2.4 Setting Up Handheld Package and Handheld User Policies

ZENworks Handheld Management provides Handheld Package and Handheld User Package policies for the Palm OS, Windows CE, and BlackBerry platforms.

Each platform has its own page where you can view and configure available policies. To display a desired platform page: In ConsoleOne, right-click the Handheld Package or the Handheld User Package, click Properties, click the down-arrow on the Policies tab, then click the appropriate platform: Palm, WinCE, or BlackBerry.

Review the following sections for more information to help you set up the Handheld Package and Handheld User Package policies:

2.4.1 BlackBerry Configuration Policy

The BlackBerry Configuration policy lets you specify a standard owner name and additional information that is set on the associated BlackBerry devices. For example, you could specify that your company name, address, and telephone number be set on all associated BlackBerry devices to help recover lost devices.

NOTE:This policy is not supported for Java-based BlackBerry devices.

The owner name and information that you specify using this policy does not affect the naming of the device objects in eDirectory; the owner name and information you specify in this policy displays only on the actual device.

To set up the BlackBerry Configuration policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click BlackBerry.

  3. Select the check box under the Enabled column for the BlackBerry Configuration policy.

    This both selects and enables the policy.

    Property page Handheld Package in which the BlackBerry Configuration Policy is selected

  4. Click Properties to display the Owner page.

    BlackBerry Configuration policy’s Owner page

  5. Fill in the fields:

    Owner Name: Select the Specify Owner Name To Be Set on the Handheld check box, then type the owner name that you want to be set on associated BlackBerry devices.

    Owner Information: Select the Specify Owner Information To Be Set on the Handheld check box, then type any additional information that you want to be set on associated BlackBerry devices.

    The owner name and information that you specify using this policy does not affect the naming of the device objects in Novell eDirectory; the owner name and information you specify in this policy displays only on the actual device.

  6. Click OK to save the policy.

  7. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  8. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

    NOTE:For BlackBerry devices, a policy schedule of Custom Event:EventHandheldSync gets translated on the device to Daily.

2.4.2 BlackBerry Inventory Policy

The BlackBerry Inventory policy lets you enable the collection of hardware and software inventory from associated BlackBerry devices.

To set up the BlackBerry Inventory policy:

  1. In ConsoleOne, right-click the Handheld Package or the Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click BlackBerry.

  3. Select the check box under the Enabled column for the BlackBerry Inventory policy.

    This both selects and enables the policy.

    Property page Handheld Package in which the BlackBerry Configuration Policy is selected

  4. Click Properties to display the General page.

    BlackBerry Inventory policy’s General page

  5. Fill in the fields:

    Hardware: To collect hardware information for associated BlackBerry devices, select the Enable Collection of Hardware Inventory on the Handheld check box.

    Collected data about hardware is stored on a per-device basis and is found on the ZENworks Inventory page in ConsoleOne or on the Clients: Hardware Inventory page in the ZENworks Handheld Management Inventory Viewer. To view the ZENworks Inventory page in ConsoleOne, right-click a handheld device object, click Properties, then click the ZENworks Inventory tab. To open the ZENworks Handheld Management Inventory Viewer, right-click a handheld device object, click Actions, then click Inventory. For more information, see Section 5.2, Viewing Hardware Inventory.

    Software: To collect software information for associated BlackBerry devices, select the Enable Collection of Software Inventory on the Handheld check box.

    Collected data about software is found in the ZENworks Handheld Management Inventory Viewer. To open the ZENworks Handheld Management Inventory Viewer, right-click a handheld device object, click Actions, then click Inventory. You can view software inventory information for a specific device or across all BlackBerry devices in your system. For more information, see Section 5.1, Viewing Software Inventory.

  6. Click OK to save the policy.

  7. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  8. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

    NOTE:You must schedule inventory for BlackBerry devices because they are always connected to the ZENworks Handheld Management Server. For Palm and Windows CE devices, you do not need to schedule inventory; software inventory is collected once a day.

    For BlackBerry devices, a policy schedule of Custom Event:EventHandheldSync gets translated on the device to Daily.

2.4.3 BlackBerry Security Policy

The BlackBerry Security policy lets you ensure that a password is set on associated BlackBerry devices. You can also use the BlackBerry Device Lockout feature to lock a device that you suspect has been lost or stolen. For more information, see BlackBerry Device Lockout.

NOTE:This policy is not supported for Java-based BlackBerry devices.

To set up the BlackBerry Security policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click BlackBerry.

  3. Select the check box under the Enabled column for the BlackBerry Security policy.

    This both selects and enables the policy.

    Property page Handheld Package in which the BlackBerry Configuration Policy is selected

  4. Click Properties to display the Security page.

    BlackBerry Security policy’s Security page

  5. Select the Require a Password To Be Set On the Handheld check box.

    If your organization has a rule stating that all handheld devices must have a password, you should enable this policy.

    When the BlackBerry Security policy is enforced, if the user does not have a password set, he or she is prompted to create one. If the user ignores the prompt, he or she is prompted every 15 minutes to create a password for the device.

  6. Click OK to save the policy.

  7. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  8. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

    NOTE:For BlackBerry devices, a policy schedule of Custom Event:EventHandheldSync gets translated on the device to Daily.

BlackBerry Device Lockout

The BlackBerry Device Lockout feature lets you disable a BlackBerry device if you suspect that it has been lost or stolen. After the device is locked, no applications can run on the device other than ZENworks Handheld Management, which can be used to unlock the device.

To lock or unlock a BlackBerry device:

  1. In ConsoleOne, right-click the desired BlackBerry handheld device object, click Actions, then click Lock/Unlock Device.

  2. Click Unlock the Device.

    or

    Click Lock the Device, then type the text you want displayed on the device when in is locked.

  3. Click OK.

2.4.4 Palm Client Configuration Policy

The Palm Client Configuration policy lets you override the user authentication settings of the ZENworks Handheld Management Service object for associated Palm OS devices.

You can set up user authentication on a global basis for all handheld devices in your ZENworks Handheld Management system during installation or you can edit the properties of the ZENworks Handheld Management Service object.

If you do not want to enable user authentication for all handheld devices in your system, you can choose to not enable global user authentication during installation or by editing the properties of the ZENworks Handheld Management Service object. You can then configure and enable the Palm Client Configuration policy by following the procedure in this section to target only specific handheld devices or groups of handheld devices.

For more information about setting up user authentication on a global basis during installation, see Installing the ZENworks Handheld Management Server in the Novell ZENworks 7 Handheld Management Installation Guide. For more information about editing the properties of the ZENworks Handheld Management Service object to enable global user authentication, see Section 7.1, Configuring User Authentication.

If user authentication is enabled, the user is prompted for his or her credentials (username and password) the first time the device connects/synchronizes. ZENworks Handheld Management then authenticates the user using LDAP to log in to the directory. After the user is authenticated, you can target policies and applications to the user of the handheld device.

The user must enter the credentials only once; ZENworks Handheld Management does not prompt the user for the credentials again. If a user that has been authenticated gives the device to another person, you should reconfigure the user on the device itself. For more information, see the documentation that came with your handheld device.

If the device uses the Palm IP client to connect, the user-authentication dialog box displays on the handheld device. If the device uses Palm HotSync, the user-authentication dialog box displays on the desktop computer during synchronization. When the user is prompted for authentication, if he or she clicks Cancel, the handheld device can be managed by device policies, but user-based management does not function because the user is not authenticated. If the user mis-types the username or password, he or she is immediately prompted for the credentials again.

NOTE:There are two places in ZENworks Handheld Management where users can be required to enter a password: to authenticate to the directory as part of the Palm Client Configuration policy and to power on a handheld device as part of the Palm Security policy. These two passwords are independent of each other. For more information about the password users must enter to power on a device, see Palm Security Policy.

To set up the Palm Client Configuration policy:

  1. In ConsoleOne, right-click the Handheld Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click Palm.

  3. Select the check box under the Enabled column for the Palm Client Configuration policy.

    This both selects and enables the policy.

    Palm Client Configuration policy selection page

  4. Click Properties to display the Global Settings page.

  5. To override the user authentication settings of the ZENworks Handheld Management Service object, Select the Override the Server Configuration option.

    Palm Client Configuration policy - Global Settings page

  6. Select the Enable User Based Policies on Handhelds option.

  7. Click OK to save the policy.

  8. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

2.4.5 Palm Configuration Policy

The Palm Configuration policy lets you configure the following:

  • General Preferences: Lets you set preferences for associated Palm OS devices, for example how long before an idle device turns itself off, whether or not a device stays on when cradled, and more.

  • Buttons: Lets you associate different software programs with the buttons on associated Palm OS devices. Also lets you assign a feature users can access when they drag the pen from the writing area to the top of the screen on the Palm OS device. For example, you can select Turn Off & Lock to make it easier for users to turn off and lock their Palm OS devices.

  • Programs: Lets you specify which software programs are allowed or not allowed on associated Palm OS devices. Programs that are not allowed can be automatically removed from the devices.

  • Files: Lets you specify the files to be automatically deleted from the Palm devices.

To set up the Palm Configuration policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click Palm.

  3. Select the check box under the Enabled column for the Palm Configuration policy.

    This both selects and enables the policy.

    Palm policy package selection page

  4. Click Properties.

  5. On the General page, make the desired configuration changes, then click Apply.

    You can change the settings for the following preferences:

    • Auto-Off After

    • Stay On in Cradle

    • System Sound

    • Alarm Sound

    • Alarm Vibrate

    • Alarm LED

    • Game Sound

    • Beam Receive

    Each preference in the list contains a Don’t Change setting. If you choose this setting, ZENworks Handheld Management does not change that preference on associated devices; the corresponding setting on each device determines its behavior. For example, if you choose the Don’t Change setting for Auto-Off After, each associated device uses its own preference settings to determine how long an idle Palm OS device waits until it turns itself off. If you want to ensure consistency across all associated Palm OS devices, choose the appropriate setting.

  6. On the Buttons: Configuration page, make the desired configuration changes, then click Apply.

    The Button Column lists the available buttons on the Palm OS device. To change a button’s association, select a button from the Button list, click Edit, click Set to Application, browse to an application, then click OK.

    NOTE:Depending on your particular Palm OS device, the available buttons in the Button list are named differently than those in the preceding illustration.

    The Pen Function drop-down list lets you assign a feature users can access when they drag the pen from the writing area to the top of the screen on the Palm OS device. For example, you can select Turn Off & Lock to make it easier for users to turn off and lock their Palm OS devices. To assign a feature, choose an option from the drop-down list.

    The following options are available:

    • Not Specified

    • Backlight

    • Keyboard

    • Graffiti Help

    • Turn Off & Lock

    • Beam Data

  7. On the Programs page, make the desired configuration changes, then click Apply.

    The Application column lists the applications that you want to allow on the device or remove from the device.

    • To add an application to the list, click Add, specify or browse to the application, select one of the following rules to apply to the application, then click OK.

      • Allow the Application on the Handheld

      • Remove the Application from the Handheld

    • Rather than selecting certain applications to be removed from the device, you might find it easier to specify a list of allowed applications and select the Remove All Other Applications from the Handheld check box. When the policy is enforced or when the user synchronizes the device, all applications not listed in the Applications list with the Allow rule set are removed from the device.

    • If the application listed in the Application column list is to be added or removed from storage card, select the Search for Application on Storage Cards check box.

  8. On the Files page, do the following:

    Palm Configuration Policy - Files page

    1. Click Add.

    2. In the Add Files to Delete from Handheld dialog box, specify the name of the file to be deleted.

      The filename is added to the Files to Delete from the Handheld list.

      Ensure that the name of the application matches the file properties name because the name displayed in the Application Launcher screen might not be the actual filename. To determine the actual filename, you need to use a third-party application such as FileZ, a shareware application.

    3. Click OK.

    4. (Optional) Select the Files are Required option if you want Handheld Management to report a failed status if the specified files do not exist on the handheld device or if the specified wildcard characters do not provide a match for files on the device.

    5. Click Apply, then click Close.

  9. Click OK to save the policy.

  10. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  11. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

  12. (Optional) To ensure that the Handheld Management Server immediately receives the new policy changes, right-click the Handheld service object, then click Scan Now.

2.4.6 Palm Access Point Configuration Policy

The Palm Access Point Configuration Policy lets you assign multiple ZENworks Handheld Management Access Points to a device and also define the order of the ZENworks Handheld Management Access Points to which the Palm OS device must connect. If the device is unable to connect to the ZENworks Handheld Management Access Point configured first, then it automatically tries to connect to the ZENworks Handheld Management Access Point configured next in the sequence.

NOTE:The Palm Access Point Configuration policy is not supported on cradled Palm devices.

To configure the Palm Access Point Configuration Policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click Palm.

  3. Select the check box under the Enabled column for the Palm Access Point Configuration policy.

    This both selects and enables the policy.

    Palm Access Point Configuration Policy selection page

  4. Click Properties.

    This displays the Access Points - Configuration page.

    Access Point Configuration Policy - Configuration page

  5. In the Access Points - Configuration page, do the following:

    1. If you want to add the ZENworks Handheld Management Access Points to the Configure IP Address /DNS Name of Access Points list, and define the order of the ZENworks Handheld Management Access Points to which the handheld device must connect to, select the Enable Following Access Points option.

      If you do not select this check box, the ZENworks Handheld Management Access Points list is not available on the handheld device.

    2. Click Add.

    3. In the Add Access Points dialog box, specify the IP address or the full DNS name of the ZENworks Handheld Management Access Point, or click Select. If you specify the IP address or the full DNS of the ZENworks Handheld Management Access Point, skip to Step 5.h.

    4. By default, the service object of the Handheld Management server is displayed. To select another service object, click the Browse icon, select the service object, then click OK.

    5. Click Display.

      The IP address of the ZENworks Handheld Management Access Points associated with service object is displayed

    6. From the Access Points list, select the IP address of the ZENworks Handheld Management Access Point to which you want to connect the device.

    7. Click OK.

      The ZENworks Handheld Management Access Points IP address followed by a semicolon (;) is displayed in the Access Points option.

    8. (Optional) To add another ZENworks Handheld Management Access Point, repeat Step 5.c through Step 5.g.

      You can add a maximum of eight ZENworks Handheld Management Access Points IP addresses, but ensure that the IP addresses or the DNS names of the ZENworks Handheld Management Access Points are separated with semicolons (;).

    9. Click Apply.

  6. (Optional) To change the order of the ZENworks Handheld Management Access Points in the Configure IP Address /DNS Name of Access Points list:

    1. Select the IP address or the full DNS name of the ZENworks Handheld Management Access Point.

    2. Click Move Up or Move Down.

  7. (Optional) To modify the value of an ZENworks Handheld Management Access Point displayed in the Configure IP Address /DNS Name of Access Points list:

    1. Select the IP address or the full DNS name of the ZENworks Handheld Management Access Point whose value you want to modify.

    2. Click Edit.

    3. In the Edit Access Points dialog box, change the value of the ZENworks Handheld Management Access Point.

    4. Click OK.

  8. Click Apply, then click Close to save the policy.

  9. Associate the policy package.

    For more information on how to associate the policy package, see the Associating the Handheld Package or the Handheld User Package.

  10. If desired, schedule the policy.

    For more information on how to schedule a policy, see the Scheduling Packages and Policies.

  11. (Optional) To ensure that the Handheld Management Server immediately receives the new policy changes, right-click the Handheld service object, then click Scan Now.

IMPORTANT:If you push zfhipclient.pdb after enforcing the Palm Access Point Configuration policy on the device, the Palm Access Point Configuration policy settings are removed. You must reconfigure the policy.

2.4.7 Palm File Retrieval Policy

The Palm File Retrieval policy lets you specify source files you want to retrieve from a Palm OS device and copy to a specified destination location.

The File Retrieval policy is a plural policy, meaning it can be added many times to a policy package. You can set up as many File Retrieval policies as required to adequately retrieve important files from the handheld devices in your organization. When you name these plural policies, be sure to give them descriptive names.

The File Retrieval policy is also cumulative, meaning that many different Palm File Retrieval policies can be effective for a single handheld device object, handheld group object, or container object.

NOTE:If you want to retrieve files from handheld devices and store them on a Novell NetWare® volume, you must install the Novell Client™ on the ZENworks Handheld Management Server.

To set up the Palm File Retrieval policy:

  1. In ConsoleOne, right-click the Handheld Package object or the Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click Palm.

  3. Click Add.

    The Add Policy window is displayed.

    Add Policy dialog box

  4. Type a descriptive name in the Policy Name field, then click OK.

    The newly created File Retrieval policy is displayed in the Handheld Policies list.

    Properties of Handheld Package with the newly created File Retrieval policy displayed

  5. Select the check box under the Enabled column for the newly created Palm File Retrieval policy.

    This both selects and enables the policy.

  6. Click Properties to display the Files page.

    Properties of Handheld Package: File Retrieval Policy dialog box with the Files page displayed

  7. In the Files field, specify the source files to be retrieved from the handheld device.

    NOTE:You must specify the Palm database or resource filename in the Files field. A third-party file utility tool (such as FileZ, a shareware program) might be necessary to determine the actual filename.

    When you specify source files, be aware that filenames are case sensitive. You can use wildcard characters to specify source files.

    When the policy is enforced, all specified source files are retrieved from the device; the files are retrieved even if the same files were previously retrieved at another time.

  8. Select the Files Are Required check box if you want ZENworks Handheld Management to report a failed status if the specified files do not exist on the handheld device or if the specified wildcard characters do not provide a match for files on the device.

    For more information about policy status, see Section 2.6, Viewing Policy Status Information.

  9. Select the Delete Files After Retrieval check box if you want the specified source files to be deleted from the handheld device after they have been retrieved from the handheld device.

    If you do not enable this option, the source files are copied to the specified location but a copy also remains on the handheld device.

  10. In the Path field, browse to or specify the destination location where you want the specified files copied to.

    The renamed file can include variables. To include variables, click the Insert button, then click the desired variable.

    The following variables are available for use:

    Variable

    Description

    device

    The CN of the device. For example, in Dan m130.Handhelds.NovellBangalore, the string would be Dan m130.

    devicedn

    The full DN of the device. For example, In Dan m130.Handhelds.NovellWheaton, the string would be Dan m130.Handhelds.NovellWheaton.

    user

    The username of the device. This is the value stored in the UserName attribute for the object in the directory. When this value is not configured on the handheld device, it is set to <Undefined>.

    date

    The date the file was retrieved from the handheld device. This value is the date only; the time that the file was retrieved is not included. For example, if the file was retrieved on September 15, 2002 at 3:15 p.m., the string would be 2002-09-15. The string is always in the format of yyyy-mm-dd.

    time

    The time the file was retrieved from the handheld device. This value is for the time only; the date that the file was retrieved is not included. For example, if a file was retrieved on September 15, 2002 at 3:20 p.m., the string would be 15-20. The string is always in the format of hh-mm, with hh representing the hour in 24-hour format.

    guid

    The GUID for the handheld device.

    server

    The name of the Windows NT server that received the data.

    To use a variable, place an @ sign on either side of the variable in the string. For example, you could use the following syntax:

    @user@_filename

  11. Select Use the Original File Name(s) to use the original source filenames for the destination files.

    or

    Select Rename the Files To and specify new filenames for the destination files.

  12. Click OK to save the policy.

  13. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  14. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

2.4.8 Palm Security Policy

The Palm Security policy lets you configure the following:

  • Password Requirements: Lets you ensure that a password is set on the associated Palm devices, and also lets you set a user’s password as the device password, configure enhanced security options, such as the number of days to allow before a password expires, the number of grace logins permitted before the user must change the password, the minimum number of characters to allow for the password, and whether the password must contain a mix of letters and numbers. For devices running Palm OS 4.x or newer, you can also configure auto-lock options.

    IMPORTANT:Before configuring the policy, you must configure the containers to be searched to authenticate the handheld user credentials. You can do it either during the ZENworks 7 Handheld Management server installation or after the installation.

    To configure user authentication during the installation, you must select the Enable User Authentication option, and specify the containers to search for user objects.

    To configure user authentication after the installation, see Section 7.1, Configuring User Authentication.

    There are two places in ZENworks Handheld Management where users can be required to enter a password: to authenticate to the directory as part of the Palm Client Configuration policy and to power on a handheld device as part of the Palm Security policy. These two passwords are independent of each other. For more information about the password users must enter to authenticate to the directory, see Section 2.4.4, Palm Client Configuration Policy.

  • Self-Destruct Settings: Lets you specify self-destruct settings to disable a Palm device after a specified number of failed password attempts or after a specified number of days since the device was last connected or synchronized.

To set up the Palm Security policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click Palm.

  3. Select the check box under the Enabled column for the Palm Security policy.

    This both selects and enables the policy.

    Palm policy package selection page

  4. Click Properties to display the Security page.

  5. In the Security page, do the following:

    1. To set a password on the Palm OS device, select the Require a Password to Be Set on the Handheld option.

      This option lets you specify that a password must be set on the Palm OS device. If your organization has a rule that states that all handheld devices must have a password, you should enable this policy. If a user does not have a password set, he or she is prompted to create one.

      For Palm OS devices, ZENworks Handheld Management replaces the Palm password applet if you select Require a Password to Be Set on the Handheld; users see ZENworks Handheld Management password dialog boxes rather than the default Palm OS dialog boxes.

    2. (Conditional) To set a user’s network password as the device password, select the Password Matches a Novell eDirectory User Password option.

      WARNING:If you forget your network password, you cannot access the Handheld device. You can access the device only by Hard Reset but this erases all data on the device.

      Palm Security page

    3. (Conditional) To configure enhanced security options, select Additional Password Settings, and configure the following options:

      • Minimum Password Length: Specify the minimum number of characters to allow for the password on the device. You should choose a number great enough to ensure adequate security, but small enough not to excessively burden the user.

      • Contains Alphanumeric Characters: Select this check box to require that the user use both letters and numbers in the password. To improve the security of a password, it should contain both letters (uppercase and lowercase) and numbers.

      • Password Expires In _ Days: Select this check box and specify the number of days that you want the password to expire in. When the specified number of days has expired, the user is prompted to change the password for the device.

      • Limit Grace Logins to _ Attempts: Select this check box and specify the number of grace logon attempts you want to allow the user before he or she must change the password for the device. After the number of days in Password Expires in _ Days, the user is prompted to change the password. The user can choose to ignore this prompt and keep the same password for the number of logon attempts you specify.

      • Require Unique Passwords: Select this check box to require that the user enter a new password; he or she cannot reuse the previous eight passwords.

    4. If you want the Palm OS device to be automatically locked when a specified event occurs, select the Enable Auto Lock Configuration option, then select any of the following events from the drop-down list:

      • Never

      • On Power Off

      • At Present Time

      • After a Preset Delay

      IMPORTANT:To use this setting, the handheld device must be running Palm OS 4.x or later.

      Using this policy improves the security of the data on your Palm OS devices.

    5. Click Apply.

  6. Click the Self-Destruct tab.

    Self-Destruct page

    The Self-destruct page lets you configure self-destruct settings for Palm OS devices so that data is not accessible from handheld devices that are lost or stolen. When the self-destruct feature is activated, the data on the device is made unusable and the device must be manually reset, which restores the device to its out-of-the-box state.

    To use the self-destruct options for Palm OS devices, you must select the Require a Password to Be Set on the Handheld check box on the Security page.

    IMPORTANT:Use caution when you use the self-destruct feature. Be sure to allow an adequate number of password attempts and an adequate number of days since the last connection or synchronization to prevent data loss to users who incorrectly enter the password or do not connect or synchronize the device during a short vacation.

    For Palm devices using HotSync, if the user synchronizes the device using the same desktop or laptop machine as usual, the data can be restored by HotSync.

  7. Configure the following Self-Destruct settings:

    • Bad Password Attempts: Select the Enforce Self-destruct check box and specify the number of bad password attempts to allow before activating the self-destruct feature.

    • Time Since Last Connection: Select the Enforce Self-Destruct check box and specify the number of days after the last connection before activating the self-destruct feature. The Time Since Last Connection option refers to the last time the handheld device connected to the ZENworks Handheld Management Access Point.

      Each day is made up of 24 hours. If you connect (synchronize) the device on Monday at 2 p.m. and specify three days after the last connection before activating the self-destruct feature, the self-destruct feature activates Thursday at 2 p.m (72 hours after the last connection/synchronization) unless the device is connected/synchronized during that period.

  8. Click OK to save the policy.

  9. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  10. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

  11. (Optional) To ensure that the Handheld Management Server immediately receives the new policy changes, right-click the Handheld service object, then click Scan Now.

2.4.9 WinCE Client Configuration Policy

The WinCE Client Configuration policy lets you override the user authentication settings of the ZENworks Handheld Management Service object for associated WinCE devices.

You can set up user authentication on a global basis for all handheld devices in your ZENworks Handheld Management system during installation or you can edit the properties of the ZENworks Handheld Management Service object.

If you do not want to enable user authentication for all handheld devices in your system, you can choose to not enable global user authentication during installation or by editing the properties of the ZENworks Handheld Management Service object. You can then configure and enable the WinCE Client Configuration policy by following the procedure in this section to target only specific handheld devices or groups of handheld devices.

For more information about setting up user authentication on a global basis during installation, see Installing the ZENworks Handheld Management Server in the Novell ZENworks 7 Handheld Management Installation Guide. For more information about editing the properties of the ZENworks Handheld Management Service object to enable global user authentication, see Section 7.1, Configuring User Authentication.

If user authentication is enabled, the user is prompted for his or her credentials (username and password). ZENworks Handheld Management then authenticates the user using LDAP to log in to the directory. After the user is authenticated, you can target policies and applications to the user of the handheld device.

If the device uses the Windows IP client to connect, the user-authentication dialog box displays on the handheld device.

When the user is prompted for authentication, if he or she clicks Cancel, the handheld device can be managed by device, but user-based management does not function because the user is not authenticated. If the user mis-types the username or password, he or she is immediately prompted for the credentials again.

NOTE:There are two places in ZENworks Handheld Management where users can be required to enter a password: to authenticate to the directory as part of the WinCE Client Configuration policy and to power on a handheld device as part of the WinCE Security policy. These two passwords are independent of each other. For more information about the password users must enter to power on a device, see WinCE Security Policy.

To set up the WinCE Client Configuration policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click WinCE.

  3. Select the check box under the Enabled column for the WinCE Client Configuration policy.

    This both selects and enables the policy.

    Windows CE Client Configuration policy selection page

  4. Click Properties to display the Global Settings page.

  5. To override the user authentication settings of the ZENworks Handheld Management Service object, select the Override the Server Configuration option.

    Windows CE Client Configuration policy - Global Settings page

  6. Select the Enable User Based Policies on Handhelds option.

  7. Click OK to save the policy.

  8. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

2.4.10 WinCE Configuration Policy

The WinCE Configuration policy lets you configure the following:

  • Buttons: Lets you associate different software programs with the buttons on the Windows CE device. Also lets you assign another function to a button. For example, you can assign the Start menu to a button on the Windows CE device, making it easier for users to access the Start menu.

  • Programs: Lets you specify which programs you want to include on the Start menu (on a Pocket PC) or on the desktop (on a Handheld PC). Programs that are not allowed can be automatically removed from the Start menu/desktop of the device.

  • Applications: Lets you specify which applications or software you want to uninstall from Windows CE device.

  • Power: Lets you specify power settings for associated Windows CE devices. You can specify power settings that apply to Windows CE devices running on internal batteries or on external power.

  • Files: Lets you specify the files to be deleted from the Windows CE devices.

To set up the WinCE Configuration policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click WinCE.

  3. Select the check box under the Enabled column for the WinCE Configuration policy.

    This both selects and enables the policy.

    Windows CE Configuration policy selection page

  4. Click Properties.

  5. On the Buttons: Configuration page, do the following:

    1. Click Add to change a button’s assignment.

      Select a Button dialog box

      To view the button naming conventions for your particular handheld device: on the handheld device, click Start > Settings > Buttons. For example, on a Compaq* iPAQ Pocket PC, the buttons are named Button 1, Button 2, and so forth. On a HP* Jornada Pocket PC, the buttons are named Hot key 1, Hot key 2, and so forth.

    2. Select a button or type the name of a button, click OK, then select an option:

      • Reset to Default: Resets the selected button’s association to the factory default association.

      • Set to Application: Lets you specify the application to assign to the selected button. If you specify an application that is not in the Start menu path (or subpath), the button applet might not show the correct settings. To apply the changes, you are prompted to restart the handheld device.

      • Set to Other Function: Lets you specify a function from the drop-down list to assign a function to the selected button.

    3. Click Apply.

  6. On the Programs: Start Menu/Desktop page, do the following:

    1. Click Add to specify a program to be added to the Short Cut list.

    2. In the Edit Program dialog box, fill in the Shortcut Name option (this is the name that displays in the Start menu or on the desktop), fill in the Target path (the full path to an application’s executable file), then click OK.

    3. To remove certain programs from the device’s Start menu/desktop, you might find it easier to specify a list of allowed applications and select the Move All Other Start Menu/Desktop Items to the Programs Folder check box. When the policy is enforced, all programs not listed in the Icon Name list are moved to the Programs folder.

    4. To hide the names and icons of all listed programs in the Programs folder, select Hide All Items in the Programs Folder. Using this option lets the user run applications only from the Start menu (on Pocket PC devices) or on the desktop (on handheld PC devices).

    5. Click Apply.

  7. On the Applications page, do the following:

    1. Click Add.

    2. In the Add Application dialog box, type or browse to the software that you want to uninstall.

      IMPORTANT:If you manually type the software name, make sure to type the name exactly as it appears in the Remove Programs settings of the Windows CE device.

    3. Click OK.

    4. Click Apply.

      Application page

  8. On the Power page, make the desired configuration changes, then click Apply.

    NOTE:The Power settings do not apply to HP Jornada devices running MicrosoftPocket PC 2002 software.

    The External Power settings do not apply to Handheld PC.

    If you select the Don’t Change setting, ZENworks Handheld Management does not change that setting on associated devices; the corresponding setting on each device determines its behavior. For example, if you select the Don’t Change setting, each associated device uses its own preference settings to determine how long an idle Windows CE device waits until it turns itself off. If you want to ensure consistency across all associated Windows CE devices, select the appropriate setting.

    If you select the Disable setting, ZENworks Handheld Management disables that setting on all associated Windows CE devices; the power of Windows CE devices is turned off.

  9. On the Files page, do the following:

    1. Click Add.

    2. In the Add Files to Delete from Handheld dialog box, specify the complete path of the file and the filename.

    3. Click OK.

    4. (Optional) Select the Files are Required option if you want Handheld Management to report a failed status if the specified files do not exist on the handheld device or if the specified wildcard characters do not provide a match for files on the device.

    5. Click Apply, then click Close.

      WinCE Configuration Policy - Files page

  10. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  11. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

  12. (Optional) To ensure that the Handheld Management Server immediately receives the new policy changes, right-click the Handheld service object, then click Scan Now.

2.4.11 WinCE Access Point Configuration Policy

The WinCE Access Point Configuration Policy lets you assign multiple ZENworks Handheld Management Access Points to a device and also define the order of the ZENworks Handheld Management Access Points to which the Windows CE device must connect. If the device is unable to connect to the ZENworks Handheld Management Access Point configured first, then it automatically tries to connect to the ZENworks Handheld Management Access Point configured next in the sequence.

To configure the WinCE Access Point Configuration Policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click WinCE.

  3. Select the check box under the Enabled column for the WinCE Access Point Configuration policy.

    This both selects and enables the policy.

    WinCE Access Point Configuration Policy selection page

  4. Click Properties.

    This displays the Access Points - Configuration page.

    WinCe Access Point Configuration Policy - Configuration page

  5. In the Access Points page, do the following:

    1. If you want to add the ZENworks Handheld Management Access Points to the Configure IP Address /DNS Name of Access Points list, and define the order of the ZENworks Handheld Management Access Points to which the handheld device must connect to, select the Enable Following Access Points option.

      If you do not select this check box, the ZENworks Handheld Management Access Points list is not available on the handheld device.

    2. Click Add.

    3. In the Add Access Points dialog box, specify the IP address or the full DNS name of the ZENworks Handheld Management Access Point, or click Select. If you specify the IP address or the full DNS of the ZENworks Handheld Management Access Point, skip to Step 5.h.

    4. By default, the service object of the Handheld Management server is displayed. To select another service object, click the Browse icon, select the service object, then click OK.

    5. Click Display.

      The IP address of the ZENworks Handheld Management Access Points associated with service object is displayed

    6. From the ZENworks Handheld Management Access Points list, select the IP address of the ZENworks Handheld Management Access Point to which you want to connect the device.

    7. Click OK.

      The ZENworks Handheld Management Access Points IP address followed by a semicolon (;) is displayed in the Access Points option.

    8. (Optional) To add another ZENworks Handheld Management Access Point, repeat Step 5.c through Step 5.g.

      You can add a maximum of eight ZENworks Handheld Management Access Points IP addresses but ensure that the IP addresses or the DNS names of the ZENworks Handheld Management Access Points are separated with semicolons (;)

    9. Click Apply.

  6. (Optional) To change the order of the ZENworks Handheld Management Access Points in the Configure IP Address /DNS Name of Access Points list:

    1. Select the IP address or the full DNS name of the ZENworks Handheld Management Access Point.

    2. Click Move Up or Move Down.

  7. (Optional) To modify the value of a ZENworks Handheld Management Access Point displayed in the Configure IP Address /DNS Name of Access Points list:

    1. Select the IP address or the full DNS name of the ZENworks Handheld Management Access Point whose value you want to modify.

    2. Click Edit.

    3. In the Edit Access Points dialog box, change the value of the ZENworks Handheld Management Access Point.

    4. Click OK.

  8. Click Apply, then click Close to save the policy.

  9. Associate the policy package.

    For more information on how to associate the policy package, see the Associating the Handheld Package or the Handheld User Package.

  10. If desired, schedule the policy.

    For more information on how to schedule a policy, see the Section 2.5, Setting Up Handheld Service Package Policies.

  11. (Optional) To ensure that the Handheld Management Server immediately receives the new policy changes, right-click the Handheld service object, then click Scan Now.

2.4.12 WinCE File Retrieval Policy

The WinCE File Retrieval policy lets you specify source files you want to retrieve from a Windows CE device and copy to a specified destination location.

The WinCE File Retrieval policy is a plural policy, meaning it can be added many times to a policy package. You can set up as many File Retrieval policies as required to adequately retrieve important files from the handheld devices in your organization. When you name these plural policies, be sure to give them descriptive names.

The WinCE File Retrieval policy is also cumulative, meaning that many different WinCE File Retrieval policies can be effective for a single handheld device object, handheld group object, or container object.

NOTE:If you want to retrieve files from handheld devices and store them on a NetWare volume, you must install the Novell Client on the ZENworks Handheld Management Server.

To set up the WinCE File Retrieval policy:

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package, then click Properties.

  2. On the Policies tab, click the down-arrow, then click WinCE.

    Windows CE Configuration policy selection page

  3. Click Add.

    The Add Policy window is displayed.

    Add Policy dialog box

  4. Type a descriptive name in the Policy Name field, then click OK.

    The newly created File Retrieval policy is displayed in the Handheld Policies list.

    Properties of Handheld Package with the newly created File Retrieval policy displayed

  5. Select the check box under the Enabled column for the newly created WinCE File Retrieval policy.

    This both selects and enables the policy.

  6. Click Properties to display the Files page.

    Properties of Handheld Package: File Retrieval Policy dialog box with the Files page displayed

  7. In the Path field in the Source Files box, specify the path to the source files.

  8. In the Files field, browse to or specify the source files to be retrieved from the Windows CE device.

    You can use wildcard characters to specify source files.

    When the policy is enforced, all specified source files are retrieved from the device; the files are retrieved even if the same files were previously retrieved at another time.

  9. Select the Files Are Required check box if you want ZENworks Handheld Management to report a failed status if the specified files do not exist on the Windows CE device or if the specified wildcard characters do not provide a match for files on the device.

    NOTE:For more information about policy status, see Section 2.6, Viewing Policy Status Information.

  10. Select the Delete Files After Retrieval check box if you want the specified source files to be deleted from the Windows CE device after they have been retrieved from the handheld device.

    If you do not enable this option, the source files are copied to the specified location but also remain on the Windows CE device.

  11. In the Path field in the Destination Location box, browse to or specify the destination location where you want the specified files copied to.

    The renamed file can include variables. To include variables, click the Insert button, then click the desired variable.

    The following variables are available for use:

    Variable

    Description

    device

    The CN of the device. For example, in Dan m130.Handhelds.NovellBangalore, the string would be Dan m130.

    devicedn

    The full DN of the device. For example, In Dan m130.Handhelds.NovellWheaton, the string would be Dan m130.Handhelds.NovellWheaton.

    user

    The username of the device. This is the value stored in the zfhUserName attribute for the object in the directory. When this value is not configured on the handheld device, it is set to <Undefined>.

    date

    The date the file was retrieved from the handheld device. This value is the date only; the time that the file was retrieved is not included. For example, if the file was retrieved on September 15, 2002 at 3:15 p.m., the string would be 2002-09-15. The string is always in the format of yyyy-mm-dd.

    time

    The time the file was retrieved from the handheld device. This value is for the time only; the date that the file was retrieved is not included. For example, if a file was retrieved on September 15, 2002 at 3:20 p.m., the string would be 15-20. The string is always in the format of hh-mm, with hh representing the hour in 24-hour format.

    guid

    The GUID for the handheld device.

    server

    The name of the server that received the data. This is the Windows NT name of the server.

    To use a variable, place an @ sign on either side of the variable in the string. For example, you could use the following syntax:

    @user@_filename

  12. Select Use the Original File Name(s) to use the original source filenames for the destination files.

    or

    Select Rename the Files To and specify new filenames for the destination files.

  13. Click OK to save the policy.

  14. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  15. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

2.4.13 WinCE Remote Management Policy

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click WinCE.

  3. Select the check box under the Enabled column for the WinCE Remote Management policy.

    This both selects and enables the policy.

    WinCE Remote Management Policy selection page

  4. Click Properties to display the Remote Management page.

  5. In the Remote Management page, do the following:

    1. Select the Allow Remote Control of the Device option.

    2. If you want to enable the Windows CE device user to either accept or reject the Remote Management session initiated by the administrator or remote user, select the Prompt User for Permission to Remote Control option.

      By default, this option is selected.

      Remote Management settings page

    3. If you want to enable the administrator or the remote user to initiate a Remote Management session on the Windows CE devices without being prompted to enter the password set by the device user, select the Ignore the Remote Control Password Set on the Device option.

    4. Click Apply, then click Close.

  6. Associate the policy package.

    For more information on how to associate the policy package, see the Associating the Handheld Package or the Handheld User Package.

  7. If desired, schedule the policy.

    For more information on how to schedule a policy, see the Scheduling Packages and Policies.

  8. (Optional) To ensure that the Handheld Management Server immediately receives the new policy changes, right-click the Handheld service object, then click Scan Now.

2.4.14 WinCE Security Policy

The WinCE Security policy lets you configure the following:

  • Password Requirements: Lets you ensure that a password is set on associated Windows CE devices and also lets you set a user’s network password as the device password, configure enhanced security options for Pocket PCs, such as the number of days to allow before a password expires, the number of grace logins permitted before the user must change the password, the minimum number of characters to allow for the password, and whether the password must contain a combination of letters and numbers.

    IMPORTANT:Before configuring the policy, you must configure the containers to be searched to authenticate the handheld user credentials. You can do it either during the ZENworks 7 Handheld Management server installation or after the installation.

    To configure user authentication during the installation, you must select the Enable User Authentication option, and specify the containers to search for user objects.

    To configure user authentication after the installation, see Section 7.1, Configuring User Authentication.

    There are two places in ZENworks Handheld Management where users can be required to enter a password: to authenticate to the directory as part of the WinCE Client Configuration policy and to power on a handheld device as part of the WinCE Security policy. These two passwords are independent of each other. For more information about the password users must enter to authenticate to the directory, see Section 2.4.9, WinCE Client Configuration Policy.

  • Self-Destruct Settings: Lets you specify self-destruct settings to disable a Windows CE device after a specified number of failed password attempts or after a specified number of days since the device was last connected or synchronized.

IMPORTANT:The WinCE Security policy does not function on the Denso devices (BHT-200), Symbol PPT 8800, the Jornada Pocket PCs running Microsoft Windows for Pocket PC 2000 software, HP T5540 Windows CE 6.0 devices, Dolphin 7850 devices, and Zebra PS2100T devices. However, the Jornada Pocket PCs running Microsoft Pocket PC 2002 software can use the WinCE Security policy.

To set up the WinCE Security policy:

  1. In ConsoleOne, right-click the Handheld Package object, then click Properties.

  2. On the Policies tab, click the down-arrow, then click WinCE.

  3. Select the check box under the Enabled column for the WinCE Security policy.

    This both selects and enables the policy.

    Windows CE Security policy selection page

  4. Click Properties to display the Security page.

  5. In the Security page, do the following:

    1. To set a password on the Windows CE device, select the Require a Password to Be Set on the Handheld option.

      If your organization has a rule that states that all handheld devices must have a password, you should enable this policy. If a user does not have a password set, he or she is prompted to create one.

      Security page

      NOTE:The password set on a Symbol device is not case sensitive.

    2. Configure the following Pocket PC Options, which lets you specify enhanced security options for Pocket PCs. The options in this group box are disabled unless you check Require a Password to Be Set on the Handheld.

      • Password Matches a Novell eDirectory User Password: Select this option to set a user’s network (eDirectory) password as the device password.

        WARNING:If you forget your network password, you cannot access the Handheld device. You can access the device only by Hard Reset but this erases all data on the device.

      • Additional Password Settings: Select this option to specify enhanced password support settings for Pocket PCs.

        For Pocket PCs, where enhanced security like biometric is not supported by the device, if you select Enable Enhanced Password Support, ZENworks Handheld Management displays it’s own password dialog box instead of default Windows CE dialog box.

        IMPORTANT:For Pocket PCs, where the device supports enhanced security, if you select Enable Enhanced Password Support, ZENworks Handheld Management displays a dialog box saying that a password must be set on the device. In that case, the default Windows CE dialog box is shown.

        The Enable Enhanced Password Support option does not function on handheld PCs.

        If, in the future, you want to remove the ZENworks Handheld Management password applet and restore the original Windows CE password applet, you need to reconfigure the WinCE Security policy and disable the Enable Enhanced Password Support option and then resynchronize the device so that the policy is enforced. Uninstalling the ZENworks Handheld Management handheld client on the device or disassociating the device from the WinCE Security policy does not remove the ZENworks Handheld Management password applet.

        NOTE:You can replace the bitmap image that displays in the ZENworks Handheld Management password dialog boxes with a bitmap image of your choosing. For more information, see Replacing the ZENworks Handheld Management Password Dialog Box Bitmap Image.

        Configure the following additional password settings:

        Minimum Password Length: Specify the minimum number of characters to allow for the password on the device. You should choose a number great enough to ensure adequate security, but small enough not to excessively burden the user.

        Contains Alphanumeric Characters: Select this check box to require that the user use both letters and numbers in the password. To improve the security of a password, it should contain both letters (uppercase and lowercase) and numbers.

        Password Expires in _ Days: Select this check box and specify the number of days that you want the password to expire in. When the specified number of days has expired, the user is prompted to change the password for the Pocket PC.

        Limit Grace Logins to _ Attempts: Select this check box and specify the number of grace logon attempts you want to allow the user before he or she must change the password for the device. After you enter the number of days in Password Expires in _ Days, the user is prompted to change the password. The user can choose to ignore this prompt and keep the same password for the number of logon attempts you specify.

        Require Unique Passwords: Select this check box to require that the user enter a new password; he or she cannot reuse the previous eight passwords.

    3. Configure the Pocket PC 2002 and Above option.

      The Pocket PC 2002 options lets you specify a time limit that the Pocket PC can remain idle for before a password prompt is displayed. For Pocket PC 2003, this option lets you specify a time limit that the Pocket PC can be turned off for before a password prompt is displayed when the device is turned back on.

      For example, if you set this option to 5 minutes, if the user turns the device off and then back on within 5 minutes, no password is required to use the device. However, if more than 5 minutes passes, the user must enter a password to use the device.

      Display Password Prompt for Unused Devices Within: Select this check box and choose a time limit from the drop-down list. When the time limit expires, a password prompt is displayed on the device.

      For example, if you set this option to 5 minutes and the user turns the device off and then back on within 5 minutes, no password is required to use the device. However, if more than 5 minutes passes, the user must enter a password to use the device

      The Windows CE device user can change the corresponding setting on the actual handheld device; however, the value you enter in the Display Password Prompt for Unused Devices Within field is the maximum amount of time the user can set; he or she cannot increase the time limit beyond this value.

      IMPORTANT:To use this setting, the handheld device must be running Pocket PC 2002 or later.

    4. Click Apply.

  6. Click the Self-Destruct tab.

    Self-Destruct page

    The Self-Destruct page lets you configure self-destruct settings for Windows CE devices so that data is not accessible from handheld devices that are lost or stolen. When the self-destruct feature is activated, the data on the device is made unusable and the device must be manually reset, which restores the device to its out-of-the-box state.

    To use the self-destruct options for Windows CE devices, you must select the Enable Enhanced Password Support check box on the Security page. You cannot use the self-destruct options on handheld PCs because the Enable Enhanced Password Support option does not function on them.

    IMPORTANT:Use caution when you use the self-destruct feature. Be sure to allow an adequate number of password attempts and an adequate number of days since the last connection or synchronization to prevent data loss to users who incorrectly enter the password or do not connect or synchronize the device during a short vacation.

    For Windows CE devices, ActiveSync does not automatically back up data. If the user has manually backed up the data, he or she can then manually restore the data to the device.

  7. Configure the following Self-Destruct settings:

    Bad Password Attempts: Select the Enforce Self-Destruct check box and specify the number of bad password attempts to allow before activating the self-destruct feature.

    Time Since Last Connection: Select the Enforce Self-destruct check box and specify the number of days after the last connection before activating the self-destruct feature. The Time Since Last Connection option refers to the last time the handheld device connected to the ZENworks Handheld Management Access Point.

    Each day is made up of 24 hours. If you connect (synchronize) the device on Monday at 2 p.m. and specify three days after the last connection before activating the self-destruct feature, the self-destruct feature activates Thursday at 2 p.m (72 hours after the last connection/synchronization) unless the device is connected/synchronized during that period.

  8. Click OK to save the policy.

  9. When you have finished configuring all of the policies for this package, continue with the steps under Associating the Handheld Package or the Handheld User Package to associate the policy package.

  10. If desired, schedule the policy. For more information, see Scheduling Packages and Policies.

  11. (Optional) To ensure that the Handheld Management Server immediately receives the new policy changes, right-click the Handheld service object, then click Scan Now.

Replacing the ZENworks Handheld Management Password Dialog Box Bitmap Image

You can replace the ZENworks Handheld Management bitmap image that displays in the following ZENworks Handheld Management password dialog boxes with a bitmap image of your choosing:

  • The login dialog box if you selected Enable Enhanced Password Support in Step 5.

  • The dialog boxes that display when the WinCE Security policy is enforced and you selected Require a Password to Be Set on the Handheld in Step 5.

    To replace the bitmap image in these dialog boxes, create a bitmap file called logo.bmp and place it in the ZENworks Handheld Management installation directory on the handheld device. The size of this bitmap image should be 240 pixels wide by 35 pixels high.

2.4.15 Associating the Handheld Package or the Handheld User Package

The policies you configured and enabled are not in effect until you associate their policy package with a handheld device object, a User object, a handheld group object, a user group, or a container object.

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, then click Properties.

  2. Click the Associations tab, then click Add.

  3. Browse for the object for associating the package, then click OK.

    The Handhelds Package can be associated with a handheld device object, a handheld group object, or a container object containing these objects.

    The Handhelds User Package can be associated with a User object, a user group object, or a container object containing these objects.

2.4.16 Associating a User Object to a BlackBerry Device

  1. In ConsoleOne, right-click the BlackBerry device, then click Properties.

    The General page is displayed by default.

  2. Click the Browse icon next to the Associated User option to browse for and select the user object.

  3. Click OK.

2.4.17 Scheduling Packages and Policies

Some policies can be scheduled to run at a certain time. During creation, all policy packages are given a default run schedule (EventHandheldSync, by default). This means that all applicable policies in this package are enforced every time the handheld device synchronizes/connects to the ZENworks Handheld Management Access Point. However, you can change the entire policy package schedule, or you can set a policy within the package to run at a different time from the rest of the package.

If you should enable a policy but fail to schedule it, it runs according to the schedule currently defined in the Default Package Schedule.

If you have configured and enabled policies, but they have not been enforced on individual handheld devices, consider the following:

  1. When you configure and enable policies, ConsoleOne records the new information in the directory.

  2. The ZENworks Handheld Management Server scans for new information hourly, by default. You must wait for up to one hour to ensure that the Handheld Management Server has received the policy changes, depending on when the last scan was performed.

    You can force an immediate directory scan to ensure that the Handheld Management Server receives the new policy changes by right-clicking the ZENworks Handheld Management Service object, clicking Actions, then clicking Scan Now.

  3. For Palm OS and Windows CE devices, the default Policy Package Schedule is EventHandheldSync (whenever the handheld device connects/synchronizes); for BlackBerry devices, the default Policy Package Schedule is once per day. If you have changed the default Policy Package Schedule, it might take longer to enforce the policy changes on the associated handheld devices. In addition, if the handheld devices were unable to connect to the ZENworks Handheld Management system (because of connectivity problems, for example), you might need to reconnect/resynchronize the devices.

The following sections contain additional information:

Changing the Handheld Package or Handheld User Package Schedule

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, click Properties, then click the desired platform page.

  2. Click the Edit button in the Default Package Schedule group box. The Edit Policy Package Schedule page is displayed.

    Edit Policy Package Schedule dialog box

  3. Make the desired changes to the schedule.

    Be aware that changing the policy package’s schedule to run too frequently affects performance, depending on your environment. The default schedule should be adequate for most situations.

    NOTE:Click the Help button for detailed information about the options in the Edit Policy Package Schedule dialog box.

  4. Click OK.

Changing an Individual Policy’s Schedule

  1. In ConsoleOne, right-click the Handheld Package or Handheld User Package object, click Properties, then click the desired platform page.

  2. Select the check box under the Enabled column for the desired policy.

    This both selects and enables the policy.

  3. Click Properties.

  4. Click the Policy Schedule tab, then make the desired changes to the schedule.

    Be aware that changing the an individual policy’s schedule to run too frequently affects performance, depending on your environment. The default schedule should be adequate for most situations.

    NOTE:Click the Help button for detailed information about the options in the Policy Schedule page.

  5. Click OK.