Some things in life make our life easier, like owning a rumba when you have a messy dog, an IoT fridge that automatically orders groceries when you’re running low, or this awesome wine glass for those long winter nights (especially during a lockdown). And you know what else makes life so much easier? Using Administrative Templates in Remote Desktop Manager!

About Administrative Templates

Administrative Templates facilitate the management of registry-based policy settings, which can be applied on the computer and/or the user configuration. Group policy (GPO) is a tool that enables your organization to enforce global settings on all computers, and at the same time, harden Remote Desktop Manager security.

In essence, Administrative Templates are registry settings that are enforced by domains. They contain registry keys that can also be set on computers that are not joined to domains. In this case, however, proper Access Control Lists (ACLs) must be put in place to prevent users from modifying registry settings. Below you will find a table that identifies the registry key for each policy setting.

How to List RDM GPOs in the Local Group Policy Editor

Remote Desktop Manager includes an administrative template file (.admx), which describes the policies that are offered. You will find it in the policies subfolder.

Before you can manage GPOs in RDM, you first need to list them in the Local Group Policy Editor. Here are the steps:

  1. Go to your policies subfolder. By default, the path is C:\Program Files (x86)\Devolutions\Remote Desktop Manager\Policies
  2. Copy the Devolutions.admx file.
  3. Go to C:\Windows\PolicyDefinitions
  4. Paste the Devolutions.admx file in the root of C:\Windows\PolicyDefinitions
  5. Go to C:\Program Files (x86)\Devolutions\Remote Desktop Manager\Policies\en-US
  6. Copy the Devolutions.adml file.
  7. Paste the Devolutions.adml file in C:\Windows\PolicyDefinitions\en-US
  8. Open your Group Policy Editor, and go to Computer Configuration -> Administrative Templates -> Devolutions -> Remote Desktop Manager -> Sessions
  9. In the Sessions folder, locate the specific policy that you wish to change.
  10. Right-click the specific policy, edit it accordingly, and save.

If Remote Desktop Manager is open when you make this change, then you will need to restart it in order for the new policy to take effect.

Table of policies

Below you will find all of the GPOs that are currently supported in RDM.

Please note that for each GPO’s corresponding Registry Key, the %Root% can either be HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER, depending on how you want to enforce the policy. Please refer to Microsoft’s online documentation to make the best choice for your organization’s requirements.

GENERAL POLICIES
POLICY NAME REGISTRY KEY
Disable the telemetry data collection %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAnalytics
Disable the application automatic update check %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAutoUpdate
Disable the Help - Check Version button %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableUpdate
Disable the Register Product in the Help menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRegisterProduct
Disable the x64 edition of the application %Root%\SOFTWARE\Policies\DevolutionsRemoteDesktopManager\DisableX64
Disable the x86 of the application %Root%\SOFTWARE\Policies\DevolutionsRemoteDesktopManager\DisableX86
Force refresh before edit entry %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceRefreshBeforeEditEntry
Force proxy settings to System %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceSystemProxy
Force the loading of the default.cfg file %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDefaultConfigurationLoading
Force updating all major update %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingMajorUpdate
Force updating all update %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdate
Force updating all update and beta %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingAllUpdateAndBeta
Force updating once a month %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceUpdatingOnceAMonth
SECURITY POLICIES
POLICY NAME REGISTRY KEY
Force the user to always be prompted for the passphrase while connecting to a data source that is protected by a Passphrase Security Provider %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\AlwaysPromptForPassphrase
Apply forced password template in Password Generator tool %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ApplyForcedPassword TemplateInPasswordGeneratorTool
Check for server certificate revocation %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\CheckForServerCertificateRevocation
Disable Azure interactive persistent login %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAzureInterativePersitentLogin
Disable execute scripts via terminal %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableExecuteScriptsViaTerminal
Disable local drive sharing of RDP entries %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableLocalDriveSharing
Disable My Account Settings %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyAccountSettings
Disable my personal private key %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalPrivatekey
Disable the caching mode %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCaching
Disable the offline mode %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOffline
Disable the tools of the password generator %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisablePasswordGenerator
Disable the override hard drive specific settings for the RDP entries %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRDPHardDrivesSpecificSettings
Disable the read/write in offline mode %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableReadWriteOffline
Remove possibility to see passwords entirely %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceHidePasswordForAdministrators
Force the user to always be prompted for his credentials when opening the application %Root%\SOFTWARE\Policies\DevolutionsRemoteDesktopManager\ForceLogin
Force multiple factor authentication on the application login %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceApplicationMFA
Use Windows credentials as application password and force the currently logged on username and domain %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceWindowsCredentials AndCurrentlyLoggedOnUsernameAndDomain
Ignore application certification errors %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\IgnoreApplicationCertificateErrors
SESSION POLICIES
POLICY NAME REGISTRY KEY
Disable the add-on creation and the Add-on Manager %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOn
Disable all session events %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\ForceDisableAllSessionEvents
Disable the Add-on creation of entries %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnEntries
Disable the Add-on Manager %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAddOnManager
Disable the custom image edition in the session configuration %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableCustomImage
Disable import in private vault %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManagerDisableImportInPrivateVault
Disable the reveal password command %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableRevealPassword
Allow the user to connect even after the entry has expired %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableConnectionAfterExpiration
Inside the private vault, allows only credentials entries %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\OnlyAllowCredentialsInPrivateVault
USER INTERFACE POLICIES
POLICY NAME REGISTRY KEY
Disable the menu Help – About %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableAbout
Disable the Help menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableHelp
Disable quick connect %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableQuickConnect
Disable all the local application tools like the Event Viewer or IIS %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableApplicationTools
Disable the possibility to drag and drop sessions %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableDragAndDrop
Disable the menu File - Data Sources %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileDataSources
Disable the menu File – Options %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableFileOptions
Disable the import and the export of the Configuration File in File – Options %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableImportExportOptions
Disable the My Personal Credential feature %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableMyPersonalCredentials
Disable the Devolutions Account usage %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOnlineAccount
Disable the option to open with parameter %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableOpenWithParameters
Disable the error report prompt %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableSendErrorReportDialog
Disable the Add-On Manager in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsAddOnManager
Disable the Chocolatey Console in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsChocolateyConsole
Disable the Devolutions Password Server Console in the Tools menu (Deprecated 12.6.8) %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsDevolutions ServerConsole
Disable the Extension Manager in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsExtensionManager
Disable the Local RDP/RemoteApp Manager in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsLocal RDPRemoteAppManager
Disable the Macro/Script/Tool Manager in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableTools MacroScriptToolManager
Disable the Tools ribbon tab and menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsMenu
Disable the Open New Remote Desktop option in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsOpen NewRemoteDesktop
Disable the Powershell RDM Cmdlet in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsPowershell RDMCmdlet
Disable the RDM Agent in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsRDMAgent
Disable the Translation Manager in the Tools menu %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableToolsTranslationManager
Disable the Top Pane (Ribbon/Menubar) %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\DisableTopPane
Force the Merge credential list with sessions option %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableMergeCredential ListWithSessions
Force the merging of the session toll list with sessions %Root%\SOFTWARE\Policies\Devolutions\RemoteDesktopManager\EnableMergeSessionTool ListWithSessions

You can see the status of the policies in Remote Desktop Manager in RDM Help — Diagnostic — Policy.

Benjamin Franklin said that “honesty is the best policy”—and, of course, he was right. But you know what? Group policies in RDM are great as well, because they enforce compliance and acceptable use, and harden RDM security.

Tell Us What You Think

I hope that you found this tutorial helpful. Please share your feedback by commenting below. And if you would like our RDM Development Team to add new group policy options, please tell us what’s on your mind. We are always listening to you, and most of our product improvements are based on feedback from our amazing user community.