This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

One way to provision a device, including during the bootstrap process, is to push the XML provisioning file to the device over ActiveSync. You accomplish this by using the desktop configuration tool (rapiconfig.exe). You pass the name of the XML configuration file to this command-line tool.

The Remote API Security policy (4097) is set to RESTRICTED by default and should not be changed.
The tool in previous versions of the SDKs differ slightly. For information, about the differences, see RapiConfig.exe.

By default, RAPI calls are in restricted mode, which means they are processed according to the ActiveSync security role. By default, the ActiveSync security role is User Authenticated, and all resource requests are checked against this role mask before they are granted.

For information about the benefits and drawbacks of provisioning using RAPI and ActiveSync, see Provisioning From a Desktop Computer Using Remote API and ActiveSync.

The OEM can enable Remote API (RAPI) bootstrapping by setting the Grant Manager Policy to allow the device to accept RAPI messages with MANAGER privileges. For more information about this, and how a Mobile Operator can bootstrap the device and then change the policies back to a more secure setting, see Enabling Remote API (RAPI) Bootstrapping.

Finally, you can use rapiconfig.exe to get or set the security configuration of a device from the desktop computer. You must have sufficient permissions to get or set the security configuration. For more information, see Testing How an Application Will Behave Under Different Security Configurations.

See Also