CE Client Policies

By using the CE Client Policies you can define specific features of the Corporate client with the Server Manager. To apply the CE Client Policies, you must first enable them using the toggle switch at the top of the dialog. Go to Manage → CE Client Policies to set the permissions as required. With the Client Security Policies, more options for client configuration are available and you can enforce the Corporate Edition clients to strictly follow them.

The dialog shows a tree view on the left side with the four policy categories. On the right side, individual policies are displayed in a list view with the columns Policy and Setting. At the bottom, the buttons OK, Cancel, and Restore default settings are available.

NOTE: The CE Client Policies set in the Server Manager can only be applied if the Client Corporate Edition is used. The standard edition of the Password Depot Windows client which is also available for download on our website does NOT support these policies.

For more information about the Password Depot Client Corporate Edition please visit our support portal using the link below:

Password Depot Client Corporate Edition and CE Client Policies

Password Policy

Password policies can be configured to enforce security standards for both local databases and Server Manager users. For local databases, users must create passwords that comply with the defined policies during database creation. For Server Manager users, administrators are encouraged to follow these policies when setting passwords for Enterprise Server users. However, compliance is not mandatory during user creation to avoid conflicts with third-party requirements.

  • Enforce password history: Define a specific number of new passwords users will be enforced to use before reusing an old password again.
  • Maximum password age: Define a specific time span (days) a password can be used before enforcing users to change it.
  • Minimum password age: Define a specific time span (days) a password must be used before changing it.
  • Minimum password length: Define how many characters a password needs to have at minimum.
  • Password must meet complexity requirements: Define how many and which different types of characters a password must contain at least (lowercase, uppercase, special symbols, numbers).

Allowed Storage Policy

If you enable users to also create and save databases outside of the Password Depot Enterprise Server, you can determine which locations should be displayed for server users (for example the local system or cloud etc.). Locations that have been deactivated in the Client Security Policies will not be visible in the client at all, thus users cannot select them for storing databases outside Password Depot Enterprise Server. In general, Password Depot offers the following locations for storing databases (all of them can be deactivated except the Enterprise Server, of course):

  • Box
  • Dropbox
  • Google Drive
  • HiDrive
  • Internet Servers
  • Local System
  • Microsoft OneDrive
  • Microsoft OneDrive for Business
  • Password Depot Enterprise Server

Action Policy

Specify whether actions such as printing or exporting entries, for example, should be enabled in general. This includes the following actions:

  • Copy data to clipboard
  • Decrypt external files
  • Encrypt external files
  • Erase external files
  • Export
  • Install Password Depot on USB devices
  • Print
  • Read TOTP secrets: A security policy for read permissions added in the Corporate Edition (disabled by default).
  • Set second passwords
  • Synchronize (databases)
  • Use TANs

Program Options

Here, you can define relevant and safety-related program options. These include the following:

  • Auto save database on every change: This policy refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). If so, a database will be saved automatically upon changing.
  • Automatic cleaning of clipboard: Define a specific time (in seconds) for Password Depot to automatically delete any data that has previously been copied to the clipboard.
  • Automatic updates mode: Define whether clients should automatically search for new updates or not. The following modes are available: Undefined (Client can use any value), Download new updates and prompt to install, Notify when updates are available, or Do not check for updates automatically.
  • Automatically delete local copy after closing remote file: If users can save local copies of server databases to their local system, you can check this option if you want those local copies to be deleted immediately as soon as the remote file is closed.
  • Check for updates interval (days): If searching for updates is enabled, you can define a specific time span for clients to automatically search for updates.
  • Close database and lock program: Always when the program is minimized
  • Close database and lock program: When the computer enters standby/hibernate mode
  • Close database and lock program: When the computer is idle
  • Close database and lock program: When the current user (session) changes
  • Close database and lock program: When the program is auto-minimized
  • Create a backup copy on database saving: This policy also refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). If this policy is activated, a new backup copy is created and saved to a user's local system upon every database saving.
  • Create a backup copy when opening a database: A new backup copy is created and saved to a user's local system every time a user opens a database. This policy also refers to databases stored outside Password Depot Enterprise Server.
  • Default authentication mode: Define a default authentication mode for all clients. You can choose from the following: Undefined (Client can use any value), Integrated Windows Authentication (SSO), Sign in with user name and password, Microsoft Entra ID (formerly Azure AD), OpenID Connect, Windows Domain, or WebAuthn/Passkeys.
  • Default domain name: Define the standard domain name.
  • Default expiration period for passwords: Define a default expiration period for all passwords within the server databases.
  • Default UPN suffix: Define a default UPN suffix.
  • Hide clipboard changes from external viewers: Restrict external viewers from seeing changes to your device's clipboard.
  • Internet Protocol version: If you want to set a default internet protocol version to be used by the clients, you can choose between IPv4 or IPv6.
  • Number of stored backup copies: This policy also refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). Those backup copies will then be saved to a user's local system. Administrators can define a maximum number of backup copies to be stored.
  • Open last used database at program start: If this policy is activated, by default the last used database is launched upon the client's next program start.
  • Show passwords in the list view: Select whether the client's main view should include the "Password" column. However, please note that passwords are never displayed in plain text. Therefore the main view only displays asterisks.
  • Store list of recent databases: This policy also refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). If activated, clients can go to Home → Recent and easily open databases they just recently worked with.
  • Store local copy of files from Password Depot Enterprise Server: If this policy is enabled, a local copy of the server database is stored to a user's local system, for example if working in offline mode is required. However, please note that local copies only include the data a user is able to also access during active server connection.
  • User logon name format: Choose between Undefined (Client can use any value), Simple, <DOMAIN>\<sAMAccountName>, and UPN (User Principal Name). The selected format will be displayed by default on the client.

HINT: If you have any questions about the client security policies or server configuration in general, please contact us at info@password-depot.de and we will be happy to help!

NOTE: The settings of the Client Security Policies are always applied to the entire server and all users. Therefore, the settings defined in the Client Security Policies cannot be changed for single users or groups at database level afterwards. By clicking Restore default settings, you can reset the default settings and thus discard changes.