Device Management Migration from Windows Mobile Version 5.0
4/8/2010
This topic lists the changes in architecture and protocols used to manage devices from Windows Mobile Version 5.0 to Windows Mobile 6.5 devices.
OMA DM Support Changes
In Windows Mobile 6.5, Device Management has added support for OMA DM version 1.2. This new OMA DM version is compatible with both GSM and CDMA networks.
The following table shows the new components that were added to support this new OMA DM version.
Component | Comment |
---|---|
Allows an OMA DM v1.2 server to handle OMA DM account objects. The server can use this Configuration Service Provider to add a new account or to manage an existing account, including an account that was bootstrapped by using the w7 APPLICATION Configuration Service Provider. > [!NOTE] > To change an account using an OMA DM v1.1.2 server, you would still use the DMAcc Configuration Service Provider. |
|
Used in remote device management. The OMA DM version 1.2 client is backward compatible with the OMA DM version 1.1.2 server. Through a new registry key, you can indicate whether the DM client should attempt to deliver a package using an earlier OMA DM version when delivery of an OMA DM version 1.2 package fails. You can also indicate the number of times that the DM client attempts to establish a connection to the DM version 1.2 server, and the length of time to wait after a connection is lost before attempting to connect again. |
|
Enables the device to send image update final result back to the OMA DM server over the generic alert (1226) element, and updates the State node in FwUpdate Configuration Service Provider with the downloading and installing states. It enables the server to query the current state of image update package downloading and installation. The following list shows other functionality:
For more information, see the following topics: |
|
Device ID |
A new Microsoft custom parameter, UseHwDevID, was added to the w7 APPLICATION Configuration Servise Provider, the DMS Configuration Service Provider and the DMAcc Configuration Service Provider to specify whether to identify the device by using the hardware ID for the /DevInfo/DevID node in the DM account and in the Source LocURI element in SyncHdr for the package that is sent to the server. By default, an application-specific GUID is used as the device ID. It is in the format of: urn:uuid:xxxx. If the UseHwDevID value is True, then IMEI is used as device ID for a GSM device (IMEI:xxxx), and ESN is used for a CDMA device (ESN:xxxx). For more information, see the following topics: |
State node in the FwUpdate Configuration Service Provider |
The state node value in FwUpdate Configuration Service Provider was changed to reflect update status. The value of this node indicates the state of the mobile device after an attempt to update the firmware or download update packages. This value indicates the state achieved following the invocation of an Exec command. |
WAP Binary XML (WBXML) support |
The use of WBXML is now supported to reduce the size of data transmissions required for OMA DM. For more information about WBXML, see: WBXML and Windows Mobile Devices. |
Support for transferring OMA DM messages in XML or WBXML. |
Windows Mobile 6.5 supports transferring messages in XML or in WBXML. Whether the DM client should use WBXML or XML for the DM package when it communicates with the server is configured during the bootstrap process. It is configured by using the Microsoft custom parameter DefaultEncoding in the following Configuration Service Providers:
For more information about WBXML and OMA DM see WBXML and OMA DM. |
For information about the server requirements, see Server Requirements for OTA Firmware Update.
A new parameter, Protover, specifies the OMA DM protocol version that the DM server supports. This parameter was added to the w7 APPLICATION Configuration Service Provider and the DMS Configuration Service Provider. No default value is assumed. The protocol version this parameter sets will match the protocol version that the DM client reports to the server in SyncHdr in package 1. For more information, see w7 APPLICATION Configuration Service Provider and DMS Configuration Service Provider.
You can now bootstrap the OMA DM server to return the device hardware ID, which is the IMEI for a GSM device or the ESN for a CDMA device. For more information, see Bootstrapping To Return the Device Hardware ID.
The DM server that supports OMA DM version 1.2 can support a nonce resynchronization request per the OMA DM specification located at this OMA Web site. By default, nonce resynchronization is not turned on for Windows Mobile devices. You can turn it on when you bootstrap the device with DM server access information. For more information about nonce resynchronization, see OMA DM MD5 Authentication Nonce.
Security Policy Changes
The following new policies have been added or changed:
Policy ID | Policy setting | Description of change |
---|---|---|
4107 |
WAP Signed Message Policy SECPOLICY_WAPSIGNEDMSG |
Deprecated, but is supported for backward compatibility. You can only set this policy. An error occurs if you attempt to query the policy either through the SecurityPolicies Configuration Service Provider or by using QueryPolicy. Policies 4141, 4142, and 4143 replace this policy. |
4111 |
OTA Provisioning Policy SECPOLICY_OTAPROVISIONING |
The default value was changed to 3732. |
4125 |
Signed Mail Policy SECPOLICY_USESIGN |
Deprecated. Use SECPOLICY_SMIMESIGNING (4137) and SECPOLICY_SMIMESIGNINGALGORITHM (4139) instead. |
4126 |
Encrypt Message Policy SECPOLICY_USEENCRYPT |
Deprecated. Use policies for SECPOLICY_SMIMEENCRYPTION (4138) and SECPOLICY_SMIMEENCRYPTIONALGORITHM (4140) instead. |
4133 |
Desktop Unlock SECPOLICY_LASS_DESKTOP |
Deprecated. Use SECPOLICY_LASS_DESKTOP_QUICK_CONNECT (4146) instead. |
4134 |
Encrypt Removable Storage Policy SECPOLICY_MENCRYPT_REMOVABLE |
A new policy that specifies if the user is allowed to change mobile encryption settings for the removable storage media. |
4135 |
Bluetooth Policy SECPOLICY_BLUETOOTH |
A new policy that specifies if a Bluetooth enabled device allows other devices to perform a search on the device. |
4136 |
HTML Message Policy SECPOLICY_HTML_MESSAGE |
A new policy that specifies whether message transports will allow HTML messages. |
4137 |
SMIME Signing Policy SECPOLICY_SMIMESIGNING |
A new policy that specifies whether the inbox application will send all messages signed. |
4138 |
SMIME Encryption Policy SECPOLICY_SMIMEENCRYPTION |
A new policy that specifies whether the inbox application will send all messages encrypted. |
4139 |
SMIME Signing Algorithm Policy SECPOLICY_SMIMESIGNINGALGORITHM |
A new policy that specifies which algorithm to use to sign a message. |
4140 |
SMIME Encryption Algorithm Policy SECPOLICY_SMIMEENCRYPTIONALGORITHM |
A new policy that specifies which algorithm to use to encrypt a message. |
4141 |
OMA CP Network PIN Policy SECPOLICY_OMACPNETWPINMSG |
A new policy that determines whether OMA CP NETWPIN signed message can be accepted. |
4142 |
OMA CP User PIN Policy SECPOLICY_OMACPUSERPINMSG |
A new policy that determines whether OMA CP USERPIN signed and USERMAC signed message can be accepted. |
4143 |
OMA CP User Network PIN Policy SECPOLICY_OMACPUSERNETWPINMSG |
A new policy that determines whether OMA Client provisioning USERNETWPIN signed message can be accepted. |
4144 |
Message Encryption Negotiation Policy SECPOLICY_SMIMEENCRYPTIONNEGOTIATION |
A new policy in that specifies whether the inbox application can negotiate the encryption algorithm in case a recipient's certificate does not support specified algorithm. |
4145 |
SharePoint Access Policy SECPOLICY_SHAREPOINTUNCPROTOCOLACCESS |
A new policy that enables or disables Outlook Mobile Share or UNC access to the ActiveSync protocol to get documents. |
4146 |
Desktop Quick Connect Authentication Policy SECPOLICY_LASS_DESKTOP_QUICK_CONNECT |
A new policy that specifies how the desktop should handle quick connect authentication. |
The new policies 4141, 4142, and 4143 were added to represent any WAP Push gateway. They replace the WAP Signed Message Policy (4107). These new policies support broader scenarios than policy 4107 did. By default, the new policies values have the same result as that of policy 4107.
Note
Policy 4107 has been deprecated, but is supported for backward compatibility. Usage of these 3 new policies is mutual excluded with policy 4107.
These policies can be set by the SecurityPolicy Configuration Service Provider. These policies handle the following push roles:
- SECROLE_KNOWN_PPG
- SECROLE_TRUSTED_PPG
- SECROLE_PPG_TRUSTED
- SECROLE_PPG_AUTH
- SECROLE_OPERATOR_TPS
- SECROLE_ANY_PUSH_SOURCE (new role in Windows Mobile 6.5, value 4096)
If any other role attempts to set these policies by using the SecurityPolicy Configuration Service Provider, the CFGMGR_E_COMMANDNOTALLOWED error occurs.
For more information about security policies, see Security Policy Settings.
Other Changes
The DeviceInformation Configuration Service Provider is supported in Windows Mobile Professional and Windows Mobile Classic devices.
Windows Mobile 6.5 supports OMA DM MD5 Authentication Nonce resynchronization protocol to recover from instances where the client and server loose synchronization. For more information about OMA DM MD5 Authentication Nonce resynchronization protocol see: OMA DM MD5 Authentication Nonce.