Partager via


Device Management Migration from Windows Mobile Version 5.0

4/8/2010

This topic lists the changes in architecture and protocols used to manage devices from Windows Mobile Version 5.0 to Windows Mobile 6.5 devices.

OMA DM Support Changes

In Windows Mobile 6.5, Device Management has added support for OMA DM version 1.2. This new OMA DM version is compatible with both GSM and CDMA networks.

The following table shows the new components that were added to support this new OMA DM version.

Component Comment

DMS Configuration Service Provider

Allows an OMA DM v1.2 server to handle OMA DM account objects. The server can use this Configuration Service Provider to add a new account or to manage an existing account, including an account that was bootstrapped by using the w7 APPLICATION Configuration Service Provider.

> [!NOTE] > To change an account using an OMA DM v1.1.2 server, you would still use the DMAcc Configuration Service Provider.

OMA DM Client Connection Retry

Used in remote device management. The OMA DM version 1.2 client is backward compatible with the OMA DM version 1.1.2 server. Through a new registry key, you can indicate whether the DM client should attempt to deliver a package using an earlier OMA DM version when delivery of an OMA DM version 1.2 package fails. You can also indicate the number of times that the DM client attempts to establish a connection to the DM version 1.2 server, and the length of time to wait after a connection is lost before attempting to connect again.

Firmware Update Final Notification

Enables the device to send image update final result back to the OMA DM server over the generic alert (1226) element, and updates the State node in FwUpdate Configuration Service Provider with the downloading and installing states.

It enables the server to query the current state of image update package downloading and installation. The following list shows other functionality:

  • If the image update package download fails, the device notifies the OMA DM server with failure reason
  • If the image update package installation succeeds, the device notifies the OMA DM server
  • If the image update package installation fails, the device notifies the OMA DM server with failure code
  • If the super package is sent to the device, the result of whole super package is sent back to the server

For more information, see the following topics:

Device ID

A new Microsoft custom parameter, UseHwDevID, was added to the w7 APPLICATION Configuration Servise Provider, the DMS Configuration Service Provider and the DMAcc Configuration Service Provider to specify whether to identify the device by using the hardware ID for the /DevInfo/DevID node in the DM account and in the Source LocURI element in SyncHdr for the package that is sent to the server.

By default, an application-specific GUID is used as the device ID. It is in the format of: urn:uuid:xxxx. If the UseHwDevID value is True, then IMEI is used as device ID for a GSM device (IMEI:xxxx), and ESN is used for a CDMA device (ESN:xxxx).

For more information, see the following topics:

State node in the FwUpdate Configuration Service Provider

The state node value in FwUpdate Configuration Service Provider was changed to reflect update status. The value of this node indicates the state of the mobile device after an attempt to update the firmware or download update packages. This value indicates the state achieved following the invocation of an Exec command.

WAP Binary XML (WBXML) support

The use of WBXML is now supported to reduce the size of data transmissions required for OMA DM. For more information about WBXML, see: WBXML and Windows Mobile Devices.

Support for transferring OMA DM messages in XML or WBXML.

Windows Mobile 6.5 supports transferring messages in XML or in WBXML. Whether the DM client should use WBXML or XML for the DM package when it communicates with the server is configured during the bootstrap process. It is configured by using the Microsoft custom parameter DefaultEncoding in the following Configuration Service Providers:

For more information about WBXML and OMA DM see WBXML and OMA DM.

For information about the server requirements, see Server Requirements for OTA Firmware Update.

A new parameter, Protover, specifies the OMA DM protocol version that the DM server supports. This parameter was added to the w7 APPLICATION Configuration Service Provider and the DMS Configuration Service Provider. No default value is assumed. The protocol version this parameter sets will match the protocol version that the DM client reports to the server in SyncHdr in package 1. For more information, see w7 APPLICATION Configuration Service Provider and DMS Configuration Service Provider.

You can now bootstrap the OMA DM server to return the device hardware ID, which is the IMEI for a GSM device or the ESN for a CDMA device. For more information, see Bootstrapping To Return the Device Hardware ID.

The DM server that supports OMA DM version 1.2 can support a nonce resynchronization request per the OMA DM specification located at this OMA Web site. By default, nonce resynchronization is not turned on for Windows Mobile devices. You can turn it on when you bootstrap the device with DM server access information. For more information about nonce resynchronization, see OMA DM MD5 Authentication Nonce.

Security Policy Changes

The following new policies have been added or changed:

Policy ID Policy setting Description of change

4107

WAP Signed Message Policy

SECPOLICY_WAPSIGNEDMSG

Deprecated, but is supported for backward compatibility.

You can only set this policy. An error occurs if you attempt to query the policy either through the SecurityPolicies Configuration Service Provider or by using QueryPolicy.

Policies 4141, 4142, and 4143 replace this policy.

4111

OTA Provisioning Policy

SECPOLICY_OTAPROVISIONING

The default value was changed to 3732.

4125

Signed Mail Policy

SECPOLICY_USESIGN

Deprecated. Use SECPOLICY_SMIMESIGNING (4137) and SECPOLICY_SMIMESIGNINGALGORITHM (4139) instead.

4126

Encrypt Message Policy

SECPOLICY_USEENCRYPT

Deprecated. Use policies for SECPOLICY_SMIMEENCRYPTION (4138) and SECPOLICY_SMIMEENCRYPTIONALGORITHM (4140) instead.

4133

Desktop Unlock

SECPOLICY_LASS_DESKTOP

Deprecated. Use SECPOLICY_LASS_DESKTOP_QUICK_CONNECT (4146) instead.

4134

Encrypt Removable Storage Policy

SECPOLICY_MENCRYPT_REMOVABLE

A new policy that specifies if the user is allowed to change mobile encryption settings for the removable storage media.

4135

Bluetooth Policy

SECPOLICY_BLUETOOTH

A new policy that specifies if a Bluetooth enabled device allows other devices to perform a search on the device.

4136

HTML Message Policy

SECPOLICY_HTML_MESSAGE

A new policy that specifies whether message transports will allow HTML messages.

4137

SMIME Signing Policy

SECPOLICY_SMIMESIGNING

A new policy that specifies whether the inbox application will send all messages signed.

4138

SMIME Encryption Policy

SECPOLICY_SMIMEENCRYPTION

A new policy that specifies whether the inbox application will send all messages encrypted.

4139

SMIME Signing Algorithm Policy

SECPOLICY_SMIMESIGNINGALGORITHM

A new policy that specifies which algorithm to use to sign a message.

4140

SMIME Encryption Algorithm Policy

SECPOLICY_SMIMEENCRYPTIONALGORITHM

A new policy that specifies which algorithm to use to encrypt a message.

4141

OMA CP Network PIN Policy

SECPOLICY_OMACPNETWPINMSG

A new policy that determines whether OMA CP NETWPIN signed message can be accepted.

4142

OMA CP User PIN Policy

SECPOLICY_OMACPUSERPINMSG

A new policy that determines whether OMA CP USERPIN signed and USERMAC signed message can be accepted.

4143

OMA CP User Network PIN Policy

SECPOLICY_OMACPUSERNETWPINMSG

A new policy that determines whether OMA Client provisioning USERNETWPIN signed message can be accepted.

4144

Message Encryption Negotiation Policy

SECPOLICY_SMIMEENCRYPTIONNEGOTIATION

A new policy in that specifies whether the inbox application can negotiate the encryption algorithm in case a recipient's certificate does not support specified algorithm.

4145

SharePoint Access Policy

SECPOLICY_SHAREPOINTUNCPROTOCOLACCESS

A new policy that enables or disables Outlook Mobile Share or UNC access to the ActiveSync protocol to get documents.

4146

Desktop Quick Connect Authentication Policy

SECPOLICY_LASS_DESKTOP_QUICK_CONNECT

A new policy that specifies how the desktop should handle quick connect authentication.

The new policies 4141, 4142, and 4143 were added to represent any WAP Push gateway. They replace the WAP Signed Message Policy (4107). These new policies support broader scenarios than policy 4107 did. By default, the new policies values have the same result as that of policy 4107.

Note

Policy 4107 has been deprecated, but is supported for backward compatibility. Usage of these 3 new policies is mutual excluded with policy 4107.

These policies can be set by the SecurityPolicy Configuration Service Provider. These policies handle the following push roles:

  • SECROLE_KNOWN_PPG
  • SECROLE_TRUSTED_PPG
  • SECROLE_PPG_TRUSTED
  • SECROLE_PPG_AUTH
  • SECROLE_OPERATOR_TPS
  • SECROLE_ANY_PUSH_SOURCE (new role in Windows Mobile 6.5, value 4096)

If any other role attempts to set these policies by using the SecurityPolicy Configuration Service Provider, the CFGMGR_E_COMMANDNOTALLOWED error occurs.

For more information about security policies, see Security Policy Settings.

Other Changes

The DeviceInformation Configuration Service Provider is supported in Windows Mobile Professional and Windows Mobile Classic devices.

Windows Mobile 6.5 supports OMA DM MD5 Authentication Nonce resynchronization protocol to recover from instances where the client and server loose synchronization. For more information about OMA DM MD5 Authentication Nonce resynchronization protocol see: OMA DM MD5 Authentication Nonce.

See Also

Other Resources

Migration for Managing Devices