Locking down the rugged handheld

5 Aug 2010

Note: This information is provided as a reference and does not imply that Juniper Systems will provide full support for the use of any specific third-party hardware or software with a Juniper Systems product.

For more current information, see 

Some software developers and system integrators prefer to lock down the rugged handheld computer so that users are not allowed to access system settings, other operating systems, and firmware functions that are not essential to the current application. This may also include integrating custom software (app) and settings into the firmware so that it automatically re-installs if the unit is ever set to factory defaults (Clean Boot).

The Microsoft Windows Embedded Handheld (formerly Windows Mobile) operating system has many functions that were built to be accessible to users while in any application. This can limit being able to completely lock down the handheld. Below are some ways of forcing the handheld to prevent access to undesired content/controls and/or to operate in a "Kiosk" mode.

Enterprise Security Suite Integration

Corporate or enterprise security suites often provide methods to integrate mobile devices into the system, often including locking the mobile device to only run specific apps and functions. For additional information, see the following article.

Enterprise Security Integration

The custom system processes on the A2 (Archer 2 or Allegro 2) that we recommend should be allowed to run (not black listed) by enterprise security are as follows.

Similar custom system processes on the Mesa Rugged Notepad are as follows.

Read-only or Encrypted SD Card

After program files have been saved on an inserted Micro SD card, the card can be physically (using the side slider switch on full SD cards such as in Mesa) or virtually set to read-only. It can also be encrypted as mentioned at the bottom of the above linked "Enterprise security integration" article.

Close running Processes

Running processes that are not essential to a specific application can be closed to free memory and other resources for use by a specific application, and to prevent unexpected interruptions to the main app that is to always have focus. Programs such as Task Manager, CEAppMgr, Oxios Memory, and others could be used to clear threads (processes). Additional information about getting and setting threads and priorities is provided at: http://msdn.microsoft.com/en-us/library/aa910702.aspx

Kiosk and Enterprise Control Software

Third-party software can be used to lock down the handheld to operate in a KIOSK mode. Some recommended software applications include:

Full Screen Control

A good example for how to completely take over the full screen (even hide the SIP button) is provided in the C++ code in the below linked text document.

WM-Full-Screen.txt

If needing to control a specific window to prevent it from popping up while your app has focus (such as system messages), using its name you can watch for it similar to as shown in the following example.

HWND BatthWnd;

BatthWnd=FindWindow(L"Dialog",L" New Battery Detected");

if(BatthWnd)

{

SetForegroundWindow(BatthWnd);

SetActiveWindow(BatthWnd);

}

Some developers have been able to find the name of a window using the “Windows CE Remote Spy- Windows List (Windows CE)” program, which runs on a desktop PC through an ActiveSync/WMDC connection.

The Allegro MX provides an optional "specify battery charge" dialog box (window) which could be controlled by app software (unlike the default control panel window), or this dialog/window can be disabled completely using the following Windows registry settings.

[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\Battery]

“BatteryDialog” : DWORD

0 – This will not display either Battery Dialog and will just use the previous values for the charge settings

1 – (default) This will display the Control Panel applet

2 – This will display the stand-alone dialog box

Controlling Keys/Buttons

Some hardware and/or software keys/buttons cannot be easily controlled or prevented by an app. Changing the default behavior of the keys (such as the Windows hot keys) can help prevent interruptions.

On the A2 (Archer 2 and Allegro 2) products, pretty much any hardware key can be re-programmed as detailed in the "A2-Keyboard-Power-User-Guide.pdf" provided in the SDK at this web page.

Software Development Kit (SDK) for A2

Otherwise, the Windows hot keys can be changed in the Windows registry at the following location.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shell\Keys]

This is similar to as described for WinCE 5.0 at: http://msdn.microsoft.com/en-us/library/ms929202.aspx

Newer Allegro MX (running WM6.1 OS release 2.0.5 and have a blue system board), there are a couple of customizations that were implemented to assist in locking down the unit for use in “Kiosk” mode. Both are registry changes.

  1. Prevent Touchscreen Toggle and the key combination, “ALT+ESC”:

    [HKEY_CURRENT_USER\ControlPanel\Keybd] “Kiosk”=dword:1 ; This will disable the touchscreen enable/disable toggle and “Alt+Esc” key combination

  2. Reassign or prevent Task Manager (Blue+Esc):

    [HKEY_CURRENT_USER\ControlPanel\Keybd]

    “AppName”=”<name of application>” or “” to prevent any app from launching “CmdLine”=”<command line parameters>” (do not implement if blank)

KIOSK Mode References

Some references on how to write software to lock down the handheld to operate in a KIOSK mode include:

To allow an application to change lower level operating system settings, you may be able to use Client Provisioning (which meets Open Mobile Alliance (OMA) requirements) as described at:

http://msdn.microsoft.com/en-us/library/bb737226.aspx

Integrating Apps and Settings into the Firmware

Methods are available on the Mesa and Archer 2 for integrating application software and custom settings into the firmware so that they automatically install / apply after a Clean Boot (Set Factory Defaults). Please refer to the following documents for further information.