Menu
Browser-Native Endpoint Operations

Endpoint Administration,
Without Interrupting Users.

Event Viewer, Registry, Device Manager, Certificates, Firewall, Defender, PowerShell, file transfer, Print Management — and yes, Remote Desktop — all from a browser tab. No VPN, no open inbound ports, no screen takeover.

Sure, we offer Remote Desktop. With Palisade, you won't need it.

Fleet — Production
Terminal — SRV-APP-02
Task Manager
Production · 7 online
SRV-APP-02
SYSTEM
WORKSTATION-04
j.smith
SRV-DC-01
SYSTEM
DESKTOP-K9X2M
m.torres
LAPTOP-QT7R
Windows PowerShell 5.1 · SRV-APP-02 · session started 09:14:32
PS C:\> Get-Service | Where-Object Status -eq "Stopped" | Select-Object Name, DisplayName
Name DisplayName
---- -----------
SpoolerPrint Spooler
wuauservWindows Update
RemoteRegistryRemote Registry
PS C:\> Start-Service -Name "Spooler"
Service 'Print Spooler' started on SRV-APP-02.
PS C:\> Get-LocalUser | Select Name, Enabled, LastLogon | Format-Table -AutoSize
PS C:\>
SRV-APP-02
CPU31%
Memory58%
Disk C:44%
Top processes
w3wp.exe18.2%
sqlservr.exe8.7%
svchost.exe2.4%
lsass.exe0.9%
Zero
inbound ports required
< 60 s
agent enrollment time
20+
native admin tools
No RDP
no VPN, no screen takeover
Why Palisade is Different

Not a remote-access tool with extra tabs.

Traditional RMM
Palisade
·Remote into Windows and take the screen
Administer Windows directly — no session
·A grab-bag of separate modules and agents
One unified browser workspace
·Most tasks require a desktop session
Most tasks done without RDP at all
·Device inventory and a remote shell
Full native Windows management tools
·Generic script runner bolted on
Event Viewer, Registry, Defender, Firewall, Certs…
Operate Windows

The MMC console, in your browser.

Everything you'd normally launch through Computer Management, an RDP session, or a remote PowerShell prompt — surfaced as real, native administrative tools. No desktop takeover, no jump box, no client to install.

PowerShell Terminal

powershell.exe · cmd.exe

A real ConPTY session — colour, tab completion, interactive programs.

Registry Editor

regedit.exe

Browse hives, read and write keys and values, across the fleet.

Event Viewer

eventvwr.msc

Query any channel with filtering — System, Security, application logs.

Services

services.msc

List, start, stop, restart, and set startup type.

Task Scheduler

taskschd.msc

Inspect, run, enable, and disable scheduled tasks.

Device Manager

devmgmt.msc

Enumerate devices and drivers; enable, disable, and inspect.

Certificates

certlm.msc

View, import, and remove machine and user certificates.

Users & Groups

lusrmgr.msc

Create, rename, reset passwords, manage group membership.

Firewall

wf.msc

Profiles and rules with a dead-man auto-revert on lockout.

Microsoft Defender

Windows Security

Protection status, threat history, and on-demand scans.

Print Management

printmanagement.msc

Printers, queues, drivers, ports — and cross-device install.

Power Options

powercfg

Power plans, sleep and hibernate behaviour, fast startup.

Software

appwiz.cpl

Installed-app inventory and silent remote uninstall.

Licensing

slmgr.vbs

Activation state, edition, KMS; install keys, rearm, repair.

File Manager

explorer.exe

Browse, upload, download, and move files on any path.

Task Manager

taskmgr.exe

Live process list with CPU/memory and one-click kill.

DESKTOP-01 — Device Tools
DESKTOP-01Windows 11 · forbidden
Terminal
Registry
Event Viewer
Services
Scheduler
Devices
Certificates
Users
Firewall
Defender
Print
Power
Files
Software
Task Mgr
Remote Shell

A real PTY, not a command runner.

The terminal runs over ConPTY — the same allocation Windows uses natively. Colour output, tab completion, progress bars, and interactive programs all work as expected. It is not a web terminal stub that pipes strings into cmd.

  • Full PowerShell 5 and cmd sessions with interactive prompt
  • ConPTY allocation preserves ANSI colour and cursor control
  • Session persists across browser navigation — reconnects on page refresh
  • Pop out to a dedicated window for sustained administration sessions
powershell.exe · cmd.exe · ConPTY
Terminal — WORKSTATION-04
Windows PowerShell 5.1.26100 Copyright (C) Microsoft Corporation.
PS C:\> Get-NetAdapter | Select Name, Status, LinkSpeed
Name Status LinkSpeed
---- ------ ---------
Ethernet 0 Up 1 Gbps
Wi-Fi Disabled 0 bps
PS C:\> Invoke-WebRequest -Uri 'https://repo.internal/agent.msi' -OutFile C:\tmp\agent.msi
Downloading ... 14.2 MB / 14.2 MB
PS C:\> msiexec /i C:\tmp\agent.msi /quiet
PS C:\>
Fleet — Production · 12 devices9 online · 3 offline
SRV-DC-01Server 2022
CPU18%
RAM42%
DSK61%
SYSTEM
SRV-APP-02Server 2022
CPU31%
RAM58%
DSK44%
SYSTEM
WORKSTATION-04Win 11 23H2
CPU8%
RAM34%
DSK29%
j.smith
DESKTOP-K9X2MWin 11 23H2
CPU4%
RAM21%
DSK55%
m.torres
LAPTOP-QT7RWin 10 22H2
SRV-FILE-01Server 2019
CPU6%
RAM28%
DSK82%
SYSTEM
Fleet Telemetry

Your entire fleet, at a glance.

Every enrolled endpoint reports its hostname, OS build, CPU, RAM, disk utilisation, public and LAN IP, and the currently logged-in user — updated automatically on each heartbeat, without polling or agent-side scheduling.

  • CPU, memory, and disk streamed on 30-second heartbeats fleet-wide
  • Online / offline state with last-seen timestamp per device
  • Hardware inventory: CPU model, core count, total RAM and disk
  • Logged-in user context without opening a session
msinfo32 · WMI · Get-Counter
Local User Administration

lusrmgr.msc — in the browser.

Create, rename, disable, and delete local accounts. Assign and remove group memberships. Reset passwords. Everything the local user manager exposes, surfaced as a structured panel without touching the desktop.

  • Create users with password policy flags — never expires, user may not change
  • Manage Administrators, Remote Desktop Users, and any local group
  • Disable accounts immediately without requiring a local session
  • Group membership autocomplete from the live group list
lusrmgr.msc · net user · Get-LocalUser
Local Users and Groups — WORKSTATION-04
Users
Administrator
DefaultAccount
Guest
j.smith
svc_backup
svc_monitor
j.smith
Full NameJames Smith
DescriptionPrimary workstation account
StatusEnabled
Last Logon2026-05-27 08:41
SIDS-1-5-21-...1001
Member Of
Users
Remote Desktop Users
Application Management

See and remove installed software — remotely.

Browse the full installed application inventory on any enrolled endpoint — name, version, publisher, and install date. Trigger silent uninstalls without touching the machine or interrupting the user.

  • Full installed software inventory sourced directly from the Windows registry
  • Filter and search across hundreds of applications instantly
  • Silent uninstall via the application's own registered uninstaller
  • No SCCM, no GPO, no remote session required
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Applications — WORKSTATION-0447 installed
Search applications...
Adobe Acrobat Reader DC
Adobe Inc. · 2026-03-12
23.008.20421
Google Chrome
Google LLC · 2026-04-28
124.0.6367.82
Microsoft 365 Apps
Microsoft Corp. · 2025-11-05
16.0.17628
7-Zip 23.01
Igor Pavlov · 2025-12-14
23.01
Zoom
Zoom Video · 2026-05-01
6.1.1.443
Notepad++
Notepad++ Team · 2025-10-18
8.6.4
Licensing — SRV-APP-02
Windows Activated
ProductWindows Server 2022 Datacenter
EditionDatacenter
ActivationActivated (Online)
License TypeVolume:MAK
KMS Serverkms.corp.local:1688
Product KeyXXXXX-XXXXX-XXXXX-XXXXX-B3Q2T
Partial KeyB3Q2T
Grace PeriodN/A — perpetual
Licensing Management

Windows activation, without the desktop.

Inspect Windows license status across your fleet. View product edition, activation state, license type, and KMS server details — and trigger reactivation remotely without opening a session.

  • Full slmgr output surfaced in a structured panel — no command line required
  • View product key, activation status, and KMS server per device
  • Detect unlicensed or grace-period endpoints across the fleet
  • Trigger remote reactivation with a single action
slmgr.vbs · SoftwareLicensingProduct · WMI
SMART Drive Monitoring

Know about failing drives
before users do.

The agent continuously monitors SMART failure prediction on all physical drives. When a drive signals imminent failure, a warning surfaces in the fleet dashboard immediately — no manual scanning required.

  • SMART failure prediction polled on every agent heartbeat
  • Warnings surface as visual indicators directly in the device list
  • Catch failing drives before data loss or unplanned downtime
  • Extensible warning framework — more health checks built on the same system
MSStorageDriver_FailurePredictStatus · WMI
Fleet — Production · 6 devices
SRV-DC-01
DSK61%
SRV-APP-02
DSK44%
SRV-FILE-01
DSK82%
!
WORKSTATION-04
DSK29%
DESKTOP-K9X2M
DSK55%
!
LAPTOP-QT7R
DSK38%
!1 critical · 1 warning — drive health issues detected
Task Manager — SRV-APP-02live · 3 s refresh
ProcessPIDCPUMemory
w3wp.exe218418.2%312 MB
sqlservr.exe9848.7%1.4 GB
svchost.exe12602.4%44 MB
lsass.exe7160.9%22 MB
MsMpEng.exe38040.6%118 MB
SearchIndexer.exe44120.4%56 MB
WmiPrvSE.exe50880.2%14 MB
spoolsv.exe14480.0%8 MB
Process Management

Kill the process. Not the session.

Live process list with CPU and memory metrics refreshed every three seconds. Terminate any process by PID without taking control of the user's desktop. Filter between active (memory-resident) and all system processes.

  • Sortable by name, CPU, or memory — descending by default
  • Kill any process by PID with a single click
  • Filter active (≥1 MB) vs all processes to cut through system noise
  • Pop out to a standalone window for sustained monitoring
taskmgr.exe · Get-Process · Stop-Process
Reach Anything

Reach the infrastructure behind the endpoint.

Most tools stop at the managed endpoint. Palisade uses it as a pivot — discover the LAN, classify what's on it, and reach the switches, firewalls, NAS units, and appliances that have no agent of their own. No on-site visit, no VPN, no port forwarding.

Discover the LAN

An agent-driven sweep builds a live inventory of every device on the network — managed or not.

Classify hardware

MAC-OUI fingerprinting tags vendor and device type, entirely offline — no lookups leave the network.

Proxy into web UIs

Open a switch, firewall, or NAS admin interface in your browser, tunneled through the agent.

SSH to equipment

A browser shell to anything that speaks SSH — routers, hypervisors, Linux hosts.

Telnet legacy gear

Reach the serial-over-IP appliances and ancient switches nothing modern will talk to.

Pivot, don't expose

Everything rides the endpoint's outbound connection — the device behind it is never internet-reachable.

Recover Anything

For the times you do need the screen.

Most work never needs a session. For the rest — a locked-out user, a visual bug, an encrypted disk, a forensic question — Palisade ships the heavier instruments too, each one gated and logged.

Remote Desktop

A full WebRTC session when you genuinely need eyes on the screen — it captures the login and lock screens too, with optional local-input lockout.

File Transfer

Direct browser-to-endpoint upload and download over the authenticated relay. No shared drives, no SFTP credentials, no VPN.

BitLocker

Encryption status per volume, in-house recovery-key escrow, and a gated, fully audited reveal when a key is actually needed.

Audit Trails

An append-only, per-network record of every privileged action — who did what, on which device, and when.

Device APIs

Drive any tool programmatically with scoped tokens. Automate enrollment, remediation, and reporting end to end.

Diagnostics

Pull on-demand log, process, and system bundles from any endpoint for fast triage — without opening a session.

Real Workflows

Solutions, not a list of buttons.

The point of a unified workspace is that real jobs stop being a tab-switching scavenger hunt. A few that take minutes instead of a site visit:

Stage a new machine

  1. 1Create the local account
  2. 2Clone printers from a peer
  3. 3Deploy machine certificates
  4. 4Apply the firewall profile
Done in minutes — no on-site visit.

Investigate a Defender alert

  1. 1Open Event Viewer, filter Security
  2. 2Review Defender threat history
  3. 3Inspect the registry run keys
  4. 4Kill the offending process
Start to finish, no remote desktop.

Reach a firewall or NAS

  1. 1Discover it on the LAN
  2. 2Open its web UI via Device Proxy
  3. 3Or SSH straight into the box
  4. 4All through the agent
No VPN, no port forward, no truck roll.
Platform

The platform underneath the tools.

Network Map & Discovery

An agent-driven LAN sweep builds a live, drag-arrangeable map of every device on the network — managed or not — with fully offline MAC-OUI vendor and device-type classification.

arp · Get-NetNeighbor

Real-Time System Telemetry

CPU, RAM, and disk utilisation streamed fleet-wide on every heartbeat. Spot resource pressure before it becomes an incident — without opening a single session.

perfmon.exe · Get-Counter

Device Inventory

Every enrolled endpoint reports hostname, OS build, CPU model, core count, RAM, disk capacity, architecture, public and LAN IP, and logged-in user — updated automatically.

msinfo32 · WMI

Remote Agent Lifecycle

Push silent agent upgrades and trigger remote uninstalls from the dashboard. Decommission a device in one click — agent uninstalls itself and the record is removed.

msiexec · sc.exe

Multi-Tenant Isolation

Devices are scoped to networks inside organisations. Each tenant is fully isolated — separate credential stores, device lists, and audit trails. Host multiple clients from one instance.

Active Directory OUs

Zero Inbound Attack Surface

The agent dials out over an authenticated WebSocket. No open RDP ports, no VPN concentrator, no inbound rules. Works from behind CGNAT or any restrictive network policy.

WinRM · SSH tunnels

Scripts & Automation

Save and run PowerShell against one device or the whole fleet, with a shared script library — no GPO, no SCCM, and no logon session required.

Invoke-Command · Group Policy

Windows Domain Awareness

Detects domain membership and domain-controller roles per device, surfacing a dedicated domain view for the endpoints that have one — joined or standalone, at a glance.

Get-ADDomainController · netdom

SMART Drive Health

Continuous SMART failure prediction monitoring on all physical drives. Warning indicators surface in the fleet dashboard the moment a drive signals imminent failure — before data loss occurs.

MSStorageDriver_FailurePredictStatus · WMI
Relay Architecture

No inbound ports. No VPN.
No shared credentials.

The agent initiates a persistent outbound WebSocket connection to the Palisade relay. Your firewall never sees inbound traffic from the platform. The endpoint is not reachable directly from the public internet at any point during operation.

  • Agent connects outbound — works behind CGNAT and strict corporate firewalls
  • Every command is authenticated at the relay before forwarding
  • TLS encrypted in transit end-to-end
  • No shared admin credentials distributed to operators
AGENT
Windows Endpoint
Agent service — outbound only No open ports on the host
outbound · authenticated · encrypted
RELAY
Palisade Relay
Authenticated WebSocket tunnel TLS 1.3 · token-scoped sessions
outbound · authenticated · encrypted
CLIENT
Browser Dashboard
Any modern browser No client software or plugins
Security

Built to be trusted with SYSTEM-level access.

Palisade grants real administrative control, so the platform is engineered to match it — multi-factor auth, granular role-based permissions, encrypted secrets, and strict per-tenant isolation, with every privileged action gated and logged.

MFA + hashed sessions

TOTP two-factor; session tokens stored only as SHA-256 digests, with server-side expiry and step-up re-auth for sensitive actions.

Granular RBAC

Per-capability permissions per role, plus a per-message allowlist on the agent channel — one tool's access never becomes another's.

Encrypted at rest

AES-256-GCM envelope encryption with domain-separated keys; bcrypt passwords; optional Vault / KMS transit.

Per-tenant isolation

Every device, credential, and audit record is scoped to its organization on every operation — cross-tenant reads aren't expressible.

Outbound-only agent

No inbound ports, no VPN, no exposed RDP. The agent dials out over TLS 1.2+; the endpoint is never internet-reachable.

Audit logging

Append-only, per-network action trail with retention — who did what, where, and when.

Read the full security architecture
Operational Impact

Stop taking over desktops.

Conventional RDP workflow
  • Call the user and ask them to step away from their machine
  • Initiate RDP — their session locks or goes black
  • Perform the task while blocking their work entirely
  • Repeat for every routine operation across every device
  • Slow queues, frustrated users, unnecessary call volume
Palisade workflow
  • Open the device panel — it is already there in the browser
  • Run PowerShell, kill a process, or reset a password in the background
  • The user's session is never interrupted or taken over
  • Same operation across 20 devices — no phone calls, no coordination
  • Faster resolution time, zero disruption, consistent operations
Deployment

Operational in under five minutes.

01

Create your organization

Sign up and define a network. Palisade provisions an isolated tenant — no infrastructure to configure, no certificates to manage, no VPN concentrator to deploy.

02

Deploy the agent

Download a pre-configured Windows installer from your dashboard. Run it once per endpoint. The agent enrolls, connects outbound to the relay, and begins reporting. No firewall changes required.

03

Start administering

Devices appear in your console within seconds. Open a terminal, inspect processes, manage local users, transfer files — without interrupting whoever is at the machine.

Use Cases

Built for operators, not marketing decks.

Managed Service Providers

Serve multiple client sites from a single console. Each organisation is fully isolated. Onboard a new client in minutes — enroll their devices, organise into named networks, administer immediately.

  • Per-client tenant isolation
  • Single console across all sites
  • No per-device VPN
  • Consistent tooling across every client

Internal IT Departments

Eliminate the ticket backlog that exists purely because you need desktop access for routine operations. Reset a password, restart a service, clear a print queue — without scheduling time at the user's machine.

  • No end-user coordination for routine tasks
  • Faster resolution on common incidents
  • Fleet-wide telemetry and inventory
  • Remote upgrades and decommission

Security & Infrastructure Teams

Investigate, remediate, and harden endpoints without the exposure of an open RDP session or shared admin credentials. Every action runs through a single authenticated control plane.

  • No inbound attack surface
  • Single authenticated control plane
  • Investigate processes and users remotely
  • Decommission compromised devices instantly
Palisade Networks shield
PALISADENETWORKS

Stop interrupting users to do your job.

Create an account, deploy an agent, and run your first remote PowerShell command — all in under five minutes.

Create free account