Custom Configuration File

SafeHouse includes the ability to reference a custom configuration file that you create which includes special commands and options to help further shape the behavior of the SafeHouse software. The file must be named CONFIG.INI and it should be located in the SafeHouse program files directory.

This CONFIG.INI file is completely optional. Most people will never need this special file; however, it is frequently used in corporate deployments where it is often desirable to establish standards and policies to make sure everyone is using the product in a defined way.

You will not find this CONFIG.INI  file in your SafeHouse programs folder after installing the standard product. If you decide to use this feature, you should create this file using a simple text editor such as Windows NOTEPAD. Do not use a word processor such as Microsoft Word to create this file since word processors insert document formatting information which won't be correctly interpreted by Windows.

The format of this INI file conforms to the standard format for any typical Windows INI file.

The custom configuration file allows you to:

NOTE:  The SafeHouse Deployment Wizard can create this file for you. At your option, it will display a series of wizard pages explaining each feature and prompting for your preference. It will then package your customized CONFIG.INI file into the custom SafeHouse installer and deploy it along with the rest of the SafeHouse files.

Presetting Utility Command Options

If you find yourself using the same SafeHouse utility command line options over and over again, you may find it convenient to put those options into a custom configuration file, which has the same effect as having specified those identical options directly when invoking the respective utility.

Many of the utility programs included with SafeHouse will check for the existence of the CONFIG.INI in the same directory as the utility is run from; which is typically the C:\Program Files\SafeHouse folder.  If this file is found, the utility will look for a [section] which has the same name as the utility and retrieve initial values for any specified parameters.

For example, SDWCREAT.EXE will look for the section named [SDWCREAT] and SDWMAP32.EXE will look for a section named [SDWMAP32].

Parameters specified on the command line override any potential CONFIG.INI settings for the same option.

Individual parameters have names identical to their command-line equivalents without the leading slash.

Example CONFIG.INI Section:

This example sets the length for volume passwords, which is equivalent to having specified /Minpassword=8 and /Maxpassword=32 on the command line.

[SDWCREAT]

Minpassword=8

Maxpassword=32

Utilities Supporting this Feature:

The following SafeHouse utilities support using this custom configuration file.

Restricting Available Encryption Methods

Professional Edition Only

It is often desirable in corporate environments to restrict the use of certain encryption algorithms. You can prevent one or more encryption algorithms from appearing in the create volume wizard encryption selection list by creating a section named [ENCRYPTION] in your CONFIG.INI file and including a reference for each algorithm that should not be presented to the user as an available choice.

The following encryption identifiers can be specified in the [ENCRYPTION] section. Their respective values can be set to 1 to allow them, which is the default, or to 0 to hide them.

See Encryption for descriptions of the encryption methods supported by SafeHouse.

Please also know that SafeHouse will only display the wizard page showing encryption options when users choose to see the advanced options for creating new volumes. This choice is made by checking a box on the first page of the create volume wizard.

Example CONFIG.INI Section:

Adding the following lines to your custom CONFIG.INI file will hide the DES, Triple DES and NONE encryption methods from users when using the Create Volume wizard. The other methods will default to being set to 1 and will therefore remain enabled.

[ENCRYPTION]

DES=0

TDES168=0

NONE=0

Setting Password Policies

Professional Edition Only

SafeHouse has always supported password length range limits, however, we've also started to receive requests to support additional rules relating to the passwords that can be chosen by users. If you wish to enforce a specific password policy, the options presented below will allow you to specify a variety of simple rules.

Any rule not included in your CONFIG.INI file will default to using a value of 0 for the minimum length of the respective setting.

These rules will be enforced whenever users have an opportunity within SafeHouse to choose a SafeHouse volume password; such as when they create a new volume or change the password of an existing volume.

The PasswordHelp parameter allows you to craft a simple message explaining your password policy. This text will be displayed in an error dialog when users attempt to choose a password that does not conform to your established rules.

Example CONFIG.INI Section:

[GLOBAL]

PasswordMinDigits=2

PasswordMinSymbols=1

PasswordMinUppercase=2

PasswordMinLowercase=0

PasswordHelp=Passwords must include at least 2 digits, 1 punctuation symbol and two upper case letters.

Smartcard Settings

When using virtual smartcards residing on Flash disks and memory sticks, you can override the default minimum password length enforced by SafeHouse by including this setting in your custom CONFIG.INI file. This applies only to virtual smartcards rather than traditional smartcards since when using traditional smartcards the manufacturer provides you with the tools to change your password.

In the example, the minimum allowed length for a smartcard password is set to 10 characters.

Example CONFIG.INI Section:

[SMARTCARD]

PasswordMinLength=10

Volume Location Preferences

SafeHouse typically stores volumes in a single default folder to make working with volumes just a little bit easier. Volumes can still reside in other folders or even on other drives, but accessing them will require that you point to them using a file chooser.

The VolumeDirectory option can be used to tell SafeHouse where your default volume folder is located. This value will typically only be meaningful for the very first volume a user creates since SafeHouse then internally remembers the location of the last volume created or opened. When not specified, SafeHouse will default to using C:\SafeHouse as the default volume folder.

However, when this option is used in combination with the ForceDefaultVolumeDirectory option (below), the value you specify for VolumeDirectory  becomes the starting folder to be shown for all SafeHouse volume file pickers.

The ForceDefaultVolumeDirectory option can be used to instruct SafeHouse to always default its file pickers to initially showing the default volume folder instead of starting out showing the folder you last used when picking a SafeHouse volume. When this option is not specified, SafeHouse keeps track of the folders you've been using to store your volumes and will assume that the next time you go to pick a volume that the best starting point would be to look in the same folder as where the last volume you used was located. In many cases, this is a pretty good guess; but since we've had some requests to force a specific starting point, we've added this special option to do just that.

Example CONFIG.INI Section:

[GLOBAL]

VolumeDirectory=C:\SafeHouse

ForceDefaultVolumeDirectory=1

Example Configuration File

This sample configuration file will cause the following behavior:

This file should be created in the C:\Program Files\SafeHouse folder using a text editor such as NOTEPAD. The name must be CONFIG.INI.

Complete CONFIG.INI file:

[SDWMAP32]

removable=1

[SDWCREAT]

Encryption=AES256

Minpassword=8

Maxpassword=32

[ENCRYPTION]

DES=0

[SMARTCARD]

PasswordMinLength=8

[GLOBAL]

VolumeDirectory=C:\SafeHouse

PasswordMinDigits=2

PasswordMinSymbols=1

PasswordMinUppercase=2

PasswordMinLowercase=0

PasswordHelp=Passwords must include at least 2 digits, 1 punctuation symbol and two upper case letters.

Compare to BitLocker  lock folder  encrypted USB  data encryption software  password protect