Feature Request

When setting up new Devolutions Gateways, you need to "Publish Revocation List" in the DVLS web GUI before you can start using the new gateway. It would be great to be able to do this via Powershell, so you can setup and configure everything Devolutions Gateway wise automatically.

Hello. When working with automating setup of Devolutions Gateway and Devolutions PAM, we have discovered that there is a gap in functionality in what can be done with the web GUI and what can be done with powershell. Devolutions Gateway: Missing "New/Update-DSGatewayFarm" commands to be able to create and manage Devolutions Gateway Farms. New/Update-DSGateway: Missing ability to set permissions with New-DSGateway (Limited functionality is present with Update-DSGateway). Missing ability to set default permissions (Defaults to "Default (Allowed)") Missing functionality to control KDC-proxy settings. Devolutions PAM: New-DSPamProvider Missing ability to configure "Use Devolutions Gateway" and choose what gateway/fram to use. Missing ability to configure Domain Controller Missing ability to configure "Password Template" New-DSPamVault Unable to assign permissions to an "Application" It would be great if the functionality available in the web GUI, would also be available in the Powershell module, to enable automating things and improve consistency.

When retrieving the tags (keywords) from an get-rdmentry they are returned a s a single string. For example: $test.metainformation.keywords PowerScale DFWEQ GenPop It would be much more useful if these were returned as a string of variables so that you could do $tags[0], $tags[n] Not a super high priority, I can use split-string to get them into an array for now but maybe a future enhancement in the PS module?

Hello. Is it possible to get the Login attempts to Devolutions Server, using powershell? I know that there is a Scheduled report in the Devolutions Console, but it only checks every day and i wanted something more recurring. For context: I would like to have a script checking it every 5 minutes and send the info into a log. That log would be consulted by an item in Zabbix and trigger and alarm is there would be any new data (new login attempt). Thank you Ricardo Neves

Hi new-DSPamAccount are missing the function to create a account as a JIT Account we have X number of users there will need there own JIT Account on X many customers so it will be nice if we can automate the process by creating the Account and add the account to the JIT privilege sets for the provider automatically with the powershell module.

Current Behavior: Get-DSPamAccount (without parameters) returns only limited information for all PAM accounts Get-DSPamAccount -AccountID [ID] returns detailed information for a specific account To get detailed information for all accounts, we must: Call Get-DSPamAccount to retrieve all account IDs Iterate through each ID and call Get-DSPamAccount -AccountID [ID] individually Issue: Our automation scripts run frequently (several times per hour) and need detailed information for all PAM accounts. The current workflow requires N+1 requests to DVLS (one initial request + one per account), which: Creates unnecessary load on the DVLS server, sometimes even crashing it Increases script execution time Is inefficient for a common use case Proposed Solution: Add a parameter (e.g., -Detailed or -IncludeDetails ) to Get-DSPamAccount that retrieves detailed information for all accounts in a single call. Example Usage: Get-DSPamAccount -Detailed Benefits: Reduces server load by consolidating multiple requests into one Improves script performance Provides a more efficient API for common automation scenarios Alternative Considerations: Batch parameter: Get-DSPamAccount -AccountID @(id1, id2, id3) to retrieve multiple accounts at once

Hi, Can you add the powershell feature to update the Tags in system settings -> Common -> Tags

Hello, atm it is not possible to search this over all vaults. We would have to check over 400 faults by hand... Kind Regards Patrick

Hi, in devolutions servers since 2025 when a user is deleted it goes to the deleted users section. Currently it's not possible to delete users from there using the powershell module which prevents certain automations. Please add this. Ben

When using the feature Load RDM CmdLet in PowerShell (local) entries, the latest Devolutions.PowerShell module is fetched from PSGallery. However, if an older version of DVLS is installed, it's quite possible to get compatibility issues. If module backward compatibility can’t be assured, wouldn’t it be better to have the Load RDM CmdLet feature to be configured to fetch an older module with -RequiredVersion 2024.x.x

I have spent the better part of 2 days troubleshooting an issue where I could not retrieve users or vaults on a server while these queries worked on another one. Eventually I found out the Application Identity I used had IP restrictions implemented. When running the following to authenticate I got the following response (I used the -AsLegacyResponse to get more feedback during testing). PS> New-DSSession -BaseUri $Uri -Credential $Credential -AsApplication -AsLegacyResponse DetailedErrorMessage ErrorMessage IsSuccess Result -------------------- ------------ --------- ------ True Success Though in fact I was not authenticated due to the IP restriction. Performing a follow-up query thus yielded the following result. PS> Get-DSVault -All -AsLegacyResponse DetailedErrorMessage ErrorMessage IsSuccess Result -------------------- ------------ --------- ------ False WebApiRedirectToLogin After finally finding the solution for my issue, I noticed I actually got a faint hint about not being authenticated when using verbose logging. Without IP restrictions in place the following will happen. PS> New-DSSession -BaseUri $Uri -Credential $Credential -AsApplication -Verbose -AsLegacyResponse VERBOSE: [New-DSSession] Beginning... VERBOSE: [New-DSSession] Server version: 2025.3.5.0 VERBOSE: [New-DSSession] Authenticating as <redacted> VERBOSE: [New-DSSession] Login as an application VERBOSE: [New-DSSession] End With IP restrictions the following will. PS> New-DSSession -BaseUri $Uri -Credential $Credential -AsApplication -Verbose -AsLegacyResponse VERBOSE: [New-DSSession] Beginning... VERBOSE: [New-DSSession] Server version: 2025.3.5.0 VERBOSE: [New-DSSession] Authenticating as <redacted> VERBOSE: [New-DSSession] End As you can see there is an empty line in the second response, which is the only indication authentication actually failed. While troubleshooting I have also checked $global:DSSessionToken as well to see if I was authenticated. This variable has been filled even when failing to authenticate. Could you add better feedback about failing the authentication? There is no need to hint towards IP restrictions as to now give attackers a clue. But at least let me know authentication has failed, since now I have been looking into the DSSessionToken not being passed onto subsequent requests. Also please don't fill the DSSessionToken if there is no session.

Bonjour, J'aimerais savoir si en utilisant le module powershell (avec Devolutions hub) il est possible de générer des mot de passe en utilisant le password générator? Merci,

When I create a folder within a vault, I want to set the permissions to that folder using the Devolutions.PowerShell module version 2025.3.1. Though when I try to assign the permissions this works as intended for Users and User Groups, but not for Application Identities. The following code can be used to reproduce my situation. Please note that Get-SecureEnvironmentHash is a private function which retrieves hashed secrets. We can assume these work as intended since the folder can be created and permissions can be set. function New-DevolutionsFolder { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$Uri, [Parameter(Mandatory = $false)] [string]$Vault = "Test", [Parameter(Mandatory = $false)] [string]$Folder = "TestFolder", [Parameter(Mandatory = $false)] [string]$UserGroup = "test_group" ) begin { Import-Module -Name "Devolutions.PowerShell" try { # Create credentials $applicationSecret = Get-SecureEnvironmentHash -Name "DevolutionsTestSecret" | ConvertTo-SecureString -AsPlainText -Force $applicationID = Get-SecureEnvironmentHash -Name "DevolutionsTestID" [pscredential]$Credential = New-Object System.Management.Automation.PSCredential ($applicationID, $applicationSecret) # Connect New-DSSession -BaseUri $Uri -Credential $Credential -AsApplication } catch { throw "Could not connect to '$Uri'" } } process { # Generate permissions $roleID = Get-DSRole -All | Where-Object { $_.name -eq $UserGroup } | Select-Object -ExpandProperty "Id" | Select-Object -ExpandProperty "Guid" $permissions = @( # View [RemoteDesktopManager.PowerShellModule.Private.models.ConnectionPermission]@{ IsEmpty = $false Override = [RemoteDesktopManager.PowerShellModule.Private.enums.SecurityRoleOverride]::Custom Right = [RemoteDesktopManager.PowerShellModule.Private.enums.SecurityRoleRight]::View Roles = @($roleID, $applicationID) } ) # Get the vault $targetVault = Get-DSVault -All | Where-Object { $_.Name -eq $Vault } # Create the folder $createdFolder = New-DSFolder -Name $Folder -VaultID $targetVault.ID # Set permissions Set-DSEntityPermissions -EntityId $createdFolder.id -Permissions $permissions } end { # Close the session Close-DSSession } } The below screenshot shows the Folder has been created and permissions have been set for the User Group, but not for the Application Identity, which effectively locks me out of this folder for further actions like adding entries. [image] If I create an instance of RemoteDesktopManager.PowerShellModule.Private.models.ConnectionPermission I cannot see any other methods than the 4 I already use, so I believe adding the Application Identity ID into the Roles should be the way to go. What am I doing wrong here?

Hi! Is there a way to export an entry template not encoded? Like an export from a session? CU, Timo

Hello, I’m opening this discussion thread on behalf of a client. They would like to be able to modify and view the information related to entry documentation and the root folder. Here are a few examples of the commands mentioned: Get-DSDocumentation Get-DSRootDocumentation Thank you in advance for your help. Best regards,

From a client request: A Powershell module to automate the creation of Devolutions Send links to share passwords.

Hello, With PowerShell module v2024.3.5, an 'Access Denied' response is received when attempting create a new sub entry, while authenticated as a non-administrative user. Conversely, the exact same entry can be created with RDM by the same user without requiring administrative rights. There are some forum posts suggesting this is by design, but recently made possible if the authenticated user is an 'application': https://forum.devolutions.net/topics/32698/powershell---invoke-rdmparentsession-throws--access-denied https://forum.devolutions.net/topics/40686/invokerdmparentsession--access-denied https://forum.devolutions.net/topics/40711/powershell-allow-invokerdmparentsession-as-nonadministrator As there are security implications related to elevating users to administrative privilege, or creating an 'application' with single factor static credentials, would it possible to enhance the PowerShell module to allow creation of sub entries for non-administrative regular users? Please let me know if you would like any additional info. Thanks Joe [image] $NewSubEntry = New-RDMSession - Type InventoryReport - Name " `$ PARENT_NAME `$ " | ForEach-Object {    $_ .Group = $ParentEntry .Group    $_ .HostSourceMode = 'Inherited'    $_ .CredentialConnectionID = $ParentEntry .CredentialConnectionID    $_ .InventoryReport.ShowNetworkAdapters = $true    Set-RDMSession $_ - Refresh    Set-RDMSessionCredentials - CredentialsType Inherited - PSConnection $_    Invoke-RDMParentSession - ParentSession $ParentEntry - Session $_ - Refresh }

How can we with POWERSHELL, do some HousekKeeping of RDM Session Recording ? I tough that maybe I could use Powershell to Query the DataSource to seek all Recording session Older than x Days, and then loop to Delete all of those. Anyway we can do that using RDM Powershell Query ? Best regard's

Hello Devolutions, We would like to have the ability to create or update an RDP session via the cmdlet New-DSRDPEntry / Update-DSRDPEntry command, and link an existing credential entry to it. We also want to configure the default DVLS Gateway in the RDP session using the cmdlet. Thanks for your help !

Is it possible to script/automate the following cleanup work using the Powershell API? Administration -> Aufräumen - Eintragsverlauf bereinigen - Aktivitätenprotokolle bereinigen [image]

Hello Devolutions, please would it be possible to add to your module some command like: Get-RDMSessionPrivateSSHKey? im working on "application" that takes passwords from RDM and injects them into custom command "rdmssh" for details - https://github.com/MaskoFortwana/RDMcli and I would like to expand it, so it would be possible to inject also ssh keys, but I cant find any way how to do this now. Thank you Michal

Hello, Is it possible to have a powersell command to activate the option "reset password On Check In" when creating a New-DSPamAccount ? [image] Thanks

Must have: Editing/Adding a keyfile and/or keydata to the Personal Private Key in Account Settings Nice to have: Generating a new key via command and exporting to file (.ppk, pub) Currently, only SSHKey entries for the database or vault are supported, not as client settings.