It is a well know fact that a lot of enteprise IT pros require data encryption for mobile devices.  The Windows Mobile operating system has included support for the Data Protection API (DPAPI) since Windows Mobile 2003.  And DPAPI forms the basis for Windows Mobile file encryption used with removable storage cards (Windows Mobile 6.0) and main memory (Windows Mobile 6.1). 

DPAPI provides easy-to-use functions for encryption and decryption.  A number of applications use DPAPI.  The thing that makes DPAPI easy to use for developers is that they don’t have to wite all the key generation and key management code that typically goes with any encryption solution.  DPAPI uses a master key that is stored in the memory of the device.  When an application calls DPAPI, the same master key is used to generate symmetric keys for all encryption and decryption operations.  In this way, the application does not have to generate or manage the encryption key used.  For a thorough description of DPAPI see the MSDN article covering Windows Data Protection

Of course, this begs the question, “How is the master key protected?” Read the rest of this entry »

Here is the follow-up installment #2 on device emulator configuration.  You may want to read installment #1 first.

I often need to test our code across various versions and SKUs of Windows Mobile.  For instance, I need to test one feature across WM 5.0 Smartphone, WM 5.0 Pocket PC Phone Edition, WM 6.0 Standard, WM 6.0 Professional and, of course, the newer WM 6.1 SKUs.

When testing, you often want to use a hard/cold booted device for the most reproducible results.  Cold booting and then reconfiguring a bunch of devices is super time consuming.  Even if using the device emulator, configuration can be time consuming. Read the rest of this entry »

The following is the first of 2 installments that describe how I use Windows Mobile Device Emulators. This installment covers setup and basic use while the second installment covers configuration.

A lot of people test and demo Windows Mobile devices using actual devices. This works fine for most scenarios. However, there are some distinct advantages to using device emulators:

• The device emulators are free as they come with the Windows Mobile SDKs.
• If you use a device emulator for your demo, you don’t need to use an Elmo overhead projector to show what’s happening on the device.
• You can pre-configure a device emulator, save the pre-configured state and quickly “reset” the emulator back to the pre-configured state. This is a real time saver for both demoing and testing.
• You can test across multiple versions of the Windows Mobile Operating System simultaneously on one PC

If I’ve convinced you that the device emulator is worth setting up, follow these steps. Read the rest of this entry »

Another great article in the current issue of Smartphone/PocketPC Magazine from my colleague Patrick Salmon. Check it out here:

http://www.pocketpcmag.com/cms/_archives/Jun08/SystemCenterDevice

Good round-up of knowledge skills and necessary to get started with SCMDM. Provides an excellent overview of the technology and why it is important as well!

Marco Nielsen

When installing System Center Mobile Device Manager (aka MDM) in a customer environment recently, I encountered a scenario where VPN connectivity worked on all but one of the mobile networks we tested. Here’s a recap of the challenges I encountered, and the eventual solution.

Summary
After installing all MDM components, we were able to successfully enroll and connect two T-mobile devices without any problems. Next, we tried connecting AT&T devices (using the recommended isp.cingular APN), and the tunnel would come up but the device could not access any internal systems. Policies would get pushed down to T-mobile (or even WiFi) connected devices flawlessly, yet isp.cingular would always fail. This happened consistently across a variety of devices, SIMs and regions of the country. We were also able to take the same device, SIM and APN and connect fine to our MDM lab here at Enterprise Mobile. Read the rest of this entry »

UPDATE: Check out our CAB Signing Tool if you need to sign CAB files with your own certificate.

A recurring question I get is how to test and demo the software distribution capabilities of MDM.

People generally run into errors with importing test CAB files because the DM does not trust the signature the CAB was signed with – or the CAB is simply unsigned. First thing to note is the software distribution server can only import signed CAB files. You cannot disable this feature (as of this writing anyway.) The root certs of the certificate that signed the cab file must be in the Trusted Publisher store on the DM server. In most cases you will have to manually put it there. Read the rest of this entry »

The Windows Mobile device management platform supports two different Open Mobile Alliance (OMA) standards: OMA Client Provisioning (OMA CP) and OMA Device Management (OMA DM). By the say, OMA CP is the new name for WAP Provisioning. So, when you see Windows Mobile configuration XML with the root node of <wap-provisioningdoc>, you know you are using OMA CP.

Because Windows Mobile supports both OMA CP and OMA DM, you’ll find that MSDN documentation for most Windows Mobile Configuration Service Providers will include information on configuration XML for both standards. OMA DM is suppose to be the new, improved standard (and it is in many ways). So, you may wonder why OMA CP support is still included. Read the rest of this entry »

Here is a little issue that I researched this week and I thought I’d share it on the blog.

PROBLEM: When accessing a website that is secured to use an NTLM authenticated password, the “Save Password” option does not work on Windows Mobile Pocket PCs and Smartphones.

Here are detailed steps that outline how to reproduce this problem using a Motorola/Symbol MC70 Pocket PC. Note that the test device was running Windows Mobile 5.0 AKU3. Read the rest of this entry »