Share via


Testing How an Application Will Behave Under Different Security Configurations

4/8/2010

After you have the SDK certificates on your device, you can change the security configuration of the device when you want. The Tools\SecurityConfiguration directory in the SDK contains a set of .cpf files (one per security configuration) and a readme.txt file with instructions about how to apply the files. Also, the Tools\RapiSecurity directory contains .cpf files that change the security policy for RAPI.

Additional Tools

The SDK ships with a sample application, called SecurityViewer, that queries the security configuration of the device. It runs on the device and displays the security configuration, the values of all the security policies, and all the certificates on the device. This application must run privileged, and so the Visual Studio solution file for this sample is set up to sign the application with the SDK privileged certificate.

To get the value of an individual security policy from your code, call the QueryPolicy method in DevMgmt.h. Your code does not need to run privileged to call this method.

To get or set the security configuration of a device from the desktop computer, you can use rapiconfig.exe, which is in the Tools directory of the SDK. On the command line to Rapiconfig.exe, pass the name of an XML configuration file. You can use the files in the Tools\SecurityConfiguration directory as examples. Note that you must have sufficient permissions to get or set the security configuration, which means the RAPI security policy must already be set to Allowed. You can set this policy with Tools\RapiSecurity\RapiAllowed.cpf if the SDK certificates are on the device.

To get or set the security configuration of a device from your own code, you can call the DMProcessConfigXML method in CfgMgrApi.h from C/C++ code, or Microsoft.WindowsMobile.Configuration from C# or Visual Basic .NET code. You can use the XML files in the Tools\SecurityConfiguration directory as examples of input to these APIs. Your code must run privileged.