Product Documentation

Managing Windows Mobile Configurations

Oct 20, 2015

You can create several types of device management policies and configurations for your Windows Mobile devices, such as App Tunnels for secure connections to your corporate network at the app level, registry setting configurations, server settings policies, and custom XML configuration policies.

About the Windows Mobile Server Groups Collection

The Server collection in Device Manager is used to both administer existing and to add new servers to your Device Manager deployment. A default server configuration is created during the Device Manager installation.

In the Server Groups collection for Windows Mobile, you can add new access points to the server and create backup servers. You can also configure server groups. You can use server groups to do the following:

  • Create one or more backup servers (valid only if strong authentication is not enabled for the product).
  • Define several access points for connection to the server running Device Manager.
  • Provide logical grouping for multiple deployment locations.

To add a new server in the Windows Mobile server collection

To create other servers running Device Manager, you first need to create a new server group. To do so, click New group. After you create at least one group, you can then create a new server.

If a device cannot connect to the selected server, the device will attempt to connect through other servers in the same group, one after the other, following the defined order, through to the default server. To change the order in which servers are listed, you right-click a server and then click Options (or click Down).
  1. Click New server.
  2. Enter a display name for the server.
  3. Enter the IP address or fully qualified host name (FQDN) of the server.
  4. Enter the host port.
  5. Choose optional settings: SSL, use a proxy server, or use as the default server.

To edit or delete a server

  1. Click the server with the settings you want to modify and then click Update or Delete.
  2. Modify the settings and then click Update or click to confirm the deletion.

To configure device IP address ranges

By design, devices connect to the default server running Device Manager at the provided host name or IP address. For situations in which you have a LAN, WiFi, or USB connection, you can specify IP address ranges. If the Windows Mobile device has an IP address within this range, the device will connect to the server running Device Manager.
  1. Click an existing server create a new server.
  2. Click Update.
  3. Click the Device IP ranges tab.
  4. Click New IP address range.
  5. Enter the starting and ending IP addresses and then click Create. When you select a server, you can also update the server settings, such as the IP address, default server, and IP address ranges.

You must also deploy a server group to a user group on the Deployment tab.

About the Registry Collection for Windows Mobile

The Registry collection is used to configure the Windows Mobile or Windows CE registry base of the mobile devices, thus allowing for a single point for device registry management. Device Manager includes a series of step-by-step wizards, allowing for rapid setup and deployment of registry configurations.

In addition to configuring both new and existing registry values, either for the operating system or installed third-party applications, you can manage the Device Manager client configuration options. This allows for multiple client backup settings and control over network connectivity, and is included with a dedicated wizard.

A set of registry keys can only exist in a configuration. You can create different settings and then deploy them selectively to some or all of the mobile devices in the fleet. You can create a new registry configuration either manually or via the wizard. The configuration wizard includes preconfigured options for the following applications:

  • Device Manager options
  • Uninstall Device Manager client from a device
  • Scheduling
  • Connect on SMS reception / Connect on call
  • MS Exchange configuration for MS Outlook
  • Security rules
    Note: This feature is available only with the Device Manager Secure Device option.
  • Configure devices when roaming

Configuring Registry Keys by Using the Device Manager Options Wizard

Device Manager uses registry keys to store its own data in each mobile device. You can configure these options by using the Device Manager Options wizard.

Device Manager configuration backup. Device Manager client settings can be stored on the removable memory card in the mobile device. If a mobile device has to be hard reset, it will automatically retrieve the settings required to reconstruct the configuration, such as Device Manager agent, registry keys, Device Manager-related security certificates, and network configuration. For devices with more than one memory card, you can also configure a backup to a specific card.

Connect to these networks. Device Manager is authorized, if necessary, to activate connections as defined in Network Management on the mobile device:

  • User-defined Office
  • User-defined Internet
  • Built-in Office (My Work Network connection)
  • Built-in Internet (My ISP connection)

The operating mode depends on the status of the mobile device's current network connection at any given time:

Authorized and Active connection If the server running Device Manager is accessible through this network, the Device Manager agent connects to the server running Device Manager.
Unauthorized but Active connection The mode is the same as for Authorized and Active connection.
Authorized and Inactive connection The Device Manager agent will activate the connection and then connect to the server running Device Manager.
Unauthorized but Active connection The Device Manager agent will not attempt to activate the network connection.
  • Device Manager icon. This option hides or displays the Device Manager icon in the mobile device's traybar.
  • Connection time-out. This option sets the connection time-out for the device's connection to the server running Device Manager, in seconds. If the device does not connect, cancel the connection attempt.
  • Keep-alive interval. This option sets the frequency that the device will detect a connection to the server, in order to keep the connection alive.
  • Ask the user before allowing remote control. When a connection is established with the helpdesk, the remote device prompts the user to allow the helpdesk to take remote control over the mobile device through a confirmation dialog box.
  • Ask the user before allowing file transfer by the remote control tool. File transfers from a device to the server can be configured for anonymous mode on the Device Manager web console, with user confirmation of the request or with only presentation of a message to inform the user.

To uninstall Device Manager from a Windows Mobile device

It is preferable to create a special group, such as UninstallGroup, on the Users tab to uninstall Device Manager and then create a package of Device Manager option registry keys containing the uninstall option. You can then deploy this package to UninstallGroup on the Deployment tab. Thereafter, you can add a user to the UninstallGroup in order to uninstall Device Manager from the remote device.

  1. Select Uninstall XenMobile from devices.
  2. On the Deployment tab, deploy this configuration to selected users.

Configuring a Connection to Device Manager on SMS Reception or Call

This feature allows for Windows Mobile devices to be forced to connect back to the server running Device Manager when either a call or SMS from a preconfigured number is received by the device. To enhance security, a keyword must be included within the SMS message. This is particularly useful if a device is lost or stolen and needs to be remotely disabled or wiped.

To use this feature, in the Connect On SMS reception / Connect on Call dialog box, select to either connect to server when receiving a SMS message or phone from a specific number.

Configuring Exchange Server for Windows Mobile Devices

Using the Microsoft Exchange configuration for the Microsoft Outlook wizard in Device Manager, you can configure mobile email settings easily and automatically across your entire fleet of devices. The following settings will generate the appropriate registry keys to synchronize with an Exchange Server.

  • Exchange server name
  • Settings for receive emails and attachments
  • Calendar settings
  • Other settings

On the General tab, elect the appropriate device operating system type. Different configuration options are available depending on the operating system release. For instance, tasks synchronization is available for Windows Mobile 6 devices, but not for Windows Mobile 2003 or Windows Mobile 5.

If you create an Exchange tunnel, the value you enter in Server address has to be the same as the value you enter in Specify a local alias on the Tunnel tab, if you specified an alias. The server running Device Manager manages and optimizes the data stream and communication between the Exchange Server and the mobile device.

Configuring Windows Mobile Devices for Roaming Situations

The roaming settings in Device Manager for Windows Mobile devices will generate the appropriate registry keys for a better control of the wireless communications costs while traveling abroad and using other mobile operator networks than your default mobile operator (for example, the name of the mobile operator stored on the SIM card of the mobile device). In roaming situations, when the device has a cellular connectivity setup, the device will connect to the server running Device Manager according the following settings:
Note: You can select more than one setting.
  • Use on demand connection only. The device will only connect to the Device Manager server if the user manually triggers the connection using the Device Manager Agent screen on his device, or if a mobile application requests a forced connection (such as a push mail request if the Exchange Server has been set accordingly). Note that this option temporarily disables the default device connection schedule policy as defined in the Scheduling wizard within the Registry tab.
  • Block all cellular connections except the ones managed by Device Manager. Except for the data traffic officially declared in a Device Manager application tunnel or other Device Manager device management tasks, no other data will be sent or received by the device. For example, this option will disable all connections to the Internet via the device web browser (such as, Pocket IE).
  • Block all cellular connections managed by Device Manager. All application data transiting through a Device Manager tunnel will be blocked (including the Device Manager Remote Support application). However, the data traffic related to pure device management, such as the deployment of a new Device Manager package, will not be blocked.
  • Block all cellular connections to the Device Manager server. In this case, until the device is either reconnected via USB, WiFi, or via its default mobile operator cellular network, there will be no traffic transiting between the device and the Device Manager server.

In the Deployment tab, you can also configure a rule to avoid deploying a specific package (for example, XYZ) when roaming. In this case, if the Block all cellular connections managed by Device Manager option has been selected, all packages except XYZ will still be deployed even in roaming situations.

In the Tunnel tab, a given application tunnel can be forced to block all data traffic when roaming. For example, if the Block all cellular connections except the ones managed by Device Manager option has been selected, the CRM_App data traffic will still be blocked although it is managed as a Device Manager tunnel.

To configure a new registry manually

  1. Click New configuration.
  2. Enter a name. This will create a default, blank registry value set, for which you can create custom registry entries to suit your requirements.

To delete a registry key configuration

  1. Select the registry configuration to be deleted.
  2. Click Delete.
  3. When prompted, click to confirm the deletion.

To use the schedule wizard to configure connections for Windows Mobile devices

  1. On the Policies tab, click Registry Configurations and then on the Wizard menu, click Scheduling.
  2. In Scheduling configuration parameters, select the following options:
    • Do not define connection policy. The device will not reconnect unless the user clicks Connection in Device Manager.
    • Keep connection permanently live. If the connection is permanent, Device Manager on the mobile device will attempt to reconnect automatically to the server running Device Manager after a network connection loss and will monitor the connection by transmitting control packets at regular intervals. This configuration is not recommended because it consumes more battery charge and generates more network traffic.
    • Define a permanent and/or occasional connection schedule within a given time range. Keep the connection live during the following time range:
      • Define a period in which the device will stay connected to the server. Device Manager on the device will attempt to reconnect to the server running Device Manager after a network connection loss and will monitor the connection by transmitting control packets at regular intervals.
      • Force one connection during the time range below. The connection will automatically shut down once updates have taken effect. This option forces a scheduled, one-time connection to the server, in particular to check for availability of new deployments. To avoid a connection peak at the beginning of the selected range, the relevant devices will connect randomly during the defined range. Device Manager on the device will only reconnect after a network connection loss if an operation was in progress. The server running Device Manager will likewise terminate the connection after an inactive period.
        Note: Both of the preceding options include an option to see the schedule to the local device clock or to UTC time.