 Important: |
|---|
| This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
After you have the SDK certificates on your device, you can change the security configuration of the device when you want. The Tools\SecurityConfiguration directory in the SDK contains a set of .cpf files (one per security configuration) and a readme.txt file with instructions about how to apply the files. Also, the Tools\RapiSecurity directory contains .cpf files that change the security policy for RAPI.
Additional Tools
The SDK ships with a sample application, called SecurityViewer, that queries the security configuration of the device. It runs on the device and displays the security configuration, the values of all the security policies, and all the certificates on the device. This application must run privileged, and so the Visual Studio solution file for this sample is set up to sign the application with the SDK privileged certificate.
To get the value of an individual security policy from your code, call the QueryPolicymethod in DevMgmt.h. Your code does not need to run privileged to call this method.
To get or set the security configuration of a device from the desktop computer, you can use rapiconfig.exe, which is in the Tools directory of the SDK. On the command line to Rapiconfig.exe, pass the name of an XML configuration file. You can use the files in the Tools\SecurityConfiguration directory as examples. Note that you must have sufficient permissions to get or set the security configuration, which means the RAPI security policy must already be set to Allowed. You can set this policy with Tools\RapiSecurity\RapiAllowed.cpf if the SDK certificates are on the device.
To get or set the security configuration of a device from your own code, you can call the DMProcessConfigXMLmethod in CfgMgrApi.h from C/C++ code, or Microsoft.WindowsMobile.Configuration from C# or Visual Basic .NET code. You can use the XML files in the Tools\SecurityConfiguration directory as examples of input to these APIs. Your code must run privileged.