Setting up Windows mobile 5.0 devices with policies

I noticed this on one of our internal aliases the other day – it’s a question that seems to come up quite regularly so it’s something worth repeating to get the word out a bit.  The question was around personalisation. well specifically preventing users doing too much to their devices, whilst maintaining a level of control over them.    

How can you personalize a device by writing custom code in order to:
Prevent installation of additional software on device (no SD Card, no active sync,…)
Prevent user overriding or adding new settings (GPRS, Exchange server, …)
No frills or games

Well we have quite a bit of documentation on provisioning a mobile device here.  You can provision settings like GPRS, Exchange settings, and even customise the Home screen with over 40 CSPs (Configuration Service Providers) you have extensive control over settings. The device can receive XML using a variety of methods including tethered, SD card, and over the air. The Messaging and Securiy Feature Pack (MSFP) and Exchange also give you additional capabilities to push out policies and control access to a device. The security model of Windows Mobile 5.0 uses a 2 tier system which basically gives you a user account which can be restricted and an admin account to administer the device.

We’ve implemented a policy internally at Microsoft, nothing too draconian, just a security implementation that makes sure that the device is locked after a certain lennght of time.  Simple but secure.. Still gives me the flexibility to install all of the new cool and funky stuff on my device when I find a new must have application…

***Errors and link corrected***