1;;;;;;;;;;;;;;;;;;;;;;;; 2; About policies.ini ; 3;;;;;;;;;;;;;;;;;;;;;;;; 4 5; Z-Push policies' file holds the configuration to be applied 6; during the provisioning of a mobile device. 7; Check Z-Push wiki page regarding the provisioning policies: 8; https://wiki.z-hub.io/x/eYAa 9; For more information see the ActiveSync documentation at: 10; https://msdn.microsoft.com/en-us/library/dd299443.aspx 11 12 13;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 14; The default ActiveSync policy. Do not change its name. 15[default] 16;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 17 18;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 19; Policies for ActiveSync version 12.0 and higher 20;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 21 22; Specifies if a device requires a password to unlock it. 23; 0 - Password not required. 24; 1 - Password is required. 25devpwenabled = 0 26 27; Specifies if a device requires an alphanumeric password to unlock it. 28; 0 - Alphanumeric password not required. 29; 1 - Alphanumeric password required. 30alphanumpwreq = 0 31 32; Deprecated. Specifies if the device encrypts the content of the storage card. 33; 0 - Storage card encryption not enabled. 34; 1 - Storage card encryption enabled. 35devencenabled = 0 36 37; Specifies if the server supports storing a recovery password which could be 38; sent by the client using the Settings command. 39; This policy is currently not supported by Z-Push. 40; 0 - Password recovery not enabled on the server. 41; 1 - Password recovery enabled on the server. 42; pwrecoveryenabled = 0 43 44; Deprecated. 45docbrowseenabled = 46 47; Specifies if email attachments are enabled for download. 48; 0 - Attachments not allowed for download. 49; 1 - Attachments allowed for download. 50attenabled = 1 51 52; Specifies the minimum client password length to unlock it. 53; The mindevpwlenngth can be empty or have a value between 1 and 16. 54; If the value is empty or 1, there is no minimum length for the device password. 55mindevpwlenngth = 4 56 57; The maximum number of seconds of inactivity before the device locks itself. 58; If this value is greater than or equal to 9999, the client interprets it as unlimited. 59maxinacttimedevlock = 900 60 61; The maximum number of failed password attempts to unlock the device. 62; The client SHOULD perform a local wipe or enter a timed lock out mode if the maximum 63; number of failed password attempts is reached. 64; The maxdevpwfailedattempts can be empty or have a value between 4 and 16. 65; If the value is empty, the client interprets this as no maximum number of 66; failed password attempts has been set by the security policy. 67maxdevpwfailedattempts = 8 68 69; The maximum attachment size in bytes as determined by security policy. 70maxattsize = '' 71 72; Specifies if the device allows simple passwords. A simple password contains 73; repeated ("0000") or sequential ("xyz") characters only. 74allowsimpledevpw = 1 75 76; The maximum number of days until a password expires. 77; Empty or 0 devpwexpiration value indicates that the password will not expire. 78devpwexpiration = 0 79 80; The minimum number of previously used passwords stored to prevent reuse by the device. 81; 0 - Do not store previously used passwords. 82; >0 - Store the minimum number of previously used passwords. 83devpwhistory = 0 84 85;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 86; Policies for ActiveSync version 12.1 and higher 87;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 88 89; The device allows to use a storage card. 90; 0 - SD card not allowed. 91; 1 - SD card allowed. 92allowstoragecard = 1 93 94; The device allows to use the built-in camera. 95; 0 - Usage of the built-in camera not allowed. 96; 1 - Usage of built-in the camera allowed. 97allowcam = 1 98 99; Specifies if the client uses encryption. 100; 0 - Encryption not required. 101; 1 - Encryption required. 102reqdevenc = 0 103 104; Specifies if the device allows unsigned applications to execute. 105; 0 - Unsigned applications not allowed to execute. 106; 1 - Unsigned applications allowed to execute. 107allowunsignedapps = 1 108 109; The required complexity level of the device password. 110; Valid values for mindevcomplexchars are between 1 and 4. The value specifies 111; the number of character groups to be contained in the password. 112; The character groups are: 113; - Lower case alphabetical characters 114; - Upper case alphabetical characters 115; - Numbers 116; - Non-alphanumeric characters 117; For example, if the value of mindevcomplexchars is 2, a password may contain 118; lower case and upper case characters. A password with numbers and non-alphanumeric 119; characters would be also valid. 120mindevcomplexchars = 3 121 122; The device allows the use of Wi-Fi connections. 123; 0 - The use of Wi-Fi connections not allowed. 124; 1 - The use of Wi-Fi connections allowed. 125allowwifi = 1 126 127; The device allows the use of SMS or text messaging. 128; 0 - SMS or text messaging not allowed. 129; 1 - SMS or text messaging allowed. 130allowtextmessaging = 1 131 132; The device allows access to POP or IMAP email. 133; 0 - POP or IMAP email access not allowed. 134; 1 - POP or IMAP email access allowed. 135allowpopimapemail = 1 136 137; The use of Bluetooth on the device. 138; 0 - Disable Bluetooth. 139; 1 - Disable Bluetooth, but allow the configuration of hands-free profiles. 140; 2 - Allow Bluetooth. 141allowbluetooth = 2 142 143; The device allows the use of IrDA (infrared) connections. 144; 0 - Disable IrDA. 145; 1 - Allow IrDA. 146allowirda = 1 147 148; The device requires manual synchronization when the device is roaming. 149; 0 - Do not require manual sync; allow direct push when roaming. 150; 1 - Require manual sync when roaming. 151reqmansyncroam = 0 152 153; The maximum number of calendar days that can be synchronized. 154; 0 - All days 155; 4 - 2 weeks 156; 5 - 1 month 157; 6 - 3 months 158; 7 - 6 months 159maxcalagefilter = 0 160 161; Specifies if the client uses HTML-formatted email. 162; 0 - HTML-formatted email not allowed. 163; 1 - HTML-formatted email allowed. 164allowhtmlemail = 1 165 166; The email age limit for synchronization. 167; 0 - Sync all 168; 1 - 1 day 169; 2 - 3 days 170; 3 - 1 week 171; 4 - 2 weeks 172; 5 - 1 month 173maxemailagefilter = 0 174 175; The maximum truncation size for plain text–formatted email. 176; -1 - No truncation. 177; 0 - Truncate only the header. 178; >0 - Truncate the email body to the specified size. 179maxemailbodytruncsize = -1 180 181; The maximum truncation size for HTML-formatted email. 182; -1 - No truncation. 183; 0 - Truncate only the header. 184; >0 - Truncate the email body to the specified size. 185maxemailhtmlbodytruncsize = -1 186 187; Specifies if the client sends signed S/MIME messages. 188; 0 - Signed S/MIME messages not required. 189; 1 - Signed S/MIME messages required. 190reqsignedsmimemessages = 0 191 192; Specifies if the client sends encrypted email messages. 193; 0 - Encrypted email messages not required. 194; 1 - Email messages required to be encrypted. 195reqencsmimemessages = 0 196 197; The algorithm used to sign S/MIME messages. 198; 0 - Use SHA1. 199; 1 - Use MD5. 200reqsignedsmimealgorithm = 0 201 202; The algorithm used to encrypt S/MIME messages. 203; 0 - TripleDES algorithm 204; 1 - DES algorithm 205; 2 - RC2128bit 206; 3 - RC264bit 207; 4 - RC240bit 208reqencsmimealgorithm = 0 209 210; Controls negotiation of the encryption algorithm. 211; 0 - Do not negotiate. 212; 1 - Negotiate a strong algorithm. 213; 2 - Negotiate any algorithm. 214allowsmimeencalgneg = 2 215 216; Specifies if the client can use soft certificates to sign outgoing messages. 217; 0 - Soft certificates are not allowed. 218; 1 - Soft certificates are allowed. 219allowsmimesoftcerts = 1 220 221; Specifies if the device allows the use of a web browser. 222; 0 - Do not allow the use of a web browser. 223; 1 - Allow the use of a web browser. 224allowbrowser = 1 225 226; Specifies if the device allows the user to configure a personal email account. 227; 0 - Do not allow the user to configure a personal email account. 228; 1 - Allow the user to configure a personal email account. 229allowconsumeremail = 1 230 231; Specifies if the device allows the use of Internet Sharing. 232; 0 - Do not allow the use of Internet Sharing. 233; 1 - Allow the use of Internet Sharing. 234allowinternetsharing = 1