Windows - Microsoft Edge - prevent access to CMD stops keepassxc-proxy.exe

[oisteinm]

Expected Behavior

In a Windows enterprise environment we use the group policy:

User Configuration - Policies - Administrative Templates - System Prevent access to the command promt

This however seems to prevent keepassxc-proxy.exe from starting.

Which leads to the extension not working.

We are using the Microsoft Edge browser

I would hope launching keepassxc-proxy.exe would work even if that policy is enabled.

As locking down computers, and preventing access to command promt is used to increase security, perhaps there is another way to launch keepassxc-proxy.exe? Could it start in a way which does not make that policy prevent it from starting?

Current Behavior

Instead of starting keepassxc-proxy.exe i see multiple entries of conhost.exe

Possible Solution

Steps to Reproduce (for bugs)

1. Enable to policy
2. Reboot the computer
3. Start KeePassXC
4. Start Microsoft Edge - the KeePassXC extension will not work.

Debug info

KeePassXC - 2.6.6 KeePassXC-Browser - 1.7.9.1 Operating system: Win64 Browser: Microsoft Edge 93.0.961.38

[droidmonkey]

That policy seems to prevent any application from starting another process. There is no way around that and you'll also break any other extension that uses native messaging. That policy doesn't even make you more secure tbh. Users shouldn't be able to run anything of consequence from a command prompt to begin with.

Also are you sure it is that policy and not restrictions placed on Edge itself? We have instructions for deploying to Edge for enterprise: https://keepassxc.org/docs/KeePassXC_UserGuide.html#_advanced_setup