Event Viewer, Registry, Device Manager, Certificates, Firewall, Defender, PowerShell, file transfer, Print Management — and yes, Remote Desktop — all from a browser tab. No VPN, no open inbound ports, no screen takeover.
Sure, we offer Remote Desktop. With Palisade, you won't need it.
Everything you'd normally launch through Computer Management, an RDP session, or a remote PowerShell prompt — surfaced as real, native administrative tools. No desktop takeover, no jump box, no client to install.
A real ConPTY session — colour, tab completion, interactive programs.
Browse hives, read and write keys and values, across the fleet.
Query any channel with filtering — System, Security, application logs.
List, start, stop, restart, and set startup type.
Inspect, run, enable, and disable scheduled tasks.
Enumerate devices and drivers; enable, disable, and inspect.
View, import, and remove machine and user certificates.
Create, rename, reset passwords, manage group membership.
Profiles and rules with a dead-man auto-revert on lockout.
Protection status, threat history, and on-demand scans.
Printers, queues, drivers, ports — and cross-device install.
Power plans, sleep and hibernate behaviour, fast startup.
Installed-app inventory and silent remote uninstall.
Activation state, edition, KMS; install keys, rearm, repair.
Browse, upload, download, and move files on any path.
Live process list with CPU/memory and one-click kill.
The terminal runs over ConPTY — the same allocation Windows uses natively. Colour output, tab completion, progress bars, and interactive programs all work as expected. It is not a web terminal stub that pipes strings into cmd.
Every enrolled endpoint reports its hostname, OS build, CPU, RAM, disk utilisation, public and LAN IP, and the currently logged-in user — updated automatically on each heartbeat, without polling or agent-side scheduling.
Create, rename, disable, and delete local accounts. Assign and remove group memberships. Reset passwords. Everything the local user manager exposes, surfaced as a structured panel without touching the desktop.
Browse the full installed application inventory on any enrolled endpoint — name, version, publisher, and install date. Trigger silent uninstalls without touching the machine or interrupting the user.
Inspect Windows license status across your fleet. View product edition, activation state, license type, and KMS server details — and trigger reactivation remotely without opening a session.
The agent continuously monitors SMART failure prediction on all physical drives. When a drive signals imminent failure, a warning surfaces in the fleet dashboard immediately — no manual scanning required.
Live process list with CPU and memory metrics refreshed every three seconds. Terminate any process by PID without taking control of the user's desktop. Filter between active (memory-resident) and all system processes.
Most tools stop at the managed endpoint. Palisade uses it as a pivot — discover the LAN, classify what's on it, and reach the switches, firewalls, NAS units, and appliances that have no agent of their own. No on-site visit, no VPN, no port forwarding.
An agent-driven sweep builds a live inventory of every device on the network — managed or not.
MAC-OUI fingerprinting tags vendor and device type, entirely offline — no lookups leave the network.
Open a switch, firewall, or NAS admin interface in your browser, tunneled through the agent.
A browser shell to anything that speaks SSH — routers, hypervisors, Linux hosts.
Reach the serial-over-IP appliances and ancient switches nothing modern will talk to.
Everything rides the endpoint's outbound connection — the device behind it is never internet-reachable.
Most work never needs a session. For the rest — a locked-out user, a visual bug, an encrypted disk, a forensic question — Palisade ships the heavier instruments too, each one gated and logged.
A full WebRTC session when you genuinely need eyes on the screen — it captures the login and lock screens too, with optional local-input lockout.
Direct browser-to-endpoint upload and download over the authenticated relay. No shared drives, no SFTP credentials, no VPN.
Encryption status per volume, in-house recovery-key escrow, and a gated, fully audited reveal when a key is actually needed.
An append-only, per-network record of every privileged action — who did what, on which device, and when.
Drive any tool programmatically with scoped tokens. Automate enrollment, remediation, and reporting end to end.
Pull on-demand log, process, and system bundles from any endpoint for fast triage — without opening a session.
The point of a unified workspace is that real jobs stop being a tab-switching scavenger hunt. A few that take minutes instead of a site visit:
An agent-driven LAN sweep builds a live, drag-arrangeable map of every device on the network — managed or not — with fully offline MAC-OUI vendor and device-type classification.
CPU, RAM, and disk utilisation streamed fleet-wide on every heartbeat. Spot resource pressure before it becomes an incident — without opening a single session.
Every enrolled endpoint reports hostname, OS build, CPU model, core count, RAM, disk capacity, architecture, public and LAN IP, and logged-in user — updated automatically.
Push silent agent upgrades and trigger remote uninstalls from the dashboard. Decommission a device in one click — agent uninstalls itself and the record is removed.
Devices are scoped to networks inside organisations. Each tenant is fully isolated — separate credential stores, device lists, and audit trails. Host multiple clients from one instance.
The agent dials out over an authenticated WebSocket. No open RDP ports, no VPN concentrator, no inbound rules. Works from behind CGNAT or any restrictive network policy.
Save and run PowerShell against one device or the whole fleet, with a shared script library — no GPO, no SCCM, and no logon session required.
Detects domain membership and domain-controller roles per device, surfacing a dedicated domain view for the endpoints that have one — joined or standalone, at a glance.
Continuous SMART failure prediction monitoring on all physical drives. Warning indicators surface in the fleet dashboard the moment a drive signals imminent failure — before data loss occurs.
The agent initiates a persistent outbound WebSocket connection to the Palisade relay. Your firewall never sees inbound traffic from the platform. The endpoint is not reachable directly from the public internet at any point during operation.
Palisade grants real administrative control, so the platform is engineered to match it — multi-factor auth, granular role-based permissions, encrypted secrets, and strict per-tenant isolation, with every privileged action gated and logged.
TOTP two-factor; session tokens stored only as SHA-256 digests, with server-side expiry and step-up re-auth for sensitive actions.
Per-capability permissions per role, plus a per-message allowlist on the agent channel — one tool's access never becomes another's.
AES-256-GCM envelope encryption with domain-separated keys; bcrypt passwords; optional Vault / KMS transit.
Every device, credential, and audit record is scoped to its organization on every operation — cross-tenant reads aren't expressible.
No inbound ports, no VPN, no exposed RDP. The agent dials out over TLS 1.2+; the endpoint is never internet-reachable.
Append-only, per-network action trail with retention — who did what, where, and when.
Sign up and define a network. Palisade provisions an isolated tenant — no infrastructure to configure, no certificates to manage, no VPN concentrator to deploy.
Download a pre-configured Windows installer from your dashboard. Run it once per endpoint. The agent enrolls, connects outbound to the relay, and begins reporting. No firewall changes required.
Devices appear in your console within seconds. Open a terminal, inspect processes, manage local users, transfer files — without interrupting whoever is at the machine.
Serve multiple client sites from a single console. Each organisation is fully isolated. Onboard a new client in minutes — enroll their devices, organise into named networks, administer immediately.
Eliminate the ticket backlog that exists purely because you need desktop access for routine operations. Reset a password, restart a service, clear a print queue — without scheduling time at the user's machine.
Investigate, remediate, and harden endpoints without the exposure of an open RDP session or shared admin credentials. Every action runs through a single authenticated control plane.

Create an account, deploy an agent, and run your first remote PowerShell command — all in under five minutes.
Create free account