Minimum Policy Settings
2/9/2009
This section shows the minimum recommended policy settings for a managed Windows Mobile device.
The following shows the policies that are available under Computer Configuration\Administrative Templates\Windows Mobile Settings. Also shown are the suggested settings for the single purpose scenario.
Password Policies
| Policy | Enable | Disable |
|---|---|---|
Require password |
X |
|
Password time-out .gif "Dd252776.note(en-us,TechNet.10).gif") Note:
Set the value to 15 minutes maximum
|
X |
Security Policies
Warning
Before you enable one of the Remove unmanaged certificate policies, make sure that you used MDM Group Policy Extensions to add root certificates to the managed device. If you did not, the device will no longer connect to MDM Gateway Server because this policy removes the root certificates that MDM Group Policy Extensions did not add.
| Policy | Enable | Disable |
|---|---|---|
Remove unmanaged SPC certificates |
X |
|
Remove unmanaged privileged certificates |
X |
|
Remove unmanaged normal certificates |
X |
|
Remove unmanaged root certificates |
X |
|
Removed unmanaged intermediate certificates |
X |
|
Remove manager role permission from user |
X |
|
Block unsigned .cab file installation |
X |
|
Block unsigned theme installation |
X |
|
Block unsigned applications from running on device |
X |