Security Policies
Security policies are used for configuring security settings that are then enforced with the help of security roles and certificates. They provide the flexibility to control the level of security on the device. The policies are defined globally and enforced locally in their respective components.
The security policies are loaded onto Microsoft Windows Mobile devices in a security policy provisioning document, which is an Extensible Markup Language (XML) file that is assigned the correct security role to apply the security settings to the device. These security policies are enforced at critical points across the architecture of the device. Often, these policies will interact with Configuration Manager and the metabase security settings. When the security policy document is delivered to the device, it is validated and verified by the Push Router, administered by Configuration Manager, and then applied by the SecurityPolicy Configuration Service Provider .
Windows Mobile devices contain a default policy document. For the individual policy settings in the default policy document, refer to the Default value for each security policy in the Description column of the Security Policy Settings table. For the default metabase settings associated with each Configuration Service Provider, see Configuration Service Provider Reference for Windows Mobile Devices.
Security Policies for Smartphone and Pocket PC
The following list shows the security policies that can be configured over the air for Smartphone and Pocket PC.
| Security Policy | Smartphone | Pocket PC |
|---|---|---|
| AutoRun | Yes | Yes |
| Grant Manager | Yes | Yes |
| Grant User Authenticated | Yes | Yes |
| Message Authentication | Yes | Yes |
| OTA Provisioning | Yes | Yes |
| PrivilegedApps | Yes | No |
| RAPI | Yes | No |
| Service Indication | Yes | No |
| Service Loading | Yes | No |
| Trusted Provisioning Server | Yes | Yes |
| Trusted WAP | Yes | Yes |
| Unauthenticated Messages | Yes | Yes |
| Unsigned Applications | Yes | No |
| Unsigned CABS | Yes | Yes |
| Unsigned Prompt | Yes | No |
| Unsigned Themes | Yes | No |
| WAP Signed Message | Yes | Yes |
| WSP Push | Yes | Yes |
See Also
Security for Windows Mobile Devices | Application Trust Levels | Security Policy Settings
Send feedback on this topic to the authors.
© 2005 Microsoft Corporation. All rights reserved.