Not much information can be found about this feature pack for SMS 2003 but I’ve seen some interest on this subject on newsgroups so I though I would share some of my experience with you based on a project I did here in the UK for one of my clients, this project started before WinCE 5 but most of it should still be relevant.
Customer requierements:
Customer needs management for Windows 2003 mobile based Smart phones that will be running business application, this particular base application has custom interface for different groups and therefore needs software distribution to deploy changes to this interface.
The users are often computer illiterate and are spread around the country so reliability and recovery has to be easy and is more important than the added security other products have over the DMFP.
Devices:
Initial devices will be HTC PH10C (Alpine) running Windows CE 4.21 second edition, Pocket PC format with a build in GSM/GPRS customized and branded by a Mobile operator.
Support and Problem recovery:
Windows 2003 mobile based devices are a complex combination of hardware and operating system were hard-reset is sometimes the only solution, the device has to be fully operational and available to the user so a customization to the Extended ROM necessary where the business application and the SMS client will be installed.
Most deployments will then also have to modify the Extended ROM.
Security:
- The devices will communicate through a private GPRS APN supplied by the Mobile operator.
- The SMS client will use SSL to communicate with the SMS server
- The user will be forced to secure Windows CE with a pin number during hard reset.
- The GSM SIM is secured with a PIN number.
- In case of a lost or stolen device the SIM serial number will be blocked from usage by the Mobile operator.
Device Renaming:
By default all Windows 2003 mobile based devices are fixed with the name POCKET_PC, for proper identification and distinction in SMS administration the devices have to get a unique name by some automatic mechanism. Max name length is 15 characters (_, A-Z, 0-9)
There are few possible methods that can be used:
- Smartphone’s hard coded IMEI number, First 8 identify the brand HTC supplies to HP, Dell, etc. next 7 can be used for identification, last 2 are checksum, this method was implemented.
- Build in 32 character hex value GUID could be used as base
- Static table using the GUID
- ODBC connection to a central DB using the GUID
Knowledge needed:
For successful management of Windows mobile 2003 based devices using SMS the following knowledge is needed for the following technologies:
Windows CE
Windows CE platform builder (for OS updating and patching)
Visual Studio (because of Windows CE limited scripting and diagnostics)
SMS 2003
SQL
IIS
Certificate management
SMS 2003 Device Management Feature Pack DMFP functionality.
The feature pack supports Microsoft Pocket PC running Windows CD 3.0 and newer.
Core client functionality similar to SMS advanced and legacy clients:
Hardware Inventory
Software Inventory
File Collection
Software distribution
Additional functionality:
Device settings and management
Password policy management
Script engine
Components included in DMFP are:
Wince/Mobile pocket PC client
Password management client
Device Management Point
Admin console additions and wizards
Device discovery.
Devices can be discovered through the SMS desktop client (Heartbeat) and ActiveSync.
Client installation.
Manual installation via network or memory cards
Client push using SMS desktop client and ActiveSync.
Coldboot installation and recovery (depends on devices and providers)
Client Server communication.
HTTP/HTTPS SSL connection to a Device Management Point and Distribution Points, requires Certificate management
Port 80, can be changed to any port.
Unidirectional, the client connects to the Device Management Point on a polling schedule
The client never initiates WAN connections like GPRS or VPN, only used existing connections. (Changes in V4 where 3 levels can be choosen)
Certificate Management.
Can use Microsoft AD CA or any external provider like Versign, Thawte etc.
The DMFP client installation provides automatic Certificate installation.
Password policy management client.
Adds configurable settings like, forced power on password with number of rules and lockout and admin password to unlock again.
Policies include choices of PIN, strong, failed attempts and unattended timeout
Hardware Inventory
Similar to Desktop SMS hardware inventory
Hardware Inventory Extension
The Hardware Inventory can be extended to collect custom information like Registry branding values, this can be done by running a executable that will populate a special XML file on the device which will then be collected, the SMS_DEF.MOF file also needs to customized for this.
Software distribution.
Download only using BITS and checkpoint restart.
Connection aware 1MB and better is considered fast and anything less considered slow.
Remote control:
There is no support for remote control in the SMS DMFP but Microsoft provides one that could be implemented along, it does how ever not work well over GPRS and is only user initiated where the user has to contact the System name/IP address of the support personnel PC.
Policy generation.
The SMS DMFP provides number of predefined policy’s which technically are CAB files deployed using Software distribution or by manually running them during system build.
Build in configurable policies are:
- ActiveSync and Exchange Server E-mail
- Browser Favourites
- Certificate Settings
- GPRS Network settings
- Password Policy
- PPP Network Settings
- Proxy settings
- Registry Entry Settings
- VPN Settings
Dependencies:
SMS 2003 server SP1
IIS
BITS
WebDAV
Name resolution like WINS or DNS with shortname capabilities.
Posted
Jan 20 2007, 09:50 AM
by
Larus Milan Bulat