Enterprise Security Policy for PDAs

Hi VenkartDR:

A good place to start looking is the Windows Mobile Pocket PC 2003 SDK and/or the Windows Mobile Smartphone 2003 SDK. You can find both of these packages on the www.microsoft.com\mobile site. Search on “Configurations Service Providers” and “Security and Security Policies” to locate specific security policies for the Pocket PC and the Smartphone. You will be able to find a number of configuration service providers that you can manage at an enterprise level. Below is a list of the Configuration Service Providers that can be found in the help.

A new Technet presentation called Windows Mobile Platform Security Drilldown for the Enterprise (Level 300) can be found here http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032276838&Culture=en-US. To view the recording, you will have to register with your Microsoft passport.

Currently, the Windows Mobile Platform does not support any file system encryption natively. There are a number of third party products that enable file system encryption. You can search on the following site.

http://www.microsoft.com/windowsmobile/providers/mpdsearch.aspx. Some of the companies listed are F-Secure, PointSec, and Credant.

Configuration Service Providers

CSP	Description	Available for Smartphone	Available for Pocket PC
Bluetooth	Configures the Bluetooth operation mode.	Yes	No
BOOTSTRAP	Sets the TPS for the device.	Yes	Yes
BrowserFavorite	Adds and removes URLs from the favorites list on a device.	Yes	Yes
CertificateStore	Adds security certificates and role masks to the device's certificate store.	Yes	Yes
Clock	Sets the time and date on the device.	Yes	No
CM_GPRSEntries	Configures the General Packet Radio Services (GPRS) entries on the device.	Yes	Yes
CM_Mappings	Configures the URL mapping table.	Yes	Yes
CM_NetEntries	Configures additional network entries on the device — for example, Pass-through Connection network entries.	Yes	Yes
CM_Networks	Configures network connections on the device.	Yes	Yes
CM_Planner	Configures the preferred connections for Connection Manager.	Yes	Yes
CM_PPPEntries	Configures the Point-to-Point Protocol (PPP) entries on the device.	Yes	Yes
CM_ProxyEntries	Configures proxy connections on the device.	Yes	Yes
CM_VPNEntries	Configures the Virtual Private Network (VPN) entries on the device.	Yes	Yes
CM_WiFiEntries	Configures the wireless network (WiFi) entries on the device.	No	Yes
EMAIL2	Configures Internet Protocol e-mail services for the device.	Yes	Yes
FileOperation	Manages files and directories on the device.	Yes	No
Home	Configures the Home screen on the device.	Yes	No
Install	Handles the loading and unloading of setup.dll during installation and removal of applications.	Yes	Yes
LoaderRevocation	Used to to add, remove, and query certificate or binary hashes in the revocation list.	Yes	No
Locale	Configures regional settings on the device.	Yes	No
Metabase	Used to add, modify, and remove entries from the metabase.	Yes	Yes
NAPDEF	Adds, modifies, and deletes WAP network access point definitions (NAPDEFs) and their settings.	Yes	Yes
Obex	Configures the Obex server, which performs Bluetooth and infrared beaming.	Yes	No
PXLOGICAL	Adds, removes, and modifies WAP logical and physical proxies.	Yes	Yes
Registry	Configures the registry on the device.	Yes	Yes
Security Policy	Configures the security policy settings of the device.	Yes	Yes
Sounds	Configures the sounds associated with various events on the device.	Yes	No
Sync	Configures the synchronization settings on the device.	Yes	Yes
TAPI	Configures the Global System for Mobile Communications (GSM) telephony settings on the device.	Yes	No
UnInstall	Removes applications from the device.	Yes	No

Thanks,
jocamill@online.microsoft.com

jocamill at 2007-9-9 >