Table of Contents 3
Security Model 1
Naming Conventions 1
Protection Against Threats and Risks 1
Permissions 4
Security Configuration 4
Security and CAB Signing 7
Executables and DLL Signing 7
Other Resources 7
Security Policies for Windows Mobile 5.0 and Windows Mobile 6 9
Protecting Devices with Security Policies 9
Security Roles for Windows Mobile 5.0 and Windows Mobile 6 15
Additional Security Settings 19
Device Wipe 19
Local Wipe 19
Remote Wipe 20
Lock a Device 20
Authentication with LASS and LAP 20
Enhanced PIN Strength 21
Password/PIN Expiration 21
User PIN Reset 22
Password History 23
Certificates for Windows Mobile 5.0 and Windows Mobile 6 25
Certificates Shipped on Windows Mobile Powered Devices 25
Certificate Stores 26
Adding Certificates to Windows Mobile Powered Devices 28
Installing Certificates on a Windows Mobile 5.0-based Device 28
Installing Certificates on a Windows Mobile 6 Powered Device 30
Certificate Chains 31
Certificate-based Authentication 31
Managing Certificates with the CertificateEnroller Configuration Service Provider 32
Using Desktop Enrollment 32
Revoking a Certificate for a Signed Application 33
Security Services for Windows Mobile 5.0 and Windows Mobile 6 34
Cryptographic Services and FIPS Compliance in Windows Mobile 5.0 and Windows Mobile 6 37