Administrative Templates facilitate the management of registry-based policy settings, which can be applied on the computer and/or user configuration. Group policy (GPO) is a tool that enables your organization to enforce global settings on all computers, and at the same time, harden Remote Desktop Manager security.
Administrative Templates are registry settings that are enforced by domains. They contain registry keys that can also be set on computers that are not joined to domains. In this case, however, proper Access Control Lists (ACLs) must be put in place to prevent users from modifying registry settings. Refer to the tables below to find the registry key for each policy setting.
To learn more on how to deploy the Remote Desktop Manager Administrative Templates on your domain, please refer to the Microsoft Online Help.
How to list RDM GPOs in the Local Group Policy Editor
For now, the additional support is exclusively for the policies that require a numerical input higher than 0-1 (ex: ForceLockOnIdle).
Remote Desktop Manager includes an administrative template file (.admx), which describes the policies that are offered. You will find it in the policies subfolder. Before you can manage GPOs in RDM, you first need to list them in the Local Group Policy Editor. Here are the steps:
- Go to your policies subfolder. By default, the path is C:\Program Files (x86)\Devolutions\Remote Desktop Manager\Policies.
- Copy the Devolutions.admx file.
- Go to C:\Windows\PolicyDefinitions.
- Paste the Devolutions.admx file in the root of C:\Windows\PolicyDefinitions.
- Go to C:\Program Files (x86)\Devolutions\Remote Desktop Manager\Policies\en-US.
- Copy the Devolutions.adml file.
- Paste the Devolutions.adml file in C:\Windows\PolicyDefinitions\en-US.
- Open your Group Policy Editor and go to Computer Configuration – Administrative Templates – Devolutions – Remote Desktop Manager – Sessions.
- In the Sessions folder, locate the specific policy that you wish to change.
- Right-click the specific policy, edit it accordingly, and save.
If Remote Desktop Manager is open when you make this change, then you will need to restart it for the new policy to take effect.
Policies
General
| POLICY NAME | REGISTRY KEY |
|---|---|
| Disable export vault menus in export menus | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableExportVaultMenus |
| Disable features requiring an internet connection, such as telemetry, automatic favicon fetching and checking for add-on updates | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\NoInternetConnection |
| Disable the application's automatic update check | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAutoUpdate |
| Disable the application's update menus | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableUpdate |
| Disable the launching of entries at startup | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLaunchAtStartup |
| Disable the license expiration message in the Overview | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLicenseExpirationMessage |
| Disable the telemetry data collection | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAnalytics |
| Force application close when idle | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceCloseOnIdle |
| Force proxy settings to System | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceSystemProxy |
| Force refresh before edit entry | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeEditEntry |
| Force the loading of the current configuration file | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceCurrentConfigurationLoading |
| Force the loading of the default.cfg file | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDefaultConfigurationLoading |
| Force updating all major updates | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingMajorUpdate |
| Force updating all updates | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdate |
| Force updating all updates and beta | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdateAndBeta |
| Force updating once a month | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingOnceAMonth |
Security
| POLICY NAME | REGISTRY KEY |
|---|---|
| Apply forced password template in Password Generator tool | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ApplyForcedPasswordTemplateInPasswordGeneratorTool |
| Check for server certificate revocation | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\CheckForServerCertificateRevocation |
| Disable Azure interactive persistent login | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAzureInteractivePersistentLogin |
| Disable execute scripts via terminal | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableExecuteScriptsViaTerminal |
| Disable exporting the User Vault | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableUserVaultExport |
| Disable local drive sharing of RDP entries | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLocalDriveSharing |
| Disable Mask Password in View Password | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMaskPasswordInViewPassword |
| Disable My Account Settings | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyAccountSettings |
| Disable My Personal Private Key | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalPrivateKey |
| Disable My Privileged Account | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPrivilegedAccount |
| Disable read/write in Offline Mode | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableReadWriteOffline |
| Disable the Caching mode | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCaching |
| Disable the Offline Mode | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOffline |
| Disable the override hard drive specific settings for RDP entries | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRDPHardDrivesSpecificSettings |
| Disable the Password Generator | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisablePasswordGenerator |
| Disable the Reveal Password option in My Account Settings for all users, including administrators | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRevealPasswordInMyAccountSettings |
| Force an application two-factor authentication mode (check against all configured methods or prompt for selection on use) | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\Application2faMode |
| Force application lock on standby | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnStandby |
| Force application lock when idle | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnIdle |
| Force application lock when minimizing | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnMinimize |
| Force application lock when Windows locks | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnWindowsLock |
| Force multi-factor authentication on the application login | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceApplicationMFA |
| Force secure desktop usage | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceSecureDesktop |
| Force the local save of My Account Settings | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLocalMyAccountSettings |
| Force the user to always be prompted for their credentials when launching the application | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLogin |
| Force the user to always be prompted for their passphrase while connecting to a data source that is protected by a Shared Passphrase Security Provider | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\AlwaysPromptForPassphrase |
| Force Windows Hello authentication on the application login | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceWindowsHello |
| Ignore application certification errors | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\IgnoreApplicationCertificateErrors |
| LastPass two-factor authentication mode 1 = Do not trust this device 2 = Trust this device 3 = Trust this device on close | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\LastPass2FAMode |
| Remove the possibility to see passwords entirely | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceHidePasswordForAdministrators |
| Use Windows credentials as the application password and force the currently logged on username and domain (unless an application password is already set) | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceWindowsCredentialsAndCurrentlyLoggedOnUsernameAndDomain |
Sessions
| POLICY NAME | REGISTRY KEY |
|---|---|
| Allow the user to connect even after the entry has expired | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableConnectionAfterExpiration |
| Confirm on multiple sessions open if open count greater than | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ConfirmSessionsOpenOnCountGreaterThan |
| Disable all session events | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDisableAllSessionEvents |
| Disable import in User Vault | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableImportInPrivateVault |
| Disable Reveal Password | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRevealPassword |
| Disable the Add-on creation and the Add-on Manager is deprecated; use DisableAddOnEntries and DisableAddOnManager instead | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOn |
| Disable the Add-on creation of entries | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnEntries |
| Disable the Add-on Manager | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnManager |
| Disable the custom image edition in the session configuration | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCustomImage |
| Disable Website Session and Website (legacy) Information (Deprecated) credential autofill after one minute | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableWebsiteCredentialAutofillAfterDelay |
| Enable RDP API hooking | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableRDPHooking |
| Force refresh before copy password/username/domain | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeCopyFromEntry |
| Force refresh before execute entry | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeExecuteEntry |
| Force refresh before view password | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeViewPassword |
| Force User Specific Settings migration | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUserSpecificSettingsMigration |
| Hide the custom port in RDP sessions | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\HidePortInRDP |
| Only allow the creation of credentials when inside the User Vault | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\OnlyAllowCredentialsInPrivateVault |
| Select the default PowerShell version | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DefaultPowershellVersion |
User Interface
| POLICY NAME | REGISTRY KEY |
|---|---|
| Disable all the local application tools like the Event Viewer or IIS | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableApplicationTools |
| Disable drag and drop in the connection list | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableDragAndDrop |
| Disable import and export options | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableImportExportOptions |
| Disable My Personal Credentials | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalCredentials |
| Disable Quick Connect | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableQuickConnect |
| Disable the About menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAbout |
| Disable the Add-on Manager in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsAddOnManager |
| Disable the auto-focus of the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAutoFocusDashboard |
| Disable the Chocolatey Console in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsChocolateyConsole |
| Disable the Devolutions Account usage | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOnlineAccount |
| Disable the Devolutions Server Console in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsDevolutionsServerConsole |
| Disable the Error Report prompt | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableSendErrorReportDialog |
| Disable the Extension Manager in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsExtensionManager |
| Disable the Help menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableHelp |
| Disable the Local RDP/RemoteApp Manager in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsLocalRDPRemoteAppManager |
| Disable the menu File – Data Sources | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileDataSources |
| Disable the menu File – Options | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileOptions |
| Disable the Open New Remote Desktop option in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsOpenNewRemoteDesktop |
| Disable the option to open with parameters | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOpenWithParameters |
| Disable the PowerShell RDM Cmdlet in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsPowershellRDMCmdlet |
| Disable the RDM Agent in the Tools menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsRDMAgent |
| Disable the Tools Ribbon tab and menu | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsMenu |
| Disable the Top Pane (Ribbon/Menubar) | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableTopPane |
| Force the main tree view to load with all nodes collapsed at launch | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceTreeViewCollapseAtLaunch |
| Force the merging of the credential list with sessions | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableMergeCredentialListWithSessions |
| Force the merging of the session tool list with sessions | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableMergeSessionToolListWithSessions |
| Hide the Asset panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllAssetPanels |
| Hide the Attachments panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllAttachmentsPanels |
| Hide the Documentation panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllDocumentationPanels |
| Hide the Entries panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllEntriesPanels |
| Hide the Logs panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllLogsPanels |
| Hide the MacroScriptTools panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllMacroScriptToolsPanels |
| Hide the Management Tools panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllManagementToolsPanels |
| Hide the Overview panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllOverviewPanels |
| Hide the Password List panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllPasswordListPanels |
| Hide the Permissions panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllPermissionsPanels |
| Hide the Referenced By panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllReferencedByPanels |
| Hide the Sub Entries panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllSubConnectionsPanels |
| Hide the Summary panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllSummaryPanels |
| Hide the Task panel located in the Dashboard | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllTaskPanels |
| Select the default tab for the Navigation Pane on launch | %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DefaultNavigationPaneTab |
Notes
Note 1: For each GPO’s corresponding Registry Key, the %Root% can either be HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER, depending on how you want to enforce the policy. Please refer to Microsoft's online documentation to make the best choice for your organization's requirements.