Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

Single-Purpose Policy Settings

2/9/2009

This section describes the policies you should set on a single-purpose device, such as a device that is used only to track deliveries. In this scenario, you disable applications to prevent use other than the intended purpose.

The following sections show the policies that are available under Computer Configuration\Administrative Templates\Windows Mobile Settings. The following shows the suggested settings for the single purpose scenario.

Policy Enable Disable

Require password

X

Password time-out

Dd261795.note(en-us,TechNet.10).gifNote:
Set the value to 15 minutes maximum

X

Policy Enable Disable

Turn off POP and IMAP messaging

X

Turn off SMS and MMS messaging

X

Turn off removable storage

X

Turn off wireless LAN

X

Turn off infrared

X

Turn off Bluetooth

X

Block remote API access to ActiveSync

X

Policy Enable Disable

Block applications in-ROM

X

You should block the following applications:

  • Modem Link (ATCIUI.exe)
  • Automatic profile (autoprof.exe)
  • Network Identity and Time Zone update (autotimeupdate.exe)
  • Windows Update (autoupdate.exe)
  • OBEX transfer (beam.exe)
  • Bluetooth bond (bthbond.exe)
  • BubbleBreaker Game (BubbleBreaker.exe)
  • Calendar (calendar.exe)
  • Call notification (calnot.exe)
  • Calendar notification (calupd.exe)
  • Application catalog (catalog.exe)
  • Catalog installer (cataloginstaller.exe)
  • Customer Experience Improvement Program User Interface (ceipui.exe)
  • Event log flusher (celogflush.exe)
  • Certificate installer (CertInstaller.exe)
  • WAP provisioning provider (cfghost.exe)
  • Clock alarms (clocknot.exe)
  • Call history (clog.exe)
  • Control Panel (ctlpnl.exe)
  • Windows Application Installer upgrade for Windows Mobile 6 Professional (d0b41563-b345-4444-aa15-986e7c7fff99.exe)
  • Windows Application Installer upgrade for Windows Mobile 6 Professional (D5AB0034-8AAC-4a19-B5C4-A8B01B5BBE87.exe)
  • Diagnostic information for the event log (diaginfo.exe)
  • Watson Logging (dw.exe)
  • Fax Viewer (FaxView.exe)
  • Help system (helpstub.exe)
  • Voice tags for contacts (hotvoice.exe)
  • Pictures and video screen saver (idledetect.exe)
  • Internet Explorer (iexplore.exe)
  • Internet Sharing (IntShrUI.exe)
  • Application Catalog (launchman.exe)
  • Live Search (LiveSearch.exe)
  • Mobile Calculator (MobileCalculator.exe)
  • Microsoft Today screen helper (mstli.exe)
  • Notes (notes.exe)
  • OneNote (OneNoteMobile.exe)
  • Help program (peghelp.exe)
  • Performance Manager (perfman.exe)
  • Photo Application (pimg.exe)
  • Contacts (poutlook.exe)
  • PowerPoint Mobile (ppt.exe)
  • Profile Manager (profiles.exe)
  • Word Mobile (pword.exe)
  • Excel Mobile (pxl.exe)
  • Quicklist (quickapp.exe)
  • Remote Network/Connection Manager UI (remnet.exe)
  • Rights Management Activation (rmactivate.exe)
  • Run DLL (rundll32.exe)
  • Smartphone Settings (settings.exe)
  • Find Application (shfind.exe)
  • SI\SL Client for WAP (sicInt.exe)
  • Solitaire (solitare.exe)
  • SQM event trigger (sqmevent.exe)
  • Task Manager (taskmgr.exe)
  • Tasks (tasks.exe)
  • Microsoft SQL Server 2000 Windows CE Edition (tdsserver.exe)
  • SIM Toolkit (tkitapp.exe)
  • Outlook (tmail.exe)
  • Smartphone Solitaire (TPCsolitare.exe)
  • Desktop passthrough networking (udp2tcp.exe)
  • SQM uptime tracking (uptimesqm.exe)
  • Voice Command Configuration (VCConifg_SP.exe)
  • Voice mail (vmail.exe)
  • Voice Command (voicecmd.exe)
  • Welcome Center (wcsan.exe)
  • Welcome Startup (welcome.exe)
  • Welcome Center (WelcomeCenter.exe)
  • Windows Live Launcher (WLMLauncher.exe)
  • Windows Live Messenger (WLMMessenger.exe)
  • Windows Live Setup (WLMSetup.exe)
  • Windows Media Player (wmplayer.exe)
  • Remote Desktop (wpctsc.exe)
  • Wireless Manager (wrlsmgr.exe)
  • Zip Viewer (ZipView.exe)

You may also have to block other applications that the OEM or Mobile Operator installed on the device.

Dd261795.Caution(en-us,TechNet.10).gifCaution:
Before you enable one of the Remove unmanaged certificate policies, make sure that you used MDM Group Policy Extensions to add root certificates to the managed device. If you did not, the device will no longer connect to MDM Gateway Server because this policy removes the root certificates that MDM Group Policy Extensions did not add.

Policy Enable Disable

Remove unmanaged SPC certificates

X

Remove unmanaged privileged certificates

X

Remove unmanaged normal certificates

X

Remove unmanaged root certificates

X

Removed unmanaged intermediate certificates

X

Remove manager role permission from user

X

Block unsigned .cab file installation

X

Block unsigned theme installation

X

Block unsigned applications from running on device

X

Policy Enable Disable

Allow user to turn off Mobile VPN

X

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.