Default Security Policy Settings for Windows Mobile-Based Devices
The following topics shows the default security policy settings:
- Default Security Policy Settings for Windows Mobile-based Pocket PC
- Default Security Policy Settings for Windows Mobile-based Smartphone
Default Security Policy Settings for Windows Mobile-based Pocket PC
The following code shows the default security policy settings for Windows Mobile-based Pocket PC:
; AutoRun Policy
; Value: 0 - Applications on a CF card are allowed to auto-run
;[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
; "00000002"=dword:0
; RAPI Policy
; Value: 2 - RAPI calls in restricted mode
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001001"=dword:2
; Unsigned cabs role
; (default: SECROLE_USERAUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001005"=dword:10
; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001006"=dword:1
; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001007"=dword:40
; TPS Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001008"=dword:1
; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001009"=dword:3
; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100b"=dword:c80
; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100d"=dword:c00
; Unauthenticated Message Policy
; Value: 64 - USER_UNAUTH
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100e"=dword:40
; OTA Provisioning Policy
; (default: OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100f"=dword:e90
; WSP Push Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001011"=dword:1
; Grant Manager Policy
; (default: OPERATOR_TPS for phone skus; USER_AUTH for non-phone skus)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
IF SKUTYPE=PHONESKU
"00001017"=dword:80
ENDIF ; SKUTYPE=PHONESKU
IF SKUTYPE=PHONESKU !
"00001017"=dword:10
ENDIF ; SKUTYPE=PHONESKU !
; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001018"=dword:10
; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001019"=dword:8c
; Unsigned Prompt Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000101a"=dword:0
; Privileged Apps Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000101b"=dword:1
; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001021"=dword:c00
Default Security Policy Settings for Windows Mobile-based Smartphone
The following code shows the default security policy settings for Windows Mobile-based Smartphone:
; RAPI Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001001"=dword:2
; Unsigned cabs role
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001005"=dword:10
; Unsigned Applications Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001006"=dword:1
; UNAUTHENTICATED role is used for processing Homescreens
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001007"=dword:40
; TPS Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001008"=dword:1
; Message Authentication Retry Number Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001009"=dword:3
; WAP Signed Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED | SECROLE_OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100b"=dword:c80
; SL Message Policy
; (default: SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100c"=dword:800
; SI Message Policy
; (default: SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100d"=dword:c00
; Unauthenticated Message Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100e"=dword:40
; OTA Provisioning Policy
; (default: OPERATOR_TPS | SECROLE_PPG_TRUSTED | SECROLE_PPG_AUTH | SECROLE_TRUSTED_PPG | USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"0000100f"=dword:e90
; WSP Push Policy
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001011"=dword:1
; Grant Manager Policy
; (default: OPERATOR_TPS)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001017"=dword:80
; Grant User Auth Policy
; (default: USER_AUTH)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001018"=dword:10
; Trust WAP Proxy Policy
; (default: OPERATOR | OPERATOR_TPS | MANAGER)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001019"=dword:8c
; Unsigned Prompt Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).
; Privileged Apps Policy
;If the registry value is not present, the behavior is the same as setting the value to 0 (zero).
; DRM Security Policy
; (default SECROLE_PPG_AUTH | SECROLE_PPG_TRUSTED)
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001021"=dword:c00
See Also
Security Policies | Security Policy Settings | Security Roles | Metabase Configuration Service Provider
Send Feedback on this topic to the authors