Extensions. The Password Safe add-on will be displayed to you as follows:

2015 MATESO GmbH

Handling

333

Then click on Install and in the following window once again on Install.
8.11.1.5 Safari
The installation of the Safari addon starts with the following window:

Please click on istanll. The successful installation is shown to you by the lock symbol of Password Safe
in the menu bar

8.11.2 Update browser addons

Mozilla Firefox
In Mozilla Firefox it is enough to install the new addon via the Password Safe menu. Older addons are
therefore overwritten.

2015 MATESO GmbH

334

Password Safe and Repository

Google Chrome
Before the installation of a new addon we suggest to uninstall the existing addon in Google Chrome,
because they are not overwritten or automatically uninstalled. After uninstalling the old addon the new
addon can be installed as usual.

Safari
For updating the addon in Safari just install the new addon. Existing addons are overwritten.

Opera
Since existing addons in Opera are not overwritten, they have to be uninstalled before the installation of
a new update. As soon as the existing addon is uninstalled you can install the new addon.

8.11.3 Delete browser addons

Firefox
In order to uninstall the Firefox addon please click on extras -> addons directly in the browser. In the
following window please search the Password Safe addon and click directly next to it on uninstall

Google Chrome
If you should want to delete the addon from Google Chrome, open the browser and click on the screw
wrench symbol

Afterwards click on tools -> extensions. You are now in the menu of extenstions.

2015 MATESO GmbH

Handling

335

Here you can click uninstall directly under the Password Safe addon in order to delete the addon

Safari
In Safari you click on the cog wheel symbol

With a click afterwards on settings you get to a menu in which the installed addons will be shown to
you

2015 MATESO GmbH

336

Password Safe and Repository

Search the Password Safe addon here and click directly next to it on uninstall

Opera
In order to delete the addon from Opera, click on menu -> extensions -> manage extensions in the
browser

2015 MATESO GmbH

Handling

337

All installed addons will be shown to you. Choose the Password Safe addon and click next to it on
uninstall

8.11.4 Convert older applications

Since the applications in Password Safe version 6 have been completely worked over existing
applications from older versions have to be converted. You can find an automatic convert function under
extras -> administration -> convert application.
If the automatic login should not work with some applications you have to re-configure them manually, or
update them.
To do so open the application menu via edit -> manage applications. Do a double click on the desired
application. In this case Facebook.

2015 MATESO GmbH

338

Password Safe and Repository

In the following window please choose the tab data link.

2015 MATESO GmbH

Handling

339

Please choose fill in form fields here and click on edit afterwards. The window for allocating fields
opens

2015 MATESO GmbH

340

Password Safe and Repository

In this window the fields from the Password Safe datasets are assigned to accordant fields of the
website. The most fields can be assigned automatically. In the field list on the left side you can see by
the green check marks which fields have already been assigned. The red cross signalizes that the
allocation has not been made yet. Furthermore you will be shown by markings in terms of color how the
allocation has been made. The user name in the left column has for example been assigned to the field
email. Both fields have a blue background. The field form click (which causes a mouse click) could not
be assigned in this example, because two fields come into consideration on the website. In order to
allocate this field just drag the field form click to the button login. In the field list this field will be
marked with a green check mark as well.

2015 MATESO GmbH

Handling

In order to complete you need to click on save. The application is now converted for version 6.

8.11.5 Create applications

To create an application click on edit -> manage application

2015 MATESO GmbH

341

342

Password Safe and Repository

You can find further information on that dialogue under applications

Please click on the button add application here and afterwards in the context menu on add
application again.
The window applications opens.

General data
under this tab the data of the logins are managed

The following fields are available:

Description in order to name the application
Application path to the program e.g.: Firefox.exe
Window text contains the text of the window title
Class name describes the dialogue of the software more specific in which the data should be entered

2015 MATESO GmbH

Handling

343

URL Names the web address

Application (Execute) describes which program is opened
Parameter parameter value in order to pass values to an application
Comments gives you the possibility to make notes

Data link
Here it is defined in which way the data should be transmitted to the accordant program.

No data link is chosen if the application should only be available in quick access and no data link is
desired
Fill in form fields (web browser) transfers the application data to the web browser
Script for entry sequence creates a sequence of hot keys in the configured application
Controls transfers the data to Windows applications
By clicking on the edit buttons you get to the accordant allocation forms. You can find information on that

2015 MATESO GmbH

344

Password Safe and Repository

under the following links

Fill in form fields (web browser)
Script for entry sequence
Controls

Settings
Since every website is programmed differently and the entry masks differ very much at the moment it
could be necessary to change the performance of an applicatin in detail. You can set these settings under
this menu item.

Automatic entry without demand causes that the data is entered fully automatic as soon as the
accordant program or website is opened
Never enter data in the same window several times: If a website is for example opened in several
tabs, Password Safe enters the login data in every tab which can cause problems with the website. In
order to avoid that this function can be activated. You also have the possibility to set up a time frame in

2015 MATESO GmbH

Handling

345

which this function is active. Furthermore there are websites in which the login mask appears again
directly after you logged off. Here this function avoids that you get logged in again directly after you
logged off.
Deactivate window after entry for all data causes that after the first login no more data is
transfered. Only after a reboot of the application data is entered again.
Activate graphical window content recognition in order to identify a login clearly with the help of a
screen capture.
Holding time before the entry of data some programs or websites need a bit of time to load. Here
you can set up a delay in order that the data are not entered too early.
Simulate keyboard entry creates a simulated human entry.

Own fields
For some application cases it is necessary to define own fields. You can configure them under this tab.
After a click on add field you can choose different field types via a context menu

Links
Under this tab you can see with which datasets the application has been linked. If the user has no right
on the dataset he/she can see that the dataset is linked, but not with which.
8.11.5.1 Fill in form fields (web browser)
By means of this function you can realize an automatic login on internet sites. After you have clicked in
the menu start application under the tab data link at fill in form fields (web browser) on the
button edit, the following window opens, in which the accordant website is shown.

2015 MATESO GmbH

346

Password Safe and Repository

In the left part of the window you see the field list. This is dynamic and shows you all available fields in
the form.
On the right side you see an integrated webbrowser. This shows you the chosen website of the
application. Furthermore the browser has the following push-buttons:
one page back in the browser
one page forward in the browser
loads the page again
loads the web address which has been entered in the address field

Furthermore you find several buttons

Loads the fields from the current site again

Deletes the currently set allocation

2015 MATESO GmbH

Handling

347

Analyses the website for possible adequate fields

Gives you the possibility to send a support request

Saves the settings

Aborts the current action

Allocation / breaking-in for an automatic password entry

In order to make the allocation easier you have got two mechanisms available.
Automatic allocation
Via the button analyse the website will be scanned for potentially appropriate fields. If Password Safe
has found appropriate fields, the allocation is made automatically. This will be shown to you by markings
in terms of color.

Here for example the blue marking demonstrates that the field user name has been assigned to the
field email.
The red marking demonstrates that the two fields password have been recognized and linked.

Drag the field form click on the accordant button in the form of the website for sending the form This
field activates a mouse click.

Drag for example the button script on the first field of the web form (e.g. email, user name, etc.) in
order to do the login with the help of a script.
You can find further information on scripts under script for entry sequence.
2015 MATESO GmbH

348

Password Safe and Repository

Manual allocation per Drag and Drop

At some websites it can happen that the automatic allocation does not take effect. This is for example
the case if the field names for the identification of the field are not clear.
The allocation of the fields is made simply and in an uncomplicated way per Drag and Drop. To do so just
drag a form field on the accordant field of the website.

Manual allocation via the form field list

Via
the form field list is shown. Here you can edit the field data with a double click, that means you can
choose fields manually which should be entered at the automatic entry. In this mode you can also use
own fields for the filling.

Display available variables: Lists all available variables (form fields) of the linked dataset

URL
Here the URL is displayed. A manual change is not possible.
Field type
Here the field type is displayed. A manual change is not possible.

2015 MATESO GmbH

Handling

349

Field ID
This is the ID of the determined field. Via regular expressions also randomly generated fields can be
allocated correctly.
Field name
This is the name of the determined field. Via regular expressions also randomly generated fields can be
allocated correctly.
Field value
Via the field value you can directly allocate data from the dataset. It works via variables. Either enter the
field value directly or click on the push-button next to the field and choose the variables that are available
at the dataset. However, the allocation of variables is only possible if the application is already linked with
a dataset.
Commands as field values
Also the following commands can be allocated as field values:
[check] -> Sets a check mark into a check box or activates a radio button.
[uncheck] -> Deletes a check mark in a check box (via this for example the option stay logged in can
be deactivated permanently) or deactivates a radio button
[click] -> Carries out a click on a button or a symbol
[submit] -> Transfers a submit to a button or a symbol
Example:

In this example the command [uncheck] is transmitted. This causes that the option stay logged in is
deactivated at every automatic entry. Here it is not important if a check mark is set or not at the call up
of the page.

2015 MATESO GmbH

350

Password Safe and Repository

8.11.5.2 Script for entry sequence

A script is needed in order to realize an automatic entry to applications, which are neither website nor
can be read out per controls. A script is an emulation of hot keys, which is passed to the end application
or the end window.

Drag the commands per Drag and Drop from the right side to the left side to the script window here.
Notice that all characters, also blank lines, in the script window have to be passed to the end window as
well. You can also revert to own forms and own fields here, which are contained in the dataset.
Example
The following script writes the tha value from the field UserName to the end window, afterwards
"pushes" the key TAB to get to the next field for example, enters the password there and confirms with
enter.

2015 MATESO GmbH

Handling

351

Hint!
Please note, that scripts wont work with the safari addon.
8.11.5.3 Controls
By means of this function you can realize an automatic login on Windows applications / -programs.
After you have clicked on the button edit in the menu start applications under the tab data link at
controls, the following window opens

Now open the desired program and click on it. Another window opens

2015 MATESO GmbH

352

Password Safe and Repository

As soon as the focus was on the desired program for at least 3 seconds, it will be recognized by
Password Safe and taken over to the window controls

Allocation / breaking-in for an automatic password entry

Via the following push-button it can be switched between the allocation according to element and
the allocation according to position.

Allocation according to element

For the allocation you can drag the fields from the left list per Drag and Drop to the right side in the
2015 MATESO GmbH

Handling

353

desired field. If several field types should be displayed at the accordant field, always choose the edit field
(if available).
After the allocation it will be shown to you in terms of color which fields were linked how.

Allocation according to position

If an allocation according to elements should not be possible, you can also allocate the fields according to
position. To do so click on the following push-button to switch to the desired mode:

Afterwards you can drag the fields to the login window per Drag and Drop. During the allocation you can
see a cross line in that case. Position it in the desired box. We suggest to put the single fields among
each other as exactly as possible. The allocation will be shown to you with colored crosses:

2015 MATESO GmbH

354

Password Safe and Repository

8.11.5.4 htaccess
In order to give login data to a htaccess window, no application is necessary. For this only two own fields
have to be created in the dataset and the accordant web page has to be opened in a Password Safe tab.
You can find further information in the chapter htaccess connection.

8.11.6 Edit applications

Do you want to edit an application subsequently, you can open the following menu via "edit" -> "manage
applications":

2015 MATESO GmbH

Handling

355

Here you can open the menu for editing with a double click on the desired application. With a right
mouse button click you can open the context menu:

8.11.7 Delete applications

If an application should no longer be needed it can be deleted as follows. Navigate to the application
overview via "edit" -> "manage application":

2015 MATESO GmbH

356

Password Safe and Repository

With a click on the no longer needed application with your right mouse button you can delete the
application in the following context menu:

8.11.8 Examples
8.11.8.1 Browser application
In the following chapters the browser applications are described by means of examples. For the
automatic entry in Chrome, Firefox, Safari and Opera the accordant addon has to be installed before.
You can find notices on the installation of addons here: Install browser addons.
8.11.8.1.1 Existing passw ord

In this example it is described how an application is newly created and linked with an existing password
via the Firefox addon. The Firefox addon is already installed.
The user Thomas Anderson has already started the following password in his private folder:

2015 MATESO GmbH

Handling

357

In the next step Mr. Anderson visits the website and enters his access data there:

Password Safe now recognizes thate this password has already been started, but yet no application
exists for it. Afterwards Password Safe offers the user the possibility to link the password with the
application, to create an automatic login. If for example the login data goes with several websites, the
dataset will be linked with several applications.

2015 MATESO GmbH

358

Password Safe and Repository

With a click on link password an application will be created fully automatic and the password will be
linked with it. In the future the access data will be entered automatically.
Ignore page excludes the called up website from the recognition. In the future you will no longer be
asked if a link should be created. The ignored pages can be deleted again in the user menu globally "file"
-> "my profile" -> "reset settings" -> "reset ignored browser URL".
Analyse internet form opens the window for website analysis after a click on link password.
Open password directly brings you to the dataset to adjust its settings.
Via the symbol
you get to the dialogue window to create a new password. This is helpful if Password
Safe and Repository wants to link the new application with an existing password but a new password is
required. You can find further information on recording new passwords under the following link: New
password via addon
You can find further information on this example under the following links
Install browser addons
Add dataset
Website analysis

2015 MATESO GmbH

Handling

359

8.11.8.1.2 New passw ord via addon

There is the possibility to create new passwords and the accordant applications via the browser addons.
In this example Mr. Anderson surfs with Safari. The Safari addon has already been installed. He gets to a
website for which neither password nor application are deposited in Password Safe. He logs on the
website as usual.

Password Safe the login and shows the following window:

2015 MATESO GmbH

360

Password Safe and Repository

The login data are taken over by the website here. With a click on start password the menu edit
dataset is shown.

2015 MATESO GmbH

Handling

After a click on save the dataset and the accordant application are created. At the next visit of the
website the login data will be entered automatically.

You can find further infomation on this example under the following links
Install browser addons
Add dataset

8.11.8.1.3 New start of a dataset

In this example a new dataset is started in Password Safe and is linked with a website and an
application.
Via

the dialogue for starting a new dataset is opened.

2015 MATESO GmbH

361

362

Password Safe and Repository

After the data has been entered a click on links is made. Here you can see that the dataset has no links.
A click on add link is made. Then a request appears to save the new dataset. This is made directly in
the message box with a click on yes.

In the following context menu capture browser is selected

2015 MATESO GmbH

Handling

363

The window for the allocation of fields from web forms opens:

In this window Password Safe opens the website which has been deposited in the dataset. Since there
is no login window on this page the fields can not be allocated automatically. Via a click on login you are
directly navigated to the accordant page in the integrated browser:

2015 MATESO GmbH

364

Password Safe and Repository

Via a click on analyse Password Safe scanns the current website. The appropriate fields in the login
mask are found and allocated accordingly. The allocation will be displayed with colored markings.

2015 MATESO GmbH

Handling

365

Concluding a click on save is made. The dataset is now captured including the necessary application. At
the next visit of the website the login data will be enterd automatically.

You can find further information on that example under the following links
Install browser addons
Add datasets
8.11.8.2 Windows application
In this example it is demonstrated how a Windows application is started with a .htaccess window.
Via

the dialogue will be opened for the start of a new dataset.

2015 MATESO GmbH

366

Password Safe and Repository

After the entry of the data the desired website will be called up in the Internet Explorer. Since the page is
protected the following Windows login window appears:

2015 MATESO GmbH

Handling

367

In Password Safe it is now clicked on links -> add link -> capture application.
You will be asked to choose the application, afterwards click on the login dialogue:

Stay in the login window for 3 seconds. Afterwards the window controls opens, which shows the login
window for allocation:

2015 MATESO GmbH

368

Password Safe and Repository

Per Drag and Drop the fields can now be allocated. At this a context menu appears in which you need to
choose edit.
After the fields have been allocated, the process will be completed with save.

You can find further information on this example under the following links
Add dataset
Controls
8.11.8.3 Parameter passing to application
By means of the Password Safe "applications" you can pass data (according to configuration) at the call
up to external application like for example putty via parameter passing. For this you only need to know
which parameters the application supports. Enclosed we show you a configuration of the automatic
password entry via parameter passing with the help of putty.
For the putty use case we start a new form with the help of the form assistant at first. You can open the
form assistant via edit -> manage forms -> add forms. Configure a form with the following fields.
The field contents, so to speak the field values, you always approach with the field name.
At this always stick to the following spelling:
{FRM:host} = FRM stands for "form". Notice that you spell the field names correctly in order that the

2015 MATESO GmbH

Handling

values can be determined.

Save the form data and start a new folder afterwards and choose the putty form there.
Now an accordant dataset can be started in the folder.

2015 MATESO GmbH

369

370

Password Safe and Repository

Afterwards switch to the tab links and add a new application here with the button add link. Choose
search application in the context menu and afterwards the button add application in the manage
dialogue in order to start a new application. Only enter a description, as well as application and
parameters at the configuration of the application:

2015 MATESO GmbH

Handling

371

Here the path of the application you want to start will be entered under application (execute). In the
field parameters the parameters which should be passed to the external application are described.
With a click on save the process is completed.
With a click on the dataset and application -> putty with your right mouse button putty is now started
at which the parameters are directly passed.

Notice:
The parameters can be different according to the application. Search for "parameters" or "command
line" in the description of the application. Alternatively you can also contact the producer of the thirdparty software. The passed parameters "-ssh {FRM:Host} -l {FRM:UserName} -pw {FRM:Password}"
are replaced by the field values later. So for example the call up "c:\putty.exe -ssh 192.168.1.1 -l root pw password" occurs with only one click.
Under the following link you can find an explanation of the used putty parameters:
http://the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter3.html

2015 MATESO GmbH

372

Password Safe and Repository

You can find further information on this example under the following links
Insall browser addons
Add dataset
8.11.8.4 Login with script
You can use a script for every kind of entry. At this kind of entry a keyboard entry is simulated, therefore
almost every login can be linked up. If the cursor should not be inthe right field at the beginning you have
to inform Password Safe where the entry starts. You can configure this in the application under settings
-> automatic entry without demand.
Alternatively you can let login data be entered easily and uncomplicated via hot keys in every application
and every browser. For this normally nothing has to be configured additionally.
In order to configure a login per script you have to start a new dataset first or edit the existing one. In
this example the self-created form: putty is used.
Click on the button start new dataset in the list view.
Start new dataset

Afterwards a new window opens, in which you can enter the data for the dataset. Here at the example of
putty with the form putty. /

2015 MATESO GmbH

Handling

373

After you have captured the data, click on the tab links to start an application. Click on add links.
However, bofore a link can be started the dataset has to be saved. Confirm the message for saving the
dataset with yes. To do so click on add link -> search application.

2015 MATESO GmbH

374

Password Safe and Repository

Afterwards a new dialogue opens. Please click on add application -> add application.
Now a new window opens in which you can accordingly configure the application. But first Password Safe
has to know in which window the data should be entered. To do so open the accordant program (putty):

2015 MATESO GmbH

Handling

375

Let the putty window opened in the background and afterwards click on the button search application
in Password Safe.
Search application: Opens a new window in which an application can be chosen.

Select the accordant window in the search dialogue. Afterwards you should receive a similar
configuration.

2015 MATESO GmbH

376

Password Safe and Repository

In our case we start the program putty out of the directory C:\. Additionally we pass over putty a ssh
server as a parameter at the start. So the connection to the server will be immediately be built up when
opening putty.
Since we carry out the entry using the example of putty we select script for entry sequence as a kind
of entry under the tab data link and click on the button edit afterwards.

2015 MATESO GmbH

Handling

377

Afterwards the script editor opens, in which you can define the script, how the data should be entered.
The script editor simulates the keyboard entry. You can drag the predefined scripts to the editor via
Drag&Drop. The current script in the editor does the following entry. At first the user name {FRM:
UserName} is written, afterwards the entry is confirmed with [enter]. Due to the [wait] Password Safe
waits a second and afterwards enters the password {FRM:Password} followed by an [enter].

2015 MATESO GmbH

378

Password Safe and Repository

How do you know how the variable you need is called? Click here to watch the article.
Afterwards confirm with save and go to the tab settings. Do you want to execute the script for example
manually, because the cursor does not stand at the beginnig of the field, then deactivate the option
automatic entry without demand. At the call up of the program a new dialogue appears in which you
can accoringly select the dataset and start the accordant script manually. Otherwise the script will be
started directly at the program start.

2015 MATESO GmbH

Handling

379

After the call up of putty a selection dialogue appears in which you can choose the dataset. Click on
manual to carry out the script manually.

2015 MATESO GmbH

380

Password Safe and Repository

Tip:
Via the quick access you can immediately call up the software, the automatic entry starts automatically
afterwards.

Notice:
If the data should be entered to the same window (several tabs) several times, you have to deactivate
the check mark never enter data to the same window several times in the application under
settings
8.11.8.5 Password entry with hot key
A very simple, but effective way to automatically enter passwords in applications and browsers without
configuring, is the possibility of using our hot key function, together with the script-engine.
First of all you have to fit the hot keys to your desires. You can find the setup of the hot keys in the menu
"edit" -> general settings" -> "shortcut keys"
The hot keys can be set up like in the following example:

2015 MATESO GmbH

Handling

381

Are the hot keys configured to your desires they are available globally. The hot keys used here are simply
serving as an example and you can suit them to your desires.
More information on the configuration of the kot keys you find at kot keys.

How to write in login data in an application now?

Behind every hot key stands a little script. This script is processed when the hot key is being pushed.
CTRL+ALT+U for example only writes in the user name, but CTRL+ALT+E a complete script with user
name, afterwards the "TAB" key will be run to skip to the next array and after that the password will be
entered and even the login will be started directly with the Enter key. As you can see, all possibilities are
available here like the ones you would as well carry out manually.
For the better understanding we use one login page in the browser. So click on the website which is
highlighted in blue in the password list, the browser will be opened automatically and the website will be
called up. At the same time the record is also marked in blue and is therefore active.

Now click on the first array in the browser (in the example we use Firefox), in which the login data
should be entered.

The cursor is now flashing in the first box. Now carry out the first hot key CTRL+ALT+S. The script will

2015 MATESO GmbH

382

Password Safe and Repository

be processed and the data will be automatically entered. The variables used for user name and
password will be automatically replaced by the data of the record selected.
Now you only have to click on the login button with the mouse to finish the login. Alternatively you can
also carry out CTRL+ALT+R and that way let the click on the login button made automatically.
This way of data entry even works with a remote desktop access. This way also passwords on remote
PCs can be entered without any problems, without having to use the clipboard.

8.11.9 Automatische Eintragung ohne Anwendung

It is also possible to enable the automatic entry of login data on websites without application.

Requirements
In order to be able to use the automatic entry without application function, it must firstly be activated
under Edit -> General Settings -> Browser Addons.
In addition, you can also define a colour here to highlight those fields in which data has been entered.
This is useful if you also use the entry with application function in parallel because the coloured
markings directly indicate whether the data entry has been carried out with or without application.
If you are using Google Chrome, Mozilla Firefox, Opera or Safari, the relevant Addon must be installed
and activated.
Furthermore, a record must be created that contains both the user name and password, as well as the
URL of the desired website. For example, if the login information is to be entered on Ebay, the relevant
record needs to be saved under the Internet address www.ebay.de. You can find further
information on this subject under notes.

2015 MATESO GmbH

Handling

383

As soon as the automatic entry without application function has been activated, Password Safe checks
each time a website is accessed whether a record exists for the opened URL and whether a login mask
exists on the website.
If both of these conditions are fulfilled, the user name and password are entered. The fields are
correspondingly highlighted in colour. Now check whether the data has been entered in the correct fields
and then click on the relevant button to log in.

2015 MATESO GmbH

384

Password Safe and Repository

Notes on automatic entry without application

Subdomains are also taken into account when checking the URL. Therefore, if you have save a record
under e.g. http://www.ebay.de then https://signin.ebay.de will also be recognised.
if you have saved multiple records for a URL, the first record will always be entered. If you do not want
this to be the case, the URL can be removed from those records that should not be used.
In contrast to the entry with application function, no submit command is transferred. Therefore, you
must carry out this step yourself by clicking on the login button. This ensures that you are still able to
check the data that has been entered before logging in.
If you have saved an application for a record, the entry with application function is preferred.
The entry without application function has been consciously designed to be compact and simple in
order to enable login data to be entered without the need for any difficult configuration steps. If it is
not possible to automatically enter the login data for a website using this method or if there are
problems on the website (e.g. if the data is entered in the wrong fields), please enter an application
for this login.
If you have multiple records for a website and want to select one of them before logging in, it is also
2015 MATESO GmbH

Handling

385

necessary to create an application.

8.12

Anmeldung an SAP
Logging into SAP can be achieved via parameter passing. The prerequisite here is for the login process
to be carried out via "SAPshortcut".
Firstly create a form with the desired fields. Then create the corresponding record.
The application for entering the parameters could, for example, look like this:

The field Application (Execute) is used here to execute "sapshcut.exe" in the installation directory.
The following parametersare then transferred for logging in:
Password Safe Field name
System
Client
UserName
Password
Language

SAP field name

system
client
user
pw
language

The following parameters can be used in SAP:

Startup Paramter
maxgui

Shows the window maximised

Logon Parameter
user
pw
language
system

SAP System User

Password for the SAP User
Language
SID for the SAP system to which you are connecting

2015 MATESO GmbH

386

Password Safe and Repository

client
sysname
guiparm

SAP Client to which you are connecting

Connection via Message Server (Load Balancing)
Connection via Single Application Server

Example
With the following paramters, the standard login can be configured:
Execute
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\sapshcut.exe
Paramter
-maxgui -system={FRM:System} -client={FRM:Client} -user={FRM:UserName} -pw={FRM:Password} language={FRM:Language}

8.13

Remote desktop connections

Via build up remote desktop connection you can manage any remote computers and access them
per RDP or terminal server client. Therefore you can manage hundreds of servers and build up a
connection with only one click.
Minimum requirements:
Client: Windows XP SP3 or Windows Vista SP1
Server: Windows Server 2003

Menu items

2015 MATESO GmbH

Handling

387

Connect
Builds up the connection with the remote computer in the current dataset.
Connect with console
Builds up the connection with the console with the remote computer in the current dataset.
Connect without autologin
Builds up the connection with the remote computer in the current dataset, but does not log in.
Connect in the tab
Opens a new tab in Password Safe and builds up the connection with the remote computer in it in the
current dataset.
Connect in the tab with the console
Opens a new tab in Password Safe and builds up the connection with the console with the remote
computer in it in the current dataset.
Connect in the tab without autologin
Opens a new tab in Password Safe and builds up the connection with the remote computer in it in the
current dataset, but does not log in.
Connect via hot keys
Remote desktop connections can also be built up via hot keys. CTRL + R opens an RDP connection of the
current dataset, CTRL + Shift + R opens a connection in the tab.

2015 MATESO GmbH

388

Password Safe and Repository

Start via URL fields

You can access the RDP connections directly from links in the records. To do this, expand the form to a
field with the field name URL. Make sure that under the Advanced Properties the Internet link
(URL) option is active. In the URL field then the following values can be entered:
startrdp:0
startrdp:1
startrdp:2
startrdp:3
startrdp:4
startrdp:5

Connect to the remote computer

Connect to the console
Connect without autologin
Connect to the remote computer in a new tab
Connect to the console in a new tab
Connect without autologin in a new tab

Of course, you can also preset the fields.

Variables for forms

In order to build up a connection with the server via a captured dataset, the underlying form has to
contain certain fields.
Host (Edit - text field)
Here the host name of the remote computer is stored. If no address should be deposited in the field
Server, the connection is built up with the host name
Server(Edit - text field)
Contains the IP of the remote computer. It is tried first to build up a connection with this IP
Port (Number - numeric field)
Contains the port for the terminal connection of the remote computer.
Domain (Edit - text field)
Contains the domain to which the user wants to log in.
UserName (Edit - text field)
Contains the user name for the login.
Password (Password - password field)
Contains the password for the login.
EnableAutomaticLogon (CheckBox - Yes/No)
Says if the login with the stated password should be made immediately.
DesktopSize (ComboBox - choice box)
0 = Full sreen
1 = 640 x 480 (requirement)
2 = 800 x 600
3 = 1024 x 768
4 = own value
DesktopCustomSizeWidth (Number - numeric field)
2015 MATESO GmbH

Handling

389

Defines the own widht for the desktop. In order that this works, the variable "DesktopSize" has to be set
to the value "4" (own value).
DesktopCustomSizeHeight (Number - numeric field)
Defines the own height for the desktop. In order that this works, the variable "DesktopSize" has to be set
to the value "4" (own value).
ColorDepth (ComboBox - choice box)
0 = 256 colors
1 = HighColor 15 Bit
2 = HighColor 16 Bit (requirement)
3 = TrueColor 24 Bit
4 = TrueColor 32 Bit
ConnectToConsole (CheckBox - Yes/No)
Connects directly with the console on the remote computer.
RedirectDiskDrives (CheckBox - Yes/No)
Local drives are available on the connected remote computer.
RedirectPorts (CheckBox - Yes/No)
Local ports are available on the connected remote computer.
RedirectPrinters (CheckBox - Yes/No)
Local printers are available on the connected remote computer.
RedirectSmartCards (CheckBox - Yes/No)
Local SmarCards are available on the connected remote computer.
Audio (ComboBox - choice box)
0 = give out at the local PC
1 = give out at the remote computer
2 = no sound
EnableWindowsKey (CheckBox - Yes/No)
The Windows key is available on the remote computer.
KeyboardHookMode (CheckBox - Yes/No)
Commits key combinations to the remote computer.
RDPVersion (ComboBox - choice box)
0=Version 4
1=Version 5
2=Version 6 (default)
DesktopSizeFitToFrame (ComboBox - choice box) This field is only contained in new v7 databases.
If you use a v6 database you have to create the field manually.
0=Remote session is displayed in original size.
1=Remote session is adapted dynamically.
Notice:
If the connection with the console should not work this could be because of another RDP version. Create

2015 MATESO GmbH

390

Password Safe and Repository

the additional option RDP version and set it to the correct RDP version at the client, in order to create a
connection with the console.
Notice:
A remote desktop connection is only possible if the network level authentication (NLA) is deactivated.
This authentication method is part of the Windows operating systems from Windows Vista on. In order
to deactivate NLA please click on start -> right button click on computer -> properties ->
remote settings. Under the tab remote please select "allow connections of computers on which
any version of remote desktop is carried out".

8.14

Workflow management
If the standard functions of Password Safe should not be enough for a use case, you can access the
workflow system. It offers the possibility to automate operations in order to fit Password Safe to your
personal desires.
The system consists of events and actions which are linked with each other in a way that an event
causes a certain action. An event is caused by a user and can for example be the opening of a certain
dataset. Every time an event is carried out by a user, the workflow system starts the configured action,
for example the sending of a message.
A workflow is required if the standard functions of Password Safe are not enough.
You can find the workflow system under the main menu item edit.
In the left half of the workflow configuration you can find all events, while you can find the available
actions in the right half.

2015 MATESO GmbH

Handling

391

Attention!
The structure of the workflow system has been deliberately designed very open in order to
cover as many use cases as possible. Through this a lot of scenarios can be mapped.
However, this brings about that not all possible workflows are reasonable. Via some
combinations you can lock yourself out of parts of Password Safe! The combination of "edit
before workflow" and "dialogue" with the setting "close workflow after dialogue" for
example effects that you can no longer open the workflow system. The combination of the
event "after internal mail" with the action "internal mail" each with the same user for
example effects and infinite loop in which infinitely many messages are generated.
Therefore please consider before creating a workflow which effects it will have. We are
pleased to offer you training courses in order to get to know the workflow system better.
For this please address: sales@passwordsafe.de

8.14.1 Filter function

Via the main menu item edit and a click afterwards on manage workflow you get to the configuration
menu of the workflow system.

2015 MATESO GmbH

392

Password Safe and Repository

Event and action filter

Since the workflow system contains a lot of events and actions you have got the possibility to set filters.
In order to make a preselection within the available events and actions you can find a filter function after
a click on the
. This enables to display the events and/or actions selectively. Do you for example want
to sound out events which contain the item "password" and actions which send messages, just enter
"password" in the field event filter and "mail" in the field action filter and click on use filter afterwards.
Now you receive the following outlook:

User/group filter
Every workflow can be assigned to one or several user(s) and/or group(s). (More on that under start
workflow. You have the possibility to filter the workflows in a way that only those action which have been
assigned to users or groups are displayed. For this the following push-buttons are available:

2015 MATESO GmbH

Handling

393

To this the following dialogue window on adding users and/or groups was opened

Deletes the marked users from the selection

Deletes all users and groups from the selection
The user/group filter can also be helpful when starting workflows, because all newly created workflows
are automatically assigned to the selected users. In the chapter start workflow this is described detailed.

8.14.2 Start workflow

After opening the workflow system configuration via edit and manage workflow you can directly start
with the creation of a new workflow. Do you for example want a message box to be shown before
opening the logbook, just drag the action dialogue per Drag and Drop from the right half of the window
to the event open before logbook in the left half:

2015 MATESO GmbH

394

Password Safe and Repository

The following window opens:

2015 MATESO GmbH

Handling

395

This window is dynamic. That means depending on which action has been chosen different fields will be
displayed in this window, because every action has got different functions.
In the field description you can give the new workflow a name in order provide for the clearness in the
main menu of the workflow system. In this example it is called "open notice before logbook".
In the lower part of the window you can see two tabs. In the active tab dialogue the options of the
action are defined. In this example the text of the dialogue field and the further process after the
dialogue window are defined. In the field headline we enter "notice". In the field message the text of
the dialogue field is stated: "Via the blue double arrow the filter function within the logbook can be
shown." In the last field we choose "continue workflow".

2015 MATESO GmbH

396

Password Safe and Repository

Under the second tab condition it can be defined under which conditions the workflow is activated. This
outlook is also dynamic and depends on the functional range of the particular action.
In the right halft you can find a wildcard character. (See as well: wildcard character). In this example
from user. You can now drag this wildcard character to the condition in the left half of the window:

2015 MATESO GmbH

Handling

The wildcard character is now added to the condition and can be edited per double click:

2015 MATESO GmbH

397

398

Password Safe and Repository

For this example we enter the user name "Anderson". Afterwards the workflow can be saved via the
accordant push-button.
Every time the user "Anderson" now opens the logbook the started workflow shows the following
message box:

Deactivating a workflow

2015 MATESO GmbH

Handling

399

If an already created workflow is temporarily not required, it can simply be deactivated:

8.14.3 Wildcard character

In the dynamic windows of the workflow allocation you can find the so-called wildcard characters in the
right half of the window. These vary according to the action. Wildcard characters can appear in the
options of an action as well as in the conditions.

Wildcard characters in the options of an action

If you have assigned an action to an event in the workflow system configurations a dynamic window
opens. Besides the tab condition this also contains a tab which carries the name of the action and is
active when the window appears. Under this tab you define the options of the action. In the left half you
can find different fields, in the right half the available wildcard characters stand. You can drag the
wildcard characters to the individual fields per Drag and Drop. When the action is carried out the
wildcard characters are replaced by predefined values.
The following wildcard characters can appear (according to the event):
Event group: Applications

2015 MATESO GmbH

400

Password Safe and Repository

Event group: Task

From user
Status
Subject

-> is replaced by the name of the user who carries out the workflow
-> describes the status of the task
-> describes the subject of the task

Event group: Manages user and groups

From user
-> describes which user has activated the workflow
Event group: Database settings
From user
-> describes which user has activated the workflow
Event group: Import and export
Event group: Internal mails
Addressee
-> names the addressee of the mail sent in the workflow
Mail subject
-> names the subject of the mail sent in the workflow
Mail text
-> gives the text of the mail sent in the workflow
Event groupt: Logbook
Event
-> names the event from the logbook
Dataset type
-> names the type of dataset
Dataset
-> names the dataset
Created on
-> names the date on which a dataset has been created
Created by
-> names the user that has created a dataset
Originator email
-> names the email address of the originator of a dataset
IP address
-> names the IP address from which a dataset has been changed or created
Computer user
-> names the user with which a user is logged in at a dataset
Computer name
-> gives the name of a computer
Description
-> gives the description of a dataset
Event group: Password
Password
-> names the password concerned in the workflow. This link can be used to
search in the client in order to directly access the record. Under <a href="{Password}">Open
Password</a>, you receive a link with the text "Open Password" that can be directly executed.
In folder name
-> names the folder in which the password concerned in the workflow exists.
Folder is defined with its name.
In folder
-> names the folder in which the password concerned in the workflow exists.
Folder is defined with an internal ID.
From user
-> is replaced by the name of the user that carries out the workflow. The user
is identified with an ID.
User name
-> is replaced by the name of the user that carries out the workflow. User is
identified with the name.
Created by
-> names the user that has created the password.
Originator email
-> names the email address of the originator of the password
Event group: Password folder
From user
-> is replaced by the name of the user that carries out the workflow. The user
is identified with an ID
From folder name
-> Gives the name of the folder. Folder is identified with the name.
From folder
-> Gives the name of the folder. Folder is identified with its ID
Original folder name
-> names the original folder (e.g. when moving). Folder is identified with the
name
Original folder
-> names the original folder (e.g. when moving). Folder is identified with the ID
2015 MATESO GmbH

Handling

Created by
Originator email

-> names the user that has created the password

-> names the email address of the originator of the password

Event group: Seal

Seal broken by
Seal description
Reason

-> names the user who has broken the seal

-> Gives the seal description
-> gives the reason which has been registered at the breaking of the seal

Event group: system

Host name
Server IP
Domain
User
From user
Connection time
Required right

-> gives the host name of the RDP connection

-> gives the IP of the RDP connection
-> gives the IP address of the RDP connection
-> names the user
-> says which user has required an authorization
-> gives the duration time of the RDP connection
-> names the required right

401

Event group: Workflow system

User
-> names the user who has activated the workflow

8.14.4 Logical links

For the conditions in the workflow system there are different logical links available. With a click with your
right mouse button on a condition a context menu appears in which the different parameters can be
selected.

2015 MATESO GmbH

402

Password Safe and Repository

Via the menu item new bracket logical links can be summarized. Change condition gives you the
possibility to edit conditions. For example folder or user names. Via delete the condition will be deleted
from the list.
Furthermore you can find in this context menu the logical links logical "and", logical "or" and logical
"not". In the lower part of the context menu you can choose the relational operators "contains" and
"same".
In order to furthermore make the logical connection clear, we use an example. The following folder
structure has been started:

In every of these folders there is a password.

The event for this example should be open before password. As an action dialogue is selected:

2015 MATESO GmbH

Handling

403

Relational operators
These operators specify in which way the condition should be compared with the linked object. There are
the possibilities "same" and "contains". With "same" the strings have to be absolutely identical. With
the operator "contains" the condition has to be found in the linked object. So the string in the object
can also be longer.
Relational operator "contains"

2015 MATESO GmbH

404

Password Safe and Repository

Here the condition "passwords" has been linked with the operator "contains". All folders from our
example are brought up because all of them contain the item "passwords".
Relational operator "same"

2015 MATESO GmbH

Handling

405

This combination only approaches the folder "passwords 1", because only this folder exactly conforms
to the condition.

Logical parameter
Scenario 1 - without logic

2015 MATESO GmbH

406

Password Safe and Repository

If the workflow is started without any logic, a dialogue window appears when a password is opened.
Absolutely independent from which folder the dataset is in.

Scenario 2 - "or" links

2015 MATESO GmbH

Handling

407

In this example two folders have been linked with "or". So the workflow takes effect if a password is
opened in the folder "passwords 1" or in the folder "passwords 2". If a password is opened in another
folder the workflow does not take effect.

Scenario 3 - "not" link

2015 MATESO GmbH

408

Password Safe and Repository

The first condition in this scenario requires that the workflow takes effect if a password is opened which
exists in another folder that has "passwords" in its name. So all folders of our example would be
concerned.
The second condition, however, excludes all passwords which exist in the folder "passwords 2".
Scenario 4 - "and" link

2015 MATESO GmbH

Handling

409

This scenario contains a special feature. If you drag the wildcard character "password" to the conditions
the following window opens. Here any form can be selected in the left half. Then all fields which are
contained in the selected form appear in the right half.

2015 MATESO GmbH

410

Password Safe and Repository

Consequently the workflow shows the dialogue window, if a dataset is opened in the folder "passwords
4" which accesses the URL "www.passwordsafe.de".
Scenario 5 - Combination of several logical links by means of brackets

2015 MATESO GmbH

Handling

411

Several links have been combined here. The first bracket causes that the workflow takes effect if the
user administrator accesses the folder "passwords 1". The second bracket takes effect if Mr. Anderson
accesses the folder "passwords 2".

8.14.5 Workflow Events

8.14.5.1 Edit after application
Description
This event is activated, after it has been clicked on save at the change of an application.
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
Information of the administrator after an application has been changed.
8.14.5.2 Delete after application
Description
This event is activated after an application has been successfully deleted.
2015 MATESO GmbH

412

Password Safe and Repository

Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
Information of a disciplinarian about the deletion of an application per message.
8.14.5.3 After new application
Description
Is activated after a new application has been successfully created.
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
Via an email employees can be informed as soon as a new application has been created.
8.14.5.4 Edit before application
Description
Is activated as soon as an application is opened for editing.
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
Via a dialogue notices for the editing of applications can be given.
8.14.5.5 Delete before application
Description
This event is activated as soon as an application should be deleted.
Wildcard
character
Application Gives the name of the application.
name
From user Is replaced by the name of the user that carries out the workflow.
Typical use case
The deletion of applications can be avoided, the user receives a notice on that.

2015 MATESO GmbH

Handling

413

8.14.5.6 Before new application

Description
Is activated as soon as an application should be created.
Wildcard
character
Application Gives the name of the application.
name
Typical use case
Before the creation of a new application, a dialogue can be displayed, that contains information about the
applications.
8.14.5.7 After task status change
Description
This event is activated as soon as the status of a task has been changed
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow.
Status

Describes the status of the task.

Subject

Describes the subject of the task.

Typical use case

Send confirmation message per SMTP mail
8.14.5.8 After new task for user
Description
This event is activated after a new task has been created for a certain user
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow.
User email Email of the user.
Subject
Task

Describes the subject of the task.

Describes the task.

Typical use case

Is proper for sending messaging messages per SMTP mail
8.14.5.9 Before task status change
Description
Event which activates the accordant action before the status change of a task
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow.
2015 MATESO GmbH

414

Password Safe and Repository

Status
Subject

Describes the status of a task.

Describes the subject of the task.

Typical use case

With the action yes/no confirmation for example a security query can be realized
8.14.5.10 After user editing
Description
This event takes effect after a change of a user account has been saved.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Typical use case
The accordant user is automatically sent a message, in which he/she is informed about his/her account.
8.14.5.11 After printing user
Description
Activates an action after user information has been printed
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
With this for example an internal mail can be sent for information
8.14.5.12 After opening user
Description
Action is activated after the property window of a user has been opened.
Wildcard
character
From user Describes which user has caused the workflow.

Typical use case

Can be used to show a dialogue with further information on the user.
8.14.5.13 Nach Benutzerpasswort ndern
Description
The action will be executed after a user password has been changed.
Placeholder
From user
Indicates which user has been edited. Identification of the user by ID
User name Indicates which user has been edited. The user is identified using their name.

2015 MATESO GmbH

Handling

415

Typical application case

After the user password has been changed, an e-mail can be sent for information purposes.
8.14.5.14 Edit after group
Description
This event takes effect after a change of a group has been saved.
Wildcard
character
From user Is replaced by the name of the user that has caused the workflow. The user is identified
with an ID.
Group
Gives the name of the group.
Typical use case
The users concerned are sent a message in which they get informed about the change.
8.14.5.15 After printing group
Description
Activates an action after group information has been printed.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
With this for example an internal mail can be sent for information.
8.14.5.16 After deleting group
Description
Action is activated after a group has been deleted successfully.
Wildcard
character
From user Describes which user has caused the workflow.
Group
Gives the name of the group.
Typical use case
To send messaging messages per internal mail.
8.14.5.17 After adding group
Description
Activates an action after a group has been started successfully.
Wildcard
character
From user Describes which user has caused the workflow.
Group
Gives the name of the group.
Typical use case

2015 MATESO GmbH

416

Password Safe and Repository

Is proper to send messaging messages per SMTP mail.

8.14.5.18 After opening group
Description
Action is activated after the property window of a group has been opened.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
For example in order to show a dialogue with further information on the group members.
8.14.5.19 After deleting private data
Description
If a user is deleted you have got the possibility to delete his/her private data as well. After the deletion of
the private data this event takes effect.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Typical use case
Information of a disciplinarian about the deletion of the private data of a deleted user.
8.14.5.20 After new user
Description
As soon as it is saved when creating a new user, this event is activated.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Typical use case
Information of the department manager about a newly created user.
8.14.5.21 After changing the user memberships
Description
This event is activated if a change has been made under member of at the editing of a user.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with

2015 MATESO GmbH

Handling

Group
membership
s

417

the name.
Names the groups of which the user is a member.

Typical use case

Information of disciplinarians about the changes of a group membership.
8.14.5.22 After changing the group memberships
Description
Event is activated when a user is added or deleted at the editing of a group.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Group
Names the groups of which the user is a member.
membership
s
Typical use case
Information of disciplinarians about the changes of a group membership.
8.14.5.23 Edit before user
Description
Is activated when a user is opened for editing.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Typical use case
Avoiding the editing of certain user accounts with an accordant notice.
8.14.5.24 Before printing user
Description
This event activates the action before the user information is actually printed.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Via yes/no confirmation for example a security query can be realized.

2015 MATESO GmbH

418

Password Safe and Repository

8.14.5.25 Before opening user

Description
Event activates before the user information is shown.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Via enter user password it can be for example realized that a certain user has to agree.
8.14.5.26 Before changing user password
Description
Action is activated before a user password can be changed.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
For example in order to protect the changing per several-eyes-principle.
8.14.5.27 Edit before group
Description
Is activated if a group is opened for editing.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
Group
Gives the name of the group.
Typical use case
Avoiding the editing of certain groups with an accordant notice.
8.14.5.28 Before printing group
Description
Activates an action before group information is printed
Wildcard
character
From user Describes which user has caused the workflow.

Typical use case

Via dialogue it can be for example shown that after printing a message is sent.
8.14.5.29 Before deleting group
Description
Action is activated before a group is deleted

2015 MATESO GmbH

Handling

Wildcard
character
From user Describes which user has caused the workflow.
Group
Gives the name of the group.
Typical use case
Via yes/no confirmation for example a security query can be realized.
8.14.5.30 Before adding group
Description
Causes an action before a group is added
Wildcard
character
From user Describes which user has caused the workflow.
Group
Gives the name of the group.
Typical use case
Via dialogue for example notices can be shown.
8.14.5.31 Before opening group
Description
Event is activated before the group information is shown.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Via enter user password it can be for example realized that a certain user has to agree.
8.14.5.32 Before opening the user and group management
Description
Event is activated before the user and group management opens.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Protection of the user and group management via a release.
Example
Before opening the user and group management a release is necessary
8.14.5.33 Before deleting private data
Description
This event is activated before the private data of a user is deleted.

2015 MATESO GmbH

419

420

Password Safe and Repository

Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Typical use case
Additional security query before deleting.
8.14.5.34 Before new user
Description
Is activated before a new user is created.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
Typical use case
Notices about company policies that should be considered at the start of a new user.
8.14.5.35 Before changing the user memberships
Description
This event is activated if a change has been made under member of at the editing of a user.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Group
Names the groups of which the user is a member.
membership
s
Typical use case
Information of disciplinarians about the changes of a group membership.
8.14.5.36 Before changing the group memberships
Description
Event is activated when a user is added or deleted at the editing of a group.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is indentified
with an ID.
User name Is replaced by the name of the user that carries out the workflow. The user is identified with
the name.
Group
Names the groups of which the user is a member.
membership
s

2015 MATESO GmbH

Handling

421

Typical use case

Information of disciplinarians about the changes of a group membership.
8.14.5.37 After saving database settings
Description
Event is activated after the database settings have been saved.
Wildcard
character
From user Describes which user has caused the workflow.
Database
setting

Describes the accordant database setting.

Typical use case

Can for example be used to show a confirmation per dialogue.
8.14.5.38 Before saving database settings
Description
Event activates before the database settings are saved.
Wildcard
character
From user Describes which user has caused the workflow.

Typical use case

Via enter user password the agreement of a certain user can be made necessary.
8.14.5.39 Before opening database settings
Description
Event activates before the database settings are opened.
Wildcard
character
From user Describes which user has caused the workflow.

Typical use case

For example in order to only allow the opening per several-eyes-principle after agreement.
8.14.5.40 Create after USB stick
Description
Is activated as soon as a USB stick is created successfully.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
USB stick
Names the path of the USB stick.
path
2015 MATESO GmbH

422

Password Safe and Repository

Typical use case

A notice that the USB stick always needs the same drive letter for synchronization.
8.14.5.41 Synchronize after mobile device
Description
This event is activated as soon as the database of a mobile device is synchronized successfully.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
Typical use case
Information of the security administrator per email.
8.14.5.42 Create before USB stick
Description
Is activated before a USB stick is created.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
Typical use case
A notice that the USB stick can not be synchronized.
8.14.5.43 Synchronize before mobile device
Description
This event is activated before the database of a mobile device has been synchronized successfully.
Wildcard
character
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
Typical use case
Information of the security administrator per email.
8.14.5.44 After new mail
Description
Event is activated after an internal mail has been sent.
Wildcard
character
Addressee Describes the addressee of the mail sent in the workflow.
Mail subject Describes the subject of the mail sent in the workflow.
Mail text
Describes the text of the mail sent in the workflow.

2015 MATESO GmbH

Handling

423

Typical use case

For example to inform somebody about it per SMTP mail.
8.14.5.45 After deleting logbook
Description
Action is activated after the logbook has been deleted successfully.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Messaging the administrator per SMTP mail.
8.14.5.46 After opening logbook
Description
Action is activated after the logbook has been opened.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
It can for example be pointed out per dialogue that the administrator gets informed about the deletion
of the logbook.
8.14.5.47 After logbook entry
Description
This event takes effect after a logbook entry has been successfully created.
Wildcard
character
Event
Describes the event from the logbook.
Dataset type Describes of which type the dataset is.
Dataset
Names the dataset.
Created on Describes on which date a dataset has been created.
Created by Describes the user that has created a dataset.
Originator of Describes the email address of the originator of a dataset.
the email
IP address Deescribes the IP adress from which the dataset was edited
Computer Describes with which user a user is logged on at his/her computer.
user
Computer Gives the name of a computer.
name
Description Gives the description of a dataset.
Typical use case
Pass on the logbook entry per email.

2015 MATESO GmbH

424

Password Safe and Repository

8.14.5.48 Before deleting logbook

Description
This event causes the action before the logbook is deleted.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Via enter user password the agreement of a certain user can be made necessary.
8.14.5.49 Before opening logbook
Description
Action is caused before the logbook is openend.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Protection of the logbook by the several-eyes-principle.
8.14.5.50 Open history after password
Description
This event is activated after the password history has been opened.
Wildcard
character
Password Names the password concerned in the workflow.
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
Created by Names the user that has created the password.
Originator Names the email address of the creator of the password.
email
Typical use case
Messaging the administrator.
8.14.5.51 Open logbook after password
Description
This event is activated after the password logbook has been opened.
Wildcard
character
Password Names the password concerned in the workflow.
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
Created by Names the user that has created the password.
Originator Names the email address of the creator of the password.
email

2015 MATESO GmbH

Handling

425

Typical use case

Messaging the administrator.
8.14.5.52 After editing password
Description
Event causes the action after editing a password
Wildcard
character
Password
In folder
name
In folder

Describes the password concerned in the workflow.

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
From user Describes which user has caused the workflow.
Created by Describes which user has created the password.
Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
For example in order to open the dialogue on editing rights directly afterwards.
8.14.5.53 After printing password
Description
Causes an action after a password has been printed.
Wildcard
character
In folder
Describes the folder with its name in which the password concerned in the workflow is
name
contained.
In folder
Describes the folder with an ID in which the password concerned in the workflow is
contained.
From user Describes which user has caused the workflow.

Typical use case

With this for example an internal mail can be sent for information.
8.14.5.54 After copying password
Description
Causes an action after a password has been copied.
Wildcard
character
Password
In folder
name
In folder
From user

2015 MATESO GmbH

Describes the password concerned in the workflow.

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

426

Password Safe and Repository

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail

Typical use case

For example to open the dialogue on editing rights directly afterwards.
8.14.5.55 After deleting password
Description
Action is activated after the password has been successfully deleted.
Wildcard
character
Password Gives information on a deleted passoword.
info
From user Describes which user has caused the workflow.

Typical use case

For example in order to message the administrator per SMTP mail.
8.14.5.56 After closing password (without saving)
Description
Event causes an action after a password has been viewed and the window has been closed without
saving.
Wildcard
character
Password Describes the password concerned in the workflow.
In folder
name
In folder
From user

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
Via dialogue it can be for example pointed out that it has not been saved.
8.14.5.57 After linking password
Description
This event activates an action after a password has been linked with a folder.
Wildcard
character
Password Describes the password concerned in the workflow.
2015 MATESO GmbH

Handling

In folder
name
In folder
From user

427

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
Via an internal message the originator of the message is getting informed.
8.14.5.58 After removing password
Description
The action is activated after a password has been removed to another folder.
Wildcard
character
Password Describes the password concerned in the workflow.
In folder
name
In folder

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
From user

Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
For example in order to let the rights be edited.
8.14.5.59 After changing password release
Description
Event is activated after changes have been made under the releases of the password.
Wildcard
character
Password Describes the password concerned in the workflow.
From user

Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
2015 MATESO GmbH

428

Password Safe and Repository

Typical use case

For example in order to message the administrator via SMTP mail.
8.14.5.60 After new password
Description
Event is activated after a new password has been created.
Wildcard
character
Password Describes the password concerned in the workflow.
In folder
name
In folder
From user

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with its ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Typical use case

Directly seal password after creation.
Example

Immediately seal all passwords in folder after new creation

8.14.5.61 Open history before password
Description
This event is activated before the password history is opened.
Wildcard
character
Password Names the password concerned in the workflow.
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.
Created by Names the user that has created the password.
Originator Names the email address of the creator of the password.
email
Typical use case
A notice that the administrator will be messaged.
8.14.5.62 Open before password logbook
Description
This event is activated before the password logbook will be opened.
Wildcard
character
Password Names the password concerned in the workflow.
From user Is replaced by the name of the user that carries out the workflow. The user is identified with
an ID.

2015 MATESO GmbH

Handling

429

Created by Names the user that has created the password.

Originator Names the email address of the creator of the password.
email
Typical use case
A notice that the administrator will be messaged.
8.14.5.63 Before editing password
Description
Action is caused before a passoword can be changed.
Wildcard
character
Password Describes the password concerned in the workflow.
In folder
name
In folder
From user

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
For example in order to protect the changing per several-eyes-principle.
8.14.5.64 Before printing password
Description
This event causes the action before the password is actually printed.
Wildcard
character
In folder
Describes the folder with its name in which the password concerned in the workflow is
name
contained.
In folder
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Before user Describes which user has caused the workflow.
Typical use case
Via yes/no confirmation for example a security query can be realized.
8.14.5.65 Before copying password
Description
This event causes the action before the password is actually copied.
Wildcard
character
Password Describes the password concerned in the workflow.

2015 MATESO GmbH

430

Password Safe and Repository

In folder
name
In folder
From user

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
Via dialogue for example it can be given notice that the rights have to be adapted after copying.
8.14.5.66 Before deleting password
Description
Action is caused before a password is deleted.
Wildcard
character
Password Describes the password concerned in the workflow.
In folder
name
In folder
From user

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
Via yes/no confirmation for example a security query can be realized.
8.14.5.67 Before linking password
Description
This event causes an action before a password is linked with a folder.
Wildcard
character
Password Describes the password concerned in the workflow.
In folder
name
In folder
From user

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail

2015 MATESO GmbH

Handling

431

Typical use case

The user is given notice via dialogue that the originator is informed after removing.
8.14.5.68 Before removing password
Description
Action is caused before the password is actually removed.
Wildcard
character
Password Describes the password which is concerned in the workflow.
In folder
name
In folder

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
From user

Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
Notice per dialogue that the rights change by removing.
8.14.5.69 Before opening password
Description
Event is caused before a password is opened.
Wildcard
character
Password Describes the password concerned in the workflow.
In folder
name
In folder
From user

Describes the folder with its name in which the password concerned in the workflow is
contained.
Describes the folder with an ID in which the password concerned in the workflow is
contained.
Describes which user has caused the workflow.

Created by Describes which user has created the password.

Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
Messaging certain persons via opening a password from a defined folder.
Example
Internal mail messaging to IT director and the managing director if a passoword from the folder online
shops has been opened
2015 MATESO GmbH

432

Password Safe and Repository

8.14.5.70 Before changing password release

Description
Action is caused before changes can be made under the releases of the password.
Wildcard
character
Password Describes the password which is concerned in the workflow.
Before user Describes which user has caused the workflow.
Created by Describes which user has created the password.
Originator e-Gives the e-mail address of the originator of the password.
mail
Typical use case
For example to point our per dialogue that only groups can be authorized.
8.14.5.71 Before showing the passwords
Description
Event is activated before passwords are shown.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
For example in order to protect the showing of the passwords per several-eyes-principle.
8.14.5.72 Before new password
Description
Event is caused before a new password is saved.
Wildcard
character
In folder
Describes the folder with its name in which the password concerned in the workflow is
name
contained.
In folder
Describes the folder with an ID in which the password concerned in the workflow is
contained.
From user Describes which user has caused the workflow.

Typical use case

Per dialogue it can for example be pointed out to an automatic message sending after saving.
8.14.5.73 After copying folder
Description
Activates an action after a folder has been copied.
Wildcard
character
From user Describes which user has caused the workflow.

2015 MATESO GmbH

Handling

433

From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
In folder
Describes the folder with its name in which the password concerned in the workflow is
name
contained.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail

Typical use case

For example in order to open the dialogue on editing rights directly afterwards.
8.14.5.74 After deleting folder
Description
Action is activated after a folder has been deleted.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example in orde to message the administrator per SMTP mail.
8.14.5.75 After copying folder recursively
Description
Activates an action after a folder has been copied recursively.
Wildcard
character
From user -> Describes which user has caused the workflow.
From folder -> Describes the folder with its name from which the passoword is removed.
name
From folder -> Describes the folder with an ID from which the passoword is removed.

2015 MATESO GmbH

434

Password Safe and Repository

In folder
name
In folder
Original
folder name

-> Describes the folder with its name in which the password concerned in the workflow is
contained.
-> Describes the folder with its ID in which the password concerned in the workflow is
contained.
-> Describes the original folder. Recognition of the folder per name.

Origninal
-> Describes the original folder. Recognition of the folder per ID.
folder
Destination -> Describes the destination folder. Recognition of the folder per name.
folder name
Destination -> Describes the destination folder. Recognition of the folder per ID.
folder
Created by -> Describes which user has created the folder.
Originator e--> Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example in order to open the dialogue on editing rights directly afterwards.
8.14.5.76 After redefining folder
Description
An action is activated after a folder has been redefined.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
In folder
Describes the folder with its name in which the password concerned in the workflow is
name
contained.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Per SMTP mail for example a responsible person can be informed.
8.14.5.77 After removing folder
Description
After a folder has been removed to another folder the action is activated.
Wildcard
character
From user Describes which user has caused the workflow.

2015 MATESO GmbH

Handling

From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Destination Describes the destination folder. Recognition of the folder per name.
folder
Destination Describes the destination folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example to let the rights be edited.
8.14.5.78 After opening folder
Description
Event acitvates an action after opening a folder
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
With this for example an information on the folder can be shown per dialogue.
8.14.5.79 After opening folder properties
Description
Event causes an action after opening the properties of a folder.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
2015 MATESO GmbH

435

436

Password Safe and Repository

Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
A dialogue can provide additional information.
8.14.5.80 Before changing folder release
Description
Event is activated after changes have been made among the releases of the folder.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example to inform the administrator per SMTP mail.
8.14.5.81 Open after folder logbook
Description
Is activated after a folder logbook has been opened.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail

2015 MATESO GmbH

Handling

Typical use case

Inform the administrator per message.
8.14.5.82 After new folder
Description
Action is activated after the creation of a new folder.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
Destination Describes the destination folder. Recognition of the folder per name.
folder name
Destination Describes the destination folder. Recognition of the folder per ID.
folder
Typical use case
Let the rights of the folder directly be edited after it has been created.
8.14.5.83 Before copying folder
Description
This event causes the action before a folder is actually copied.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder
mail
.
Typical use case
Via dialogue it can for example be given notice that the rights have to be adapted after copying.
8.14.5.84 Before deleting folder
Description
Action is caused before a folder is deleted.
Wildcard
character
From user Describes which user has caused the workflow.
2015 MATESO GmbH

437

438

Password Safe and Repository

From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder
mail
Typical use case
Via yes/no confirmation for example a security query can be realized.
8.14.5.85 Before copying a folder recursively
Description
This event causes the action before a folder is copied recursively.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder
mail
Typical use case
Via dialogue it can for example be given notice that the rights have to be adapted after the copying.
8.14.5.86 Before redefining folder
Description
Is caused before a changed folder name is saved.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original

Describes the original folder. Recognition of the folder per name.

2015 MATESO GmbH

Handling

folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Via dialogue for example a guidance for giving a name can be shown.
8.14.5.87 Before removing folder
Description
This event is caused before a folder is removed.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Destination Describes the destination folder. Recognition of the folder per name.
folder name
Destination Describes the destination folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Per dialogue it can be given notice that the rights can change by removing.
8.14.5.88 Before opening folder
Description
Action is caused before a folder can be opened.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
2015 MATESO GmbH

439

440

Password Safe and Repository

mail
Typical use case
For example to protect the opening per several-eyes-principle.
8.14.5.89 Before opening folder properties
Description
Action is caused before the properties of a folder can be opened.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
Via enter user password the agreement of a certain user can be made necessary.
8.14.5.90 After changing folder release
Description
Event is activated before changes are made among the releases of the folder.
Wildcard
character
From user Describes which user has caused the workflow.
From folder Describes the folder with its name from which the password is removed.
name
From folder Describes the folder with an ID from which the password is removed.
Original
Describes the original folder. Recognition of the folder per name.
folder name
Original
Describes the original folder. Recognition of the folder per ID.
folder
Created by Describes which user has created the folder.
Originator e-Gives the e-mail address of the originator of the folder.
mail
Typical use case
For example to point out to a message of the administrator per dialogue.

2015 MATESO GmbH

Handling

8.14.5.91 Before new folder

Description
Event is caused before a new folder is saved.
Wildcard
character
From user Describes which user has caused the workflow.
Destination Describes the destination folder. Recognition of the folder per name.
folder name
Destination Describes the destination folder. Recognition of the folder per ID.
folder
Typical use case
Per dialogue it can be for example pointed out to an automatic message sending after saving.
8.14.5.92 After seal messaging
Description
Event is activated after an internal message has been sent due to a change at a seal.
Wildcard
character
From user
From user
e-mail
Seal
description
Title
Message

Describes which user has caused the workflow.

Gives the e-mail address of the user that caused the workflow.
Gives the description of the seal.
Describes the title of the message.
Describes the content of the message.

Typical use case

Per SMTP mail the message can be sent per e-mail.
8.14.5.93 After breaking seal
Description
Event is activated after a seal has been broken.
Wildcard
character
Seal broken Describes the user who broke the seal.
by
Seal
Gives the seal description.
description
Reason
Gives the reason that has been noted at the break of the seal.

Typical use case

Messaging a user per internal mail.

2015 MATESO GmbH

441

442

Password Safe and Repository

8.14.5.94 After user login

Description
Is activated directly after the user login.
Wildcard
character
From user Describes which user has caused the workflow.
Typical use case
Via dialogue a message can be shown to the user.
8.14.5.95 After copying to clipboard
Description
Is activated as soon as data is adapted to the clipboard.
Wildcard
character
Copied field Describes which field has been copied.
Copied valueDescribes the copied value.
From user Describes which user has caused the workflow.
Typical use case
Information of the administrator per SMTP mail.
8.14.5.96 After request of rights
Description
Is activated as soon as a user has requested rights.
Wildcard
character
From user Names the user that has requested a right.
Requested Names the requested right.
right
Typical use case
Pass on the request per email.
8.14.5.97 After remote-desktop-connection
Description
Is activated after a remote-desktop-connection has been set up.
Wildcard character
Host name
-> Gives the host name of the RDP connection.
Server IP
-> Describes the IP of the RDP connection.
Domain
-> Gives the IP address of the RDP connection.
User
-> Describes the user who has opened the RDP connection.
Connection time -> Describes the length of time of the RDP connection.
Typical use case
Via dialogue information on the machine can be made available for the user.

2015 MATESO GmbH

Handling

443

8.14.5.98 After new system message

Description
Is activated after a new system message has been received.
Wildcard
character
User
Describes which user has caused the workflow.
User email Gives the email of the user.
Addressee

Describes the addressee of the mail sent in the workflow.

Mail subject Describes the subject of the mail sent in the workflow.
Mail text
Describes the text of the mail sent in the workflow.
Typical use case
Via yes/no confirmation it can be realized that the user has to confirm the reception of the message.
8.14.5.99 Before disconnecting database connection
Description
Is activated before the connection with the database is actually disconnected.
Wildcard
character
From user Describes which user has caused the workflow.
Database
name

Describes the name of the database.

Typical use case

Security query via yes/no confirmation.
8.14.5.100Before remote-desktop-connection
Description
Is activated before the setup of a remote-desktop-connection.
Wildcard
character
Host name Names the host of the RDP connection.
Server IP
Names the IP of the RDP connection.
Domain
Names the IP address of the RDP connection.
User

Names the user who has opened the RDP connection.

Typical use case

Protection of the RDP connection via the several-eyes-principle.
8.14.5.101Before maximizing from the systemtray
Description
Is activated if Password Safe is maximized from the systemtray.
2015 MATESO GmbH

444

Password Safe and Repository

Wildcard
character
From user Describes which user has caused the workflow.
Database
name

Describes the name of the database.

Typical use case

Password protection by entering a user password. Password Safe can only be minimized again after
being maximized after the user has entered his/her password.
8.14.5.102Before starting the quick access bar
Description
Event is activated before the quick access bar is opened.
Wildcard
character
From user Describes which user has caused the workflow.
Database
name

Describes the name of the database.

Typical use case

Notices for the use per dialogue.
8.14.5.103Before starting quick access
Description
Event is activated before the quick access is opened.
Wildcard
character
From user Describes which user has caused the workflow.
Database
name

Describes the name of the database.

Typical use case

Notices for the use per dialogue.
8.14.5.104Before copying to clipboard
Description
Event is caused before data can be written to the clipboard.
Wildcard
character
Copied field Describes which field has been copied.
Copied valueDescribes the copied value.
From user Describes which user has caused the workflow.
Typical use case

2015 MATESO GmbH

Handling

445

Via enter user password the adoption of data to the clipboard can be secured.
8.14.5.105After managing workflow system
Description
Is activated after closing the workflow system.
Wildcard
character
From user Describes which user has caused the workflow
Typical use case
A note that the workflow system has been edited per SMTP mail to the administrator.
8.14.5.106Before managing workflow system
Description
Is activated before the workflow system opens.
Wildcard
character
From user Describes which user has caused the workflow
Typical use case
Certain persons have to agree for opening the workflow system.
Example
Before opening the workflow system Mr. Anderson and two users from the group IT have to agree
directly at the PC

8.14.6 Workflow actions

8.14.6.1 HTML-WebViewer
This action offers the possibility to export the WebViewer automatically. You can find further information
on the WebViewer under WebViewer. Please notice that this export is carried out on the client and can
take several minutes according to the client.
Export
Enter the folder which you want to export here
filter
Export file Here you can define the memory location

2015 MATESO GmbH

446

Password Safe and Repository

8.14.6.2 System-Task:HTML-WebViewer
The export of the HTML WebViewer can also be carried out as a system task on the server. This does
not cause any load for the client.
Compared to the action HTML WebViewer there is no export filter field here. All data which the user can
access are exported.
In the field export file there is no possibility to choose a folder structure. Here the desired path has to
be entered. Please notice that the task runs on the server and therefore the folder structure is based on
the one of the server. In this example a dynamic path with the wildcard character from user has been
chosen. So every user can carry out the export to his/her personal network share.

2015 MATESO GmbH

Handling

447

8.14.6.3 Dialogue
This action outputs a dialogue. So for example notices or warnings can be output.
Please notice that you can completely lock yourself out of the function or the event if you choose at after
dialogue -> close workflow.
Headline
Message
After
dialogue

2015 MATESO GmbH

Here you assign the title of the dialog box

Here, the message body will be awarded
Here you can decide whether the workflow should stop or continue

448

Password Safe and Repository

In this example the user will be informed that afterwards another workflow will be started, which informs
the administrator on the opening of a password.
8.14.6.4 Yes/No confirmation
Sometimes it is reasonable to ask the user for approval before carrying out an action. This can be simply
realized with this action.
Headline
Question

Type headline here

Here, the question text will be awarded

2015 MATESO GmbH

Handling

449

The user will be shown a window in which he/she will be asked if he/she really intends to open a
password. If the user clicks on "yes" the workflow will be continued and the dataset will be opened. A
click on "no" causes the abort of the workflow.
8.14.6.5 Enter user password
If you want to protect an object with a user password you can realize that with this action. At this the
password does not necessarily have to be from the user logged in, because every user can be chosen.
Differing Here is the title of the login dialog are set
headline
Inquiry for Here you can specify, which user must enter his password
user

2015 MATESO GmbH

450

Password Safe and Repository

If a user wants to open a certain password it is -due to this action- only then possible, if Mr. Anderson
has directly entered his password at the computer.
8.14.6.6 Event seal
This action gives you the possibility to seal all events which are available in the workflow system. Here
the event will be sealed in the moment in which you save the workflow. Here you have got all possibilities
which the seal system offers. If the accordant event is opened again after the breaking of the seal you
have the possibility to delete the broken seal or set it again. You can find further information on that
under seal.
Seal Specify the seal

2015 MATESO GmbH

Handling

451

The event open before logbook has been sealed. That means the user has to break a seal first, before
he/she can open the logbook. If any releases are deposited in the sealing template, they have to be
required in advance. After the seal is broken the user has got exclusive access to the logbook. If the user
closes the logbook and opens it again, he/she gets the possibility to seal it again.
Here you can find an example for the configuration of the seal on a folder: Workflow examples
8.14.6.7 Release system
Another possibility to protect events is the use of release systems. You can choose every release which
has already been created. Then the user has to require and receive the necessary releases before he/
she can carry out the event. You can find further information under Releases
Permission Select the release here

2015 MATESO GmbH

452

Password Safe and Repository

If the user wants to open the logbook he/she has to receive the release from Mr. Anderson first.
8.14.6.8 Four-eyes-principle
Via the four-eyes principle any event can be protected in a way that before carrying out two users have
to enter their key words at the computer.
User
Group 1
Group 1
number of
users
Group 2
Group 2
number of
users

This determines which users must agree

Here, a group can be set from which the user must consent
Here you can specify how many users must agree from Group 1

Here, another group can be set from which the user must consent
Here you can specify how many users must agree from Group 2

2015 MATESO GmbH

Handling

453

This action causes that Mr. Anderson, as well as any two other users from the group "IT" and any user
from the group "It - RDP and licenses" have to enter their passwords directly at the computer.
Note:
When the option "Username must match with Windwos logon name" is activated at a user from the
Active Directory, the user cant grant releases.

8.14.6.9 Enter password

This action is used to determine whether a (previously defined) password needs to be entered.
Title
Here you can define the title of the dialogue window
Header text Here you can define the text for the dialogue window
Password
The password issued here must be entered when the workflow has been triggered
This workflow ensures that a user password can only be changed once a password has been entered

2015 MATESO GmbH

454

Password Safe and Repository

8.14.6.10 Certificate verification

This action can be used to check whether a specific certificate is available and trusted.
Certificate

Select the certificate to be checked here

This workflow ensures that a user login is only possible when a previously defined certificate is available
and trusted.
8.14.6.11 Event viewer
This action enables you to create entries in the Windows event viewer.
Event type
Computer
name
Message

Here you can choose which event should be entered

Define here which event viewer should be entered

Enter the message text here

2015 MATESO GmbH

Handling

8.14.6.12 Internal mail

Of course also internal mails can be sent via the workflow system.
Addressee
Priority
Subject
Message

2015 MATESO GmbH

Here is the recipient of the mail set

You can set the priority of which is displayed in the message

Subject of the message

message

455

456

Password Safe and Repository

This example sends an internal mail to the user Anderson with the priority "middle". The subject is called
"logbook". In the message text the user will be entered.
8.14.6.13 MAPI mail
One possibility to send emails is the action "MAPI mail". Here the standard email program (outlook,
Lotus Notes, Mozilla Thunderbird etc.) as well as a pre-assembled email in it will be opened for the
sending of the email. Therefore this messaging function is "potentially" unsafe, because the user could
stop the sending of the message in the standard email program.
E-Mail:
Address
E-Mail:
Subject
E-Mail:
Message

Enter the recipient's address

Enter the subject
Enter the message

2015 MATESO GmbH

Handling

457

8.14.6.14 Start program

Programs can also be started via the workflow system. For example, for connecting monitoring systems.
Progra Enter the complete path to the program incl. the full name here.
m
Param You can assign parameters to start the program here.
eter

2015 MATESO GmbH

458

Password Safe and Repository

8.14.6.15 SMTP mail

Another possibility to send emails offers the action SMTP mail. Please notice that the sending of the
message is only possible if the computer has an internet connection.
SMTP host
Enter the SMTP server of the return address here
SMTP port
Enter the SMTP port of the return address here
SMTP user name Enter the user name of the return address here
SMTP password Enter the SMTP password of the return address here
SMTP
Choose the authentication method of the return address here
authentication
E-mail:
Enter the return address here
Addresser
E-mail: Address Enter the receiving address here
E-mail: Recipient If the record has been saved with a field named WFEMail, the e-mail will be sent to
from the record the address stored in this field
E-mail: Subject Enter the subject of the email here
E-Mail: Message Enter the message text here

2015 MATESO GmbH

Handling

459

8.14.6.16 System-Task: SMTP Mail

An email can also be sent as a system task from the server. At this the sending of the message is made
via the task service of the Enterprise server. The task will be activated after a configured time, that is
why it is possible that the email gets to the users with a certain delay (task service every 5 min. etc.).
SMTP host
SMTP port

2015 MATESO GmbH

Enter the SMTP server of the return address here

Enter the SMTP port of the return address here

460

Password Safe and Repository

SMTP user
Enter the user name of the return address here
name
SMTP password Enter the SMTP password of the return address here
SMTP
Choose the authentication method of the return address here
authentication
E-mail:
Enter the return address here
Addresser
E-mail: Address Enter the receiving address here
E-mail:
If the record has been saved with a field named WFEMail, the e-mail will be sent to
Recipient from the address stored in this field.
the record
E-mail: Subject Enter the subject of the email here
E-Mail:
Enter the message text here
Message

2015 MATESO GmbH

Handling

8.14.6.17 Start application

Via this action applications can automatically be started
Start
application
for
Application
type
2015 MATESO GmbH

Enter the desired wildcard character here

Choose between automatic, browser and application here

461

462

Password Safe and Repository

In this example the accordant browser application will automatically created after the setup of a new
password.
8.14.6.18 Link application
Via this action applications can automatically be linked.
Password
Application

Here you decide for which passwords the action takes effect.
Select the accordant application here.

2015 MATESO GmbH

Handling

In this example it is automatically linked with an application after the creation of a new password.
8.14.6.19 Dataset seal
This action offers the possibility to set seals automatically
Set seal on
Reason for
seal
Seal
template
On broken
seals

2015 MATESO GmbH

Enter the password that you want to seal up what you

Reason to seal
Choose the seal template

Choose what you want to do with seals which are already broken

463

464

Password Safe and Repository

In this example a new password is automatically sealed according to the selected seal template. Via the
menu item at broken seal it can be defined if a dataset with a broken seal should be sealed again with
the current seal or according to the seal template. There is also the possibility not to carry out any action
at a broken seal (not consider broken seal).

8.14.6.20 Dataset lock

With this action you can automatically lock passwords.
Set lock to

Enter here what you want to lock.

Lock template
Here you can select the lock template you want to use.
At formerly
Define how datasets which already have been locked should be handled.
locked datasets
Locking reason

Enter the reason for the locking.

2015 MATESO GmbH

Handling

465

In this example a new password will automatically be locked with a selected template. Via the menu
item at formerly locked datasets it can be defined if a dataset which already has been locked should
be locked with the current lock or according to the lock template. There is also the possibility to carry out
no action at existing lockings.
8.14.6.21 Predefine password
With this action you have got the possibility to carry out certain settings for new passwords.
Password
Here it is defined that passwords are concerned by the workflow.
Expiration
Enter an expiring date for the new password here.
date
Expiring days If the password should not expire at a date, but after a certain time, you can define that
here.
Tags
Here tags can be stated, which are automatically allocated.
Comment
Here comments can be stated, which are automatically allocated.

2015 MATESO GmbH

466

Password Safe and Repository

Due to this workflow it is realized that all new passwords expire after 5 days. An accordant tag is set
(which relieves the search for these datasets) as well as an entry in the comment field is created.
8.14.6.22 Edit rights
There is also the possibility to open a right dialogue via the workflow system
Open
privilege
dialog for

Here you can specify which rights dialogue should be opened

2015 MATESO GmbH

Handling

467

The example opens the right dialogue password after the setup of a new password
8.14.6.23 Standard browser
This workflow enables you to allocate a standard browser to a password so that the saved website is
always opened in the preselected browser.
Set the
standard
browser to
Browser

This can only be set to the placeholder "password".

Select the desired browser here

This workflow ensures that all new passwords in a certain folder (filter for folder under Conditions)
have Mozilla Firefox allocated as the standard browser.

8.14.7 Workflow examples

For the further description of the workflow system there are several scenarios described here.

2015 MATESO GmbH

468

Password Safe and Repository

Seal all passwords in a folder immediately after new

installation
It is required that all passwords which are started new in the folder "domain passwords" are
automatically sealed. For this you should revert to the seal template "template for domain passwords".
For this the action dataset seal is dragged to the event after new password. The following window
appears:

The wildcard character password is dragged to the field set seal to. This causes the seal to be set on
the password itself.
In the field seal reason the reason for the sealing is described.
Under seal template a seal template created before is selected. To do so click on the seal symbol.
In the next step click on the tab conditions. The following window opens:

2015 MATESO GmbH

Handling

469

Here you drag the wildcard character in folder to the condition field. Via a double click on the condition
"domain passwords" can now be entered. In doing so you decide that the workflow only takes effect at
the desired folder. With a click on save you complete the process.

Internal mail message to IT executive and the managing

director if a password from the folder "online shops" has been
opened
It is required that Mr. Anderson and Mr. Johnson are getting informed after the opening of a password
from a certain folder. The user should be informed about the sending of the message.
Notice:
It is also possible to send emails via SMTP via the server to inform persons about certain persons.
In the workflow system the action internal mail is dragged to the event open before password. The
following window opens:

2015 MATESO GmbH

470

Password Safe and Repository

Via a click on the symbol add user the accordant dialogue is opened in the field addressee and the two
addressees are selected. After defining the message priority you define the subject. Afterwards the
message can be written. In the message field the text is written. The wildcard characters password, in
folder and from user then fill the message with the necessary data. A following click on the tab
conditions opens the following window:

2015 MATESO GmbH

Handling

471

Here the name of the desired folder (here "online shops") is defined as a condition again. Afterwards you
can save the workflow. In order to inform the user about the sending of the message a second workflow
is necessary. To do so drag the action dialogue on the event open before password. In the workflow
system it is described as follows:

However, the window of the action appears before:

2015 MATESO GmbH

472

Password Safe and Repository

Enter the headline and the message text here. In the field after dialogue you choose continue
workflow. Afterwards the condition on the lines of the action internal mail has to be set to "online
shops". After a click on save the workflow is complete.

Before opening "user and group management" a release is

necessary
The user and group management should be protected from unauthorized access by means of a release.
For this a release is started at first. You can find further information on that under releases. Afterwards
the event before opening of the user and group management is linked with the action release
system per Drag and Drop. In the following window you choose the desired release via
. In our
example the workflow has been given a name in the description field.

2015 MATESO GmbH

Handling

473

If the user and group management is now opened the necessary release has to be required first.

Before opening the workflow system Mr. Anderson and two

users from the group IT have to agree directly at the PC
In order to protect the access to the workflow system the action several-eyes principle is dragged to
the event manage before workflow system.

2015 MATESO GmbH

474

Password Safe and Repository

There are several configuration possibilities here. In the field user users can be chosen independently
from their group membership. In this example Mr. Anderson. In the fields group 1 and group2 there
are groups given from which users have to agree. In the fields group 1 number of users and group 2
number of users you define how many users from the accordant group have to agree. In our example
Mr. Anderson as well as any two users from the group IT have to give their approval.
If a user wants to open the workflow system he is shown the following window:

2015 MATESO GmbH

Handling

475

In the left half of the window you can see which users have to agree. The status says how many
releases are still not provided. After Mr. Anderson has entered his password the frame view changes.

In the left half of the window you can wee by the green check mark that the release by Mr. Anderson has
been given. The "0" says that no further releases are missing. After the first user from the group IT has
entered his/her name and password the window looks as follows:

2015 MATESO GmbH

476

Password Safe and Repository

You can see that one release from the group IT is missing. As soon as it is given you can see the
following window:

After a click on Ok the workflow system finally opens.

If you have licensed the module PKI, you can of course also agree per certificate here. With a click on the
appropriate icon you accordingly switch the login mask. Afterwards you can select the certificate.

2015 MATESO GmbH

Handling

477

8.14.8 Attention
Attention!
The structure of the workflow system has consciously been designed preferably open in order to cover
as many use cases as possible. Due to this reams of scenarios can be mapped. However, this causes
that not all possible workflows make sense. Via some combinations you can lock yourself out of some
parts of Password Safe! Therefore please keep in mind before you create a workflow which effects it
will have. We are pleased to offer you courses of instruction in order to get to know the workflow
system better. For this please contact per e-mail: sales@passwordsafe.de

Critical workflows
Before manage workflow with dialogue with option end after workflow
This workflow would avoid the opening of the workflow system!
Before maximizing from the systemtray with dialogue with the option close workflow
Password Safe could no longer be maximized!
After internal mail with the action internal mail with each the same user
This workflow causes an infinite loop which generates an endless amount of messages!
After user login with the aciton several-eyes-principle with only one user being provided for the
consent
The provided user can no longer log in because he/she cannot give himself/herself a consent. Especially
critical in combination with the administrator!

8.15

System tasks
The task system is a service which carries out tasks like sending an e-mail in defined intervals. For this a
task is made available client-sided via the task system, in which the task that has to be carried out is

2015 MATESO GmbH

478

Password Safe and Repository

defined. The server check within the defined intervals if a task is provided by the client and carries it out
afterwards. If a task is created it is carried out with the rights of the task creator.
Preconditions
At least an Enterprise server with configured and active task system.

Notice:
The task service should only be made accessible to administrative users because this system can also
cause damage if it is used wrongly. So with a wrong configuration for example all passwords could be
sealed.

Starting a task
For the configuration of a task open the task system via edit -> manage system tasks. With a click on add
tasks a context menu opens in which the type of the new task can be selected (SMTP mail, WebViewer
export, etc.):

After a task has been selected the task configuration window opens:
General settings

2015 MATESO GmbH

Handling

479

Under the tab general a name of the task as well as a description are configured. Under interval
history it can be reproduced later when the task has been carried out. In the below array you can see
when the next run of the task will be and when the last run took place. At the new start of a task the
current date including the current time is entered for the next run in the overview. That requires that
the task is carried out the first time directly after it has been created.
Interval

2015 MATESO GmbH

480

Password Safe and Repository

Under the tab interval it is defined when the task should be carried out. For this different intervals can
be used and also be combined with each other. With a click on the accordant pushbutton you can add a
new interval. The following window opens in which the settings of the intverval can be set:

2015 MATESO GmbH

Handling

481

Every minute: Here intervals can be configured that run for example every 5 minutes
Hourly: For the configuration of intervals that should be carried out for example every 12 hours
Daily: For intervals that should be carried out for example every 5 days
Weekly: Intervals that run at intervals of one or several weeks. Additionally one or several days can be
stated. An interval can for example be set up, which runs every two weeks always on Monday and
Wednesday
Monthly: Here intervals are defined which run monthly. The individual months can be defined as well as
the days on which the task should run.
End: If this option is activated you can name an end date or end point in time for the task. As soon as
the end date is reached, the task will be deleted from the overview and no longer be carried out.

You can find further information on the intervals at the examples.

Settings
According to the selected type the settings which describe the task in detail can be made here. These are
for example the data for the configuration of the mail server at the task SMTP mail or the storage
location for the WebViewer export. For a more detailed explanation about the individual menus please
refer to the following chapters:
2015 MATESO GmbH

482

Password Safe and Repository

SMTP mail
WebViewer export
Seal
Active Directory synchronization
Lock
You can find configuration possibilities under examples.

Rights
Here it is defined which users or user groups are allowed to manage the task. By default always the
administrator as well as the administrator group is named here:

For adding users or user groups just click on the accordant symbols. A context menu can also be opened
with a click with your right mouse button, which also contains the items add user or groups as well as
delete user or groups.

8.15.1 SMTP mail (reports)

In the task SMTP mail you can find the following menu in the settings:

2015 MATESO GmbH

Handling

483

Host name: Enter the name of the mail server here

Port: Port of the mail server
Sender: E-mail address of the sender
Recipient: E-mail address of the recipient
Authentication: Select standard, none oder SASL here, according to the configuration of your mail
server
User: User with which it should be logged in at the mail server
Password: User password for the login at the mail server
Subject: Subject in the e-mail that should be sent
E-mail: Here you can enter the text of the e-mail that should be sent. Via the pushbutton HTML reports
you can also integrate different reports to the e-mail:

2015 MATESO GmbH

484

Password Safe and Repository

According to the desired report different variables are taken on the e-mail:
Broken seals:
Expired passwords:
Soon expiring passwords:
Password logbook entries:
(example: report for 5 days)
Password logbook entries:
Database overview:
Quality check of passwords:
PoliciesReportHTML}

{Rep:BrockenSealsHTML}
{Rep:ExpiredPasswordsHTML}
{Rep:ExpiresPasswordsHTML}
{Rep:PasswordLogsHTML}5{/Rep:PasswordLogsHTML}
{Rep:PasswordLogsHTML}
{Rep:DatabaseOverviewHTML}
{Rep:PoliciesReportHTML}[1];[2];[3];[4]{/Rep:
The parameters stand here for:
[1] = Folder ID
[2] = Password guideline ID
[3] = Take into account subfolder using the format 1 or 0

(1=Yes, 0=No)
[4] = Also show passwords that correspond to the guidelines?
(Format: 1 for Yes, 0 for No)
The variable can of course also be combined with a free text. You can find further information under the
example examplel SMTP mail.

2015 MATESO GmbH

Handling

485

8.15.2 Sending SMTP messages

This task enables the Password Safe internal messages to be sent by SMPT mail.

In order to setup the sending of internal mails, it is merely necessary to save the following access data
for the mail account:
Host name: Name of the mail server
Port: port used by the mail server
Authentication: Select here (depending on the configuration of the mail server) none, standard or
SASL
Sender: e-mail address of the sender
User: user name of the mail account
Recipient: e-mail address of the recipient for the test mail The actual e-mails are sent to the address
saved for the user.
Password: password for logging into the e-mail account

8.15.3 Sending SMTP tasks

This task enables you to send all tasks which are due but not yet completed to all users who are
authorised for this task.

2015 MATESO GmbH

486

Password Safe and Repository

Um den Versand der internen Nachrichten einzurichten, mssen lediglich die folgenden Zugangsdaten
zum Mail Account hinterlegt werden:
Hostname: Name des Mailservers
Port: verwendeter Port des Mailservers
Authentifikation: Whlen Sie hier (je nach Konfiguration des Mailservers) keine, standard oder
SASL
Absender: Emailadresse des Absenders
Benutzer: Benutzername des Mail Accounts
Empfnger: Emailadresse des Empfngers fr den Testversand. Die eigentlichen Emails werden an die
beim Benutzer hinterlegte Adresse verschickt.
Passwort: Passwort zur Anmeldung am Email Account

8.15.4 Active Directory synchronization

Via the option Active Directory synchronization you have got the possibility to synchronize the current
state of your Active Directories in a cyclical way. So you can carry out the complete user and group
administration via the Active Directory after the connection is set up once. You can find further in
formation in the chapter Active Directory connection.

2015 MATESO GmbH

Handling

487

Precondition for the synchronization of the task system is that accordant profiles have been created in the
user and group management. Just select the profile that should be synchronized here.

8.15.5 Seal
Via the task system you can set seals in defined cycles. It is checked at every run which passwords are
not sealed or which seals are broken, these are then sealed again. The necessary settings are made in
the following window:

2015 MATESO GmbH

488

Password Safe and Repository

After the reason for the seal has been stated you can select a seal template. In the menu item on
broken seals you define what should happen to broken seals. Here ther are three different
possibilities:

2015 MATESO GmbH

Handling

489

Create new seal with the current seal: The broken seal is protected again with the original seal
Create seal with seal template: For the sealing the selected seal template is used
Not consider broken seals: Broken seals are not resealed
In the menu item Reseal broken seals after you define for how long a seal has to be broken at least
before it is resealed. This option avoids that a user breaks a seal and it is set again before he/she had
the possibility to open the password. Please allow for a certain time here (e.g. 60 min).
In the folder filter you define to which folders the task should refer.

8.15.6 Locking
Via this option you can let datasets be locked automatically (in intervals). This makes for example sense
if you want to realize that a dataset is only unlocked for a certain time.

2015 MATESO GmbH

490

Password Safe and Repository

After the reason for the locking has been stated you can select a locking template. Afterwards you define
what happens to datasets which already had a locking:
Lock again with locking template: The datasets are locked with the selected template. No matter
which locking has been used before.
Lock again with recent locking: The datasets are locked the same way they already where locked, no
matter what the template may be.
Not consider formerly locked datasets: There is no locking.
It can also be stated for how long formerly locked datasets should remain unlocked. So you can give
employees that have unlocked a dataset enough time to edit the dataset.
In the folder filter you define in order to conclude, to which folders (possibly including all subfolders)
the task should refer.

8.15.7 WebViewer export

If you use the WebViewer you can let regular exports be created via the task system in order to be able
to always use the latest data. For this the following settings are necessary:

2015 MATESO GmbH

Handling

491

Server path: Here the storage location of the WebViewer as well as the name of the file is stated.
WebViewer password: Give the WebViewer a password here in order to be able to decrypt it later
Repeat: Repeat the WebViewer password here for safety reasons
Notice:
Please consider that the export is carried out by the task service. Therefore choose a server path on
which the server-sided task service has got write rights. Otherwise the file can not be created.

8.15.8 Logbook export

You can also export the logbook via the task system. The export will be saved

2015 MATESO GmbH

492

Password Safe and Repository

It is necessary to enter the following settings:

Server path: Path on the server where the logbook export should be saved
Days: Number of days that must have passed so that the data can be exported (example: 10 days ->
entries that are 10 days or older will be taken into account)
Export entries: Logbook entries based on the set condition will be exported to a CSV file in the stated
folder
Delete entries: Logbook entries based on the set condition will be deleted
The options Export entries and Delete entries are independent of one another. It is also possible to
only delete or only to export. A combination of the two is also possible.

8.15.9 Examples
8.15.9.1 Example task for SMTP mail (expiring passwords)
Scenario:
The administrator needs an e-mail with reports. It should be transmitted which passwords are expired or
which password expire in the next 5 days. The administrator needs this e-mail every Monday at 08:00
o`clock a.m. as well as always on the last day of a month at 04:00 o`clock p.m.
Precondition:
At the server the task system has to be configured and activated.

2015 MATESO GmbH

Handling

493

Configuration:
First of all it is defined which passwords are defined as soon expiring. Under edit -> database
settings the accordant inscription can be made (in this case 5 days):

All other settings are directly made in the task system. This is opened via edit -> manage system
tasks. With a click on add task the context menu is opened in which SMTP mail is selected then. In the
following menu the name of the task as well as a description is stated. The time of the next run is
deliberately not changed. So the task is directly carried out once after the completion.

2015 MATESO GmbH

494

Password Safe and Repository

Under the tab interval now two intervals have to be set up. First of all an interval is started under
"weekly", which runs every Monday at 08:00 o`clock a.m.:

2015 MATESO GmbH

Handling

495

Under the interval preview the next 10 runs are listed. With a click on the calender symbol on the right
side next to the interval preview, a calender opens, which also shows the runs graphically:

2015 MATESO GmbH

496

Password Safe and Repository

In order to send the e-mail additionally on every last day in a month a second interval is necessary. For
this in the menu interval "monthly" is selected first of all. Afterwards all months will be selected under
months while under days only the last one is selected:

2015 MATESO GmbH

Handling

After saving both intervals are shown in the overview:

2015 MATESO GmbH

497

498

Password Safe and Repository

If you now open the task overview all planned runs are displayed graphically. The 31. October as well
as the 30. April are marked in red here. That means that on that day two tasks meet. However, the task
will only be carried out once here.

2015 MATESO GmbH

Handling

499

Now it is switched to the tab settings. Here the parameters of the mail server are entered and the email is issued:

2015 MATESO GmbH

500

Password Safe and Repository

In the tab rights the CEO Mr. Anderson is taken in yet, in order that the task can still be configured if
nobody from the administrator group is on the premises:

2015 MATESO GmbH

Handling

The task is now completed and shown in the menu system task:

2015 MATESO GmbH

501

502

Password Safe and Repository

In the future the administrator receives a e-mail on the desired dates.

8.15.9.2 Example seal

Scenario:
In the folder domain passwords access data for different domains are managed. Since this data is
extremely sensitive it is protected with seals. After a seal has been broken it is urgently necessary that
another authorized colleague can also access the dataset. If it should have been forgotten to reseal a
password it can only be seen by the persoln that has broken the seal. For this reason it should be
checked ever 5 minutes if there are any unsealed passwords or datasets with broken seals in the
aforesaid folder. In order to avoid that a password is resealed before the colleague could open the
password after the the break of seal, it should be configured that only after a seal has been broken for at
least 20 minutes it is resealed. Since two of the datasets were not protected with the seal template, but
with an own seal, broken seals should as well not be sealed with a template but with the current seal.
The configuration of the task should only be carried out by the CEO Mr. Anderson.
Precondition:
At the server the task system has to be configured and activated.
Configuration:
The task system is opened via edit -> manage system tasks. With a click on add task the context
menu is opened in which seal is selected then. In the following menu the name of the task as well as a
description is stated. The time of the next run is deliberately not changed. So the task is directly carried
2015 MATESO GmbH

Handling

out once after the completion.

Under the tab interval it is defined that the run should happen every 5 minutes:

2015 MATESO GmbH

503

504

Password Safe and Repository

The options of the seals are set under the tab settings. First of all the reason for the seal is entered.
Afterwards the seal template is selected. In the menu item on broken seal it is defined that broken
seals can be resealed with the current seal. At reseal broken seals after the required 20 minutes are
set:

2015 MATESO GmbH

Handling

With a click on folder filter the accordant folder is selected:

2015 MATESO GmbH

505

506

Password Safe and Repository

In order to conclude you have to switch to the tab rights, where first of all the user Anderson is added
and afterwards the administrator as well as the administrator group is deleted:

After all settings have been saved the new task will be shown together with the task from the Example
task for SMTP mail (expiring passwords):

2015 MATESO GmbH

Handling

507

In the future it will be checked every 5 minutes if one of the domain passwords has to be sealed. If one
of the passwords should not have a seal yet it will be sealed with the seal template. If the seal of a
password is broken it is checked first of all if the seal has been broken for 2o minutes or longer. In this
case the dataset will be immediately resealed with the current seal. If the seal is not broken for 20
minutes yet the password is not resealed, however, it will be checked again in the next run.

8.16

WebViewer
The Password Safe WebViewer enables to export your database to a highly encrypted HTML file. So you
can access your data reading with another PC or MAC. To do so you only need an up-to-date browser.
You can also use the data on the way on a smartphone or tablet. The HTML file can for example be
made easily accessible via a FTP directory or with Dropbox.
Notice:
Please notice that the relaying of the HTML WebViewer or the encrypted HTML file to a third person is
not permitted. The HTML WebViewer and all other exported data can only be used by the license holder
(the originator).

8.16.1 Preconditions
The WebViewer creates an HTML site, which is encrypted with AES 256 bit. You can provide that HTML
file for example via your webspace, an FTP server or also the free service "dropbox", and you can access
it with a smartphone or a tablet. So you always have your passwords with you. If you should not have a
possibility to provide the file online, you can of course also directly copy it to the mobile device and open
it there directly with the browser.

2015 MATESO GmbH

508

Password Safe and Repository

The decryption is made on-the-fly by the displayed browser. So please keep in mind that the browser
has to support Java-Script. Since the HTML site is decryted directly by the browser it can come to a
performance deficit on mobile devices. Therefore we suggest to export only the datasets which you
actually need on the way.
Of course access is also possible from any PC or MAC via the browser. So you can for example swap out
a part of the database which you use occupationally to your computer at home.

8.16.2 WebViewer export

There are several possibilities to create a WevViewer HTML file.

Export via the export assistant

Via file and HTML WebViewer you open the export assistant

With a click on the folder symbol you define first of all in which storage location and under which name
the WebViewer should be stored. Please notice that you need write rights for the path!

2015 MATESO GmbH

Handling

509

If you want to use the HTML file on a mobile device it is advisable for performance reasons not to export
the complete data stock, but only the necessary datasets. To do so click on export filter in the next
window

2015 MATESO GmbH

510

Password Safe and Repository

After a click on next and afterwards on complete a dialogue appears in which you define the password
with which the export should be encrypted

2015 MATESO GmbH

Handling

511

After a click on next now the WebViewer.html file is created. According to the amount of data this can
take some time. The progress is shown to you with a progress indicator.

Export via the auto backup function

In the database settings (accessible via edit -> database settings) you can automate the
WebViewer export.

2015 MATESO GmbH

512

Password Safe and Repository

Via the marked push-buttons you can activate or deactivate the automatic export. Furthermore you can
define here if you want to be asked for agreement before the automatic export. With a click on the
marked folder symbol you can choose the path under which the HTML file should be saved. Please notice
that you need writing privileges for the path! If you do not want to export the complete database, but
only a part of it, you can create a standard export filter under the tab general:

2015 MATESO GmbH

Handling

513

Via the marked push-button the standard export filter can be activated or deactivated as needed. With a
click on export filter you get to the folder structure, in which you can select or deselect the desired
datasets.

2015 MATESO GmbH

514

Password Safe and Repository

After you have saved the settings an export will be made every time you have logged off the database.

Export via a workflow

There is also the possibility to manage the export via a workflow. You can find information on that under
the following links.
General information on the workflow system: Workflow Management
Information on the export of the WebViewer: Export WebViewer
Information on the export as a system task: Export WebViewer via task

8.16.3 Handling of the WebViewer

Open the WebViewer file at any device via a conventional browser. Now you receive a logon mask.
The database name and the user name will be shown to you.

2015 MATESO GmbH

Handling

515

After you have entered your personal password in the password field you can open the WebViewer file
with a click on login.

2015 MATESO GmbH

516

Password Safe and Repository

In the main window you can see information like the database name, the number of records, the creation
date and the user. Next to the title a timer runs. This timer starts with 60 seconds and counts down to 0.
Afterwards the file will be locked again for safety reasons. After each entry the timer starts again.
It appears a list of all entries. Via the input line, you can filter them. The filter works live. If two or more
characters are entered, all relevant results will be displayed automatically.

2015 MATESO GmbH

Handling

517

In the results list, you can open the record view with a click in the description field. A click in the
password field displays the password. By clicking in the URL field, the appropriate Web page will be
opened.

Dataset view
In the dataset view all fields of the dataset are shown.

2015 MATESO GmbH

518

Password Safe and Repository

Automatic entry
If the relevant Browser Add-on has been installed and activated, the login data will be automatically
entered when a website is called up and Password Safe finds a login mask. One click on the
corresponding button is sufficient to log in.

2015 MATESO GmbH

Handling

8.17

519

Right management

8.17.1 In general
Password Safe has an integrated comprehensive management of privileges including privilege descent.
This works in a similar way as the unblocking of folders in Windows and is therefore very easy and
simple to operate. With the management of privileges you grant a huge group of users access to a
database. Every user is recorded in the database and can own individual privileges.

Preconditions
To be able to use the management of privileges of Password Safe you need a full version of
Password Safe Professional
or
Password Safe Enterprise
Furthermore you have to create a multi user database. This can lie on a network share in the
Professional Edition or can be administrated by the Enterprise Server in the Enterprise Edition.

8.17.2 First steps

Start a new multi user database. You can do this in the Professional Edition directly via the client, by
clicking on the button "set up database" in the login window or via the setup user interface of the
2015 MATESO GmbH

520

Password Safe and Repository

Enterprise Server.
You can find in the chapter "first steps" -> "set up database" how to start a database.

That several users can access the database it has to be filed in a network share.

8.17.3 First login

After starting the database it is available to you for the login. Select the new database from the choice
box and enter your database password.

2015 MATESO GmbH

Handling

521

As soon as you have entered your password and clicked on "Ok" you immediately recognize the
difference compared to a singleuser database without management of privileges. Since the management
of privileges is activated now you receive a second login window after the database login, in which you
have to enter the user and the user password.Hereby you sort of take on a kind of "role" in the database.

Please note that the user name has to be entered with exact spelling also considering the case
sensitivity.
Notice: The initial password of the administrator is "admin". As soon as you have logged in the first time
you have to enter a new safe password for the user "administrator".
Important: In bigger companies it is advisable not to publish the database password. Every user must
login with his/her user account. But since the database is encrypted with the database password it is
not possible to login only with the user password. For this purpose we offer two possibilities of
authentication:
1. Auto login
The auto login is directly set up at the client by the administrator. Thereby the database and the
database password will be saved in the registry in encrypted form. If the user starts PSR he/she will
be connected immediately to the database and the user can only see the user login. The data in the
registry is encrypted with the machine code of the PC and can therefore not be read out or
transmitted to another PC.
The auto login is set up via the menu "file" -> "my profile" -> "set up auto login".

2015 MATESO GmbH

522

Password Safe and Repository

You can find further information on the auto login in the chapter "auto login".
2. Plugin for authentication:
Via our plugin port basically every authentication method can be tied up. Examples are the USB
token, or Smartcards or also biometry hardware like fingerprint scanners and employee identification
badges. We currently offer a plugin for a standard USB stick for the demonstration. The advantage is
that you do not have to hand out the database password to the user. The user logs in by plugging in
the USB stick to a not used USB port. The user then only has to login at the database with his/her
user name and the accordant password. The USB stick can be additionally saved with a PIN that it
can not be misused at a loss.
Currently available plugins:
- Standard USB stick
- PKCS#11 (Tokens, Smartcards, and many more with PKCS#11 port)
- Password Key USB key (only for Version 4 with Windows XP, the development has been stopped for
lack of Vista support)
Further plugins for USB tokens, Smartcards, biometry hardware and employee identification badges
will follow in the next months and years.
You can find further information on plugins in the chapter "plugins".
3. Modul Network Logon
The Professional and the Enterprise Version can be extended by the network logon with this modul.
The login can optionally be made via the network and therefore no password for the login has to be
entered. The modul has to be purchased once for a licence file and then applies to all clients that
login to this licence file.
Administrate the login for your clients centrally on your server. If the management of privilege is
2015 MATESO GmbH

Handling

523

activated the user only has to login with his/her own login data. Therefore you no longer have to hand
out the password of the database to your users. The modul is a cheap alternative to hardware
authentication like for example USB tokens.
Licence info: The modul has to be purchased once for a licence file and then applies to all clients that
login to the licence file. The modul is (if licensed) only usable in the full version, in the demo version
the modul is deactivated and can not be set up.
You can find further information on the modul "Network Logon" in the chapter "Network Logon".

First login via the management of privileges

After you have logged in the database at the first login the administrator account appears. You can set up
further users later on via "administrate users and groups". The administrator account has "admin" as
initial password. Now enter the initial password "admin" and confirm with "OK". Afterwards you will be
required to set a new password for the administrator account. Choose a meaningful and good password
nobody can guess easily. Here the database password guidelines directly take effect, which you can
define under the menu "edit" -> "database settings" -> "password". You can also receive tips for
safe passwords via the password analysis in the password generator.

8.17.4 User and group management

You are now logged in at Password Safe and have a blank database. Via the menu edit -> manage
users and groups you open the administration console for the user accounts. This menu item is
available if you have also started a multiuser database and have accordant rights for the management of
users and groups.

2015 MATESO GmbH

524

Password Safe and Repository

In the left array you can select the user or groups and in the right array you can edit them. Use the right
mouse button, like usual under Windows, to edit or reset entries.
Icons in the toolbar
Opens the search bar. The search bar works the same way in all arrays.
Adds a new user (or with groups a new group)
Edits the user selected in the list

2015 MATESO GmbH

Handling

525

Locks or unlocks the selected users from the list

Deletes the selected user from the list
Changes the list outlook (big symbols, small symbols, list outlook, detail list and card outlook)
Active Directory Import (You can find further information in the chapter "Active Directory Connection")
Via this the current view can be printed. In the context menu there is the option print list, which
gives a short overview. Via print extensive list all information, like for example the rights of the users,
is given.
8.17.4.1 Setup of groups and user accounts
There are several possibilities to start users and groups. You can either start your user and group
structure manually or you import it from the Active Directory, or a group and user structure from any
Windows server. You can find more about the issue of Active Directory in the chapter Active Directory
connection. In the following we describe the manual creation of users and groups.
At the manual creation of groups and users you should first of all think about the basic structure of your
company. It makes sense and is more easy to manage afterwards, if you put your users into groups.
Example for a simple group structure:
Administrators (this group always exists and can not be deleted)
- Administrator
Managing director
- Thomas Anderson (CEO)
IT
- Adrian Moore
- Emma Jones
- Noah Johnson
- David Smith
Sales
- Benjamin Taylor
It is up to you in which order you create groups and users. You can link groups and users in both
directions. In the example we start the groups first. Click on groups in the right management in the left
column. Afterwards you can add groups in the right side via the toolbar or the context menu.

2015 MATESO GmbH

526

Password Safe and Repository

Enter a group name and a description afterwards.

2015 MATESO GmbH

Handling

527

On the tab members members can be directly assigned to this group. Since we set up the groups first
we directly assign the group to the accordant user later.
If now all groups are started now the users have to be added.

2015 MATESO GmbH

528

Password Safe and Repository

Now start all users and define the basic rights. According to your management or group structure you
can also start the groups before.

2015 MATESO GmbH

Handling

529

Enter the user name and all other required data in the tab general. At this the user name is the login
name and the displayed name in the whole system. At new users it makes sense to set an initial
password and set the check mark at user has to change keyword at the next login. So the user is
forced to give away a new safe password at the first login.

Define password
In order that a user can log in you have to allocate the user an initial password. This is possible via the
context menu in the user list. Select one or several users and choose "define password" in the context
menu. Then enter a safe password in the password assistant and follow the instructions of the assistant.
8.17.4.2 General settings for the user account
Change password at the next login
If you activate this option the user will be directly asked to create a new, safe password, according to the
database password guidelines set by you. If the user does not create a new password the login process
will be aborted.
User can not change password
If you activate this option the user can not change his/her password himself/herself. The login password
can normally be changed in the main window, in the menu file -> my profile -> change my
password.
Account is deactivated /locked
If you activate this option the user can no longer log on at the database. This is also displayed visually in
the login window and in the search list.
User password never expires
If you activate this option the user will never be asked to change his/her password after a certain time.
Password expires after a specified number of days
You can specify here how many days the password remains valid.
Deactivate account after a specified number of days without logging in
This option enables you to automatically deactivate an account if the user has not logged in for a
specified number of days.
Deactivate account on a specified date
This option can also be used to automatically deactivate a user account. However, a fixed date is
specified in this option.
Only allow logging in with a certificate
If this option has been activated, the user can only log in using a certificate. The alternative process for
logging in using a password is deactivated. Please note here that it is necessary for the PKI module to be
licensed for logging in with a certificate.
8.17.4.3 Membership to a group
On the tab membership you can assign the user to the previously created groups.

2015 MATESO GmbH

530

Password Safe and Repository

Click on add to assign the user to one or several groups. You can also mark several groups and assign
them per multiple choice.
8.17.4.4 Define general basic rights of the user
On the tab rights you can define basic rights of the user. These rights are overall-data and are therefore
directly configured at the user.

2015 MATESO GmbH

Handling

531

User can change database settings

With this you can forbid or allow that the user can do settings at the database. The database settings
affect all users.
User can manage users and groups (rights)
With this you can forbid or allow that the user can call up the right management and make changes at
user accounts.
User can change main password
With this you can forbid or allow that the user can change the main password of the database.
User can export backup
With this you can forbid or allow that the user can export data.
User can import backup
With this you can forbid or allow that the user can import data.
User can manage logbook
With this you can forbid or allow that the user can manage the logbook.
User can copy database
With this you can forbid or allow that the user can copy the database via the menu item "copy
database" to a data carrier or USB stick.
User can change database password guidelines
With this you can forbid or allow that the user can change the password guidelines of the database.
User can change seal messages
With this you can forbid or allow that the user can change the messaging options for seals.
User can manage autobackup
With this you can forbid or allow that the user can change the autobackup functions.
2015 MATESO GmbH

532

Password Safe and Repository

User can manage applications

With this you can forbid or allow that the user can manage applications.
User can manage forms
With this you can forbid or allow that the user can manage forms.
User can manage labels
With this you can forbid or allow that the user can manage labels.
User can set up USB stick
With this you can forbid or allow that the user can set up a USB stick via the menu "set up USB stick".
User can configure autologin
With this you can forbid or allow that the user can configure the autologin for the automated login at
Password Safe.
User can build up remote desktop connection
With this you can forbid or allow that the user can use the remote desktop connection out of Password
Safe.
User can manage active user list
With this you can forbid or allow that the user can manage the active user list.
User can export datasets to the list (XML data exchange)
With this users can export datasets from the list (XML file).
User can import datasets to the list (XML data exchange)
With this users can import datasets to the list (XML file).
User can use database offline
With this you can forbid or allow to create offline copies of the database
User can choose between private and public datasets
With this you can forbid or allow to create datasets which can only be seen and used by the individual
user.
User can manage workflow
With this you can forbid or allow to manage the workflow system.
User can manage release system
With this you can forbid or allow to manage the release system.
User can export HTML webviewer
With this you can forbid or allow to carry out the webviewer.
User can manage sealing templates
With this you can forbid or allow that the user can manage sealing templates.
User can capture new passwords via browser addon`s
With this you can forbid or allow that the user can start datasets in Password Safe via the browser
addon`s.
User can manage system task`s
With this you can forbid or allow that the user can start or edit system tasks.
User can use reports
With this you can forbid or allow that the user can create reports.
User can synchronize with mobile devices
With this you can forbid or allow that the user can adjust the database with the database on his/her
smartphone.
User can synchronize with mobile devices per file
With this you can forbid or allow that the user can adjust the database with the database on his/her
smartphone via Dropbox or the iCloud.
User can manage locking templates
With this you can forbid or allow that the user can start or edit locking templates.
User can manage password guidelines
With this you can forbid or allow that the user can start or edit password guidelines.
User may access vie WebAccess
With this you can allow to use the WebAccess. (Module with costs)

2015 MATESO GmbH

Handling

533

Changing rights for several users:

Rights can also be used for several users. Mark the accordant user in the manage users and groups
dialogue. Select the option change user rights in the context menu right click on marked user.
Afterwards the right dialogue opens, in which the rights can be selected. This also takes effect in the
groups. So you can for example give certain rights to all members in a group.

8.17.4.5 Group rights

In order to transfer the rights comfortably to the individual users, there is the possibility to define group
rights.
The individual members of a group get the group rights according to the following rules:
- For restrictive users only directly configured rights take effect.
- Directly configured user rights and group rights are combined.
- Single rights can not be taken away via the groups. If a user should have more rights than the group,
this has to be configured directly at the user.
8.17.4.6 Active Directory
On the tab Active Directory you can allow the authentication via Active Directory (AD). So the user can
log in with his/her password from the AD at Password Safe. If additionally the automatic login is
activated the login at the database is directly carried out with the AD user. Therefore a password entry is
not necessary. This option should only be activated in trustworthy environments. Furthermore you can
define if the login is only possible if the Windows login name accords with the user name in %
PASSWORD_SAFE%>. For example a user change is only possible if the user logs on at Windows as a
different user.

2015 MATESO GmbH

534

Password Safe and Repository

Delete Active Directory identification:

The link of the user with the Active Directory can be deleted with the button delete Active Directory
identification. Afterwards the user acts as a normal Password Safe user. At a new import the allocation
can be recreated (with the user name). More information under Active Directory - settings.
8.17.4.7 Restrictive users
Restrictive users are restricted users who can only manage the "rights and releases". Here you can get
to know more about the general information/proceeding of the restrictive user.
Notice:
The restrictive user can not manage himself/herself. On option it can also only be managed by certain
users/groups.
The restrictive user has got only access to the data to which he/she also has got access according to
"rights and releases". We suggest to add the user to the group "administrators", so he/she has got the
necessary access rights to manage the releases. Alternatively you can also authorize the user manually
for folders and datasets. Its not possible to entail rights to an restrictive user.

2015 MATESO GmbH

Handling

535

Restrictive user (does not see protected data)

If this opton is activated, the user is a "restrictive user". This option can be deactivated and activated.
User can start new users
When activating this option the user can start new users and furthermore has got access to the Active
Directory port (Active Directory is only available in the Enterprise Edtition)
User can edit existing users
Existing users can be edited here, for example group memberships.
User can reset user passwords
This option authorizes the restrictive user to reset user passwords.
User can reset administrator passwords
If this option is activated the user can change the administrator password.
User can change user rights
When activating this option the restrictive user can manage and change the rights of other users.
Only certain users/groups can manage this user
This option decides who is allowed to manage the restrictive user. These can be individual users or
groups.

2015 MATESO GmbH

536

Password Safe and Repository

8.17.4.8 Miscellaneous
On the tab "miscellaneous" you can find information when the user has been created or changed and
who did it. Furthermore you can see when the user has logged in the last time and from which IP
address the login was made.

8.17.5 Manage permissions and rights

After you have created and allocated all groups and users you can now assign them to the categories
and records (e.g. passwords) and issue unlockings. Unlockings and rights are available in all arrays of
Password Safe (folders, passwords, TAN management, tasks, messages, documents).

Create a new folder or use an already existing folder. In the example we use the folder "Internet". Click
on the folder with your right mouse button and choose the menu item "sharing and security" in the
context menu.

2015 MATESO GmbH

Handling

537

Now you see the tab "Permission" with the dedicated users and groups in the upper array and the
dedicated permissions in the below array.
The account "administrator" and the group "administrators" is assigned by default to every record. Those
can not be deleted for safety reasons because the administrator must have permanent access to all
records to exclude the possibility that passwords are no longer dedicated to anybody and therefore get
lost..
Click on a user or a group, so you can see the dedicated rights. The rights apply to the displayed folder
"Internet".
Via the button "Add" you can allocate further groups or also single users and give away individual rights
on this folder.

2015 MATESO GmbH

538

Password Safe and Repository

Via the buttons in the toolbar you can switch between groups and users. A search within these groups
and users is also possible. Highlight individual or several objects for the multiple selection to quickly
allocate several groups or users.

2015 MATESO GmbH

Handling

539

If you added a group or a user click on it in the list to set the permissions in the below array.

At a newly allocated group there are no permissions assigned as a start. Now enter the rights for this
group.

2015 MATESO GmbH

540

Password Safe and Repository

Therefore you can assign individual rights to every group and every user. Even if a user is part of a group
but should even so have individual rights compared to the others in the group, you can add the user and
allocate these individual rights which then take precedence over the group rights.
The same possibility of privilege allocation you also have at the password records itself. Just click on the
record in the password list with your right mouse button and choose "unlockings and rights". Then
again these settings take precedence over the ones of the folder.
To save the changes click on the button "OK"
8.17.5.1 Inheritance of rights

Inheritance of rights
One of the outstanding functions of the right management is the inheritance of rights. With this you can
define privileges for a superior folder and alienate them to all sub folders and records. So you can save a
lot of time because not every folder and every record has to be changed manually if the structure of
rights changes.
If you start a new record (e.g. a password) in a folder the rights of the folder will be automatically passed
on to the record. Therefore no new allocation has to be made, except you intend individual settings for
this new record.

2015 MATESO GmbH

Handling

541

After you have added groups or users or changed a right when clicking on "Ok" the dialogue for the
inheritance of rights appears automatically.

Now choose one of the following opportunities:

Not alienate rights
All permissions and rights will not be passed on, therefore they only apply to the current folder.
Pass on rights to subordinate objects, hitherto existing rights will completely drop away
All permissions and rights will be passed on. However before the inheritance all individual permissions
and rights of the subordinated objects will be deleted so that only the setting applies that you have just
carried out for the folder.
Pass on rights to subordinated objects, not available permissions and changes will be passed
on, no groups or users will be deleted.
All changes of permissions and rights will be passed on to the subordinated objects. Not available rights
will also be passed on. But individual settings of the subordinated objects remain preserved (e.g. if
further users exist in a subordinated folder or record). No users or groups will be deleted. If you have
deleted permissions you have to do it separately for the subordinated objects or choose the second
option.
Which kind of inheritance of rights makes suggestive and should be used?
This very much depends on what your intentions are. The most secure option is the third one. So
individual rights of subordinated folders and records definitely remain preserved. If you do not know how
your colleagues have managed the subordinated data you can not pass on the rights.
Deactivate inheritance of rights
The inheritance of rights can be deactivated globally or per folder. At this however only the manual
descent will be deactivated after the change of permissions. But if you start a new record in a folder still
the rights of the folder will be passed on to the record.

2015 MATESO GmbH

542

Password Safe and Repository

8.17.5.2 Ask for rights

If a user has got no rights to a certain array he/she receives a notice. The user has got the possibility
here to directly ask for the rights. Then the administrator or the owner of the rights receives a task, so
he/she can decide if he/she grants the user the accordant right.

Require rights
Here it is detected who can grant access to the desired dataset or the authorization. All groups/users
who are responsible for this, will be messaged per task.
Notify administrator
The administrator receives the task, to grant the required right.
If it is a dataset that should be released the administrator can directly give the releases for this dataset
via the received task, by clicking on the pushbutton edit within the task. The administrator can also
reject the request using the relevant button. The user will be informed in this case.
8.17.5.3 Right templates
Via the administration of right templates you can define how rights can be given to datasets and folder by
default. At this you can also distinguish between root rights and normal dataset rights. the configuration
is carried out via the database settings.

2015 MATESO GmbH

Handling

543

Users can require missing rights

If this setting is activated, missing rights can be requested by the user. See Manage releases and rights.
Administrator and administrator group can be deleted in the releases
Furthermore it is necessary to completely delete the administrator and the administrator group from the
release. So completely private passwords/datasets are possible. The administrator therefore has no
longer access. Please also consider that without administrator in a release, no logbook entries can be
written for that dataset.
Inherit changes of releases to subordinated folders and datasets
When this setting is deactivated, the question about the inheritance is no longer displayed and changes at
releases are no longer inherited to subordinated folders and datasets. The automatic inheritance to a
new dataset is not concerned by this and still happens.
Template for root folder
Is necessary to define the folder rights in the root (highest level for folders). If here no template is
deposited, every user in the root can start a folder. All folders that are saved in the root directory will
also receive the rights in the right template.

2015 MATESO GmbH

544

Password Safe and Repository

Template for datasets

This template is only valid, if no inheritance of rights to the dataset is carried out. As an example we can
name the bank here, because it is not assigned to any folder, but exists overall. Here this template takes
effect. If no template is deposited, also the administrator and the administrator group is also added
beside the user that has got full access to the created dataset.
System messages
Define the addressee for the system messages here. If the field is blank, the messages are sent to the
administrator
The configuration in the database settings is only available if the user has got the right "...can manage
users and groups". Basically it makes sense to only make this right available to the administrator.
Furthermore you can also save right templates and that way use it easily for further datasets. Extensive
releases can that way be easily assigned to different folders and datasets.

For this you set the releases as desired and then click on templates -> save. A new window opens in
which you can enter a name and a description for the new template. On the second tab release already
all releases are adopted, if you do not want to change anything you can now save the template.

2015 MATESO GmbH

Handling

545

If you now want to adopt the template to another folder or dataset, select templates -> load in it. Now
you receive a selection of all templates and can load the template with a double click on the accordant
entry. All existing releases are overwritten in doing so.

2015 MATESO GmbH

546

Password Safe and Repository

8.17.5.4 Right templates for private folders and datasets

If you do not want the administrator to see personal passwords of an employee, you can also use a right
template on a folder. At this all newly created folders and datasets are created exactly with this right
template. You only have to delete the administrator in the right template and therefore only give the user
the accordant rights for his folder and his datasets.
You can deposit this in the folder properties in the tab extended.

2015 MATESO GmbH

Handling

547

As soon as a right template for the folder is active only these rights from the right template are valid for
subordinated new folders and datasets. Even an administrator could not add any datasets here if he/she
is not contained in the right template.
8.17.5.5 Private and public datasets and documents (user choice)
With Password Safe you can also allow your users easily create personal passwords and documents. The
user can decide if the newly created password is only accessible for himself/herself, or if it is a public
password and therefore the normal folder inheritance of rights takes effect. It is the same with adopted
documents.
How to activate personal passwords:
Go to the database settings -> right management.
Activate the option users can choose between private and public datasets.
Go to the right management and assign to all or only to certain users the right user can choose
between private and public datasets.
Go to the folder properties in which you want private datasets or documents to be allowed and select
one of the three options under private and public datasets.
If now a user starts a new password in that folder or adopts a document he/she is asked at saving,
according to the setting, if he/she wants to start a private or a public password.

2015 MATESO GmbH

548

Password Safe and Repository

8.17.6 Information on datasets

Via the properties of a folder or a record (e.g. password) you can see who started the record, who
changed it recently or who has seen it the last time.

2015 MATESO GmbH

Handling

549

8.17.7 User login

If the user now logs on he/she only sees the categories and records for which he/she has a permission
and rights.

The user logs on with his/her name and his/her password. When the user logs on the first time he/she
2015 MATESO GmbH

550

Password Safe and Repository

may has to arrange a new password for the login.

If the user has no rights for the right management he/she can make no changes in permissions or rights.
If a user starts a password in a folder himself/herself, he/she is registered as the owner of that record
and can manage the permissions and rights for his/her record himself/herself. The same also applies to
the capture of categories. The user will be set up automatically with full access for his/her own record.
If a user can see no data at all after the login, neither folders nor records you have not given the
accordant folder rights to that user. In order that a subordinated folder is being displayed you have to give
at least the right to read on the superior folder, otherwise the folder structure can not build up.

8.17.8 Blocking of a user

If you want to deny access to the database to a user temporarily you can lock him/her in the user
management. Locked users receive a own icon, so you can immediately recognize at the icon if a user
is locked or not. The blocking of a user is also suggestive if he/her is for example not longer in your
company. So you still have the possibility to see what that user has done recently.

8.17.9 Delete a user

You can delete a user at any time via the user management. However in most cases it is better to
simply lock the user. So he/she can no longer log in the database, but you have got all information on
the user and his/her activities in the database.

2015 MATESO GmbH

Handling

551

8.17.10 Licensing
For every user a licence of the software is required. The number of licenses also defines the number of
users you can apply for the right management as well as the number of simultaneously logged on users.

8.17.11 Restricitve users

In Password Safe users can be configured as so called "restrictive" users. Restrictive users can not see
protected data (e.g. passwords) and not manage/edit them. Also functions like the automatic password
entry, hotkey`s or for example the detail array are deactivated. The restrictive users can only build up
structures and manage "rights and permissions".
Example of use:
The restrictive user can for example be used as a revision user because he/she can not read out
protected data. According to the configuration of rights some "restricted" users can be created, according
to the use case.
Which functions are available to the restrictive user:
Managing of "sharing and security" of all records (according to the configuration of rights)
Starting and managing new folder structures
Task and message management system

According to the configuration the restrictive user can be given certain rights. For the
restrictive user we suggest the following rights:
User may change the database settings
User may manage users and groups (rights) (suggested)
User may change the main password
User may change the PUK
User may export backups
User may import backups
User may manage the logbook (suggested)
User may copy databases
User may change the database password rules
User may change the seal notifications
User may manage the Auto Backup feature
User may manage applications
User may manage forms
User may manage label
User may use the USB-Stick feature
User may manage the Auto-Login function
User may use the Remote Desktop connection
User may manage the active user list
User may export records in list (XML data exchange)
User may import records in list (XML data exchange)
Several restrictive users can be created with different rights to map different scenario of the revision.

Cofiguration:
You can get information on the configuration of the restrictive user under "Manage users and groups".
Rights:
In order that the restrictive user can manage the rights he/she has to own the right "Manage
2015 MATESO GmbH

552

Password Safe and Repository

permissions". We suggest to include the restrictive user to the group "administrators". Hereby the
restrictive user automatically has the right to manage permissions. Alternatively you can also carry out
the giving away of rights manually.

8.18

Active Directory connection

By means of the Active Directory connection which is available to you from the Enterprise Edition on you
can take over available users and groups from your existing Active Directory hierarchy and import them
to Password Safe. Hereby the users and/or groups will be imported to Password Safe and can be used
afterwards for the giving away of rights and for the authentication/login at Password Safe. According to
the configuration a login at Password Safe via Windows login is also possible (automated or manually).
It is even possible to build up the connection with several Active Directories as long as the domains have
a position of trust among each other.

Tip:
Create own groups for Password Safe in your Active Directory, which you then import and synchronize.
You can then use these groups for the giving away of rights within Password Safe.
You can of course also combine groups created in Password Safe with groups from the Active Directory.
If a Password Safe group is defined as a member from an Active Directory group, this link will be deleted
at the next synchronization of the accordant Active Directory group. If, however, an Active Directory
group is in a Password Safe group, the link remains.
In order to configure the Active Directory connection, open the right management first (edit -> user
and group management). In the right management a click on
is enough to call up the Active
Directory menu, or rather to read out the Active Directory.

Quick Start Guide:

Configuration of the "Active Directory settings" LDAP or Native access
Read out Active Directory (user or groups, Active Directory complete)
Choose user via Drag and Drop or the arrow keys and file on the Password Safe page, or rather drag
on the other page
Confirm with OK to import the users and groups
Attention!
If an Active Directory is removed to another domain you necessarily have to make sure that the SIDs of
the individual users are adapted! Otherwise the users can no longer be identified by Password Safe.
Attention!

2015 MATESO GmbH

Handling

553

In order that the users from the Active Directory can log in it is also necessary to enter the domain at
the Enterprise server under the safety parameters.

8.18.1 Settings
You can directly open the Active Directory settings in the right management dialogue. If you use the
Active Directory Integration for the first time you will be automatically directed to the configuration.

Active Directory access - LDAP

Enter all necessary information in the LDAP settings dialogue, so that a connection can be set up. With
the connection test button you can check if the entered parameters are correct. The settings can only be
saved if the connection test could be made successfully. Afterwards you can import the users and groups
from the Active Directory.
For this you can start accordant profiles for the different domains and therefore comfortably display a
multi domain structure in
Password Safe.
Thes profiles enable you to choose the different Active Directories per click and to synchronise.

Notice:
If possible take a user as an Active Directory user who has a password that never expires.

2015 MATESO GmbH

554

Password Safe and Repository

Profile name: Here you give away the name for the new profile
User name: Enter a user here who has got the necessary rights on the Active Directory in the domain
Password: Here the password is entered with which the user logs on the domain
Domain: Enter the domain here from which you want ot read out the Active Directory
Add new profile
Delete profile
Carry out access check

Active Directory settings

Disable new users automatically at synchronization:

2015 MATESO GmbH

Handling

555

This option effects that all new users are directly deactivated. With this option you can unhurriedly edit all
new users and only activate them when they are completely configured.
Disable LDAP users and groups, which are not marked as synchronization able:
All users and groups that are eliminated from the synchronisation in the menu item Readout Active
Directory are deactivated.
Run LDAP search directly:
Hides in the menu Read out Active Directory the tree structure and shows the search results directly.
This setting is recommended, if there are groups or organizational units with more than 1000 elements
in the Active Directory.
Activate automatic user login:
The activating of the automatic user login causes that the users with the Windows user name will be
validated and through this will be automatically logged in at Password Safe. Therefore it is not necessary
to enter the user data manually. Please notice that under every Windows user account the automatic
user login can only be created once. You can find further information on the automatic login and its
configuration in the chapter user login.
Username must match with Windows logon name:
If this option is set, it will be assigned to all newly imported users. Then a user can only log in Password
Safe when he is logged on at the operating system.
Synchronisations logbook:
Here the logbook of the Active Directory synchronisation can be called up.

2015 MATESO GmbH

556

Password Safe and Repository

8.18.2 Readout/import users and groups

After the configuration of the port you can read out the Active Directory and afterswards select the users
and groups that you want to import.

Readout Active Directory

By means of the LDAP access you can readout the whole structure and mark (tick off) the requested
elements for the import in Password Safe. For this first of all select the desired profile (in this example
domain two). Now the complete Active Directory structure will be shown:

2015 MATESO GmbH

Handling

557

Logic and choice of the single elements

If an element is marked (ticked off) in the Active Directory overview without have been opened or
expanded before, all contained subelements in it will be automatically marked for import. As soon as an
element is opened the check marks of all sub elements will be deleted. Therefore you can mark the
desired elements for the import manually. This could look for example like this:
This marking shows that the accordant element and - if they exist - subelements are synchronized. If
this element is a group or organisational unit new elements are automatically started in Password Safe.
This marking can only stand before organisational units or groups and says that the accordant
element and some of the subelements are marked. Marked elements are synchronized and new ones are
automatically added.
This marking only exists before organisational units or groups. It shows that the element itself is not
synchronized but contains elements which are synchronized. New elements are not automatically
added.
If you want to change a marking click on the accordant element. Please notice that by changing a
marking the markings of inferior or superior elements are automatically adapted. If you want to select or
deselect all subelements of a organisational unit or a group you can call up the context menu with a click
with your right mouse button on the accordant element:

Examples for the selection of different elements

With this selection the organisational unit "California" including all contained users and groups is read in.
The organisational unit "USA" is not imported. In the future all elements which are new in "California",
"PSR_Admins_CA" or "PSR_Sales_CA" are also imported to Password Safe with synchronization.

2015 MATESO GmbH

558

Password Safe and Repository

At this selection the organisational unit "USA" is not imported. The organistational unit "Texas" as well as
all contained groups and all users, except "Julia Wirth" are synchronized. Furthermore new users in the
organisational unit "Texas", as well as in the groups "PSR_Sales_TX" and "PSR_Admins_TX" are
automatically started in Password Safe.

Via this selection the organisational unit "USA" as well as the organisational unit "California" and all users
except "Phil Rudd" are imported. Since "Phil Rudd" should also not be imported in synchronization runs in
the future the pushbutton before the group "PSR_Sales_CA" is marked grey. Therefore new elements
are not started in the group "PSR_Sales_CA", however, existing ones are synchronized.

Active Directory search

By means of the search you can directly search for users or groups. In the LDAP search you can also
search for parts of an object name. Wildcards like "*" are not necessary here:

2015 MATESO GmbH

Handling

559

All datasets which contain the searched string are displayed in the search result list. With a single click
on the accordant element it is called up or selected in the tree structure. Afterwards the element can be
marked for import there. A click on "Brian Johnson" shows for example the following result:

2015 MATESO GmbH

560

Password Safe and Repository

In the tree structure you can directly mark the elements for synchronization. Furthermore you can search
for different elements in several search runs, mark them accordingly and in order to conclude import
together with OK.
Notice:
At the first readout of an update to version 6.3 it can happen that all elements appear unmarked at
first. In this case the tree structure only has to be opened once.

Direct LDAP search

If the option Run LDAP search directly is enabled in the Active Directory Settings, the tree structure
wont be displayed. The search results will be shown at the upper area. The elements can be marked to
2015 MATESO GmbH

Handling

561

import here. This art of search is recommended for large active directorys.

8.18.3 Active Directory synchronisation

By means of the Active Directory synchronisation you can synchronise already existing users and groups
which have already been imported from the Active Directory. All users, groups and organizational units
which have been marked in the dialogue read out Active Directory are synchronized. The synchronisation
is either carried out manually or automated.

Manual synchronisation
In order to synchronise the data with the Active Directory manually, just open users and groups
managing dialogue. You can call up and carry out the synchronisation via the context menu. You can also
carry out the synchronisation in the read out Active Directory dialogue. To do so click on the button
2015 MATESO GmbH

562

Password Safe and Repository

OK in the below array.

If you have got several domains linked, of course all ofthem will be synchronised.

Automatic synchronisation
A fully automated synchronisation is possible via the task system. The task system is a service that
carries out tasks in defined time intervals. For this a task is provided from client by the task system, in
which the task that should be attended is defined. The server checks within the defined time intervals if a
task has been provided and then carries it out. You can find further information on the task system and
its configuration in the chapter system tasks.
Start a new task for the synchronisation:

2015 MATESO GmbH

Handling

563

Here you can give the task a name and a description. At an active task you can see all synchronisations
that have been made so far in the interval history. Since the task is just created in this case, the column
is blank. In the overview you can see when the next run should happen and when the last run happend.
In the tab Interval it is defined when and in which time intervals it should be synchronised. You can find
information on this at the system tasks.
Under the tab settings you define which profile should be synchronised. In this example the profile
One is chosen:

2015 MATESO GmbH

564

Password Safe and Repository

Please notice that the task service has to be configured and activated server-side.

8.18.4 Active Directory elements

Elements which have been taken over from the Active Directory can basically be managed the same way
as elements applied in Password Safe. At the demonstration of the single elements the following icons
are used:
Through this all elements will be marked with a link to the Active Directory
Active Directory User
Active Directory groups
Active Directory organisation unit
If a user, a group or an organisational unit is linked with an Active Directory, it can be synchronized. So
you can do changes in the Active Directory and take them over to Password Safe with synchronization.
Therefore it is possible to realize the complete user administration via the active Directory.

Active Directory User

In the settings of the Active Directory users you can find the same configuration possibilities like you
know from the Password Safe users. Only under the tab general some options are deactivated, because
they have to be administrated directly in the Active Directory. Additionally the users from the Active
2015 MATESO GmbH

Handling

565

Directory have the tab Active Directory:

Automatic login
If this option is activated, the user can log on Password Safe automatically, that means without
password. Please notice that this option also has to be configured at the server.
User name must match with Windows logon name
This option causes that only the user that is also logged on the domain at the computer can log on
Password Safe. If you for example want to log on the computer with the administrator account and with
a user account on Password Safe, this option has to be deactivated. Please notice that this option only
applies for the manual login. At the automatic login it is compulsory that the accordant user is logged on
the domain, because Password Safe can otherwise not authenticate towards the Active Directory.

Active Directory groups and organisation units

In the properties of the group you can find amongst others the tab member and member of. Compared
to the Active Directory you can not only see who is a member of the group, but also in which group or
organisation unit the current group is:

2015 MATESO GmbH

566

Password Safe and Repository

Here you can see the the users "ANDHI", "JANWI", "JULWI" and "TATJA" are members of the
organisational unit Germany. Furthermore the groups "PSR_Admins_DE", "PSR_Einkauf_DE" and
"PSR_Verkauf_DE" are in the group.

2015 MATESO GmbH

Handling

As you can see here the organisation unit Germany is in the organisation unit Europe.
Via this information the structure from the dialogue Active Directory is shown:

2015 MATESO GmbH

567

568

Password Safe and Repository

8.18.5 Activate / deactivate elements

There are several possibilities to activate or deactivate the individual Active Directory elements in
Password Safe. With a click with your right mouse button on an element in the user or group
management a context menu opens which gives you the possibility for this.

2015 MATESO GmbH

Handling

569

Activate or deactivate user, groups and organizational units

Via this option you have got the possibility to "switch on or off" a user account. The account is completely
preserved at a deactivation, but can no longer be used. You can for example create a user account for
trainees or external colleagues and only activate it during a project. By the deactivation of a user a
already used license is released.

2015 MATESO GmbH

570

Password Safe and Repository

Set LDAP domain

This option serves to change the domain which has been assigned to an object. Please pay attention to
case sensitivity here.

Notice:
If an Active Directory group is deleted and added again afterwards it is - technically - a new group.
According rights have to be set again.

8.18.6 Update to version 6.3

From version 6.3 on not only the multi domain capability has been implemented, also the complete LDAP
connection has been improved, what brings forth that at the update some points have to be considered.
Therefore we suggest to refer to this instruction at the update to version 6.3.

Backup
First of all create a backup of your database in order to have a valid backup if there are any problems.

LDAP configuration
Make sure that server as well as client are up-to-date and that the necessary patchlevel update of the
database has been carried out. Afterwards log on the database with administrator rights and open the
user and group management. With a click on the arrow next to the button to the Active Directory
import a context menu opens in which you open the window for the Active Directory configuration via
Active Directory settings.

If you should have used the native connection so far give away a name for the connection in the Active
Directory configuration under profile name. This can for example be the name of the Active Directory or
also the name of the server. Underneath you enter a user and his/her password who is authorized for
the Active Directory. (optional / not necessary according to LDAP configuration). Under domain you enter
the name of the domain. Please enter the domain here including its TLD (in this example .test). Please
mind case sensitivity here. If you have used the LDAP connection so far the necessary settings are
already made. If the connection could be tested successfully, please save the settings.
2015 MATESO GmbH

Handling

571

Checking the domain

According to the configuration of the Active Directory it can happen in some cases that the domain has
not been taken over properly. Therefore check if the domain which is listed behind the Active Directory
users and groups confirms with the domain from the configuration. In this example the TLD .test has not
been taken over. Furthermore the domain is completely written in capital letters, which could cause
problems and therefore should be changed.

2015 MATESO GmbH

572

Password Safe and Repository

Attention!
Only change the domain after you have checked it carefully. If necessary refer to the domain
administrator in order not to make any wrong statements here.

Changing the domain

If the domain has to be adapted, mark all accordant elements first. Via a click with your right mouse
button afterwards you can then select the option set LDAP domain.

2015 MATESO GmbH

Handling

Then select the correct domain in the following window and confirm with OK.

Afterwards you can see the change of the domain.

2015 MATESO GmbH

573

574

Password Safe and Repository

Notice:
Do not forget to check and if necessary change the domain also at the groups!
Attention!
If the domain which is assigned to the users and groups does not conform to the domain from the
configuration the concerned elements will be set again at the next synchronization and then exist twice.
In this case you necessarily need to delete the new elements, because otherwise you will lose the
rights of the users. After the deletion of the elements adapt the domain and import again.
Deleted users and groups have to be reproduced via a backup, because at another import the accordant
rights get lost.

Read out Active Directory and synchronize

With a click on Active Directory import now the Active Directory outlook opens. When opening the
first time no elements are marked here. As soon as you open the tree structure you can see which
elements are marked for import.

2015 MATESO GmbH

Handling

575

In this outlook different markings can occur which are described under import/readout
users and groups.
Notice:
Before the version 6.3 there was no recursive group synchronization in Password Safe. Therefore all
groups are excluded from the synchronization after the update. If you want to synchronize the groups in
the future as well you can set the accordant markings. Consider that all users that exist in the Active
Directory in the group are therefore imported. If more users should be imported than licenses exist they
will be automatically deactivated.
Via a concluding click on OK now all accordingly marked elements are imported or synchronized. The
LDAP connection is now completely configrued.

2015 MATESO GmbH

576

8.19

Password Safe and Repository

Reporting and interpretation

8.19.1 Reports
In Verbindung mit dem Enterprise Server knnen statische Reports erstellt werden. Diese enthalten
wertvolle Informationen zur Administration der Datenbank.
Unter Bearbeiten -> Reports ffnet sich ein Kontextmen, in welchem die einzelnen Reporte
ausgewhlt werden knnen:

Nachdem ein Report ausgewhlt wurde, wird dieser erstellt und in der Druckansicht geffnet. Von dort
aus, kann er direkt gedruckt oder auch gespeichert werden:

2015 MATESO GmbH

Handling

577

ber das Task System besteht die Mglichkeit, die Reports in fest definierten Intervallen erstellen und
direkt per Email versenden zu lassen. Ein Beispiel hierzu finden Sie im Kapitel: Beispiel Task fr SMTPMail (ablaufende Passwrter)

8.19.2 Report User Rights

There is the possibility of displaying the rights of users to individual records and folders in a report.
By right-clicking on a folder or a record and then selecting Sharing and Security, you get into the menu of
the properties of the data set or folder.

2015 MATESO GmbH

578

Password Safe and Repository

Via a click on report you will receive a report of the rights of all users and groups. The rights are
displayed per user.

To keep the space within the report to a minimum, the individual rights in the title bar of the report

2015 MATESO GmbH

Handling

579

abbreviated. The abbreviations stand for the following rights:

R
E
D
M
P
E
P

-> Read
-> Edit
-> Delete
-> Move
-> Print
-> Export
-> Manage permissions

Hint:
In the reports is presented, through which directly associated group a user is authorized. Subgroups
will not be shown. It is therefore possible that a user is not directly in the group, but rather in a
subgroup.

8.19.3 Logbook
Via the logbook you can search systematically for entries or screens. To open the screen menu you have
to click on the blue arrows (in front of search). The hit list can be exported in the CSV format via the
context menu (click on a record with your right mouse button). The logbook has to be activated in the
database settings in order that logbook entries can be created. You can find the database settings in the
menu "edit".

Do you want to know in which folder a dataset is or do you want to open that folder directly, just click on
2015 MATESO GmbH

580

Password Safe and Repository

the dataset in the logbook with your right mouse button. Then select go to and the accordant folder.

Via the same context menu you can also export log entries as CSV:
Export current outlook as CSV: Exports the information from the logbook which can be seen at the
moment. If you for example search for a certain user this search result is exported
Export all log entries as CSV: Exports the complete logbook

Notice:
If the logbook option see/open is activated, the passwords in the lists are automatically hidden and
can not be shown. In order to see passwords the dataset has to be selected explicitly.
Important!
If you exclude the administrator from the releases for folders or datasets, this data is private data and
is therefore not taken in the logbook.
8.19.3.1 Dataset logbook
If the logbook is activated you can open the dataset logbook with a click with your right mouse button on
a dataset and a click on logbook afterwards. Here all entries which belong to the accordant dataset are
shown.
2015 MATESO GmbH

Handling

581

8.19.3.2 Folder logbook

With a click with your right mouse button on a folder you can open the folder logbook. This contains all
logs of the datasets, from the accordant folder.

8.20

Icons
Password Safe offers a choice of predefined icons. Besides you can upload and use "own icons" in
Password Safe. With a double click you can select an icon. Via the context menu change between a large
and a small outlook of icons. To select an icon click on the icon symbol, for example at the "folder
properties".

2015 MATESO GmbH

582

Password Safe and Repository

management of icons/change icon

Afterwards the icon management opens, in which you can select the icon.

Own icons
For this change to "own icons" in the left array. Click on the white array with your right mouse button to
open the context menu. Choose "Add new icon" in the context menu to open the file browser for the file
choice. If the smaller or the bigger icon should be of bad quality you can simply replace it "replace big
icon (32x32 pixel)", or input it again.

2015 MATESO GmbH

Handling

583

Under Add new favicon, you have the opportunity to use the favicon for a website as an icon.
After clicking on this option, you will receive the following dialogue screen:

Simply enter here the URL for the desired website. The favicon can be read by clicking on the icon and
displayed under Preview. Assign an Image name and then save the icon.

8.21

Labels
What are labels?
With labels you can highlight the records in terms of colour and therefore they are easier to distinguish.
Also a grouping according to the label is possible in the list outlook.
To do so first of all start a label.
Administrate label:
Via "edit" -> "administrate labels" you can add, edit or delete labels.

2015 MATESO GmbH

584

Password Safe and Repository

Link label with dataset:

You can link the label with a record via the links. Just click on "add links" to set up a link with the label.
Afterwards the label is linked with the record and can be displayed, according to the list outlook.

2015 MATESO GmbH

Handling

585

After right-clicking with the mouse on a record, you will have another opportunity to link a label to the
record. It is also possible to separate a label from a record in this way.

8.22

Import
You can comfortably import already existing data in Password Safe. The import assistant supports you
with the single steps of the import. The import is called up via the menu file ->import.
In the second window of the import assistant you select if you want to import form data or users or
groups. The course of the import is described in the following chapters.
Form data (passwords, etc.)
With the form data import you can for example import a CSV file (values separated by comma) to
Password Safe. Furthermore also export files of external products like Keepass can be imported
directly. The import is made to an opened database.
Right management (users and groups)
Existing right structures, groups and users including their affiliations can be imported to Password Safe.
This makes the configuration and the setup of several similar databases with the same users easier, so
for example the Active Directory does not need to be read out again.
Notice:
Please notice that the user needs the right import backup in order to be able to start the import
assistant.

2015 MATESO GmbH

586

Password Safe and Repository

Notice:
PSX backups can only be imported at the start of a new database assistant.

8.22.1 Import form data

Using the "Form Data Import", for example a CSV file (comma separated value)can be importet in
Password Safe. Also export files from foreign products such as "Keepass"can be imported directly. The
import is done through the import wizard of currently open database.
Once you have decided on the import of form data, you get the possibility to import .csv files or .xml files.
The .csv import is suitable to import data which have been exported from Password Safe again. These
may be dataset, folders or folder structures. Via the .xml files you can import data from third-party
providers.

Import of comma separated values (.csv)

First, select the file to import:

2015 MATESO GmbH

Handling

587

In the next window you can define the settings of the import format. This will depend on how the .csv file
is structured. If you want to import data from a Password Safe database into another Password Safe
database, it is recommended to maintain the suggested settings.

2015 MATESO GmbH

588

Password Safe and Repository

Now you have to set, in which category (folder) the data to should be imported.

2015 MATESO GmbH

Handling

589

Then it will be displayed how Password Safe would assign the appropriate fields. In this example the
"URL" field is assigned to the "Internetaddress".

If you do not agree with the proposed assignment, you can delete the assignments. You can then assign
the new fields as you liking. To do simply mark the matching fields on both sides. Via the right arrow, the
fields are then assigned. To correct, use the left arrow.

2015 MATESO GmbH

590

Password Safe and Repository

In the same dialog, you can also add fields.

2015 MATESO GmbH

Handling

591

Via the special field Category folder structures can also be read. The folder must contain a separator
(such as ->) .
Example field content for folder structure:
Folder 1 -> subfolder 1 -> subfolder 1.1

Import data from third-party products (.xml)

The import of foreign products should be considered exemplary with reference to "KeePass V2". The
import of "open source Password Safe" and "KeePass V1" proceeds similarly.

2015 MATESO GmbH

592

Password Safe and Repository

First the file must be selected for import.

2015 MATESO GmbH

Handling

593

Next, select the category (folder) in which the data should be imported.

Simply follow the wizard. It needed no further adjustments. Once imported, you can find the imported
folder structure, including their passwords.

2015 MATESO GmbH

594

Password Safe and Repository

8.22.2 Import users and groups

ber die Option Rechteverwaltung importieren knnen Sie Benutzer und Gruppen aus einer
Password Safe Datenbank in eine andere bertragen. Der Import-Assistenten bietet Ihnen die
Mglichkeit Benutzer, Gruppen oder beides zu importieren.
Via the option import users and groups you can transfer users and groups from one Password Safe
database to another. The Import Wizard allows you to import users, groups, or both.

2015 MATESO GmbH

Handling

Select the file to import.

2015 MATESO GmbH

595

596

Password Safe and Repository

Now follow the wizard. Other settings are not required. The users and groups are imported, including the
user rights.
Note:
Only the user rights will be imported. Rights to folders and records can not be taken over, as they
belong to the appropriate record and therefore have no connection to the users. An import, including
the relevant records, folders and related rights is possible via the restore of a backup in *.psx format a
new database.

8.23

Export
Saved data can be exported as a backup. An "export assistant" supports you at the individual steps of the
export. You can call up the Export via the menu "file" -> "export".
Backup (all data) - PSX
By means of a PSX backup you can restore your complete database. The PSX backup is a highly
encrypted XML similar file. Therefore the PSX backup can only be imported at the start of a new
database, directly in the "database assistant".
Backup (all data, binary) - PBB
The PBB backup is a binary backup. The binary backup needs less disk space compared to the PSX
backup. Data can be restored via the "database assistant" when creating a new database.
Notice:
The PBB format out-of-date and should not be used anymore. Use the PSX format for your backup
instead.
Values separated by comma - CSV
Individual folders/subareas or also the whole structure can be exported with the CSV export. Please note
that hereby the CSV file is not encrypted. The data can be imported again to Password Safe via the
import function (form data).
Export all users - XML
With this export you can export existing Password Safe users. You can import the users again via the
import function (right management).
Export all groups (without users) - XML
With this export you can export existing Password Safe groups without users. You can import the groups
again via the import function (right management).
Export all users and groups - XML
With this export you can export existing Password Safe users and groups. You can import the users and
groups again via the import function (right management).

Tip: Automatic backup!

We recommend all users to configure the "auto backup". Hereby Password Safe makes a backup when
you quit. You can configure the "auto backup" function under "edit" -> "database settings".

2015 MATESO GmbH

Handling

597

Notice:
you can find furhter information on the backup here.

8.24

Set up USB stick

With Password Safe you can easily set up a USB stick and also synchronize it with the desktop later on.
So you always have your data available, also on the way.

Set up USB stick

To set up a USB stick with Password Safe and your database click on "file" -> "USB stick" -> "set
up/synchronize" in the menu. A comfortable assistant opens. Afterwards just follow the instructions of
the assistant.
Afterwards you can start Password Safe directly from the USB stick by carrying out, or rather double click
the application "psr.exe".

Synchronize USB stick

If you have made changes on the way you can re-synchronize them at the desktop. Start the
synchronization on the desktop by clicking on "file" -> "USB stick" -> "set up/synchronize" in the
menu. Afterwards follow the instructions in the assistant.
Important! The USB stick should always log on with the same drive letter. If this not happens
automatically you can set this up under Windows in the data carrier management.

Database overview (information)

Here you can see which databases have currently been exported to the USB stick and when these
databases have been synchronized the last time. You can also deactivate an entry by choosing "reset
offline" with your right mouse button in the context menu. Afterwards the database can no longer be
synchronized and has to be reset if necessary.
Attention:
The database created on the USB stick must not be directly connected to the client under any
circumstances. This would inevitably cause problems and possibly the loss of all data.

8.25

Enterprise Server
If you are connected to a server database and have logged in with a user who has the right User can
manage server functions, you will find under File the menu item Enterprise Server.

2015 MATESO GmbH

598

Password Safe and Repository

8.25.1 Sessions
Under Sessions, you can check at any time which user is accessing the database from which computer.

2015 MATESO GmbH

Handling

599

You will find the following information here:

Database user
IP
Host
User
Last access
Client
Received
Sent
Latency

Name of the user in Password Safe

IP address of the client
Computer name of the client
Windows user logged into the computer
Last access to the database by the user
Version of the Password Safe client used by the user
Data volume received
Data volume sent
Latency in milliseconds

You also have the possibility of ending a session by right-clicking on an entry. This may be useful, for
example, when carrying out maintenance work.
Update list Reloads the information. The Automatically update list function ensures that you are
always up-to-date. This option also makes it possible to use the window for monitoring.
The different statuses are illustrated for you using icons:
User is connected to the database
User has been synchronised
User is in the queue

8.25.2 Gesperrte Benutzer

Under Locked users, you can check at any time which users have been locked for access to the
database. The reason for locking the user can also be viewed. In addition, you can manually lock
individual users, for example, to prevent users logging in during maintenance work.

2015 MATESO GmbH

600

Password Safe and Repository

The following information is displayed for you:

Database user
Attempts
Locked until
Reason

Name of the locked user

Number of unsuccessful login attempts
Date and time that the user will be unlocked
Reason for being locked

Right-clicking will open a context menu which you can use to edit the locked user parameters:
Edit lock
Lock user
Unlock user

You can edit an existing lock. For example, to change the duration of the lock
You can lock individual users here
Unlock the user here before the locked period expires.

Update list Reloads the information. The Automatically update list function ensures that you are
always up-to-date. This option also makes it possible to use the window for monitoring.

Miscellaneous

9.1

Removal on a new PC
If you buy a new PC, of course you want to take over your data from the old PC to the new PC.
To do so act as follows:
Install the software on the new PC
Input the license certificate or the license file on the new PC. If you should use the license file it is
possible that you will have to deactivate the old PC via the license overview first, in order that the
license is free again for the new PC.
Copy all databases (*.ps7) on the new PC. It is also suggestive that you export a PSX backup from all
databases and therefore have a valid backup which you can import in a newly created database in the
case of an incompatibility.
Then you can set up the databases as existing databases via the database assistant. Afterwards you
can log in at your database as usual.

9.2

Updates
Updates are software updates and can be installed at any time. Please notice that you can only use
updates if your software maintenance is still active and has not expired yet. You can check this in the
license overview. If the software maintenance has expired no updates can be used and the software
starts in the demo mode. So before you install an update you should make sure that the software
maintenance has not yet expired and let extend it before if necessary.

For which updates are you authorized?

Software maintenance and support: Private
You can use updates which are published within the main version number. If you buy v7.1.0 you can use
all updates within v7.x.x. This of course is only valid as long as the software maintenance is active.

2015 MATESO GmbH

Miscellaneous

601

Software maintenance and support: Company Classic and Company Premium

You can use all updates, even if you change the version, for example from 7 to 8. This of course is only
valid until the software maintenance is active.

How does the update work?

The update is very simple. Generally you should always do a backup of all databases before an update of
the software. If anything should go wrong with an update you can always go back to your backup.
Via the menu item "help" -> "search for update..." you can always find the current version and can
directly load it down if required. Before you start the installation program you have to close Password
Safe. Afterwards please follow the installation instructions. Among other things you will be asked to
uninstall the current version, you only have to confirm this. You so not have to be afraid that any settings
will get lost, they will all remain maintained. After the installation of the update is completed you can
reboot Password Safe and log on at your database again. With a bigger update sometimes also the
databases have to be updated, you only have to confirm this and it will go on fully automated. However,
you should do a backup of the particular database before.

Extension of the software maintenance

In order that up-to-date versions of Password Safe can be used you need a valid software maintenance.
Before the software maintenance expires you will be reminded on the homepage (from version 5.2.3 on).
You can extend the software maintenance directly via the software. Hereby the software passes on the
necessary information to the online shop. Alternatively you can also extend the software via the online
shop, hereby you have to choose the products which should be extended yourself.
So you can request an extension of the software maintenance "before expiration" out of the
software:
Extension of the software maintenance via the information message directly on the homepage (from
version 5.2.3 on). Click on the link "extend software maintenance".

So you can request an extension of the software maintenance "before expiration" out of the
software:

2015 MATESO GmbH

602

Password Safe and Repository

Completely uninstall including all settings

To do so you have to uninstall the software via the system control -> "program and functions".
Afterwards please delete the configuration file or the complete Password Safe folder in the application
data. See configuration file.

2015 MATESO GmbH

Miscellaneous

9.3

603

Set up USB stick manually

Version 7 is completely USB stick compatible. There will be a setup function to it soon, directly out of the
software.
If you do not want to wait for it you should just copy all files from the program directory to a directory of
the USB stick. Also copy the configuration file (psr.pc7) to the stick. You can arbitrarily store your
databases on the stick. Because of clear arrangement it is suggestive to directly start the subdirectory
"db" in the same directory and to save the databases there. Also deposit the license file "psr7.lic" directly
in the directory in which also the psr.exe file is deposited. A directory "backup" is suggestive for auto
backups.

Everything else then works like on the client. Just copy the databases to the stick and set them up as an
existing database. In the configuration file the drive letter will be automatically replaced by "{DRIVE}" and
will be automatically determined. For auto backup please use the variable "{DRIVE}" as a drive letter in
the settings.
Example:
{DRIVE}:\PasswordSafe\Backup\backup.psx
Example configuration file psr.pc7:

Please notice that no TABs must be used for the insertion!

Edition 1
Edition 2
Edition 3
Edition 4

= Personal Edition
= Standard Edition
= Professional Edition
= Enterprise Edition

The new setup assistant, which will be available in a short time, automatically takes on these steps.

2015 MATESO GmbH

604

9.4

Password Safe and Repository

Configure network logon

Notice:
Please notice that you need a license of the module "Network Logon" at the client for this, also if you
want to carry out the configuration at the server. You can buy the module in the online shop or order it
on account.

Basically
Via the additional module "Network Logon" you can centrally provide a database configuration at the
clients. For this a profile file will be created in which one or several database configurations are
maintained encrypted.

Technology and security

The profile file is doubly encrypted with AES (256 Bit). Hereby a public key and optionally a private key is
used. The public array only contains information on the access rights of the file and is encrypted with the
public key. The private array is only encrypted if the access rights suffice in the public array. In the
private array there are all information on the particular database configuration.
Even if the Network Logon is already safely encrypted with the public key we basically suggest to deposit
an additional private key. This private key has to be entered by the user at the start of the program. Due
to the additional use of a private key the private array can only be decrypted if the user knows the
password for it. Only Password Safe knows the public key and it can only be opened by the software and
with an active module "Network Logon".
You can also give away a password which is required to edit the profile file. This password should be set
basically. So you can protect the profile file from editing without using a private key.
What happens at the client?
If the client finds the profile file "psr.nlc", it will be opened automatically and checked if the client has
access rights to use the profile file. If this is the case the contained database configuration will be started
at the client. If only one configuration is contained an immediate auto login at the accordant database will
be made. If several databases are contained they will all be provided at the client. For the login a click on
OK is enough to start the login.

Configuration
In the menu "extras" you can find the menu item "configure network logon". Afterwards the window, in
which you create the profile file or edit existing ones, opens.
Create new profile
2015 MATESO GmbH

Miscellaneous

605

Click on "add profile" -> "add database" and carry out the database assistant to add the configuration.
Generally you will only add databases of the type "Enterprise". But you can also configure Standard and
Professional databases. To do so it is necessary to set the database password in the list via the context
menu afterwards.
Edit profile
Click on an entry in the list and then choose "edit profile" in the context menu. Alternatively you can do
this with a double click on the accordant entry. If only the password of the database has changed you can
reset it in the list directly via the context menu.

Settings and access rights

You can set passwords and access rights via the profile settings.
Password for whole profile file
This is the private key (Private-Key) of the profile file. If you set this password every user that is allowed
to use this profile file has to enter the password at the start of Password Safe. The private array in the
profile file will then be encrypted with this password. Without this password the profile file can no longer
be opened.
Password for editing the profile file
If you set this password the profile file can only be opened for editing if the password has been entered.
User
Here you can deposit computer users who can access the profile file. For the testing the Windows login
name is used.
Computer
Here you can deposit computer names which can access the profile file. For the testing the Windows
computer name will be used.
IP
Here you can deposit IP address arrays or single IP addresses which can access the profile file.
Example:
192.168.0.1
or
192.168.0.100-192.168.0.120
Notice:
Please notice that user, computer and IP access restrictions are linked with AND. That means that if you
deposit data in one of the arrays, also in all three arrays, the user has to be deposited in a way that all
conditions are fulfilled. An OR link-up is not designated. Also the user, computer or IP array which is
allowed to edit the profile file, should be contained, otherwise the profile file can no longer be opened
for editing.

Providing at the client

In order that the client finds the profile file you can deposit it under different places. The profile file

2015 MATESO GmbH

606

Password Safe and Repository

should be named "psr.nlc". Following you can see the order listed in which places the profile file is
searched for.
1. In the environment variable of the client (PSR_NLC_FILE). Here you can define the path including the
file name yourself.
2. In the registry. Here you can define the path including the file name yourself.
Sector:
HKEY_CURRENT_USER\Software\MATESO\PasswordSafe\Options
Entry:
NetworkLogonFile
3. In the configuration file of the client (psr.pc7) under <Common> <NetworkLogonFile>. Here you can
define the path including the file name yourself.
4. In the program path of the application. The file name has to be "psr.nlc".
5. In the personal document directory. Under XP in "own files". The file name has to be "psr.nlc".
6. In the AppData directory of the user, where also the configuration file of Password Safe lies. The file
name has to be "psr.nlc".
Windows Vista/Windows 7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc7
Windows XP:
C:\documents and settings\user name\application data\PasswordSafe\psr.pc7

Notice:
After an upgrade to a later version (e.g. from version to Version 7), the network logon has to be
configured again.
If one of the following points changes, the network logon file has to be configured again, or updated:
- Database name
- IP address of the server
- Port of the server
- Client server initial connection password

9.5

Configuration file
The configuration file contains all settings of the client. This file will not be deleted when the software is
uninstalled, so that your settings will not get lost when you want to do an update.
You can find the configuration file in the following directory:
Windows Vista/Windows7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc7
Windows XP:
2015 MATESO GmbH

Miscellaneous

607

C:\documents and settings\user name\application data\PasswordSafe\psr.pc7

If you delete the file you have to configure Password Safe again.

Build-up of the configuration file

The configuration file is a XML defined configuration file with which you can give certain settings, which
are already defined, to the client. A setting file applies per client. By means of different configuration files
you can "pre"-configure the clients and therefore customize Password Safe (for example different
databases per client).
Following some setting possibilities are described:
Edition:
Edition 1
Edition 2
Edition 3
Edition 4

= Personal Edition
= Standard Edition
= Professional Edition
= Enterprise Edition

LicenceFile:
Path to the licence file (For example: "D:\Password Safe\psr7.lic" or "\\MyShare\Password
Safe\psr7.lic")
ShowSplashScreen:
The Splash Screen briefly shows licence information and version when starting Password Safe. You can
show or deactivate the Splash Screen.
UseSecurityZones:
Activate security zones (private, workplace, public). This option is mainly used for notebooks or also with
USB sticks. Hereby you can choose different settings per place of location. For example if you run
Password Safe on a USB stick you can use different settings on public PC`s like on private/secure PC`s.
SetSecurityZoneAtStart:
Request choice of security zones at every software start. For example when you are on the way with the
notebook.
UserOptionsAvailable:
When deactivating the same settings apply to all users. This can lead to considerable delays because
many users access the same file, and is therefore a disadvantage that the setting effects all users. We
only suggest this setting for smaller teams.
ShowProgramOptions:
Configuration of the dialogue "general settings"
(0=menu item/toolbar button is not displayed, 1=menu item/display toolbar button, 2=menu item/display
toolbar button, but configuration is not possible, but instead a notice text for the user appears).
ShowAddNewDatabase:
Configuration of the button "start new database". With this you can hide the button for the start of a new
database. The button will not be hidden until at least one database has been started.
(0=menu item/toolbar button is not displayed, 1=menu item/display toolbar button)

2015 MATESO GmbH

608

Password Safe and Repository

WindowsUserAsDefault:
The actual windows user will be entered in the login window automatically

Example of a minimal configuration file without settings and without databases (do not use
TAB`s!):
<?xml version="1.0" encoding="windows-1250" ?>
<Data>
<Common>
<Edition>4</Edition>
<LicenceFile>psr7.lic</LicenceFile>
<ShowSplashScreen>0</ShowSplashScreen>
<UseSecurityZones>0</UseSecurityZone>
<SetSecurityZoneAtStart>0</SetSecurityZoneAtStart>
</Common>
</Data>

Following an example of a configuration file which has been configured user-dependent. You need this
for example to give it out to the users. Accordingly adapt a configuration file "psr.pc7" in the directory, by
means of an editor and afterwards open Password Safe to carry out the settings. The settings will be
saved in the configuration file so that you can give it out to the users.
<?xml version="1.0" encoding="windows-1250" ?>
<Data>
<Common>
<Edition>4</Edition>
<LicenceFile>\\path_to_the_licenze_file_on_the_server\psr7.lic</LicenceFile>
<ShowSplashScreen>0</ShowSplashScreen>
<UseSecurityZones>0</UseSecurityZone>
<SetSecurityZoneAtStart>0</SetSecurityZoneAtStart>
<UserOptionsAvailable>0</UserOptionsAvailable>
</Common>
</Data>

Notice:
Generally, options can be with
0 = deactivated and with
1 = activated.
Do not use TAB`s for insertion, use space characters!

Providing the configuration file

Basically the configuration file will be automatically created in the AppData directory of the user if no
configuration file exists yet. But you can also deposit the configuration file in other places. The
configuration file should be named "psr.pc7". Following you can find the order listed in which places the
configuration file will be searched for.
1. At an USB stick in the environment variable "U3_APP_DATA_PATH". The file name has to be "psr.pc6".
2. In the environment variable of the client "PSR_CONFIG_PATH". Now only enter the path, without the
file. The file name has to be "psr.pc7".
3. In the registry. Here you can define the path including the file name yourself.
2015 MATESO GmbH

Miscellaneous

609

Sector:
HKEY_CURRENT_USER\Software\MATESO\PasswordSafe\Options
Entry:
ConfigFile
4. In the program path of the application. The file name has to be "psr.pc7".
5. In the AppData directory of the user. The file name has to be "psr.pc7".
Windows Vista/Windows 7:
C:\Users\user name\AppData\Roaming\PasswordSafe\psr.pc7
Windows XP:
C:\documents and settings\user name\application data\PasswordSafe\psr.pc7

9.6

Environment variables
With Windows environment variables some settings can be influenced. Following the environment
variables which are currently available are listed.
PSR_CONFIG_PATH
With this you can influence the path to the Configuration file "psr.pc7". Only the path can be entered. The
file name can not be changed.
PSR_LICENCE_FILE
Enter the complete path including file name here. Then the license file will be loaded from this entered
place.
PSR_NLC_FILE
Enter the complete path including file name her.Then the Network Logon profile file will loaded from that
entered place.
PSR_OFFLINEDB_PATH
Enter the path here in which the Offline databases should be saved.

How to configure the Windows environment variables:

- Open the system properties (extended system settings)
- Click on "environment variables..." (below)

2015 MATESO GmbH

610

Password Safe and Repository

- In the next step configure the required variable. Click on "new" to set up the variable.

9.7

Overview file endings

Password Safe uses several file endings. In order to avoid collisions with other programs, own file
endings have been established.
psr.pc7 (in version 6 psr.oc6 in version 5 psr.pcf)
Ending for the configuration file of Password Safe
psr.nlc
Ending for a network logon profile file
psr.EN
Ending for the English voice file
Application name.psapp
Ending for an exported Password Safe application
Backup name.psx
Ending for a data backup file

2015 MATESO GmbH

Miscellaneous

611

psrX.lic
Ending for the license file of Password Safe
Data base name.ps7 (until version 5 *.ped / in version 6 *.ps6)
Ending of a database file
Database name.prvkey
Ending of a private key file for the decryption of a backup (Enterprise server)
Database name.ps7n
In this file the connections to a multiuser database are stored

9.8

Terminal server/citrix
Terminal server / Citrix
To run the application under Microsoft terminal server or Citrix the module "terminal server/citrix" is
necessary.
Warning!
We recommend the Enterprise Edition in combination with the Enterprise Server. In this case the
Enterprise Server must not be installed directly on the Terminal Server.
The use of the Professional Edition in Terminalserver/Citrix-mode is on your own risk and cannot be
supported in a problematic scenario.
The Seamless Mode is not possible.

Under Citrix or on a Terminalserver there are certain restrictions:

Automatic entry (applications)

An automatic entry of passwords in browsers isnt possible
Shortcuts
Global shortcuts can not be set under citrix and therefore do not work.
Automatic application recognition
Does not work because the software does not run off line on the computer but is only displayed and
runs virtualized on a server.
Remote desktop connections
Does not work because the software does not run off line on the computer but is only displayed and
runs virtualized on a server.
USB-Stick
USB-Sticks cant be created in Terminalserver / Citrix Mode by technical reasons.

9.9

Problem solving
Problem: Password Safe starts in Demo mode
solution: Make sure that the license file "psr7.lic" is not write-protected, hidden or archived. Furthermore

2015 MATESO GmbH

612

Password Safe and Repository

the license file must not be directly deposited in the program directory from Windows Vista on. We
suggest to deposit the license file at a single place installation under "own files" (XP) or under
"documents" (Vista/Windows 7). At an installation with several users the license file has to be deposited
in a network share. Check if all users have write access to the license file.
Problem: Automatic password entry does not react
Solution: Activate the automatic entry in the general settings. Furthermore it can be neccessary to
release the Addon Port in the Firewall (also Firewall of third party providers), because some Firewalls
can block the communication between the client and the addons.
Problem: Computer name has been changed/re-installation of the computer -> demo mode
Solution: The computer names will be saved in the license file provided that it is not deactivated by the
module "without client licensing". Not current or not needed computers can be deactivated and activated
at any time via the license overview. If you only have one license and the computer name has been
changed, Password Safe starts in the demo mode. You can call up the license overview in the activation
assistant or at the login via the hot key "CTRL+F9". Call up the structure in the license overview by
clicking on the small dark arrows in front of the folder symbols. Under the folder "number of licenses per
computer" all saved computers are listed. By clicking on the computer name with your right mouse button
you can activate and deactivate it. Afterwards there are free licenses again so that new computers can
enter to the license.

Problem: Password Safe is very slow in the multi user mode

Solution: In the multi user mode the database lies on a network share and all clients directly access this
file. At first make sure that the network connection works properly and at least 100 MBit/s are available.
Furthermore the database should lie on a Windows share because small, self-contained NAS systems
with Linux are usually much slower. Besides the database should be excluded from the virus scanner. If
more than 20 employees should work with Password Safe we suggest the Enterprise Edition with the
Enterprise server. Also with less employees the client/server mode is considerably faster. If you should
work via Internet, WAN or VPN connections the Enterprise server is absolutely necessary.
Problem: Only one user can connect with the database in the multi user mode
Solution: Make sure that the databases all have tha same name at all clients. Also check if still enough
free licenses are available. If a computer has got several network adapters, PASSWORD SAFE always
activates the first one. However, if this one has no network connection (e.g. because no W-Lan network
is available) this connection problem occurs as well. In order to avoid that you can add the following
entry in the configuration file in the array <Common>: <MultiUserNetworkCard>value</
MultiUserNetworkCard>. As a value you enter the position of the desired network adapter. You can find
out the position by opening the prompt in Windows under start via cmd.exe. There you enter ipconfig /
all. Now the installed network adapters are shown to you (and besides a lot of other information about
your network connection).
Problem: Password Safe reacts very slowly in all actions
Solution: Probably you use server saved profiles for your users. This can extremely slow down the
software because Password Safe has read and write in the configuration file continuously. Therefore the
2015 MATESO GmbH

Miscellaneous

613

configuration file of Password Safe should definitely lie off line. At a server saved profile all profile data
will be administrated on the Windows server and and kept automated synchronous, what gets extremely
slow due to that. We suggest that you define in this case, that the configuration file of Password Safe
will be saved off line in another directory. You can find further information here.
Problem: Connection problems between client and server (only Enterprise)
Solution: Check the Firewall properties. The protocol is based on UDP. So activate TCP for the port
12008. However, if the connection should not work, it could be possible, that the host name can not be
broke down. In that case, configure the WINS settings of the computer.

Problem: Maximum number of user connections is achieved

Solution: If you should receive the message that the maximum number of user connections is achieved,
another user has to close the database in order that another user can log on. Please notice that you need
a license for every user that works with Password Safe. Only as many users can log on at the same time
as many licenses you have bought. In the list "active users" you can see who is currently logged on at the
database. If a user should remain in the list due to an unexpected crash of a client, you can delete these
connections via the button "adjust", provided that they are older than 24 hours.
Problem: The database reacts extremely slowly and/or can not be exported
Solution: With performance breaking downs or problems with the export the subscription of the database
2015 MATESO GmbH

614

Password Safe and Repository

has to be renewed. To do so reorganize the database via file -> edit database account ->
reorganize database
At this also defect datasets are deleted.
Problem: When starting Password Safe, the icon is shown on the task list but the application
itself does not appear.
Solution: This problem is experienced with some graphics card drivers. The application is displayed on a
monitor which has been incorrectly recognised yet is not actually connected.
Firstly click on the Password Safe icon on the task bar. By pressing the Windows button + shift +
left/right arrow buttons, the application can be returned to the visible area.

9.10

Error codes
If any problems should arise, against our expectations, and an error prompt is displayed, it contains an
error code. By means of the list below the error codes can help you with the solution of the problem. If a
problem occurs regularly, or if you can not solve the problem on your own, please contact the support
and name the accordant error code for the diagnosis of the problem.

Error code: 4
Error: "Error at opening the database."
Proposals for solution:
- Check if the databases are configured properly.
- Try to connect the database again.

Error code: 5
Error: "The database is not opened."
Proposals for solution:
- Check if the databases are configured properly.
- Try to connect the database again.

Error code: 6
Error: "The database could not be opened. Check the database path and the password."
Proposals for solution:
- Check the database path and the password.
- Check if the databases are configured properly.
- Try to connect the database again.

Error code: 10
Error: "Error at connecting with the server database."
Proposals for solution:
- Make sure that the server is started.
2015 MATESO GmbH

Miscellaneous

615

- Make sure that the database configured at the client is started at the server

Error code: 11
Error: "Error at open/execute."
Proposals for solution:
- Please contact the support

Error code: 12
Error: "No database has been found."
Proposals for solution:
- Check via the Windows Explorer if the database actually exists.
- If the database lies on a network share, make sure that there can be built up a connection with the
share.
- Have you got write privileges for the database?

Error code: 13
Error: "Wrong database password."
Proposals for solution:
- Check if the caps lock key is active.
- Make sure that the right password is used. The database password is required, the user password
does not work here.

Error code: 14
Error: "KeyFile could not be opened."
Proposals for solution:
- Check via the Windows Explorer if the KeyFile *.pedkey actually exists.
- If the keyfile lies on a network share, make sure that there can be built up a connection with the share.
- Have you got write privileges for the keyfile?

Error code: 15
Error: "Error at opening the database (SQL engine)."
Proposals for solution:
- Please contact the support

Error code: 16
Error: "Wrong password for the network protocol."
2015 MATESO GmbH

616

Password Safe and Repository

Proposals for solution:

- Check if the Caps Lock key is active.
- Make sure that the right password is used. The connection password which is required here is given
away at the server installation.

Error code: 17
Error: "The database server does not react."
Proposals for solution:
- Make sure that the server is started.
- Check the settings of the Password Safe firewall
- Are the server ports as well as the service port activated in the network firewall?
- Check your network configuration

Error code: 20
Error: "Execute could not be carried out in the time given."
Proposals for solution:
- Please contact the support

Error code 21:

Error: "The multiuser network file could not be started."
Proposals for solution:
- Check if you have got right privileges on the folder in which the database is.
- If the database folder lies on a network share, make sure that the share is accessible.

Error code: 22
Error: "The multiuser network file can not be opened."
Proposals for solution:
- Check if the file *.ps7n is in the database folder and if you have got right privileges for it.
- If the database folder lies on a network share, make sure that the share is accessible.

Error code: 23
Error: "Access to this database has been denied."
Proposals for solution:
- Check the settings of the Password Safe firewall

Error code: 24
2015 MATESO GmbH

Miscellaneous

617

Error: "The maximum number of sessions has been achieved. Connection with the database not
possible."
Proposals for solution:
- Wait until another session has been closed.
- Purchase further licenses.

Error code: 25
Error: "The database is already opened and can therefore not be opened again."
Proposals for solution:
- A single user database has been opened by another user and has to be closed by that user first.

Error code: 26
Error: "Error at open/execute."
Proposals for solution:
- This message is sent at a hacking suspicion. Therefore check imperatively if anybody wants to gain
access to your data.
- Check the log files of the server.

Error code: 31
Error: The server certificate is not trusted.
Proposals for solution:
Export the certificate from the server and then import it to the client.
Ensure that the current certificate is used and not an outdated one.
Check whether the certificate is saved in the correct certificate space.
You can find further information on this subject under: Enterprise Server Connection Certificate

9.11

Support
Contact us...
MATESO GmbH
Daimlerstrae 15
86356 Neus
Germany
Telephone
Hotline:

(09005) 22556234 (1,86 / min. from german fixed network)

Monday until Thursday 9-17 o`clock, Friday from 9-15 o`clock

Telephone office: +49 821 747787-0 or

+49 700 22556234 (0,12 / min.)
Monday-Thursday 9-18 o`clock, Friday 9-14:30 o`clock
Telefax:

2015 MATESO GmbH

+49 821 747787-11 or

+49 700 22556234 (0,12 / min.)

618

Password Safe and Repository

E-mail:

support@passwordsafe.de

Support (technical support and client service)

If you need support, also questions concerning the handling of the software, please address our hotline
by telephone or use our bulletin board. Alternatively you can also send an E-mail to
support@passwordsafe.de or use our support form.

9.12

Licensing terms and conditions

Licensing terms and conditions for software of MATESO?GmbH
for Password Safe licenses purchased in Germany

Update August 2012

1. General scope
1.1 These licensing terms and conditions are supplementary to the general terms and conditions
of MATESO GmbH (hereinafter referred to as the Licensor). These terms and conditions apply to the
provided software as well as to any updates, upgrades, additions, support and other services offered
online. Should any of the products mentioned above come with their own licensing terms and conditions,
those shall have priority.
1.2 The Licensee accepts these licensing terms and conditions upon installation or use of the software.
1.3 If the software is purchased from a sales partner (cleverbridge or others), the licensing terms and
conditions shall apply in their entirety and remain hereby unaffected. MATESO shall remain the exclusive
holder of the rights of use within the scope specified in these licensing terms and conditions.
1.4 System responsibility shall lie with the Licensee. The Licensor is only required to provide delivery of
the software if the product is purchased through direct sales. The option to download products is also
included under delivery of software.

2. Definitions
2.1 Licensed products refer to all software products offered by MATESO GmbH.
2.2 Licensing material includes updates and documentation provided by the Licensor to the Licensee.

3. Allocation of rights
3.1 The Licensor shall retain ownership of all rights to the licensed product even if the Licensee should
modify the licensed product without authorization or connect it to their own programs or to those of a
third party. The above shall also apply if the reseller modifies the license key so that it bears a name
other than that of MATESO, with the exception of rights granted in accordance with these terms and
conditions.
2015 MATESO GmbH

Miscellaneous

619

3.2 The Licensor shall grant the Licensee a non-exclusive, simple right of use to the licensed products
and documentation that excludes the granting of sublicenses.
3.3 The Licensee shall have to right to create a backup copy of the provided licensed products for backup
purposes only. The Licensor shall hold all rights to these copies unless these terms and conditions specify
that such rights are to be transferred to the Licensee. The Licensee has the right to use the licensed
products on their data processing system as specified in the terms and conditions even if doing so
involves the creation of backup copies in the system's RAM. The creation of additional copies is not
permitted.
3.4 If applicable national law and/or jurisdiction states that licenses may be sold to third parties, the
original Licensee is under the obligation to make sure that any copies that have been downloaded onto
their data processing system are unusable at the time of resale. Further use of the product by the
original Licensee constitutes a violation of the Licensor's exclusive right of reproduction and shall be
subject to persecution under civil and criminal law.
3.5 Individual editions containing several licenses may not be split up and sold separately.
3.6 The software and licenses may only be sold to another party after MATESO has first transferred the
license. Should the original license holder decide to sell the license, a fee must be paid to MATESO
before the license can be transferred, modified or before a new license can be granted.

4. Special provisions regarding rights of use for full versions

4.1 The Licensee has the right to use the software with the number of licenses they have purchased. The
products are structured according to the named user license model.
4.2 After purchasing a license, only one Licensee shall have the right to install and use the software. The
database can be used by all named users.
4.3 The software may only be installed and used on one computer. If the software is installed on another
computer or data processing system, the software on the first device must be uninstalled completely.
The software may only be installed on more than one computer or system if the customer has paid an
additional fee.
4.4 The customer must purchase a server license (terminal server/Citrix Module) if they intend to store
the software on a data processing unit that is being used as a server. Single licenses may not be
installed on a server.
4.5 If the customer will be using the licenses on a server, they must also purchase an additional license
for each user.

5. Special provisions regarding rights of use for demo versions (test phase)
5.1 Licenses can be provided on a test basis. The right of use for demo versions of software is limited to
the test phase period (30 days). The right of use for demo versions is a non-exclusive, simple right of
use that excludes the granting of sublicenses and is granted for a limited period of time only.
5.2 The Licensee has the right to provide the demo software to other computer users for test purposes
during the test phase. If the Licensee intends to provide the demo software to other users, the Licensee
2015 MATESO GmbH

620

Password Safe and Repository

must inform said users of the duration of the test phase and of the consequences of continuing to use the
software once the test phase has come to an end. The Licensee is responsible for compliance with these
and any legal provisions, also when it comes to third-party use of the software.
5.3 Once the test phase has been completed, further use of the software shall be considered an
infringement of copyright punishable by law, and the Licensor expressly reserves the right to prosecution
for such use.
5.4 Once the test phase has been completed, the customer can use a license key to activate the
software. By doing so, the Licensee shall be granted a right of use covering the scope described in these
licensing terms and conditions. In addition to the other provisions, no. 3 of these licensing terms and
conditions particularly applies to the scope of use for full versions.

6. Modification, reverse engineering

6.1 The Licensee does not have the right to modify the software in any way, to copy the software or to
translate the software. Any form of reverse engineering is prohibited. This includes extracting structural
elements of the licensed product or parts thereof. The Licensee is also prohibited from generating the
source code (decompilation) or disassembling the software (conversion of the native code into an
assembly language that people can read). The only exception to the above is if it is absolutely necessary
to decompile the software in order to obtain interface information and MATESO was unable to provide
the information required for interoperability after having received a written request from the Licensee to
do so.
6.2 69d paragraph 2 and 3 and 69e German Copyright Act (UrhG) shall remain unaffected.

7. Documentation
Documentation (user manual) is available online at www.passwordsafe.de under Support in the
Download Center and can be printed or downloaded as a PDF.

8. Software support
8.1 The Licensee has the choice of different software support plans. The right of use granted applies to
updates, etc., depending on the plan selected (Private, Company Classic, Company Premium).
8.2 The right of use to the original software purchased does not expire with the expiration of the
software support plan. The customer can continue to use the software that was originally purchased
without having to take any additional steps. However, the customer must renew the software support
plan if they wish to receive further updates, upgrades or support.
8.3 Within the scope of software support, the Licensee shall be granted a non-exclusive, nontransferrable, simple right of use to the software support products that excludes the granting of
sublicenses a for a period of twelve months. The software support plan cannot be interrupted.
8.4 The Licensee may renew the software support plan 30 days before the software support period
expires. If the Licensee decides to renew software support they will be granted another non-exclusive,
non-transferrable, simple right of use to the software support products that excludes the granting of
sublicenses for another twelve months.

2015 MATESO GmbH

Miscellaneous

621

8.5 The Licensee can purchase software support retroactively if they forget to renew their software
support plan by the deadline. The twelve-month period of the renewed software support plan will begin
as of the date on which the previous software support plan expired.
8.6 Private software support plan
The Private plan is only available for the private products and comes with updates of one version for the
next 12 months. It does not include any upgrades to the next version up. Email support is also provided
working days from Monday through Friday at support@passwordsafe.de. The maximum response time
generally does not exceed 72 hours. In some cases, however, the response time may be longer.
8.7 Company Classic software support plan
The Company Classic plan comes with updates of one version for the next twelve months as well as an
upgrade to the next version up if an upgrade of that version is available within the twelve-month period.
It also comes with email support working days from Monday through Fridayat support@passwordsafe.de.
The maximum response time generally does not exceed 48 hours. In some cases, however, the response
time may be longer.
8.8 Company Premium software support plan
The Company Premium plan comes with updates and upgrades within the next 12 months. Company
Premium software support also includes free email support (support@passwordsafe.de) working days
from Monday through Friday, phone support and remote assistance (pcvisit or TeamViewer). The
maximum response time generally does not exceed 24 hours. In some cases, however, the response
time may be longer.
8.9 Product training may be purchased separately.
8.10 The sole purpose of support provided via phone, email or remote access is to provide support and/
or advice regarding product use or in determining the cause of an error. There is no guarantee that the
problem will be resolved. Success is not guaranteed.
8.11 The customer is under the obligation to pay the fee for software support regardless of whether or
not they choose to utilize the software support products.

9. Liability
9.1 MATESO shall only be liable for customer claims to damages arising from injury to life, body or
health or the violation of critical contractual obligations (material obligations). MATESO shall also be
liable for other damages that can be attributed to intentional or negligible violation of obligations on the
part of MATESO, MATESO's legal representatives or vicarious agents. Material contractual obligations are
defined as obligations that must be fulfilled so that the purpose of the agreement can be accomplished.
Any further liability is excluded.
9.2 Liability for the violation of material contractual obligations is limited to foreseeable damage that is
typical to an agreement if said damage was caused as the result of negligence unless the matter at hand
involves customer claims to damages arising from injury to life, body or health.
9.3 Should claims be made directly against MATESO's legal representatives or vicarious agents, the
limitations discussed in the previous section shall also apply in their favor.

2015 MATESO GmbH

622

Password Safe and Repository

9.4 The provisions stipulated in the German Product Liability Act shall remain unaffected.

10. Written form provision

There are no verbal side agreements. Any changes or additions to these terms and conditions must be
made in writing. The same applies to this written form provision.

11. Place of jurisdiction

The place of performance and the sole place of jurisdiction for all disputes arising from the contractual
relationship in question and involving merchants, legal entities or special assets under public law shall be
Augsburg, Germany.

12. Final clause

12.1 The law of the Federal Republic of Germany, excluding the United Nations Convention on Contracts
for the International Sale of Goods, shall apply to contracts between MATESO?and the customer.
12.2 If individual provisions of these general terms and conditions should become ineffective, the
remaining provisions shall remain thereby unaffected. The invalid provision shall be replaced by legal
regulations to the extent these are present. If the above should constitute unreasonable hardship for one
of the contracting parties, however, the agreement shall become invalid as a whole.
12.3 Contractual language is German. In case of interpretation and linguistic discrepancies between the
foreign-language and the German versions, the German version will be binding.

2015 MATESO GmbH