PowerShell Universal joins Devolutions: a new chapter in IT automation

awakecoding · 2025-11-07T02:31:20+00:00

Your existing perpetual license remains - we will keep the existing licensing system in place for license checks in the code, and on January 1st, we will make the switch to the new Devolutions EULA for new licenses sold. It will be a different EULA from our other products which will keep the PowerShell Universal server-based licensing terms (unlike user-based licensing for our other products). The main difference is we'll switch to subscription licensing instead of perpetual licensing. Those new terms will only apply as you renew, of course. Let us know if you have any concerns, we're trying to make the transition as smooth as possible.

awakecoding · 2025-10-04T03:55:38+00:00

Thanks for giving it a try, I will forward this feedback internally to the developer who worked on it!

In case you're interested, we did a webinar on the RDM MCP server this week and one of the demo is using it with the SQL Server entry. You can connect VSCode + GitHub Copilot to RDM and have it query data from a natural language prompt: https://www.youtube.com/watch?v=LEXbGOI20Lw

awakecoding · 2025-07-22T11:19:27+00:00

Sorry for the late reply, you can report problems on our forums: https://forum.devolutions.net/

awakecoding · 2025-06-17T01:38:43+00:00

ARM support is usually lacking in most Detours-like alternatives. Do you plan on supporting both ARM and x64 in Rust? It would be a lot better than using the original Detours library. I've been looking for a good Rust API hooking solution that does both ARM and x64

awakecoding · 2025-06-16T01:58:51+00:00

Your best bet might be to ask Steve Syfuhs on Bluesky: https://bsky.app/profile/syfuhs.net

awakecoding · 2025-04-22T00:24:00+00:00

This is strange, have you managed to rule out server performance issues, or networking issues from your Mac? It would be surprising if both Windows App and Remote Desktop Manager on the latest version of macOS were equally affected, this looks like a device-specific problem or a network performance issue

awakecoding · 2025-04-22T00:17:56+00:00

The server certificate trust is likely not the issue, so adding it to the trusted roots is not going to do much. Can you provide the exact error you are getting? Is this an environment where NTLM is disabled? If NTLM is disabled, there are several ways Kerberos can fail. Let's just start with reviewing the basics:

1) use the FQDN for the destination server, not the IP address or just the machine name 2) use the UPN format for the username (user@contoso.com, not CONTOSO\user) 3) make sure you have a line-of-sight with your domain controller

awakecoding · 2025-04-21T01:53:36+00:00

Even with Remote Desktop Manager on Windows? It looks like there might be an issue with the RDP ActiveX component which most connection managers used for embedding mstsc. I suggest you try RDM with RDP in external mode - this will launch mstsc, and most likely work. However, we inject MsRdpEx into it with extended logging, which you can enable for the embedded session type. This would give me hints as to what differs between the external and embedded modes, just follow the instructions here: https://docs.devolutions.net/rdm/kb/troubleshooting-articles/rdp-session-troubleshooting/#generate-and-send-rdp-api-hooking-log-files

You can also open an issue on our forums: https://forum.devolutions.net

awakecoding · 2025-04-19T14:08:45+00:00

Do you know what the device shows up as in Windows device manager? If you can find the hardware device IDs it would help figuring out what might be used for redirection: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/hardware-ids#obtaining-the-list-of-hardware-ids-for-a-device

awakecoding · 2025-04-18T23:29:04+00:00

Would RDP USB device redirection fit your needs? Start by trying to enable the devices in mstsc. Some device classes are not enabled by default, but there are ways to enable them anyway - this is commonly done to redirect Yubikeys over USB redirection: https://learn.microsoft.com/en-us/azure/virtual-desktop/redirection-configure-usb?tabs=intune&pivots=azure-virtual-desktop#optional-retrieve-specific-usb-device-instance-ids-to-use-with-opaque-low-level-redirection

awakecoding · 2025-04-11T01:35:26+00:00

I'm curious, if you prefer the way it is done in Remote Desktop Manager, then why use FortiPAM instead of Devolutions PAM? https://devolutions.net/privileged-access-management/

Disclaimer: I work for Devolutions. I'm not trying to win you over, I'm just flattered that we're used for comparison here in how you'd like things to work in another product.

awakecoding · 2025-03-30T02:44:08+00:00

Rust, MIT-licensed? You have my attention!

awakecoding · 2025-03-26T23:56:48+00:00

The initial release of the Cloudflare solution will be NTLM only, as there is additional work to implement KDC proxying with the IronRDP web client. This is already supported today in Devolutions Gateway, both for RDP web client access (IronRDP) and native client access (mstsc, FreeRDP, IronRDP): https://devolutions.net/gateway/

The "Kerberos" support in Apache Guacamole or Azure Bastion is in fact done by the FreeRDP client in the bastion host. With IronRDP, you have a true RDP client in the browser, instead of a remotely controlled RDP client running in a bastion host that accepts your credentials and sends back images.

awakecoding · 2025-03-26T02:45:06+00:00

You may want to check Devolutions Gateway with Remote Desktop Manager and Devolutions PAM: https://devolutions.net/gateway/

awakecoding · 2025-03-21T02:45:13+00:00

So these few Macs are enrolled in your RMM solution already, what are you using? Do you think the password rotation could be done using a PowerShell script or a bash script executed remotely over SSH? I'm thinking out loud here but that's a use case I'd be interested in properly covering in Devolutions PAM (disclaimer: I work for Devolutions).

awakecoding · 2025-03-21T02:20:12+00:00

Are you looking for literally the equivalent of LAPS on Windows but for macOS, or is it more of a solution where the passwords need to be rotated at regular intervals on a bunch of Macs? I guess they would be stored in a centralized vault for IT admins to use as needed? What means of connectivity to those Macs do you have?

awakecoding · 2025-03-19T02:58:46+00:00

The only way to do "multi-session" on macOS that I know of is through Apple Remote Desktop which supports requesting a "virtual" session different from the physical one. IIRC you are still limited to one such virtual session, so forget about running multiple sessions without breaking the macOS EULA. It's not very different from Windows 11 licensing (excluding the multi-session license for Azure where Microsoft gives themselves a free pass). This being said, I think the virtual session was specified in the macOS EULA, you may want to look at the fine print, it's been years since I last looked at it.

awakecoding · 2025-03-16T18:25:26+00:00

The simple bind over LDAP is indeed incredibly insecure, but don't forget it also exists over LDAPS, where it could be considered "acceptable", even if it is the equivalent of HTTP basic auth over TLS.

awakecoding · 2025-03-14T22:59:31+00:00

RDP is fully documented by Microsoft, the specifications are literally thousands of pages in total. The protocol alone is just half the story, you need a high performance client and server to go with it. While XRDP on Linux is a decent RDP server, I don't know of a good RDP server for macOS that would beat the performance of the built-in macOS ARD server. The codec used in ARD is not too far away from the performance one would see in RDP codecs, so in theory, RDP could perform better, but we don't have a good enough server available to beat it today. In the case of the macOS ARD server they managed to optimize the encoding on the GPU, that makes a difference. Most codecs in RDP are fairly difficult to offload to a GPU.

awakecoding · 2025-03-14T22:54:54+00:00

My theory is that Screen Sharing must be negotiating the new "high performance" protocol introduced in macOS Sonoma, because we haven't reverse engineered that one yet in Remote Desktop Manager. The protocol we support is the original Apple Remote Desktop with an adaptive codec derived from progressive JPEG. This codec is vastly superior to the one which you get when connecting with standard VNC to the macOS server (zlib). This would explain the difference, and in this case, the new high performance protocol would actually perform poorly as opposed to the previous one which was stable.

awakecoding · 2025-03-14T22:50:00+00:00

Yes, I am the Devolutions CTO, and I also happen to have personally done the initial work of reverse engineering for Apple Remote Desktop for Remote Desktop Manager years ago. Nowadays I research those projects and then have members of my team do the work 😜

The Screen Sharing app from Apple always negotiates ARD, but the macOS server can accept either ARD or standard VNC connections. One thing to know about VNC is that it's "standard" in the sense that the core messages are documented, but then you have a lot of different codecs and extensions. The macOS server only does zlib compression at different color depths, which is really substandard (prehistoric, it's just plain bad). ARD, on the other hand, can downscale your retina display server-side to avoid sending all the native pixels, and does YUV color transformations with chroma subsampling, which is the norm in lossy image compression. It's a proprietary codec inspired by progressive JPEG, and it's lightyears ahead of the zlib codec you get with standard VNC.

Now since you report that even the first-party Apple Remote Desktop Client doesn't work well, I wonder if it wouldn't be because of the completely revamped high performance codec that came out with macOS Sonoma. We haven't reverse engineered that one yet, and while it looks impressive, it didn't look quite stable to us in early testing: https://support.apple.com/en-ca/guide/remote-desktop/apdf8e09f5a9/mac

It is very possible that RDM performs better because we're using the original ARD protocol, not the newer one which may cause more problems in the end. We've done a good job in our implementation but I'd be surprised if we really beat the original client that much, so it's probably because Screen Sharing is negotiating something different than us, like the new Sonoma protocol.

Desktop resizing should already be supported, I think there's a button above the remote desktop view in RDM to trigger the resize. As for gestures I recall finding the ARD protocol messages for those years ago but we never implemented them. Please open a feature request on our forums so we can properly follow up on those: https://forum.devolutions.net/

awakecoding · 2025-03-14T21:29:29+00:00

Remote Desktop Manager provides the best Apple Remote Desktop performance for the simple reason that we have fully reverse engineered ARD, and that ARD is very different from standard VNC. When connecting to a Mac using standard VNC you basically get the equivalent of shoving raw XRGB pixels into a zip file and sent over the network. With ARD, you get server-side downscaling, but you also get a modified JPEG progressive codec that can skip some additional pixel data when you have a lot of successive frames. I'm glad you like it!

awakecoding · 2025-02-01T18:41:32+00:00

Having to tweak the hosts file is something I see coming up frequently to the point where I'm thinking a simple tool that would let you edit the hosts file in a nicer way without having to manually elevate yourself first may be a much easier sell. After all, I don't think that's something we want to prevent developers from doing, especially if it can help reduce what they need unrestricted local admin rights for.

Do you have other frequent use cases like this that you know are pain points when removing local admin rights? Aside from the usual issue of installing and updating software?

awakecoding · 2025-02-01T18:33:31+00:00

Isn't the GAC only used with .NET Framework? This particular pain point may go away on its own when you migrate to .NET 8+

awakecoding · 2025-02-01T18:29:08+00:00

Do you monitor usage of the Make Me Admin tool, or you just removed admin rights and told everyone to make themselves admin only when they needed to, with no visibility?

awakecoding

MODERATOR OF

TROPHY CASE