How To Change Security Policies

Send Feedback

Mobile Operators can change Security Policies after manufacture.

By following these steps, you will know how to:

  • Choose a method of delivery.
  • Query device policies before changing them.
  • Determining the settings that you want to make
  • Create a provisioning XML file that queries the device settings.
  • Optionally package the XML file for delivery and sign the package file.
  • Deliver the provisioning XML file to the device.

The following list shows the tasks that you must perform to provision a device.

  Step Topic
If you have not already done so, query the device to determine the current policies and roles that are configured.

You should always query a device before changing the settings.

How To Query Security Policies
Determine the settings or changes that you want to make.

There is a trade-off between application compatibility and device security. Although there are many policies, the following four policy options show the balance of compatibility and security.

  • Security OFF — no security checks are performed.

    For this level of security, you would set policy 4101 (Unsigned CAB) to 16 (allow USER_AUTH) and security policy 4102 (Unsigned Applications) to 1 (Enabled).

  • Prompt — The user is prompted when the source is unknown or is anonymous.
  • 3rdPartySigned — Third-party vendors that are identified though the Mobile-2-Market program are allowed access.
  • Locked — Only the OEM and Mobile Operator, or their licensed vendors, are allowed access.

    For this level of security, you would set policy 4101 (Unsigned CAB) to 0 (do not allow) and security policy 4102 (Unsigned Applications) to 0 (Disabled).

For details about each policy, see Security Policy Settings.

Selecting Security Configuration
Create a provisioning XML file that uses the SecurityPolicy Configuration Service Provider to change device settings. SecurityPolicy Configuration Service Provider

The following list shows some examples:

Test that the provisioning XML changes a Windows Mobile-based device similar to the ones that you want to update.

Thoroughly test the security settings on the device.

N/A

See Also

Customizing Security Settings | Security Policy Settings | SecurityPolicy Configuration Service Provider | Provisioning Security Settings | SecurityPolicy Configuration Service Provider Examples for OMA Client Provisioning | SecurityPolicy Configuration Service Provider Examples for OMA DM


Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.


Show: