Client Security Policies

By using the Client Security Policies you can define specific features of the Corporate client with the Server Manager. Go to Manage → Client Security Policies to activate them and set the permissions as required. With the Client Security Policies more options for client configuration are available and you can enforce the Corporate edition clients to strictly follow them.

NOTE: The Client Security Policies set in the Server Manager can only be applied if the Client Coporate edition is used. The standard edition of the Password Depot Windows client which is also available for download on our website does NOT support these policies.

For more information about the Password Depot Client Corporate edition please visit our knowledge base using the link below:

Password Depot Client Corporate edition and Client Security Policies

Master Password Policy

You can set a specific password policy which will be mandatory for all clients by default. The password policy is then strictly applied to passwords created within a server database which means that new passwords must correspond to the Server Manager's password policy. 

  • Enforce password history: Define a specific number of new passwords users will be enforced to use/create before reusing an old password again.
  • Maximum password age: Define a specific time span (days) a password can be used before enforcing users to change it in any case.
  • Minimum password age: Define a specific time span (days) a password must be used before changing it.
  • Minimum password length: Define how many characters a password needs to have at minimum.
  • Password must meet complexity requirements: Define how many and which different types of characters a password must contain at least (Lowercase, Uppercase, Special, Numbers).

Allowed Storage Policy

If you enable users to also create and save databases outside Password Depot Enterprise Server you can determine here wich locations should be displayed for server users (for example the local system or cloud etc.). Locations that have been deactivated in the Client Security Policies will then not be visible in the client at all, thus users cannot select them for storing databases outside Password Depot Enterprise Server. In general, Password Depot offers the following locations for storing databases (all of them can be deactivated except the Enterprise Server, of course):

  • Local System
  • Password Depot Enterprise Server
  • USB Removeable Devices
  • Internet Servers
  • Dropbox
  • Google Drive
  • OneDrive/OneDrive for Business
  • HiDrive
  • Box

Action Policy

Specify whether actions such as printing or exporting entries for example, should be enabled in general. This includes the following actions:

  • Copy data to clipboard
  • Decrypt external files
  • Encrypt external files
  • Erase external files
  • Export
  • Install Password Depot on USB devices
  • Print
  • Read TOTP secrets
  • Set Second Passwords
  • Synchronize (databases)
  • Use TANs

Program Options

Here, you can define relevant and safety-related program options. This includes the following:

  • Auto save database on every change: This policy refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). If so, a database will be saved automatically on every change.
  • Automatic cleaning of clipboard: You can define a specific time (in seconds) for Password Depot to automatically delete any data that has been copied to the clipboard before.
  • Automatic updates mode: You can define here, if clients should automatically search for new updates or not.
  • Automatically delete local copy after closing remote file: If users can save local copies of server databases to their local system, you can check this option if you want those local copies to be deleted immediately as soon as the remote file is closed.
  • Check for updates interval (days): If searching for updates is enabled, you can define a specific time span clients should automatically search for updates.
  • Close database and lock program: Always when the program is minimized
  • Close database and lock program: When the computer enters standby/hibernate mode
  • Close database and lock program: When the computer is idle
  • Close database and lock program: When the current user (session) changes
  • Close database and lock program: When the program is auto-minimized
  • Create a backup copy on database saving: This policy also refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). If this policy is activated, a new backup copy is created and saved to a user's local system upon every database saving.
  • Create a backup copy when opening a database: A new backup copy is created and saved to a user's local system every time a user opens a database. This policy also refers to database stored outside Password Depot Enterprise Server.
  • Default authentication mode: Define a default authentication mode for all clients. You can choose from the following: Undefined (Client can use any value), Integrated Windows Authentication (SSO), Sign in with user name and password and Azure AD authentication.
  • Default expiration period for passwords: Define a default expiration period for all passwords within the server databases.
  • Hide clipboard changes from external viewers
  • Internet Protocol version: If you want to set a default internet protocol version to be used by the clients, you can either choose between IPv4 or IPv6.
  • Number of stored backup copies: This policy also refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). Those backup copies will then be saved to a user's local system. Administrators can define a maximum number of backup copies to be stored.
  • Open last used password file at program start: If this policy is activated, by default the last used database is launched upon the client's next program start.
  • Protect access with a password: Specify whether the clients must additionally secure the connection to the browser add-on with a password.
  • Show passwords in the list view: You can define, if the client's main view should include the "Password" column. However, please note that passwords are never displayed in plain text. Therefore the main view shows small stars only.
  • Store list of recent databases: This policy also refers to databases stored outside Password Depot Enterprise Server (if this option is enabled in general). If activated, clients can go to the Database Manager → Recent Files and easily open databases they just recently worked with. 
  • Store local copy of files from Password Depot Enterprise Server: If this policy is enabled, a local copy of the server database is stored to a user's local system, for example if working in offline mode is required. However, please note that local copies do only include the data a user is able to also access during active server connection.

HINT: If you have any questions about the client security policies or server configuration in general, please email us at [email protected] and we will be happy to help!

NOTE: The settings of the Client Security Policies are always applied to the entire server and all users. Therefore, the settings defined in the Client Security Policies cannot be changed for single users or groups at database level afterwards. By clicking Restore default settings you can reset the default settings and thus discard changes.