User Documentation

RoboForm Enterprise Administration Guide Installation and Customization Instructions

• Introduction
• Architecture of Administration Functionality
• RoboForm Policy Editor Installation Instructions
• RoboForm Enterprise Deployment Instructions
• RoboForm Installer Command Line Options
• The Policy Editor - General Description
• Using the Policy Editor - Changing RoboForm Policies
  • AutoFill Dialog
  • AutoSave Dialog
  • Domains
  • Graphical User Interface (GUI) Limited by Admin
  • Keyboard Shortcuts
  • Login Browser
  • Master Password
  • General
• User's Master Password Recovery by Admin

Introduction

This document provides installation and configuration instructions for RoboForm Enterprise.

RoboForm Enterprise is a fully distributed system with RoboForm software components installed on user workstations and a central configuration utility called a Policy Editor.

The workstation component is responsible for the following functionality (unless system administrator restricts that functionality with the Policy Editor):

• capturing usernames and passwords from the browser or Win32 applications,
• securely storing captured usernames and passwords to the file systems,
• reading usernames, passwords and other user information from the file system,
• automatically filling usernames, passwords and other credentials and into applicable websites and applications.
• allowing users to make changes to their stored information including usernames and passwords.

In a corporate environment where users don't have administrative access to their workstations, a system administrator may chose to securely restrict the functionality of RoboForm that is available to individual users with the Policy Editor.

Back to the Top

Architecture of Administration Functionality

Feature management of RoboForm is implemented through Windows registry. Certain keys may be added to HKEY_LOCAL_MACHINE that would prevent RoboForm from performing corresponding actions.

Windows configuration best practices prescribe granting individual non-administrative users READ-ONLY access to that part of the registry on their workstations. Only system administrators should be able to have WRITE access to it.

The security of the feature management of RoboForm relies on the acceptance of the best practices described in the paragraph above. Currently, there is no secure mechanism to enforce RoboForm functionality restrictions on a workstation where non-administrative workstation user has WRITE access to HKEY_LOCAL_MACHINE.

The Policy Editor is a utility that provides a user interface to administrators to configure a local installation of RoboForm (edit local registry) or to generate REG files that can be later deployed and executed on workstations of individual users. In order for the generated REG files to make necessary modifications, they have to be executed with administrative permissions (e.g., by a login script or scheduled in Active Directory to be run with proper credentials).

NOTE: REG files are files with extension "REG" that are typically used to make updates to the Windows registry. Windows natively understands these files and they can be "executed" automatically making modifications to the registry. WARNING: Please execute extreme caution when making manual modifications to REG files generated by Policy Editor! This file type can become infected and should be carefully scanned if someone sends you a file with this extension. Changing the registry improperly may result in damage to the functionality of any or all applications and/or data.

RoboForm checks the following location in the registry for its settings: 'HKEY_LOCAL_MACHINE\SOFTWARE\Siber Systems\RoboForm\Policies'. We recommend that only administrators have WRITE access to at least that portion of the registry and individual non-administrative users be granted READ-ONLY access to it.

Back to the Top

RoboForm Policy Editor Installation Instructions

Please follow these steps to install Policy Editor:

1. Download the latest version of RoboForm Enterprise and install it on your administrative or testing computer.
2. Activate RoboForm Pro on that computer to be able to test locally the workstation component (RoboForm Pro) and the policy settings changed by Policy Editor.
3. Download the Policy Editor (it is a stand-alone application and does not require installation) to the same computer.

You may want to create a shortcut to the Policy Editor and place it on your desktop for future easy access.

You can now start using the Policy Editor to customize the RoboForm Enterprise installation to desired specifications. In the following chapters you will find detailed customization instructions.

Back to the Top

RoboForm Enterprise Deployment Instructions

RoboForm Enterprise deployment includes the following steps:

1. Using a mass-deployment method approved by your company and following instructions from the "Installing RoboForm from a Command Line" chapter, deploy the workstation component to workstations of individual users.
2. Customize policies with the Policy Editor using instructions in the "Using the Policy Editor - Managing RoboForm Policies" chapter to match your corporate policies and procedures.
3. Click the Apply button in the Policy Editor to apply current configuration to your administrative or testing computer. This action will apply changes to the computer on which the Policy Editor is currently running.
4. Test functionality using a local copy of RoboForm on your administrative or testing computer.
5. Click the Create Reg button in the Policy Editor to create a REG file with step-by-step commands to make all necessary changes to the registries on workstations of individual users. That file will be saved with a "TXT" extension instead of "BAT" so it can be emailed if necessary.
6. To prepare that REG file for deployment, change its extension to "BAT" and copy it to the deployment folder.
7. Deploy the batch file created with the Policy Editor to workstations of individual users using your preferred deployment software.

NOTE: An updated set of policies may be deployed to workstations before or after RoboForm is installed and while it is running.

Back to the Top

Installer Command Line Options

Use these command line options of AiRoboForm.exe to automate installation of RoboForm.

Install options good for RoboForm Fixed and RoboForm2Go:

/? or /help - show help message.

/silent - silent install, user intervention allowed only on errors.

/unatt - silent install, no user intervention, errors are logged to _rf.log file. /silent and /close options are set by this option.

/reboot - force reboot if necessary to write over locked files, do not ask user.

/close - force browsers to close if necessary, do not ask user.

/lang=<xx-xxxxx> - set setup language to the specified RFI file.

/temp=<folder> - use the specified for temp files instead of %temp%.

/unpack=<folder> - unpack files to the specified folder.

RoboForm Fixed install options:

/home=<folder> - use the specified folder to store RoboForm data files.

/bin=<folder> - use the specified folder for RoboForm Program Files.

/options=<file> - copy options from the specified RFO file.

/import - import passwords from IE AutoComplete into Passcards.

/act="<order-id>,<user-name>" - perform RF Pro Online activation upon installation using the specified Order ID and User Name.

The Policy Editor - General Description

The Policy Editor is an administrative utility that optionally provides the following functionality:

• configuration of individual installations of RoboForm in accordance with the corporate policies;
• configuration of the cryptographic keys used to recover Master Passwords of individual users;
• recovery of Master Passwords of individual users that have been previously saved (requires several configuration steps).

Using the Policy Editor - Changing RoboForm Policies

This chapter provides detailed instructions on how to customize individual features of RoboForm installed on user workstations with the Policy Editor installed on an administrative computer.

The Policy Editor window features a browsable list of policies and a set of buttons that provide related functionality.

The browsable list of policies shows individual policy names and their current values on the computer on which the Policy Editor is running. On the left-hand-side of each line there is an icon meant to represent a pin in either horizontal or inserted position. Each pin plays a role of a checkbox: an inserted pin means that corresponding policy will be changed when the Apply button is pressed or will be saved to a REG file when the Create Reg buttons is pressed. If an icon of a horizontal pin is displayed next to a policy, that policy will not be affected.

Two buttons, Pin All and Pin None, either check or uncheck all policies respectively.

Options (Policies) are listed in the order they appear in the Policy Editor. The Sort by Name button allows the user to re-arrange the list of policies. When the Policy Editor starts, all policies are arranged by the functional area to which each policy is related. When the Sort by Name button is pressed, all policies in the list are re-arranged by name, and the button stays in a pressed state. When pressed once more, all policies are re-arranged in the original order, and the button returns to its original state.

The Reset Changes button sets the values of all policies back to the values that they had when the Policy Editor was last started.

The Set Default button sets the values of all policies to default values.

The Test Values button allows the operator to test values of all policies for compliance with rules (e.g., length policy can not contain letters).

The Create Reg button initiates the process of saving the REG file for further deployment to user workstations.

When a policy is highlighted in the list, a textual description appears in the Description text area below the list of policies.

Each policy described below is headed by the Policy Name, followed by an explanation.

Back to the Top

AutoFill Dialog

AutoFillThreshold
This policy specifies the minimal number of fields that causes the AutoFill from Identity box to appear.

AutoFillFromIdentityOrPasscard
This policy controls when AutoFill dialog appears:

1. when there is a Passcard only to fill;
2. when there is an Identity only to fill;
3. when there is either a Passcard or an Identity to fill.

AutoFillOnlyIfPasswords

• True: RoboForm will show the AutoFill dialog only on pages with password fields;
• False: RoboForm will show the AutoFill dialog on all HTML pages with forms.

AutoFillSubmitDefaultPC

• True: Fill&Submit will be the default action in the AutoFill dialog when a Passcard is selected;
• False: Fill Forms (Fill only, no Auto Submit) will be the default action in the AutoFill dialog when a Passcard is selected.

AutoFillSubmitDefaultID

• True: Fill&Submit will be the default action in the AutoFill dialog when an Identity is selected;
• False: Fill Forms (Fill only, no auto submit) will be the default action in the AutoFill dialog when an Identity is selected.

AutoFillEmptyOnlyPC

• True: the Fill Only Empty Fields option will be selected by default in the AutoFill dialog box for Passcards;
• False: the Fill Only Empty Fields option will not be selected by default in the AutoFill dialog box for Passcards.

AutoFillEmptyOnlyID

• True: the Fill Only Empty Fields option will be selected by default in the AutoFill dialog box for Identities.
• False: the Fill Only Empty Fields option will not be selected by default in the AutoFill dialog box for Identities.

AutoFillEngSelValues
True: The Fill English Selection Values option will be selected by default in the AutoFill dialog box (Identities only).

AutoFillDialogPosition
This policy controls the position of the AutoFill dialog when it appears:

• 0: right out;
• 1: center;
• 2: right in.

AutoFillDialogStealFocus
This policy controls the behavior of the AutoFill dialog box when it appears.

• True: the keyboard focus will be set to the AutoFill dialog when it appears;
• False: the keyboard focus will not be set to the AutoFill dialog when it appears.

AutoFillDialogAutoHideOn
This policy controls if the AutoFill dialog automatically hides when its main window does not have focus.

• True: the AutoFill dialog will automatically hide itself when its main window does not have focus;
• False: the AutoFill dialog will NOT automatically hide itself when its main window does not have focus.

AutoFillEnable

• True: RoboForm will show the AutoFill dialog when there are forms to be filled;
• False: RoboForm will disable the AutoFill dialog.

ConfirmAutoFillEnable

• True: RoboForm will ask for user confirmation when performing the AutoFill action;
• False: RoboForm will not ask for user confirmation when performing the AutoFill action.

AutoFillWinDialogsEnable

• True: RoboForm will show the AutoFill dialog box when matching windows dialog appears;
• False: RoboForm will not show the AutoFill dialog box when matching windows dialog appears.

Back to the Top

AutoSave Dialog

AutoSaveEnable

• True: AutoSave is turned on for HTML forms;
• False: AutoSave is turned off for HTML forms.

AutoSaveWinDialogsEnable

• True: AutoSave is turned on for Basic Authentication and Windows dialogs;
• False: AutoSave is turned off for Basic Authentication and Windows dialogs.

AutoSaveAltClickEnable

• True: the Alt+Click combination forces AutoSave;
• False: the Alt+Click combination does not force AutoSave.

AutoSaveShiftEnterEnable

• True: the Shift+Enter combination forces AutoSave;
• False: the Shift+Enter combination does not force AutoSave.

AutoSaveUseNewAccountFeature
This policy controls the behavior of the AutoSave dialog box, enabling or disabling the option to create a new account.

• True: enable the New Account feature;
• False: disable the New Account feature.

DisableSaveForms
This policy enables or disables the Save Forms and AutoSave dialog boxes.

• True: RoboForm does not give the user an option to save new username/password data or new form data; RoboForm also blocks all related functionality;
• False: RoboForm will give the user an option to save new username/password data or new form data.

Back to the Top

Domains

OnlyDomains
This policy is obsolete. Use AutoSaveOnlyInDomains instead.

AutoSaveOnlyInDomains
This policy controls the list of domains on which the AutoSave functionality of RoboForm will work. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

NoAutoSaveInDomains
This policy controls the list of domains on which the AutoSave functionality of RoboForm will not work. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

DisableForceNonOnlyDomains
This policy controls the availability of the forced AutoSave (ALT+Click and SHIFT+Enter) to the users for domains which are not listed in AutoSaveOnlyInDomains or listed in NoAutoSaveInDomains. This key takes effect when AutoSaveOnlyInDomains and/or NoAutoSaveOnlyInDomains are not empty.

• True: RoboForm will not allow the users to use the forced AutoSave on domains which are not listed in AutoSaveOnlyInDomains or listed in NoAutoSaveInDomains.
• False: RoboForm will allow the users to use the forced AutoSave on domains which are not listed in AutoSaveOnlyInDomains or listed in NoAutoSaveInDomains.

SaveFormsOnlyInDomains
This policy forces RoboForm to restrict the SaveForms functionality only to the domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

NoSaveFormsInDomains
This policy forces RoboForm to prevent the user from using the SaveForms functionality on the domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

AutoFillOnlyInDomains
This policy forces RoboForm to restrict the AutoFill functionality only on the domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

NoAutoFillInDomains
This policy forces RoboForm to prevent the user from using the AutoFill functionality on domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

FillFormsFromPasscardsOnlyInDomains
This policy forces RoboForm to restrict the FillForms from Passcards functionality to only domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

NoFillFormsFromPasscardsInDomains
This policy forces RoboForm to present the user from using the FillForms from Passcards functionality on the domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

FillFormsFromIdentitiesOnlyInDomains
This policy forces RoboForm to restrict the FillForms from Identities functionality to only domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

NoFillFormsFromIdentitiesInDomains
This policy forces RoboForm to present the user from using the FillForms from Identities functionality on the domains listed in this policy. Multiple domains must be separated with a semicolon.

Example: roboform.com;roboform.org;searchcardplace.com

Back to the Top

Graphical User Interface (GUI) Limited by Admin

NoToolbar

• True: do not register toolbar and its classes with IE;
• False: register toolbar.

NoContextMenu

• True: do not register context menu and its classes with IE.
• False: register RoboForm context menu.

NoBHO

• True: do not register RoboForm Browser Helper Object (BHO) with IE. NOTE: WE DO NOT RECOMMEND SELECTING THIS OPTION;
• False: register RoboForm Browser Helper Object (BHO) with IE.

NoStartMenu

• True: do not register AI RoboForm Start Menu items;
• False: register Start Menu items.

NoTaskbarIcon

• True: do not register/start RoboForm Taskbar Icon;
• False: register RoboForm taskbar icon to start when Windows starts.

Back to the Top

Keyboard Shortcuts

DisableShortcuts

• True: RoboForm will disable keyboard shortcuts;
• False: RoboForm will enable keyboard shortcuts.

RightAltForShortcuts

• True: RoboForm will enable the use of right ALT button for keyboard shortcuts;
• False: RoboForm will disable the use of right ALT button for keyboard shortcuts.

ShortcutAuxKey
Use these keys for RF keyboard shortcuts:

• 1: Ctrl;
• 2: Shift;
• 4: Alt.

Back to the Top

Login Browser

DefaultActionForPasscardIsLogin

• True: the default action for RoboForm file type is Login;
• False: the default action for RoboForm file type is Edit.

LoginOpensSiteType
This policy controls where the Login toolbar button opens the corresponding website:

• 0: same window;
• 3: new window.

PopupBlockerUsing

• True: RoboForm will open a new browser window by calling the default browser, because low quality popup blocker that is present will not allow RoboForm to open them using other techniques;
• False: RoboForm will use regular techniques to open a new browser window.

TaskbarOpensSiteNewWindow
This policy controls where the Login taskbar icon or editor opens the corresponding web site:

• 0: same window;
• 1: new window.

TaskbarIconOpenBrowser
This policy controls the nature of the New Browser window for the Open icon from Taskbar:

• 0: default browser
• 1: Internet Explorer
• 2: Firefox
• 3: user specified browser

NOTE: For RoboForm Pro, the default value is 'Default Browser'. For RoboForm2Go, the default value is 'Internet Explorer'.

UserDefinedWB
This policy specifies the browser that will be used when the User specified browser (TaskbarIconOpenBrowser=3) option is selected.

Back to the Top

Master Password

AutoForgetTime
This policy specifies the AutoLogoff time in minutes. RoboForm will forget the Master Password after AutoLogoff minutes of inactivity.

AutoLogoffScreensaverStart
This policy controls the behavior of RoboForm when the screensaver starts.

• True: RoboForm will perform the AutoLogoff and forget the Master Password on Screensaver Start.
• False: RoboForm will not perform the AutoLogoff on Screensaver Start.

AutoLogoffStandby
This policy controls the behavior or RoboForm when user's computer goes into the Standby mode.

• True: RoboForm will perform the AutoLogoff and forget the Master Password on Standby;
• False: RoboForm will not perform the AutoLogoff on Standby.

AutoLogoffOnUserSwitch This policy controls the behavior or RoboForm when a different user logs in into the computer on which RoboForm is running.

• True: RoboForm will perform the AutoLogoff and forget the Master Password on User Switch;
• False: RoboForm will not perform the AutoLogoff on User Switch.

ClearGeneratedPasswordsOnLogoff

• True: RoboForm will clear the list of generated passwords on logoff;
• False: RoboForm will not clear the list of generated passwords on logoff.

MasterPasswordMinLength
This policy specifies the minimal length of Master Passwords that RoboForm will enforce

MasterPasswordMinUpperCaseChars
This policy specifies the minimal number of upper-case letters in Master Password that RoboForm will enforce.

MasterPasswordMinLowerCaseChars
This policy specifies the minimal number of lower-case letters in Master Password that RoboForm will enforce.

MasterPasswordMinDigitChars
This policy specifies the minimal number of letters in Master Password that RoboForm will enforce.

DisableChangeMasterPassword
This policy allows or prevents the user from changing his or her Master Password.

• True: RoboForm will not allow users to change their Master Password;
• False: RoboForm will allow users to change their Master Password.

PasswordRecoveryStorage
This policy specifies the output folder where encrypted copies of Master Passwords will be saved.

ProtectNewObject
This policy controls how RoboForm protects new user files:

• 0: user can choose encryption mode when creating new Passcard/Safenote/Identity;
• 1: always protect; user cannot create an unprotected object;
• 2: always unprotect; user cannot create a protected object.

DisableProtectCommand
This policy allows or prevents the user from protecting unprotected Passcards, Identities, and Safenotes.

• True: RoboForm will not allow the user to protect existing unprotected Passcards/Identities/Safenotes; RoboForm will also disable the Protect All command in the Set Master Password dialog.
• False: RoboForm will allow the user to protect existing unprotected Passcards, Identities, and Safenotes.

DisableUnprotectCommand
This policy allows or prevents the user from unprotecting Passcards, Identities, and Safenotes that have been previously protected with a Master Password.

• True: RoboForm will not allow the user to unprotect existing protected Passcards, Identities, or Safenotes. RoboForm will also disable the Unprotect All command in the Set Master Password dialog;
• False: RoboForm will allow the user to unprotect existing protected Passcards, Identities, and Safenotes.

EncryptAlg
This policy specifies the encryption algorithm that RoboForm will use when saving files:

• 1: 1DES;
• 3: 3DES;
• 4: AES;
• 5: Blowfish;
• 6: RC6.

EncryptNewPasscard

• True: RoboForm will offer the user to encrypt new Passcard;
• False: RoboForm will not offer the user to encrypt new Passcard.

EncryptNewIdentity

• True: RoboForm will offer the user to encrypt new Identity;
• False: RoboForm will not offer the user to encrypt new Identity.

EncryptNewSafenote

• True: RoboForm will offer the user to encrypt new Safenote;
• False: RoboForm will not offer the user to encrypt new Safenote.

LogoffEmptyClipboard

• True: RoboForm will empty clipboard upon logoff;
• False: RoboForm will not empty clipboard upon logoff.

LogoffClearSearchHistory

• True: RoboForm will clear search history upon logoff;
• False: RoboForm will not clear search history upon logoff.

Back to the Top

General

NoIdentities
This policy enables or disables the use of Identities.

• True: RoboForm hides from the user all controls related to Identities: buttons, menu items, context menu items; RoboForm also blocks all functionality related to Identities;
• False: RoboForm allows the use of Identities.

Note that after change of this policy roboform.dll registration must be updated to apply new policies to IE's context menu and toolbar items. Other items will be updated after 'Refresh Folder' command or on next update of settings.

NoSafenotes
This policy enables or disables the use of Safenotes.

• True: RoboForm hides from the user all controls related to Safenotes: buttons, menu items, context menu items; RoboForm also blocks all functionality related to Safenotes;
• False: the use of Safenotes is allowed.

Note that after change of this policy roboform.dll registration must be updated to apply new policies to IE's context menu and toolbar items. Other items will be updated after 'Refresh Folder' command or on next update of settings.

NoPasscards
This policy enables or disables the use of Passcards.

• True: all controls related to Passcards are hidden from the user: buttons, menu items, context menu items; all functionality related to Passcards is blocked;
• False: the use of Passcards is allowed.

Note that after change of this policy roboform.dll registration must be updated to apply new policies to IE's context menu and toolbar items. Other items will be updated after 'Refresh Folder' command or on next update of settings.

DisableChangeUserDataFolder
This policy controls user ability to change the location of the User Data folder.

• True: RoboForm will not allow the user to change the location of the User Data folder and disable most commands in Profiles menu;
• False: RoboForm will allow the user to change the location of the User Data folder and will allow all commands in the Profiles menu.

DisableBackupRestore
This policy controls the ability of the user to perform backup and restore of Passcards, Identities, and Safenotes.

• True: RoboForm will not allow the user to perform backup and restore operations;
• False: RoboForm will allow the user to perform backup and restore operations.

NoAutoUpdate
This policy controls the AutoUpdate functionality of RoboForm.

• True: RoboForm will not check for a new version on www.siber.com/roboform/version.txt;
• False: RoboForm will check for a new version on www.siber.com/roboform/version.txt.

NoEmailingDataFiles
This policy controls the ability of the user to send his or her data files (Passcards, Identities, and Safenotes) via email.

• True: RoboForm will not allow the user to send his or her data files by email;
• False: RoboForm will allow the user to send his or her data files by email.

NOTE: the user will still be able to send his data files via email with other programs outside of RoboForm.

DisableAddShortcutToDesktop
This policy controls the availability of the Add Shortcut To Desktop command to the user.

• True: RoboForm will not present the Add Shortcut To Desktop command to the user;
• False: RoboForm will present the Add Shortcut to Desktop command to the user.

NOTE: the user will still be able to manually add a shortcut to the desktop.

DisableAddShortcutToLinksToolbar
This policy controls the availability of the Add Shortcut To Links Toolbar command to the user.

• True: RoboForm will not present the Add Shortcut To Links Toolbar command to the user;
• False: RoboForm will present the Add Shortcut To Links Toolbar command to the user.

DisableAddShortcutToQuickLaunch
This policy controls the availability of the Add Shortcut To QuickLaunch command to the user.

• True: RoboForm will not present the Add Shortcut To QuickLaunch command to the user;
• False: RoboForm will present the Add Shortcut To QuickLaunch command to the user.

ForbiddenIdentityEditorGroups
This policy allows the administrator to restrict user access to different tabs in Identities. The following is the list of all tab names to which access can be restricted (you can list multiple tabs separated by a comma):

• Summary,
• Person,
• Business,
• Address,
• Credit Card,
• Bank Account,
• Authentication,
• Custom.

Example: to disallow Credit Card and Bank tabs, this policy must be set to: Credit Card,Bank Account.

DisableChangeCustomDomainEquiv
This policy controls the ability of the user to change custom domains equivalences.

Configuration Options

NoUninstall

• True: disable RoboForm uninstaller to be shown in Add/Remove Programs.
• False: add RoboForm uninstaller to Add/Remove Programs.

NoConfirmOpenPasscard

• True: RoboForm will suppress Open/Save confirmation dialog showing when user clicks on a link to RoboForm file on a web page;
• False: RoboForm allow the Open/Save confirmation dialog showing when user clicks on a link to RoboForm file on a web page.

CreateNewAsContact

• True: RoboForm will offer to create New Identity as Contact;
• False: RoboForm will not offer to create New Identity as Contact.

MyIdentitiesCausesSubmit

• True: the default action for the My Identity button on toolbar is Fill&Submit.
• False: the default action for the My Identity button on toolbar in Fill Form (no automatic submit).

MatchingPasscardsCausesSubmit

• True: the default action for the Matching Passcards button on toolbar is Fill&Submit;
• False: the default action for the Matching Passcards button on toolbar is Fill Form (no automatic submit).

ShowObjectContextMenuByTimer

• True: RoboForm will show context menu in Passcards/Identities/Safenotes menu after 5 seconds of inactivity;
• False: RoboForm will not show context menu in Passcards/Identities/Safenotes menu after 5 seconds of inactivity.

EncryptionKeyScheme
This policy specifies the encryption schema used by RoboForm:

• 0: normal (single password);
• 1: dual password.

ShowSearchResultsInNewWindow

• True: RoboForm will show search results in new window;
• False: RoboForm will show search results in the same window;

SaveSearchHistory

• True: RoboForm will save Search History;
• False: RoboForm will not save Search History.

SearchHistoryMaxNumber
This policy controls the maximum number of items that RoboForm will save in Search History.

EnableSelectionSearch

• True: RoboForm will put the text selection of the current browser into the Search box when the user clicks on it;
• False: RoboForm will not put the text selection of the current browser in the Search box when the user clicks on it.

MyIdentityNumber
This policy specifies the number of MyIdentity buttons on toolbar.

MyIdentityWidth
This policy controls the width of the MyIdentity button.

SearchBoxWidth
This policy controls the width of the Search box on toolbar.

MatchingPasscardsButtonWidth
This policy specifies the width of the Matching Passcards button on toolbar.

MiniDialogShowDelayTime
This policy specifies the delay time of the Mini Dialog.

MruMaxNumber
This policy specifies the maximum number of items in the Most Recently Used list.

ShowLowerToolbarIE
When Upper RoboForm toolbar cannot be shown in Internet Explorer because it is not installed or not allowed, show Upper Attached Toolbar, Lower Toolbar or no toolbar. Preferred location of RoboForm toolbar is:

• 0: Upper Toolbar;
• 1: Lower Toolbar;
• 2: No Toolbar.

OrderByUrlMatch
This policy controls the order of Passcards in the Matching Passcards mini-dialog:

• True: show matching Passcards with the best URL match on top;
• False: order matching Passcards alphabetically.

ShowIconsInMenu

• True: RoboForm will show icons in its menus. Menus will be shown by default;
• False: RoboForm will not show icons in its menus.

AttachToFirefox
This policy tells RoboForm to attach or not to Firefox if adapter is not installed. This policy is ON by default.

• True: RoboForm will attach itself to Firefox if adapter is not installed;
• False: RoboForm will not attach itself to Firefox if adapter is not installed.

RequestChangesConfirmationInEditor

• True: RoboForm will force users to confirm that the changes they made to Passcard, Identity, or SafeNote in RoboForm Editor are actually desired;
• False: RoboForm will not force users to confirm that the changes they made to Passcard, Identity, or SafeNote in RoboForm Editor are actually desired.

FillingFromPasscardChecksDomain
This policy allows or prevents from using a Passcard to fill a form located on a domain that is different from the Domain that is specified in the Passcard. This policy (when set to False) is used to protect against phishing attacks and enforce the privacy of passwords (e.g., when the user is not allowed to view the information in the passcard, he or she may choose to create a custom HTML form that reveals the username and password to them).

• True: the user is allowed to use a Passcard to fill a form on a domain that is different from the Domain on the Passcard;
• False: the user is not allowed to use a Passcard to fill a form on a domain that is different from the Domain on the Passcard.

Back to the Top

User's Master Password Recovery by Admin

RoboForm Enterprise allows system administrators to enable the mechanism that would force RoboForm to store Master Passwords of individual users in an encrypted form.

To activate this feature, system administrator has to populate the PasswordRecoveryStorage policy using the Policy Editor and with the full path to the directory where all user passwords will be backed up and deploy this change to all user workstations. We recommend choosing a place on the local area network that is visible from all user computers.

RoboForm Enterprise uses public key cryptography to protect Master Passwords of individual users in storage. System administrator will generate a public/private key pair using the Generate New Key Pair button in Policy Editor.

The public key from that pair will be used by RoboForm to automatically encrypt the newly created user's Master Password and to save it in a file with extension "ENP" in the directory that is specified in the PasswordRecoveryStorage policy after this Master Password is changed or created for the first time.

That public key must be saved in a file "pub.rfk" and a copy of it has to be saved in the directory that is specified in the PasswordRecoveryStorage policy.

When system administrator generates the public/private key pair, he or she will be prompted for a password that will be used to generate an AES key to encrypt the file containing private key that can be later used to recover user passwords from encrypted storage files. The default name for the file containing the private key is "prv.rfk", but it can be changed to any other name. The file containing the encrypted private key can be stored in any folder and does not have to be in the folder specified in the PasswordRecoveryStorage policy.

When system administrator needs to recover user's Master Password, he or she needs to go to the Policy Editor, make sure that the proper file containing the private key is selected in the Private Key File text box and click on the Recover RoboForm Master Password button. After that an Open RoboForm Master Password backup file dialog box will appear where an encrypted password (file with the extension "ENP") corresponding to that user must be selected. After the file is selected, a window will appear with the network login ID of the user and the Master Password in plain text.

NOTE: the use of the Master Password recovery feature provides a useful business continuity mechanism but also poses a threat related to the fact that the security of access to all system resources for all users ultimately resides in the security of the password with which the administrator protected his or her private key. We recommend that the multiple copies of the encrypted file with the private be stored outside of the network and additional means of protection like a locked physical storage be used to provide additional security.

Back to the Top

• 
• 
• 
• 
• 

"RoboForm Enterprise provided 90% of the value that the Enterprise Single Sign-on solutions promised, with only 10% of the effort at a fraction of the cost." Curt Rynties, M Financial Group