Locking down the rugged handheld
5 Aug 2010
Note: This information is provided as a reference and does not imply that Juniper Systems will provide full support for the use of any specific third-party hardware or software with a Juniper Systems product.
For more current information, see
Some software developers and system integrators prefer to lock down the rugged handheld computer so that users are not allowed to access system settings, other operating systems, and firmware functions that are not essential to the current application. This may also include integrating custom software (app) and settings into the firmware so that it automatically re-installs if the unit is ever set to factory defaults (Clean Boot).
The Microsoft Windows Embedded Handheld (formerly Windows Mobile) operating system has many functions that were built to be accessible to users while in any application. This can limit being able to completely lock down the handheld. Below are some ways of forcing the handheld to prevent access to undesired content/controls and/or to operate in a "Kiosk" mode.
Enterprise Security Suite Integration
Corporate or enterprise security suites often provide methods to integrate mobile devices into the system, often including locking the mobile device to only run specific apps and functions. For additional information, see the following article.
The custom system processes on the A2 (Archer 2 or Allegro 2) that we recommend should be allowed to run (not black listed) by enterprise security are as follows.
- A2_HotDogToast.exe (pop-up warning if unit exceeds upper temperature specification)
- ScreenGrabber.exe (if wanting to save screen shots)
Similar custom system processes on the Mesa Rugged Notepad are as follows.
- AdobeReaderLE.exe (if needing to be able to view PDF files)
Read-only or Encrypted SD Card
After program files have been saved on an inserted Micro SD card, the card can be physically (using the side slider switch on full SD cards such as in Mesa) or virtually set to read-only. It can also be encrypted as mentioned at the bottom of the above linked "Enterprise security integration" article.
Close running Processes
Running processes that are not essential to a specific application can be closed to free memory and other resources for use by a specific application, and to prevent unexpected interruptions to the main app that is to always have focus. Programs such as Task Manager, CEAppMgr, Oxios Memory, and others could be used to clear threads (processes). Additional information about getting and setting threads and priorities is provided at: http://msdn.microsoft.com/en-us/library/aa910702.aspx
Kiosk and Enterprise Control Software
Third-party software can be used to lock down the handheld to operate in a KIOSK mode. Some recommended software applications include:
Full Screen Control
A good example for how to completely take over the full screen (even hide the SIP button) is provided in the C++ code in the below linked text document.
If needing to control a specific window to prevent it from popping up while your app has focus (such as system messages), using its name you can watch for it similar to as shown in the following example.
BatthWnd=FindWindow(L"Dialog",L" New Battery Detected");
Some developers have been able to find the name of a window using the “Windows CE Remote Spy- Windows List (Windows CE)” program, which runs on a desktop PC through an ActiveSync/WMDC connection.
The Allegro MX provides an optional "specify battery charge" dialog box (window) which could be controlled by app software (unlike the default control panel window), or this dialog/window can be disabled completely using the following Windows registry settings.
“BatteryDialog” : DWORD
0 – This will not display either Battery Dialog and will just use the previous values for the charge settings
1 – (default) This will display the Control Panel applet
2 – This will display the stand-alone dialog box
Some hardware and/or software keys/buttons cannot be easily controlled or prevented by an app. Changing the default behavior of the keys (such as the Windows hot keys) can help prevent interruptions.
On the A2 (Archer 2 and Allegro 2) products, pretty much any hardware key can be re-programmed as detailed in the "A2-Keyboard-Power-User-Guide.pdf" provided in the SDK at this web page.
Software Development Kit (SDK) for A2
Otherwise, the Windows hot keys can be changed in the Windows registry at the following location.
This is similar to as described for WinCE 5.0 at: http://msdn.microsoft.com/en-us/library/ms929202.aspx
Newer Allegro MX (running WM6.1 OS release 2.0.5 and have a blue system board), there are a couple of customizations that were implemented to assist in locking down the unit for use in “Kiosk” mode. Both are registry changes.
Prevent Touchscreen Toggle and the key combination, “ALT+ESC”:
[HKEY_CURRENT_USER\ControlPanel\Keybd] “Kiosk”=dword:1 ; This will disable the touchscreen enable/disable toggle and “Alt+Esc” key combination
Reassign or prevent Task Manager (Blue+Esc):
“AppName”=”<name of application>” or “” to prevent any app from launching “CmdLine”=”<command line parameters>” (do not implement if blank)
KIOSK Mode References
Some references on how to write software to lock down the handheld to operate in a KIOSK mode include:
To allow an application to change lower level operating system settings, you may be able to use Client Provisioning (which meets Open Mobile Alliance (OMA) requirements) as described at:
Integrating Apps and Settings into the Firmware
Methods are available on the Mesa and Archer 2 for integrating application software and custom settings into the firmware so that they automatically install / apply after a Clean Boot (Set Factory Defaults). Please refer to the following documents for further information.