Share via


Default Security Policy Settings for Windows Mobile-Based Devices

Send Feedback

The following topics shows the default security policy settings:

  • Default Security Policy Settings for Windows Mobile-based Pocket PC
  • Default Security Policy Settings for Windows Mobile-based Smartphone

Default Security Policy Settings for Windows Mobile-based Pocket PC

The following code shows the default security policy settings for Windows Mobile-based Pocket PC:

; AutoRun Policy
; Value: 0 - Applications on a CF card are allowed to auto-run
;[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
;    "00000002"=dword:0

; RAPI Policy
; Value: 2 - RAPI calls in restricted mode
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001001"=dword:2

; Unsigned cabs role
; (default: SECROLE_USERAUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001005"=dword:10

; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001006"=dword:1

; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001007"=dword:40

; TPS Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001008"=dword:1

; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001009"=dword:3

; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100b"=dword:c80

; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100c"=dword:800

; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100d"=dword:c00

; Unauthenticated Message Policy
; Value: 64 - USER_UNAUTH
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100e"=dword:40

; OTA Provisioning Policy
; (default: OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100f"=dword:e90

; WSP Push Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001011"=dword:1

; Grant Manager Policy
; (default: OPERATOR_TPS for phone skus; USER_AUTH for non-phone skus)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
IF SKUTYPE=PHONESKU
    "00001017"=dword:80
ENDIF ; SKUTYPE=PHONESKU
IF SKUTYPE=PHONESKU !
    "00001017"=dword:10
ENDIF ; SKUTYPE=PHONESKU !

; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001018"=dword:10

; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001019"=dword:8c

; Unsigned Prompt Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000101a"=dword:0

; Privileged Apps Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000101b"=dword:1

; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001021"=dword:c00

Default Security Policy Settings for Windows Mobile-based Smartphone

The following code shows the default security policy settings for Windows Mobile-based Smartphone:

; RAPI Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001001"=dword:2

; Unsigned cabs role
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001005"=dword:10

; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001006"=dword:1

; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001007"=dword:40

; TPS Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001008"=dword:1

; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001009"=dword:3

; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100b"=dword:c80

; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100c"=dword:800

; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100d"=dword:c00

; Unauthenticated Message Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100e"=dword:40

; OTA Provisioning Policy
; (default:  OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "0000100f"=dword:e90

; WSP Push Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001011"=dword:1

; Grant Manager Policy
; (default: OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001017"=dword:80

; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001018"=dword:10

; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001019"=dword:8c

; Unsigned Prompt Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).

; Privileged Apps Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).

; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
    "00001021"=dword:c00

See Also

Security Policies | Security Policy Settings | Security Roles | Metabase Configuration Service Provider

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.