Targeted Management of Client Security Policies with the Corporate Edition of Password Depot
Companies often have to comply with internal IT policies, legal requirements, and data protection standards. With Password Depot Enterprise Server version 11 and later, Client Security Policies are available for this purpose. They allow you to define and enforce security-relevant settings centrally via the Password Depot Server Manager—consistently across all connected clients.
IMPORTANT: Server-wide applicability (not per user/group)
Client Security Policies always apply to the entire server and therefore to all users.
Settings defined here cannot later be configured differently or overridden at the database level for individual users or groups.
IMPORTANT: Supported only by the Corporate Edition
Client Security Policies work exclusively with the Windows Client Corporate Edition.
The Standard Edition does not support these policies (the settings are not enforced there).
Why are there a Standard Edition and a Corporate Edition?
The two Windows clients are deliberately separated because they address different requirements:
Standard Edition: Focus on simple, immediately usable operation without central restrictions.
Corporate Edition: Focus on central control, consistent configuration, and compliance in corporate environments.
This keeps the Standard Edition lightweight, while the Corporate Edition provides the necessary control mechanisms for IT departments.
Standard Edition vs. Corporate Edition at a glance
Criterion | Standard Edition | Corporate Edition |
|---|---|---|
Target group | Individual users, small teams | Companies with centralized IT management |
Central policies | Not supported | Supported (Client Security Policies) |
State after installation | Usually fully usable immediately | Usually more restricted, controlled via policies |
Typical goal | Maximum flexibility | Control, consistency, compliance |
What do Client Security Policies control?
With Client Security Policies, you centrally define which functions and settings are permitted in the Windows client. These policies:
apply to all clients that have connected to the Enterprise Server at least once,
are applied automatically,
remain effective even when the client is offline (after the policy has been received once).
Typical areas (depending on the options available in your version) include, for example:
Password and security requirements (e.g., policies related to passwords/authentication)
Storage and cloud options (e.g., permitted cloud services)
Actions/functions in the client (e.g., printing, export, other actions)
Program settings (e.g., default behavior when logging in to the Enterprise Server)
Practical examples
Prevent copying to the clipboard
You want to prevent passwords from being copied to the clipboard and pasted into other applications (risk: uncontrolled disclosure or reading by other software).
→ Enforce a policy that disables or restricts clipboard copying (if available in your version).
Block database exports
You want to prevent users from exporting entire databases and distributing them outside your environment.
→ Enforce a policy that disables export functions or allows them only in defined cases.
Allow only approved cloud services
You want to ensure that only approved cloud storage services are used (e.g., for compliance reasons).
→ Enable only approved cloud services and disable non-approved storage options.
Configuration in the Password Depot Server Manager
To define the policies centrally:
Open the Password Depot Server Manager.
Navigate to: Manage → Client Security Policies.
Define the desired settings and save the policy.
Important for distribution:
A client must connect to the Enterprise Server at least once to receive the policy.
After that, it remains effective even during offline use (until it is changed and synchronized again).
Download the Corporate Edition
You can find the Corporate Edition of the Windows client here.
Related articles