This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

By default, SLs load and run services (except cache action) without notifying the user. Windows Mobile provides security policies to enable the mobile operator to configure SI and SL handling. The SI and SL security policies are designed to minimize the security risks and provide a better user experience.

SL is ON by default. For an example of how to disable SL, see Security Policy Settings.

At the security module, certain security roles are assigned to SI and SL notifications according to which Push Initiator and Push Proxy Gateway are sending the notifications. For a list of the possible security roles, see Security Roles.

Do not put SECROLE_USER_UNAUTH security role in Service Loading (SL) Message Policy. For more information, see Security Best Practices for Windows Mobile Devices.

SI and SL policies are role mask policies, which means that specific roles must be assigned to them in order to be processed. The roles are used by the device to perform security policy checks. The device compares the role that was assigned to the notification by the security module against the stored list of acceptable roles for SI and SL notifications. If the roles do not match, the notification is discarded.

The device must check the security policy first when an SI or SL notification is received. SI and SL do have separate policies. For more detailed information about the security policies, see Security Policies.

See Also