Please enable JavaScript to view this site.

How to Apply Policies

Description

Administrative Templates facilitate the management of registry-based policy settings that can be applied on the computer and/or the user configuration. Group policy (GPO) is a tool for organizations to enforce settings on their computers and allows to harden Remote Desktop Manager security.

BadgeInfo48x48

The Administrative Templates are simply registry settings that are enforced by domains. They contain registry keys that can also be set on computers that are not joined to domains. Proper Access Control Lists (ACL) must be put in place to prevent users from modifying registry settings in this case. Refer to the tables below to find the registry key for each policy setting.

To learn more on how to deploy the Remote Desktop Manager Administrative Templates on your domain please refer to the Microsoft Online Help.

The admx file is distributed with Remote Desktop Manager, you will find it in a Policies sub-folder. By default the path is C:\Program Files (x86)\Devolutions\Remote Desktop Manager\Policies.

Policies

General

POLICY NAME

REGISTRY KEY

Disable the application automatic update check

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAutoUpdate

Disable the application update menus

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableUpdate

Disable export vault menus in export menus

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableExportVaultMenus

Disable features requiring an internet connection, such as telemetry, automatic favicon fetching and checking for add-on updates

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\NoInternetConnection

Disables the launching of entries at startup

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLaunchAtStartup

Disable license expiration message in overview

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLIicenseExpirationMessage

Disable the Register Product in the Help menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRegisterProduct

Disable the telemetry data collection

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAnalytics

Disable the x64 edition of the application

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableX64

Disable the x86 of the application

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableX86

Force the loading of the current configuration file

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceCurrentConfigurationLoading

Force the loading of the default.cfg file

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDefaultConfigurationLoading

Force proxy settings to System

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceSystemProxy

Force refresh before edit entry

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeEditEntry

Force updating all major update

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingMajorUpdate

Force updating all update

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdate

Force updating all update and beta

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdateAndBeta

Force updating once a month

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingOnceAMonth

Security

POLICY NAME

REGISTRY KEY

Apply forced password template in Password Generator tool

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ApplyForcedPasswordTemplateInPasswordGeneratorTool

Check for server certificate revocation

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\CheckForServerCertificateRevocation

Disable Azure interactive persistent login

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAzureInterativePersitentLogin

Disable the caching mode

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCaching

Disable execute scripts via terminal

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableExecuteScriptsViaTerminal

Disable local drive sharing of RDP entries

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLocalDriveSharing

Disable "Mask password" in View Password

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMaskPasswordInViewPassword

Disable My Account Settings

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyAccountSettings

Disable my personal private key

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalPrivatekey

Disable my privileged account

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPriviledgeAccount

Disable the offline mode

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOffline

Disable the override hard drive specific settings for the RDP entries

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRDPHardDrivesSpecificSettings

Disable the password generator

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisablePasswordGenerator

Disable the read/write in offline mode

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableReadWriteOffline

Disable the reveal password option in my account settings for all users, including administrators

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRevealPasswordInMyAccountSettings

Force an application two factor authentication mode (check against all configured methods or prompt for selection on use)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\Application2faMode

Force multiple factor authentication on the application login

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceApplicationMFA

Force the user to always be prompted for his credentials when launching the application

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceLogin

Force the user to always be prompted for the passphrase while connecting to a data source that is protected by a Passphrase Security Provider

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\AlwaysPromptForPassphrase

Force secure desktop usage

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceSecureDesktop

Ignore application certification errors

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\IgnoreApplicationCertificateErrors

LastPass Two Factor authentication mode

1 = Don’t trust this device

2 = Trust this device

3 = Trust this device on close

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\LastPass2FAMode

Remove possibility to see passwords entirely

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceHidePasswordForAdministrators

Use Windows credentials as application password and force the currently logged on username and domain (unless an application password is already set)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceWindowsCredentialsAndCurrentlyLoggedOnUsernameAndDomain

Sessions

POLICY NAME

REGISTRY KEY

Allow the user to connect even after the entry has expired

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableConnectionAfterExpiration

Confirm on multiple sessions open if open count greater than

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ConfirmSessionsOpenOnCountGreaterThan

Disable the Add-on creation and the Add-on Manager is deprecated, use DisableAddOnEntries and DisableAddOnManager instead

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOn

Disable the Add-on creation of entries

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnEntries

Disable the Add-on Manager

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnManager

Disable all session events

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDisableAllSessionEvents

Disable the custom image edition in the session configuration

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCustomImage

Disable import in user vault

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableImportInPrivateVault

Disable the reveal password command

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRevealPassword

Disable Website Session and Website Information (Deprecated) credential auto fill after one minute

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableWebsiteCredentialAutofillAfterDelay

Force refresh before copy password/username/domain

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeCopyFromEntry

Force refresh before execute entry

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeExecuteEntry

Force refresh before view password

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeViewPassword

Force user specific settings migration

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUserSpecificSettingsMigration

Hide the custom port in RDP sessions

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\HidePortInRDP

Only allow the creation of credentials when inside the user vault

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\OnlyAllowCredentialsInPrivateVault

User Interface

POLICY NAME

REGISTRY KEY

Disable the About menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAbout

Disable the Add-On Manager in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsAddOnManager

Disable all the local application tools like the Event Viewer or IIS

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableApplicationTools

Disable the Chocolatey Console in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsChocolateyConsole

Disable the Devolutions Account usage

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOnlineAccount

Disable the Devolutions Password Server Console in the Tools menu (Deprecated 12.6.8)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsDevolutionsServerConsole

Disable drag and drop in the connection list

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableDragAndDrop

Disable the error report prompt

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableSendErrorReportDialog

Disable the Extension Manager in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsExtensionManager

Disable the Help menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableHelp

Disable the import and the export of the Configuration File in File - Options

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableImportExportOptions

Disable the Local RDP/RemoteApp Manager in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsLocalRDPRemoteAppManager

Disable the menu File - Data Sources

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileDataSources

Disable the menu File - Options

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileOptions

Disable My Personal Credential

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalCredentials

Disable the Open New Remote Desktop option in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsOpenNewRemoteDesktop

Disable the option to open with parameter

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOpenWithParameters

Disable the Powershell RDM Cmdlet in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsPowershellRDMCmdlet

Disable quick connect

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableQuickConnect

Disable the RDM Agent in the Tools menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsRDMAgent

Disable the Tools ribbon tab and menu

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsMenu

Disable the Top Pane (Ribbon/Menu bar)

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableTopPane

Forces the main tree view to load with all nodes collapsed at launch

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceTreeViewCollapseAtLaunch

Force merging of the credential list with sessions

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableMergeCredentialListWithSessions

Force merging of the session tool list with sessions

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableMergeSessionToolListWithSessions

Hide the Asset panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllAssetPanels

Hide the Attachments panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllAttachmentsPanels

Hide the Documentation panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllDocumentationPanels

Hide the Entries panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllEntriesPanels

Hide the Logs panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllLogsPanels

Hide the MacroScriptTools panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllMacroScriptToolsPanels

Hide the Management Tools panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllManagementToolsPanels

Hide the Overview panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllOverviewPanels

Hide the Password List panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllPasswrodListPanels

Hide the Permissions panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllPermissionsPanels

Hide the Referenced By panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllReferencedByPanels

Hide the Sub Connections panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllSubConnectionsPanels

Hide the Summary panel located in the Dashboard

%Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DashboardHideAllSummaryPanels

Notes

Note 1 : %Root% can either be HKEY_LOCAL_MACHINE (HKLM) or HKEY_CURRENT_USER (HKCU) depending on how you want to enforce the policy. Please refer to Microsoft's documentation to make the best choice for your situation.

Sample

The sample below is for the HKCU branch, simply adapt for your needs.  

Save to a text file and name it with a .reg extension, this will allow you to right-click on the file, then choose the Merge command (you will need to confirm elevation).

Change the value to dword:00000001 to turn the policy on.

 

Sample Registry

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\SOFTWARE\Policies\Devolutions]

 

[HKEY_CURRENT_USER\SOFTWARE\Policies\Devolutions\RemoteDesktopManager]

"AlwaysPromptForPassphrase"=dword:00000000

"DisableAbout"=dword:00000000

"DisableAddOn"=dword:00000000

"DisableAddOnEntries"=dword:00000000

"DisableAddOnManager"=dword:00000000

"DisableApplicationTools"=dword:00000000

"DisableAutoUpdate"=dword:00000000

"DisableCaching"=dword:00000000

"DisableCustomImage"=dword:00000000

"DisableDragAndDrop"=dword:00000000

"DisableSendErrorReportDialog"=dword:00000000

"DisableFileDataSources"=dword:00000000

"DisableFileOptions"=dword:00000000

"DisableImportExportOptions"=dword:00000000

"DisableImportInPrivateVault"=dword:00000000

"DisableMyPersonalCredentials"=dword:00000000

"DisableOffline"=dword:00000000

"DisableOnlineAccount"=dword:00000000

"DisableOpenWithParameters"=dword:00000000

"DisablePasswordGenerator"=dword:00000000

"DisableRDPHardDrivesSpecificSettings"=dword:00000000

"DisableReadWriteOffline"=dword:00000000

"DisableRevealPassword"=dword:00000000

"DisableToolsAddOnManager"=dword:00000000

"DisableToolsChocolateyConsole"=dword:00000000

"DisableToolsDevolutionsServerConsole"=dword:00000000

"DisableToolsExtensionManager"=dword:00000000

"DisableToolsLocalRDPRemoteAppManager"=dword:00000000

"DisableToolsMacroScriptToolManager"=dword:00000000

"DisableToolsMenu"=dword:00000000

"DisableToolsOpenNewRemoteDesktop"=dword:00000000

"DisableToolsPowershellRDMCmdlet"=dword:00000000

"DisableToolsRDMAgent"=dword:00000000

"DisableToolsTranslationManager"=dword:00000000

"DisableTopPane"=dword:00000000

"DisableUpdate"=dword:00000000

"DisableX64"=dword:00000000

"DisableX86"=dword:00000000

"EnableConnectionAfterExpiration"=dword:00000000

"EnableMergeCredentialListWithSessions"=dword:00000000

"EnableMergeSessionToolListWithSessions"=dword:00000000

"ForceDefaultConfigurationLoading"=dword:00000000

"ForceLogin"=dword:00000000

"OnlyAllowCredentialsInPrivateVault"=dword:00000000