Locking down a mobile computer – Motorola ENTERPRISE DIGITAL ASSISTANT MC70 User Manual

4 - 2

MC70 Integrator Guide

To support the broadest number of deployments, third-party software developers should perform the following
when releasing software for a Windows Mobile 5.0 devices:

•

Sign all their EXEs & DLLs with their private key

•

Provide the corresponding public certificate to end-users so that it can be installed into Privileged
Execution Trust Certificate Store.

If the software is installed via a .CAB file, developer should also:

•

Sign the .CAB file with their private key

•

Provide the corresponding public certificate to end-users so that it can be installed into SPC Certificate
Store.

Locking Down a Mobile Computer

Like most configuration options in Windows Mobile 5.0, security settings are set via XML provisioning. For
example, to enforce the “trusted” model and only allow applications signed with a privileged certificate to run,
use the following provisioning document:

<wap-provisioningdoc>

<characteristic type=”SecurityPolicy”>

<!-- Disallow unsigned apps -->

<parm name="4102" value="0"/>

<!-- No Prompt -->

<parm name=”4122" value=”1”/>

</characteristic>

</wap-provisioningdoc>

For more information on various security options, refer to the Security Policy Settings topic in the latest
Windows Mobile documentation.