Your IT workflows just got faster. Devolutions 2026.2 is now available.
Explore the release
Ctrlk
Book a demoOn-demand labAcademyDownload center
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Devolutions Password Manager pre-configuration

What is pre-configuration?

Pre-configuration allows IT administrators to deploy Devolutions Password Manager Windows app with pre-configured settings and workspaces (Devolutions Server and Devolutions Cloud) across Windows endpoints. This eliminates the need for end users to manually configure the application after installation.

Key benefits

  • Zero-touch deployment: Users start with fully configured applications

  • Consistency: Ensure all users have the same workspaces and settings

  • Time savings: Eliminate manual configuration steps

  • Flexibility: Multiple deployment methods to fit different IT infrastructures

  • Scalability: Deploy to hundreds or thousands of endpoints efficiently

How it works

  1. An IT Admin configures workspaces and settings via MSI parameters or configuration files.

  2. Deployment tool pushes installation to managed devices (Intune, SCCM, PDQ Deploy, etc.).

  3. Users launche app for the first time.

  4. The app reads the configuration and automatically creates workspaces.

  5. Users log in to complete the connection.

Important notes

  • Authentication required: Pre-configured workspaces are created in a "pending" state. Users must still log in to complete the connection.

  • First launch only: Configuration is applied once on first launch. Subsequent changes require app reinstallation or manual configuration.

  • Credentials NOT Stored: Pre-configuration does NOT include user credentials. Users must log in with their own credentials.

Deployment methods

Method 1: MSI Installer Parameters

Pass configuration parameters directly to the Windows installer during deployment. You can combine workspace parameters with application settings.

Use case: Quick deployments, simple configurations, testing

  • Basic example (workspaces only):

  • With settings (workspaces + application settings):

Limitations: Only one Devolutions Server can be configured via MSI parameters. For multiple servers, use Method 2.

Method 2: Configuration file deployment (recommended for enterprise)

Deploy a pre-created .cfg file to target systems.

  • Use case: Intune, SCCM, complex configurations, multiple workspaces

Option A: System-Wide Deployment (DEPLOY_CONFIG) - RECOMMENDED

  • Target: %ProgramData%\net.devolutions\Workspace\DefaultConfig.cfg

  • How it works:

  1. MSI writes config to ProgramData during installation

  2. When any user launches Devolutions Password Manager, the app detects system-wide config

  3. Config automatically copies to user's Roaming profile

  4. User has configured application

Why DEPLOY_CONFIG for enterprise:

  1. Reliable: Works regardless of user context (no "Default user" issues)

  2. Consistent: All users on machine get same configuration

  3. Automation-friendly: Perfect for Intune, SCCM, silent installs

  4. Multi-user support: Applies to all existing and future users

  • Best for: Intune, SCCM, silent installs, multi-user machines, shared workstations

Option B: Per-user deployment (USER_CONFIG)

  • Target: %LOCALAPPDATA%\net.devolutions\Workspace\Config.cfg

  • How it works:

  1. MSI writes config to installing user's Local AppData

  2. User launches Devolutions Password Manager

  3. Config copies to user's Roaming profile

  4. Only that user has configured application

  • Limitations:

  1. Only configures the user who ran the installer

  2. May fail in automated deployments (user context issues)

  3. Not suitable for multi-user machines

  • Best for: Interactive installations by end users, single-user devices

Method 3: UI-based configuration creator

Use the desktop application to create configuration files and MSI commands.

  • Use case: IT administrators preparing deployment packages

  • Access: ToolsCustom installation (in the desktop application)

See Configuration file creator section for details.

Configuration file structure

Configuration files use the .cfg extension and contain JSON-formatted data.

File format

Schema components

Devolutions Cloud array (optional)

Array of Devolutions Cloud instances to configure.

Field
Type
Required
Description

url

string

Yes

Devolutions Cloud URL (e.g., https://mycompany.devolutions.app)

organizationId

string

Yes

Organization GUID

type

string

No

Always "Business" (auto-populated)

version

string

No

Devolutions Cloud version (auto-populated on first connection)

Devolutions Server array (optional)

Array of Devolutions Server instances to configure.

Field
Type
Required
Description

name

string

Yes

Display name for the server

serverUrl

string

Yes

Devolutions Server URL (e.g., https://devolutions-server.company.com)

serverVersion

string

No

Server version (auto-populated on first connection)

Configs Object (Optional)

Application settings to pre-configure.

See Configuration settings reference for complete list.

Configuration file locations

Configuration files are loaded in priority order based on location.

User-level configuration

  • Roaming AppData: %APPDATA%\net.devolutions\Workspace\Config.cfg

  • Default: C:\Users\[Username]\AppData\Roaming\net.devolutions\Workspace\Config.cfg

  • Syncs across domain-joined computers

  • Highest priority (user-specific)

  • Local AppData: %LOCALAPPDATA%\net.devolutions\Workspace\Config.cfg

  • Default: C:\Users\[Username]\AppData\Local\net.devolutions\Workspace\Config.cfg

  • Machine-specific, not synced

  • Used during MSI installation, then copied to Roaming

System-wide configuration

  • ProgramData: %ProgramData%\net.devolutions\Workspace\DefaultConfig.cfg

  • Default: C:\ProgramData\net.devolutions\Workspace\DefaultConfig.cfg

  • Applies to all users on the system

  • Requires config.ready indicator file in same directory

  • Copied to user Roaming location on first launch (if user config doesn't exist)

Indicator file

  • File: config.ready

  • Location: Same directory as DefaultConfig.cfg

  • Purpose: Signals that system-wide config is ready for deployment

  • Content: Empty file, presence is checked only

Priority order

Configuration sources are checked in the following order (first found wins):

  1. User Configuration File – User – specific config

  2. System Configuration File – System – wide default (copied to user location)

MSI Installer Parameters

The Windows MSI installer accepts the following parameters for pre-configuration.

Workspace parameters

Devolutions Server configuration

Parameter
Type
Description
Example

DVLS_SERVER_URL

String

Devolutions Server URL

https://devolutions-server.company.com

  • Note: Only one (Devolutions Server can be configured via MSI parameters. For multiple servers, use a configuration file.)

Devolutions Cloud configuration

Parameter
Type
Description
Example

HUB_NAME

String

Devolutions Cloud subdomain name (required)

mycompany

ORGANIZATION_ID

String

Organization GUID (optional - leave empty if not applicable)

00000000-0000-0000-0000-000000000000

  • Note: The full Devolutions Cloud URL is constructed as https://{HUB_NAME}.devolutions.app

  • Note: ORGANIZATION_ID is optional. Some Devolutions Cloud instances don't require an organization ID. If not applicable, you can omit this parameter or pass an empty string.

Configuration file deployment parameters

Parameter
Type
Description
Target Location

DEPLOY_CONFIG

String

System-wide config (recommended)

%ProgramData%\net.devolutions\Workspace\DefaultConfig.cfg

USER_CONFIG

String

Per-user config (interactive installs)

%LOCALAPPDATA%\net.devolutions\Workspace\Config.cfg

Application settings parameters

General settings

Parameter
Type
Values
Default
Description

TARGET_LOCATION

String

roaming, local, system

roaming

Where to save configuration.

LANGUAGE

String

Language code

en-US

Application language.

User interface settings

Parameter
Type
Values
Default
Description

REDUCE_TO_TRAY_ON_CLOSE

String

true, false

false

Minimize to system tray instead of closing.

USE_FAVICON

String

true, false

false

Download and display website favicons.

USE_HUB_EMBEDDED_BROWSER

String

true, false

true

Use embedded browser for Devolutions Cloud authentication.

Security settings

Parameter
Type
Values
Default
Description

CLEAR_CLIPBOARD_SENSITIVE_DATA

String

true, false

false

Auto-clear clipboard after copying passwords.

CLIPBOARD_TIMER

Number

Seconds (1-999)

30

Seconds before clearing clipboard.

LOCKING_OPTION

String

password, biometric, windowsCredentials

(none)

Method to lock application.

USE_BACKGROUND_LOCK

String

true, false

false

Lock when minimized to tray.

USE_LOCK_WHEN_INACTIVE

String

true, false

false

Lock after period of inactivity.

LOCK_INACTIVITY_DELAY

Number

Seconds (30-3600)

30

Seconds before auto-lock.

Synchronization settings

Parameter
Type
Values
Default
Description

USE_ENTRIES_SYNC_ON_DATASOURCE_ACCESS

String

true, false

false

Auto-sync entries when accessing workspace.

Privacy settings

Parameter
Type
Values
Default
Description

SHARE_USAGE_DATA

String

true, false

true

Share anonymous usage statistics.

Configuration file creator

The desktop application includes a visual tool for creating configuration files.

Accessing the tool

  1. Launch Devolutions Password Manager.

  2. Navigate to: ToolsCustom Installation.

Features

Export tab (Create configuration)

  1. Workspace selection.

  • View all configured (Devolutions Server and Devolutions Cloud instances)

  • Select which workspaces to include via checkboxes

  • Multiple workspaces supported

  1. Settings Configuration

  • Enable/disable individual application settings grouped by category:

  • General (Language, Tray behavior)

  • Security (Clipboard, Locking)

  • Synchronization

  • Privacy (Usage statistics)

  1. Live Preview

  • Real-time JSON preview of configuration

  • Copy JSON to clipboard

  • Preview updates as selections change

  1. Export Options

  • Generate .cfg File: Save configuration to .cfg file

  • Copy MSI Command: Generate complete MSI command with all parameters

Import tab (Load configuration)

  1. File Selection

  • Browse for .cfg files

  • File validation and parsing

  1. Preview Before Import

  • View workspaces and settings before applying

  • Duplicate detection (warns if workspace already exists)

  1. Import Actions

  • Applies configuration to current application

  • Creates new workspaces if they don't exist

  • Updates settings immediately

Configuration settings reference

Complete reference of all configurable settings.

Settings key mapping

Export Key (Config/MSI)
Internal Key
Type
Default
Description

language

languageCode

String

en-US

Application UI language

reduceToTrayOnClose

minimizeOnClose

Boolean

false

Minimize to tray instead of exiting

clearClipboardSensitiveData

removeSensitiveFromKeyboard

Boolean

false

Auto-clear clipboard timer

clipboardTimer

clipboardTimer

Integer

30

Seconds before clearing clipboard (1-999)

useFavicon

useRichIcons

Boolean

false

Download website favicons for entries

useEntriesSyncOnDatasourceAccess

useEntriesSyncSpaceAccess

Boolean

false

Auto-sync entries when accessing workspace

useHubEmbeddedBrowser

hubEmbeddedBrowser

Boolean

true

Use embedded browser for Devolutions Cloud authentication

shareUsageData

shareAnonymousData

Boolean

true

Share anonymous usage statistics

lockingOption

lockingOption

String

(none)

Lock method: password, biometric, windowsCredentials

useBackgroundLock

useBackgroundLock

Boolean

false

Lock when minimized to tray

useLockWhenInactive

useLockWhenInactive

Boolean

false

Lock after period of inactivity

lockInactivityDelay

lockInactivityDelay

Integer

30

Seconds before auto-lock (30-3600)

Supported languages

Code
Language

en-US

English (United States)

fr

French

de

German

es

Spanish

cs

Czech

hu

Hungarian

it

Italian

nl

Dutch

pl

Polish

ru

Russian

sv

Swedish

tr

Turkish

uk

Ukrainian

zh-CHS

Chinese (Simplified)

zh-TW

Chinese (Traditional)

Locking options

Value
Description
Requirements

password

Master password

User sets password on first lock

biometric

Fingerprint/Face ID

Biometric hardware required

windowsCredentials

Windows Hello

Windows 10/11 with Windows Hello

  • Note: If Windows Hello is not available, falls back to password.

Deployment examples

Example 1: Single Devolutions Server with Security settings

Example 2: Devolutions Cloud with French language

Example 3: Microsoft Intune deployment

Step 1: Prepare files

Create a working folder (e.g., C:\IntuneApps\Workspace\) and place these files:

  • Workspace.msi

  • config.cfg (created via ToolsCustom installation or manually)

  • Install-Workspace.ps1 (PowerShell script below)

Step 2: PowerShell installation script

Create Install-Workspace.ps1:

Step 3: Create .intunewin Package

Use the Microsoft Win32 Content Prep Tool (IntuneWinAppUtil.exe):

Step 4: Configure Intune application

In Microsoft Intune Portal:

  1. Navigate to: AppsWindowsAddWindows app (Win32)

  2. App Package File: Upload Workspace.intunewin

  3. App Information: Fill in name, description, publisher

  4. Program configuration:

  • Install command: powershell.exe -ExecutionPolicy Bypass -File .\Install-Workspace.ps1

  • Uninstall command: msiexec.exe /x {PRODUCT-CODE-GUID} /qn /norestart

  • Install behavior: System

  1. Requirements: Windows 10 1607+ (64-bit)

  2. Detection Rules: MSI product code (auto-detected)

  3. Assignments: Assign to target groups

Installation Flow on the endpoint

When the app is deployed to a device, the following happens automatically:

  1. Intune downloads and executes Install-Workspace.ps1

  2. The script copies config.cfg to C:\Program Files\config.cfg

  3. The script installs the MSI with DEPLOY_CONFIG="C:\Program Files\config.cfg"

  4. The MSI reads the configuration file and writes it to %ProgramData%\net.devolutions\Workspace\DefaultConfig.cfg

  5. When a user launches Devolutions Password Manager, the app detects the system-wide config and applies it

The result: the configuration file is distributed with the application, placed automatically in the correct location, and the installation is fully silent and Intune-compatible.

Example 4: SCCM Deployment

  • Install command:

  • Uninstall command:

  • Detection method: Registry key HKLM\SOFTWARE\Devolutions\Workspace\Version

Example 5: Multiple Devolutions Server via config file

Create config.cfg:

Deploy via:

Troubleshooting

Configuration not applied

Configuration file present but settings not applied.

  1. Check file location: Verify correct path (%ProgramData%\net.devolutions\Workspace\DefaultConfig.cfg)

  2. Check JSON validity: Validate JSON syntax (no trailing commas, proper quotes)

  3. Check permissions: User must have read access to config file

  4. Verify indicator file: Check if config.ready file exists in same directory

  5. Check logs: Review application logs for parsing errors

Indicator file missing

  • Problem: System-wide configuration ignored.

  • Solution: Create config.ready file:

USER_CONFIG deploys to "default" user profile

  • Problem: USER_CONFIG fails in silent/automated installs, config ends up in C:\Users\Default\AppData\Local.

  • Cause: USER_CONFIG requires active user session context, which isn't available during automated MSI installation.

  • Solution: Use DEPLOY_CONFIG for enterprise deployments:

MSI silent install not applying config

MSI parameters not creating configuration.

  1. Check parameter syntax: Ensure proper quoting (use "value", not 'value')

  2. Log MSI installation: Add /l*v install.log to see detailed errors

  3. Verify PowerShell execution: Check if execution policy blocks scripts

  4. Administrative rights: Ensure installer runs with elevation

  • Example with logging:

Settings not persisting

Settings revert to defaults after restart.

  1. User vs System Config: System config only applies if user config doesn't exist. Once user modifies settings, they are saved to user config and override system defaults.

  2. Group Policy Override: Check if GPO is enforcing settings

  3. File Permissions: Verify write permissions to user config location

Workspace already exists

Problem: Import fails with "workspace already exists" message.

Explanation: Configuration parser detects duplicates by normalized URL (case-insensitive, trailing slash removed).

  1. Remove existing workspace manually before importing

  2. Edit configuration file to remove duplicate entries

  3. Use Custom Installation tool to merge configurations

Locking option not working

Windows Hello not activating.

  1. Windows Hello Setup: Ensure Windows Hello is configured in Windows Settings

  2. Fallback: System automatically falls back to password if hardware unavailable

  3. Check logs: Review application logs for biometric initialization errors

Best practices

1. Test configuration first

Before deploying to all users:

  1. Create a test user/device group

  2. Apply configuration to test group

  3. Verify workspaces and settings work as expected

  4. Roll out to production

2.Use DEPLOY_CONFIG for enterprise

  • Always use DEPLOY_CONFIG for:

  • Intune deployments

  • SCCM deployments

  • Silent/unattended installations

  • Multi-user machines

  • Shared workstations

  • Only use USER_CONFIG for:

  • Interactive installations by end users

  • Single-user devices

  • Testing scenarios

3. Document configuration

Maintain documentation of your configuration including:

  • Which workspaces are pre-configured

  • What settings are enforced

  • Expected user experience

  • Support contact for issues

4. User communication

Inform users:

  • Workspaces will be pre-configured

  • They still need to log in with their credentials

  • Configuration happens on first app launch

  • Contact IT if workspaces don't appear

5. Security considerations

Recommended security settings:

Why:

  • Enforces Windows Hello authentication

  • Locks app immediately when backgrounded

  • Auto-locks after 5 minutes of inactivity

  • Clears clipboard after 60 seconds

  • Disables usage data collection (optional)

6. URL format requirements

All URLs must:

  • Include protocol (https://)

  • Be valid, accessible URLs

  • Not end with trailing slash (app will normalize)

Examples:

  • https://devolutions-server.company.com

  • https://password-manager.devolutions.app

  • devolutions-server.company.com (missing https://)

  • http://devolutions-server.company.com (HTTP not recommended)

7. Domain vs standalone considerations

  • Domain-Joined: Use Roaming AppData (TARGET_LOCATION="roaming") for profile sync

  • Standalone: Use Local AppData (TARGET_LOCATION="local") or System (TARGET_LOCATION="system")

Quick reference

Minimal configuration template

Recommended enterprise deployment command

PreviousTransfer OTP storage in Devolutions Password ManagerNextDevolutions Password Manager pre-configuration quick start

Last updated

Was this helpful?