Default and Forced Settings
This article describes special techiques for system administrators who need to configure the software for mass deployment or server-side processing.
Applicable for Kryptel version 6.6 and later, Silver Key version 4.3 and later.
Kryptel and Silver Key support four sets of XML settings files.
The standard, and in the most cases, the only set. These files are created when the user edits settings in Settings panel, and are typically stored in C:\Users\<user>\AppData\Roaming\Inv Softworks\Kryptel Common Data\Settings\. In order to access this folder, open the product installation folder and run OpenSettingsDir.exe.
Forced settings are first to check. If the program finds the requested parameter in a forced settings XML file, it uses the found parameter and does not checks the user/default XML sets. These XML files reside in <installation dir>\Settings\Forced. Note that <installation dir> is typically a subdirectory of C:\Program Files and so the forced settings files are protected by the system. A non-privileged user can neither edit nor delete them.
For example, if the administrator creates a forced FIPS 140-2 settings as a part of the deployment package, the users will not be able use other encryption methods.
If the parameter has not been found in either forced or user XML files, the software checks the default set. This set is used when the administrator wants to change the hardwired default, leaving the user the ability to override it in the user settings.
Default settings are stored in <installation dir>\Settings\Default. Like forced settings, these XML files typically can not be edited or deleted by a non-privileged user.
The name follows Windows conventions, however it is somewhat misleading. These are not "common" settings; the software uses these settings when the user settings are not available. Specifically, these settings are used when the software runs under the LocalSystem account. The most typical example is the command-line interface called from a Windows service.
Settings File Lookup Order
Any time a software component requests the value of a specific parameter, the support library searches XML files in the following order:
Forced => User => Default => Hardwired default
For instance, if the parameter is defined in the forced settings XML file, the search stops there; the user and the default settings are ignored. That is, a user setting overrides the corresponding default setting, and a forced setting overrides all other settings.
If no user is logged in and so no user settings are available (in other words, if the software runs as a part of a Windows service), the search order is as follows:
Forced => Common => Default => Hardwired default
In order to edit settings, open the product installation folder and run ShowSettings.exe (Kryptel) or SkShowSettings.exe (Silver Key) with the appropriate switch:
<no switch> - edit user settings (default mode)
/C - edit common settings
/D - edit default settings
/F - edit forced settings
Note that non-user settings files typically reside in a protected directory; in order to edit them, ShowSettings.exe(or SkShowSettings.exe) must be run in the privilege elevation mode.
Step 1: Privilege Elevation
Open the product installation folder, right-click ShowSettings.exe (Kryptel) or SkShowSettings.exe (Silver Key), and select Properties. Open the Compatibility tab and check the box titled Run this program as an administrator. Press OK.
Step 2: Open Settings Panel
Select Start / All Programs / Accessories / Command Prompt and run ShowSettings.exe(or SkShowSettings.exe) with the desired switch. The screenshot below demonstrates editing of forced settings.
Be careful not to touch parameters you don't want to set, especially in case of forced settings. As soon as a parameter is accessed, it will produce a record in the settings file.
Optional Step 3: Check the Resulting XML Files
The produced XML file(s) has a simple easy-to-understand structure. It is a good idea to open it in a text editor and to ensure that all the needed parameters are there and all unneeded ones are not.
Step 4: Restore the Privilege Elevation Checkbox
Open the Compatibility tab as described in Step 1 and uncheck the Run this program as an administrator box to restore its original state.
That's all! Your installation is ready to be used or deployed.