The Group Policy setting “Code word frequency” for System Center Mobile Device Manager 2008 is not correctly applied to Windows Mobile 6.1 mobile devices when the policy is “Disabled”

imageWhen you disable the Group Policy setting Code word frequency by using Microsoft System Center Mobile Device Manger (MDM) 2008 Group Policy management functionality, some Windows Mobile 6.1 mobile devices may continue to ask the user to enter a code word after a number of incorrect password attempts.

This group policy setting affects this Windows Mobile registry key when applied to the device:

HKEY_LOCAL_MACHINE\Comm\Security\LASSD\CodeWordFrequency

When this policy is set to Enable the frequency value is set in this registry key, however when this policy is set to Disable the registry key is deleted.  When the registry key is not found, the Windows Mobile device reverts to the default behavior, which is to ask the user to enter a codeword after 8 incorrect password attempts.

This issue is fixed in System Center Mobile Device Manager 2008 Service Pack 1 but the following workaround is also available:

Important: The following workaround applies only to the English version of Microsoft System Center Mobile Device Manger 2008. There are no workarounds for other language versions of the product at this time.

Warning: Serious problems might occur if you modify system files incorrectly. These problems might require that you reinstall server software or components of server software. Microsoft cannot guarantee that these problems can be solved. Modify the system files at your own risk.

Important: The following workaround requires you to modify an important system file. Make sure that you back up the referenced file before you modify it. Make sure that you know how to restore the system file if a problem occurs. Do not proceed with the following procedure if you do not know how to back up and restore a file. Revert to the original file if you encounter any problems with the workaround.

The following steps modify the ADM template file that includes the Code word frequency Group Policy setting. When you have successfully modified the file, you can use the Code word frequency Group Policy setting to correctly update managed devices.

1.    On the computer on which you have installed the MDM Administrator Tools, navigate to the %windir%\INF folder.

2.    Type the following at a command prompt to make a backup copy of the mobile.adm file:

copy mobile.adm mobile.adm.bak

3.    In a text editor, such as Notepad, edit the mobile.adm file to change the MIN setting for Policy_CodeWordFrequency

REPLACE:

        POLICY !!Policy_CodeWordFrequency
EXPLAIN !!Explain_CodeWordFrequency
PART !!Part_CodeWordFrequency NUMERIC
KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\Security\Policy\LASSD"
VALUENAME "CodewordFrequency"
MIN 1
MAX 4294967295
DEFAULT 8
END PART
END POLICY ;;!!Policy_CodeWordFrequency

WITH:

        POLICY !!Policy_CodeWordFrequency
EXPLAIN !!Explain_CodeWordFrequency
PART !!Part_CodeWordFrequency NUMERIC
KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Comm\Security\Policy\LASSD"
VALUENAME "CodewordFrequency"
MIN 0
MAX 4294967295
DEFAULT 8
END PART
END POLICY ;;!!Policy_CodeWordFrequency

4.    Save the file and exit the text editor.

5.    Using the Group Policy Management Console, instead of setting this policy to Disable, set it to Enable and set the value to 0.

To apply the new setting to managed devices, you must update the Code word frequency Group Policy setting in MDM. To refresh the setting in MDM, in MDM Console, run the following cmdlet:

Update-MobilePolicyCalculation <device>

Where <device> is the managed device on which you want to update the Group Policy setting. New settings are pushed down to managed devices during the next synchronization with MDM.

Note: Special thanks to our very own Dave Hattaway for contributing the preceding information.

J.C. Hornbeck | Manageability Knowledge Engineer