| |
The WinCE Security policy lets you ensure that a password is set on the associated Windows CE device and also lets you configure enhanced security options for Pocket PCs, such as the number of days to allow before a password expires, the number of grace logons permitted before the user must change the password, the minimum number of characters to allow for the password, and whether the password must contain a combination of letters and numbers.
The following test scenario provides an example of how ZfH lets you ensure that a password is set on a Pocket PC device and lets you configure enhanced security options for Pocket PCs.
NOTE: ZfH also provides a Palm Security policy for use with Palm OS devices.
To perform the preliminary tasks:
Ensure that your test handheld device is not password protected. After you perform the steps to set up and associate the WinCE Security policy, you can synchronize the handheld device to view the ZfH password dialog box on the actual device.
To set up the WinCE Security policy:
In ConsoleOne, right-click the Handheld Package object, then click Properties.
On the Policies tab, click the down-arrow, then click WinCE.
Check the check box under the Enabled column for the WinCE Security policy.
Click Properties to display the Security page.
Fill in the fields:
Require a Password to Be Set on the Handheld: Select this option to specify that a password must be set on the Windows CE device. If a user does not have a password set, he or she will be prompted for one.
Pocket PC Options: Select this option to specify enhanced security options for Pocket PCs.
Enable Enhanced Password Support: Select this option to specify enhanced password support settings for Pocket PCs.
For Pocket PCs, ZfH replaces the Windows CE password applet if you select Enable Enhanced Password Support; users will see ZfH password dialog boxes rather than the default Windows CE dialog boxes.
Password Expires in _ Days: Check this box and specify the number of days that you want the password to expire in. When the specified number of days has expired, the user will be prompted to change the password for the Pocket PC.
Limit Grace Logons to _ Attempts: Check this box and specify the number of grace logon attempts you want to allow the user before he or she must change the password for the device. After the number of days in Password Expires in _ Days, the user will be prompted to change the password. The user can choose to ignore this prompt and keep the same password for the number of logon attempts you specify.
Require Unique Passwords: Check this box to require that the user enter a new password; he or she cannot reuse the previous eight passwords.
Minimum Password Length: Check this box and specify the minimum number of characters to allow for the password on the device. You should choose a number great enough to ensure adequate security, but small enough not to excessively burden the user.
Require Alphanumeric Mix: Check this box to require that the user use both letters and numbers in the password. To improve the security of a password, it should contain both letters (uppercase and lowercase) and numbers.
Pocket PC 2002 Options: Lets you specify a time limit that the Pocket PC can be turned off for before a password prompt will be displayed when the device is turned back on. For example, if you set this option to 5 minutes, then turn the device off and back on within 5 minutes, no password is required to use the device. However, if more than 5 minutes passes, the user must enter a password to use the device.
Display Password Prompt for Unused Devices Within: Check this box and select a time limit from the drop-down list.
NOTE: The Windows CE device user can change the corresponding setting on the actual handheld device; however, the value you enter in the Display Password Prompt for Unused Devices Within field in ZfH is the maximum amount of time the user can set; he or she cannot increase the time limit beyond this value.
Click OK to save the policy.
The WinCE Security policy you configured and enabled will not be in effect until you associate its policy package with a handheld device object, a handheld group object, or a container object.
To associate the Handheld Package to an individual handheld device:
In ConsoleOne, right-click the Handheld Package object, then click Properties.
Click the Associations tab > Add.
Browse to and select the desired Pocket PC device for associating the package, then click OK.
For this scenario, you should now synchronize the associated Pocket PC device so that the WinCE Security policy is enforced and you can view its status. If you disabled password protection earlier in this scenario, you will be able to view the ZfH password dialog box on the handheld device.
ZfH lets you view policy status information for each enabled policy, including a list of all handheld devices that a policy is associated with, the status of each policy, and the date and time that the policy was last enforced. You can also view status information about all policies associated with a specific handheld device.
To view the status of the WinCE Security policy across all Windows CE devices in your ZfH system:
Click the Policy Status tab.
The Object column lists the individual handheld device objects that the policy is associated with. You can select a handheld device in the list, then click Properties to view that device's properties.
The Status column Lists the status of the policy on each handheld device (Successful, Pending, Failed, Disabled, or Inactive).
The Last Enforced Column lists the date and time that the policy was last enforced.
To view the status of the WinCE Security policy on a specific handheld device:
In ConsoleOne, right-click the desired handheld device object, then click Properties.
Click the down-arrow on the ZENworks tab, then click Policy Status.
The Policy column lists the individual policies that are associated with the selected handheld device object. Select a policy in the list, then click Properties to view that policy's properties.
The Status column Lists the status of the policy on each handheld device (Successful, Pending, Failed, Disabled, or Inactive).
The Last Enforced Column lists the date and time that the policy was last enforced.
Using the WinCE Security policy, you can:
| |