Exchange Mobility Provider::SetUserPolicy

The SetUserPolicy method sets a mobile policy on a user's Active Directory object. The existing policy is stored for rollback. If a user does not have the salt attribute, one is generated. If one already exists, it is not modified. Because of the sensitivity involved around the salt attribute, this is not rolled back. The policy is stored in the msExchOmaExtendedProperties attribute collection and starts with "PolicData:".

The policy refresh interval value is stored in the msExchOmaExtendedProperties attribute collection and starts with "PolicyDataRefreshInterval:".

The policy salt value is stored in the msExchOmaExtendedProperties attribute collection and starts with "PolicyDataSalt:". Once the salt value is created, it is never deleted or changed. The salt value is created using a random number that is base64 encoded.

The policy key value is stored in the msExchOmaExtendedProperties attribute collection and starts with "PolicyKey:". Every time the policy is changed, this key is changed with a new string of random numbers.

Arguments

Remarks

Rollback

For the SetUserPolicy method, the previously applied policy and policy key are restored upon rollback.

Example Policy

The following is an example of a mobile security policy defined in XML:

<wap-provisioningdoc>
	<characteristic type="SecurityPolicy">
		<parm name="4131" value="0"/>
	</characteristic>
	<characteristic type="Registry">
		<characteristic type="HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}">
			<parm name="AEFrequencyType" value="1"/>
			<parm name="AEFrequencyValue" value="5"/>
		</characteristic>
		<characteristic type="HKLM\Comm\Security\Policy\LASSD">
			<parm name="DeviceWipeThreshold" value="20"/>
		</characteristic>
		<characteristic type="HKLM\Comm\Security\Policy\LASSD">
			<parm name="CodewordFrequency" value="5"/>
		</characteristic>
		<characteristic type="HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw">
			<parm name="MinimumPasswordLength" value="8"/>
		</characteristic>
		<characteristic type="HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw">
			<parm name="PasswordComplexity" value="0"/>
		</characteristic>
	</characteristic>
</wap-provisioningdoc>

Sample Code

Example XML Request

The following is an example of an XML request for the SetUserPolicy method of the Exchange Mobility Provider:

<request>
		<procedure>
				<execute namespace="Exchange Mobility Provider" procedure="SetUserPolicy" impersonate="1">
						<executeData>
								<preferredDomainController>ad01.fabrikam.com</preferredDomainController>
								<pathLDAP://CN=user@alpineskihouse.com, OU=AlpineSkiHouse,OU=ConsolidatedMessengerOU=Hosting,DC=Fabrikam,DC=Com</path>
								<properties>
						<property name="AEFrequencyValue">2</property>
						<property name="DeviceWipeThreshold">4</property>
						<property name="CodeWordFrequency">2</property>
						<property name="MinimumPasswordLength">6</property>
						<property name="PasswordComplexity">0</property>
						<property name="AEFrequencyType">1</property>
						<property name="RefreshInterval">100</property>
						</properties>
						</executeData>
						<after source="executeData" destination="data" mode="merge"/>
				</execute>
		</procedure>
</request>

Applies To