Apply policies

Administrative templates facilitate the management of registry-based policy settings, which can be applied on the computer and/or user configuration. Group policy (GPO) is a tool that enables your organization to enforce global settings on all computers, and at the same time, harden Remote Desktop Manager security.

Administrative Templates are registry settings that are enforced by domains. They contain registry keys that can also be set on computers that are not joined to domains. In this case, however, proper Access Control Lists (ACLs) must be put in place to prevent users from modifying registry settings. Refer to the tables below to find the registry key for each policy setting.

To learn more on how to deploy the Remote Desktop Manager administrative templates on your domain, please refer to the Microsoft documentation.

List Remote Desktop Manager GPOs in the Local Group Policy Editor

For now, the additional support is exclusively for the policies that require a numerical input higher than 0-1 (ex: ForceLockOnIdle).

Remote Desktop Manager includes an administrative template file (.admx), which describes the policies that are offered. You will find it in the policies subfolder. Before you can manage GPOs in Remote Desktop Manager, you first need to list them in the Local Group Policy Editor. Here are the steps:

  1. Go to your policies subfolder. By default, the path is C:\Program Files (x86)\Devolutions\Remote Desktop Manager\Policies.
  2. Copy the Devolutions.admx file.
  3. Go to C:\Windows\PolicyDefinitions.
  4. Paste the Devolutions.admx file in the root of C:\Windows\PolicyDefinitions.
  5. Go to C:\Program Files\Devolutions\Remote Desktop Manager\Policies\en-US.
  6. Copy the Devolutions.adml file.
  7. Paste the Devolutions.adml file in C:\Windows\PolicyDefinitions\en-US.
  8. Open your Group Policy Editor and go to Computer ConfigurationAdministrative TemplatesDevolutionsRemote Desktop ManagerSessions.
  9. In the Sessions folder, locate the specific policy that you wish to change.
  10. Right-click the specific policy, edit it accordingly, and save.

If Remote Desktop Manager is open when you make this change, then you will need to restart it for the new policy to take effect.

Policies

General

Allow sync all vaults in background

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\AllowSyncAllVaultsBackground


Disable export vault menus in export menus

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableExportVaultMenus


Disable features requiring an internet connection

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\NoInternetConnection


Disable Onboarding

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOnboarding


Disable the application's automatic update check

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAutoUpdate


Disable the application's update menus

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableUpdate


Disable the launching of entries at startup

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLaunchAtStartup


Disable the license expiration message in the Overview

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLicenseExpirationMessage


Disable the telemetry data collection

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAnalytics


Disable the system Contacts, Macros and VPNs in the user vault

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableGlobalVaultInUserVault


Enable PowerShell Remote Console API hooking

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnablePowerShellRemoteConsoleHooking


Force application close when idle

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceCloseOnIdle


Force proxy settings to System

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceSystemProxy


Force refresh before edit entry

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeEditEntry


Force the loading of the current configuration file

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceCurrentConfigurationLoading


Force the loading of the default.cfg file

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDefaultConfigurationLoading


Force updating all major updates

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingMajorUpdate


Force updating all updates

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdate


Force updating all updates and beta

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdateAndBeta


Force updating once a month

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingOnceAMonth


Security

Apply forced password template in Password Generator tool

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ApplyForcedPasswordTemplateInPasswordGeneratorTool


Check for server certificate revocation

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\CheckForServerCertificateRevocation


Disable execute scripts via terminal

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableExecuteScriptsViaTerminal


Disable exporting the user vault

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableUserVaultExport


Disable local drive sharing of RDP entries

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLocalDriveSharing


Disable Mask Password in View Password

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMaskPasswordInViewPassword


Disable My Account Settings

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyAccountSettings


Disable My Personal Private Key

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalPrivateKey


Disable My Privileged Account

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPrivilegedAccount


Disable read/write in Offline Mode

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableReadWriteOffline


Disable retrieval of passwords from CyberArk accounts

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCyberArkPasswordRetrieval


Disable the Caching mode

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCaching


Disable the Offline Mode

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOffline


Disable the override hard drive specific settings for RDP entries

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRDPHardDrivesSpecificSettings


Disable the Password Generator

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisablePasswordGenerator


Disable the Reveal Password option in My Account Settings for all users, including administrators

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRevealPasswordInMyAccountSettings


Enable DPAPI cryptography on local files

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableDPAPICryptographyOnLocalFiles


Force an application two-factor authentication mode (check against all configured methods or prompt for selection on use)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\Application2faMode


Force application lock on standby

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnStandby


Force application lock when idle

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnIdle


Force application lock when minimizing

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnMinimize


Force application lock when Windows locks

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLockOnWindowsLock


Force Application Password

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLocalApplicationPassword


Force clear cache on close (Chrome)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceClearCacheOnCloseChrome


Force clear cache on close (MSEdge)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceClearCacheOnCloseMSEdge


Force multi-factor authentication on the application login

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceApplicationMFA


Force secure desktop usage

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceSecureDesktop


Force the local save of My Account Settings

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLocalMyAccountSettings


Force the user to always be prompted for their credentials when launching the application

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLogin


Force the user to always be prompted for their passphrase while connecting to a data source that is protected by a Shared Passphrase Security Provider

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\AlwaysPromptForPassphrase


Force Windows Hello authentication on the application login

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceWindowsHello


Ignore application certification errors

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\IgnoreApplicationCertificateErrors


LastPass two-factor authentication mode 1 = Do not trust this device 2 = Trust this device 3 = Trust this device on close

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\LastPass2FAMode


Remove the possibility to see passwords entirely

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceHidePasswordForAdministrators


Use Windows credentials as the application password and force the currently logged on username and domain (unless an application password is already set)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceWindowsCredentialsAndCurrentlyLoggedOnUsernameAndDomain


Sessions

Allow the user to connect even after the entry has expired

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableConnectionAfterExpiration


Confirm on multiple sessions open if open count greater than

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ConfirmSessionsOpenOnCountGreaterThan


Disable all session events

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDisableAllSessionEvents


Disable import in user vault

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableImportInPrivateVault


Disable Reveal Password

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRevealPassword


Disable the Add-on creation and the Add-on Manager. Deprecated, use DisableAddOnEntries and DisableAddOnManager instead

Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOn


Disable the Add-on creation of entries

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnEntries


Disable the Add-on Manager

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnManager


Disable the custom image edition in the session configuration

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCustomImage


Disable the mouse jiggler option

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMouseJiggler


Disable the session recording feature

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableSessionRecording


Disable network scan

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableNetworkScan


Disable Website Session and Website (legacy) Information (Deprecated) credential autofill after one minute

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableWebsiteCredentialAutofillAfterDelay


Enable RDP API hooking

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableRDPHooking


Force refresh before copy password/username/domain

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeCopyFromEntry


Force refresh before execute entry

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeExecuteEntry


Force refresh before view password

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeViewPassword


Force User Specific Settings migration

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUserSpecificSettingsMigration


Hide the custom port in RDP sessions

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\HidePortInRDP


Only allow the creation of credentials when inside the user vault

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\OnlyAllowCredentialsInPrivateVault


Select the default PowerShell version

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DefaultPowershellVersion


User interface

Dashboard Auto Focus Item on Tab Select

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardAutoFocusItemOnTabSelect


Dashboard Auto Focus Tab on Item Select

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardAutoFocusTabOnItemSelect


Disable all the local application tools like the Event Viewer or IIS

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableApplicationTools


Dashboard Hide All Recordings Panels

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllRecordingsPanels


Disable drag and drop in the connection list

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableDragAndDrop


Disable import and export options

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableImportExportOptions


Disable My Personal Credentials

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalCredentials


Disable Quick Connect

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableQuickConnect


Disable the send message feature in the dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableSendMessageInDashboard

Disable the About menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAbout


Disable the Add-on Manager in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsAddOnManager


Disable the auto-focus of the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAutoFocusDashboard


Disable the Chocolatey Console in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsChocolateyConsole


Disable the Devolutions account usage

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOnlineAccount


Disable the Error Report prompt

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableSendErrorReportDialog


Disable the Extension Manager in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsExtensionManager


Disable the Help menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableHelp


Disable the Local RDP/RemoteApp Manager in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsLocalRDPRemoteAppManager


Disable the menu File – Data Sources

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileDataSources


Disable the menu File – Settings

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileOptions


Disable the Open New Remote Desktop option in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsOpenNewRemoteDesktop


Disable the option to open with parameters

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOpenWithParameters


Disable the PowerShell Remote Desktop Manager Cmdlet in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsPowershellRDMCmdlet


Disable the Remote Desktop Manager Agent in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsRDMAgent


Disable the Tools Ribbon tab and menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsMenu


Disable the Top Pane (Ribbon/Menubar)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableTopPane


Force the main tree view to load with all nodes collapsed at launch

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceTreeViewCollapseAtLaunch


Hide the Asset panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllAssetPanels


Hide the Attachments panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllAttachmentsPanels


Hide the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\HideDashboard


Hide the Documentation panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllDocumentationPanels


Hide the Entries panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllEntriesPanels


Hide the Logs panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllLogsPanels


Hide the MacroScriptTools panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllMacroScriptToolsPanels


Hide the Management Tools panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllManagementToolsPanels


Hide Navigation Pane

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\HideNavigationPane


Hide the Overview panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllOverviewPanels


Hide the Password List panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllPasswordListPanels


Hide the Permissions panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllPermissionsPanels


Hide the Referenced By panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllReferencedByPanels


Hide the Sub Entries panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllSubConnectionsPanels


Hide the Summary panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllSummaryPanels


Hide the Task panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllTaskPanels


Hide What's New Page

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\HideWhatsNewPage


Lock Navigation Pane

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\LockNavigationPane


Select the default tab for the Navigation pane on launch

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DefaultNavigationPaneTab


SQLite Default Location

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\SQLiteDefaultLocation

Notes

Note 1: For each GPO’s corresponding Registry Key, the %Root% can either be HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER, depending on how you want to enforce the policy. Please refer to Microsoft's online documentation to make the best choice for your organization's requirements.

Devolutions Forum logo Give us Feedback