How to: Configure Security on Windows Mobile Devices from a Command Prompt
RapiConfig.exe is a desktop configuration tool that enables you to manage a Windows Mobile-based device's security model from a command prompt by using a Windows Mobile Device Center or ActiveSync connection.
When running RapiConfig.exe, you must specify an XML configuration file that defines what actions to perform on the device. Visual Studio includes several sample XML provisioning files to perform the following tasks:
Provision a device with a security model.
Query a device for its security model.
Add and remove certificates.
Sample XML provisioning files and RapiConfig.exe are located at drive:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\SDKTools. For more information, see Provisioning From a Desktop Computer Using Remote API and ActiveSync and Provisioning for Windows Mobile-Based Devices.
Provision a Device with a Security Model
You can set the security model of a device explicitly to test an application under the various security models. If the device is already locked by the original equipment manufacturer (OEM), then provisioning a different security model might not be possible. However, if the device is not locked, you can provision it with any security model.
The following security model XML files are included with Visual Studio. The default location is drive:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\SDKTools\SecurityModels.
Locked.xml sets the following two-tier security model:
Prompt before running applications.
Do not run unsigned applications.
Prompt.xml sets the following two-tier security model:
Prompt before running applications.
Run unsigned applications as unprivileged.
Open.xml sets the following one-tier security model:
Do not prompt.
Run signed and unsigned applications as privileged.
To provision a device with a security model
Establish an ActiveSync connection to the device.
Type the following command at a command prompt, where securityfile.xml is the security model XML file:
RapiConfig.exe /P /M <securityfile.xml>
Query a Device for its Security Model
You can query a device to see what certificates are already installed in the device certificate store. You can use that information to select a certificate to sign your application.
Querying is accomplished by running RapiConfig.exe and passing in a StoreQuery XML file, which contains the certificate store query. RapiConfig.exe then outputs an XML file that contains the result of the query.
- RapiConfig.exe, CertStoreQuery.xml, and several sample xml query files are located by default at drive:\Program Files\Microsoft Visual Studio 9.0\SmartDevices\SDK\SDKTools.
To query a device for its security model
Establish an ActiveSync connection to the device.
Type the following command at a command prompt, where certstorequery.xml is the certificate store query XML file:
Rapiconfig.exe /P /M <certstorequery.xml>
View the generated RapiConfigOut.xml file.