Script to KeePass safely in DropBox

Need: I want a multiple platform (Windows/x86/x64/Vista/XP/7) key manager available to my work, home, and well everywhere.

Resolution: KeePass in Dropbox

Problem: I am concerned that if my database is corrupted (which is likely if you are access it from multiple computers and accounts), I will loose all of my keys.

Solution:

Keys are a valuable commodity, and they are what hackers are looking for when they access your computer. You should be encrypting them and you should be aware keyloggers could be hiding out even if your technically inclined.  So many people resort to key safes like Keepass.  Now, this allows us to have the 56 character keys that make brute force attempts almost humorous… almost…. That being said, dropbox now transfers files from your computer via ssl to the s3 data centers that place another 256 bit AES encryption on the files and your keypass database is encrypted already. Well this leaves you with a couple of problems.  1) because of this process there is a much greater likelihood of corrupted database files.  2) Dropbox only stores the last two revisions of a file.

Well, rather than launch keypass directly, use this script instead:

For /f “tokens=2-4 delims=/ ” %%a in (‘date /t’) do (set date=%%a%%b%%c)

IF EXIST KeePassX\back\%date%backup.kdb GOTO ENDME

copy howto.kdb KeePassX\back\%date%backup.kdb

:ENDMESTART

KeePassx\KeePassX.exe howto.kdbexit

I am assuming that in your dropbox folder you have placed this .bat file and you have created a folder inside of dropbox called KeePassx. Please note that in line 3 you need to replace howto.kdb with your keypass database name. Here is my structure to make it more plain.

Stay safe!!!

 

 

Advertisements

(Broken) Script to enable multiple DropBox accounts in Windows 7

UPDATE: Please be aware this method is no longer working. It seems that more than 30,000 people have viewed this solution. I hope you no longer continue to use it… Thanks.

As you can see I am convinced that DropBox is cool, but somethings just aren’t quite right. Namely multiple accounts on one machine. I see many posts with a long set of descriptions on how to accomplish multiple drop box accounts. But what happens if you dont want a bunch of logins messing up your login page? What if you want it to automatically log you in when you start windows (and you dont want to enter your password every time)?

Pre-requisites

You need to have admin access to your computer

You need to have SysInternals psexec installed and in your path. Here is the Microsoft Download Page.

(If you don’t know what ‘in your path’ means, you can just extract it to the c:\windows\system32 folder)

If you are just creating one extra account, this method is about the same amount of work as manually creating another user. But… Multiple users, well  you can see how much easier it will be. You could theoretically create 10 different accounts in less than 10 min if you understand these instructions.

How-To

1) Copy my script into your dropbox folder (C:\Users\<your name>\AppData\Roaming\Dropbox) (dont worry userlinklist will be added later you dont need to add it)

2) Run cmd with elevated permissions (Click on start, type cmd, right click on cmd.exe and choose run as administrator)

3) Change to the path the script is in “cd C:\Users\globalcynic\AppData\Roaming\Dropbox” for example

4) use this syntax: new <username> <password> (i.e. “new dropboxusr24 mypass”) (Read note Below)

5) repeat step 4 as many times as you need

*Note for step 4… This username and password is not for dropbox but for windows. Even though I hide the accounts from the login screen, these are still valid windows logins. Located in the textfile are your username and password so you can remember them, but if you are paranoid about security, delete this file.

What the script does?

  • Creates a new user account
  • Hides that account from your login page
  • Loads the new user profile
  • Copies the dropbox into the new profile
  • Starts dropbox for the first time for you
  • Creates a text file that shows the exact shortcut that you can place in your startup if you want.

Here is the script

Simply copy this script into a new text file and save as new.bat (or whatever name you want).

net user %1 %2 /add
REG QUERY “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts”
if [%errorlevel%]==[1] REG ADD “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts”
REG QUERY “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList”
if [%errorlevel%]==[1] REG ADD “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList”
REG QUERY “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v %1
if [%errorlevel%]==[1] REG ADD “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v %1 /t reg_dword /d 0
psexec -d -u %1 -p %2 whoami
xcopy bin “C:\Users\%1\AppData\Roaming\Dropbox\bin” /i
psexec -d -u %1 -p %2 “C:\Users\%1\AppData\Roaming\Dropbox\bin\Dropbox.exe”
echo psexec -d -u %1 -p %2 “C:\Users\%1\AppData\Roaming\Dropbox\bin\Dropbox.exe” >> userlinklist.txt

Important Notes

Note: The “userlinklist,txt” contains a command that will allow you to execute DropBox. If you want dropbox to start when windows does, create a shortcut with that command in your windows startup folder for every account that you want to start. Or if you want to start all dropbox accounts manually, simply rename the userlinklist to userlinklist.bat and it will start all of your drop box accounts at once.

Note: The first time you start dropbox and link it to an account, it will not sync. This is a problem also observed in their (discontinued) portable app. All you have to do is link it for the first time, exit Dropbox, and then start it again and there are no more problems.

Note: It should be obvious, but if it is not, do not attempt to place all synced folder in the same location. Each DropBox account must be syncing in a different folder.

Note: Removal Instructions. You need to remove the windows user, then delete the profiles folder (c:\users\username). You can use the command net user username /delete to remove the user accounts also.