Back in the days, using Royal TS 1.7.x, it was possible to add an additional password to your document. With this second password admins could protect documents from modifications and also prevent users from reading passwords. This additional protection was missing in Royal TS V2 and lots of users asked us to bring back the feature. Well, in Royal TS (for Windows) V3 and Royal TSX (for macOS) V2 we will have it on board again and even put some extra sugar on top of it.

Disclaimer: While we understand the case to create documents which allows users to log on to production servers without knowing the actual password, we still think that many problems and security related issues can come up with this approach. The features we discuss in this blog post are intended to help you to better manage your documents and prevent users from easily and accidentally obtaining a confidential password. However, depending on your scenario, this approach may not be “bullet proof” or give you the desired results. There are also many “restrictions” which are applied to the workflow when you lock down a document. So make sure you fully test the workflow before you release any documents to your users!

Recommendation: We strongly recommend to provide personalized user accounts instead. This way all actions can be audited and fully tracked individually. Shared user accounts to manage systems is in general a very bad idea!

Now, let’s dive into Lockdown…

What exactly is meant by Lockdown?

A document with an Encryption password and a Lockdown password behaves like this:

  • A user opens the locked down document and is asked for the Encryption password.
  • The user enters the Encryption password and can browse and “use” the document with some restrictions (depending on the Lockdown Configuration). The document is in Locked mode.
  • The user can work with all the objects of that document (connect, execute tasks, etc.) but with some restrictions – more about that later.
  • Depending on the configured restrictions, the user may not be able to edit the document or view passwords.
  • To (temporary) remove those restrictions, the user needs to Unlock the document and is asked to enter the Lockdown password.
  • As long as the document is Unlocked, no restrictions apply.

Document Formats

Before we go into the specifics of Lockdown, let me briefly talk about our file formats and let me introduce our new document file format.

Extension .rtsx: Legacy file format used in Royal TS V2 and Royal TSX V1 (Royal TS V3 and Royal TSX V2 can still open and save .rtsx files).

Extension: .rtsz: New file format for Royal TS V3 and Royal TSX V2

  • Smaller file size
  • Faster file access
  • Better PowerShell scripting support
  • Supports 2 Encryption Modes:
    • Passwords-Only: File is still written as structured XML file but protected properties (such as passwords or protected custom fields) are encrypted.
    • Complete-File-Encryption: The complete file is encrypted. Support for lock down scenarios (read-only, password visibility).

Lockdown Configuration

To configure Lockdown, open the Document properties and switch to the Security page (in V2 this page was called Encryption but we renamed it):


This page allows you to configure a custom encryption password for your sensitive data (such as passwords). There’s a new tab called Lockdown which provides the following features:

  • Encrypt complete file: You can only check this option when you specified an encryption password in the Encryption tab. With this option checked, Royal TS will encrypt all file content of your document.

  • Set Lockdown Password: You can only set a lockdown password when the option Encrypt complete file is checked. Click Set Lockdown Password and provide a password. To remove the Lockdown Password, leave both password fields empty.

  • Do not allow to reveal passwords in this document: If checked, password fields from all the objects in the locked down document do not provide the reveal password and copy to clipboard button.

  • Do not allow to edit or modify this document: If checked, the document cannot be modified. You can still open the object properties but you cannot apply the settings and you also cannot save the document.

  • Allow passwords in web page connections: One of the side effects of lockdown documents is the restrictions of using passwords in auto-fill configurations or key sequence tasks. We introduced this policy to enable passwords in web page connections.

Working with Lockdown Documents

Lockdown documents will show a padlock icon in the Navigation panel next to the document name:

2014-10-03_17-16-20 Lockdown2

The padlock icon also shows the current state (Locked or Unlocked). To unlock a document, right-click the document and select Unlock Document:

2014-10-03_17-50-58 Lockdown3

You are then prompted to enter the Lockdown password. Once the document is Unlocked, all the configured restrictions are removed until you Lock the document again – using right-click on the document.


To ensure that passwords cannot be easily obtained, some restrictions apply to Locked documents:

  • Replacement Tokens: Secure properties (such as $EffectivePassword$ or $CredentialPassword$) are not resolved in command tasks, key sequence tasks, connections or templates.
  • Ad Hoc Connections: Ad hoc connections are basically duplicates of the original connection which are placed in the Application document’s Ad Hoc folder. During this process, none of the secure properties are copied over to the ad hoc connection. Connections configured to use username and password will fail to logon. Connections using assigned credentials will logon successfully because there is no secure property transferred to the ad hoc connection, only the reference to an existing credential.
  • Copy/Move of Connections to other Documents: all copy or move operations from a Locked document to another document are prohibited.
  • Terminal Connection based on the PuTTY plugin: since PuTTY needs the password passed on through the command-line, we will only support auto logon for Terminal connections using the Rebex plugin.
  • VNC based on UltraVNC and TightVNC: like the PuTTY based plugin, the UltraVNC and TightVNC connections are established by passing on the password through the command-line. Auto logon for VNC connection is therefore not supported for locked down documents which do not allow to reveal passwords.
  • Web Page Connections with Auto Fill: Using secure properties (such as $EffectivePassword$ or $CredentialPassword$ in web page auto fill will not be supported when a document is locked down. If the lockdown policy Allow passwords in web page connections is enabled, secure properties will be passed on for auto fill purposes.
  • Scripting: Access to secure properties of locked down documents using script is also not supported.

Previous Post Next Post