Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
4/8/2010

The security policy settings are stored in the secure part of the device registry. These security policies can be bootstrapped on the first boot of the device using RapiConfig.exe, or using a .cpf file on a flash memory card. For radio-enabled devices sold by mobile operators, operators burn their set of default configuration and security settings into the ROM.

Without persistent storage, if the Windows Mobile device's battery dies, settings revert to the default security settings in ROM when the device is powered again.

With persistent storage, if the Windows Mobile device's battery dies, then the security settings will remain unchanged when the device is powered again.

Cold Booting

When the device is cold-booted manually by the user, the persistent store and all program and user data is erased, reverting to what was flashed into ROM.

Microsoft recommends that you do the following to maintain more secure applications:

  • Flash to an enterprise portion of the ROM.

  • Bundle security lockdown policies with enterprise application .cab files, so that a user can not run the enterprise's applications without also running with secure policy settings.

See Also