Disabling Local Vault via Admin Enforcement on Windows

Disabling on Installation

If you are installing Connection Manager for the first time or local vault was previously disabled, follow the instructions below: 

  1. Install Connection Manager version 2.6 or newer via quiet mode.

    Copy 
    Delinea.ConnectionManager.WindowsInstaller.msi /quiet RUNCM=runCM KEYS="-disablelocalvault "

  2. Open the Connection Manager registry, which can be found via the following path: 

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Delinea Inc.\Delinea Connection Manager

  3. Open the AdminConfig folder inside the Delinea Connection Manager folder.

  4. Inside the AdminConfig folder, you will see a DisableLocalVault setting. By default, this setting is set to n, meaning that local vault is enabled for local users.

  5. Change this value to y to disable local vault for all users.

    If users already had existing local vaults created, they will be able to continue using them after this setting is applied.

Backing Up and Disabling Existing Local Vaults

If users already had an existing local vault created, administrators can disable these local vaults, before or after installation, by following these steps: 

  1. Open the Connection Manager registry, which can be found via the following path: 

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Delinea Inc.\Delinea Connection Manager

  2. Change the value to fy

  3. When users launch Connection Manager, they will need to enter the password to the local vault and they will see a message that their local vault was disabled by administrator.

The local vault option in the left side navigation will be disabled for all users and a backup for the .dat file will be automatically created. This setting will take effect when Connection Manager is relaunched.

Re-Enabling Local Vault After Disabling

Administrators can centrally re-enable local vaults by following the steps below: 

  1. Change the value in the Registry to n or delete this value altogether.

  2. In the Main Menu left-side navigation click Enable Local Vault.

  3. Delete the current ConnectionManager.dat file.

  4. Rename the backup file ConnectionManager.dat.bak to ConnectionManager.dat.