10/17/2008

You can configure the actions that you will let users can make on managed Windows Mobile devices by using System Center Mobile Device Manager Self Service Portal. You can use the Portal Administrationpage on MDM Self Service Portal to configure some settings. You can configure other settings by using the MDM Self Service Portal configuration file.

MDM Self Service Portal Pages

By default, you can access the MDM Self Service Portal at: https:// servername: port, where servernameand portare the FQDN and port number you provide when you install the Portal. The following describes the pages on the MDM Self Service Portal Web site.

Page	Description
My Devices	This page lets users manage their Windows Mobile devices. Based on system administrator settings, users can monitor device enrollment status and wipe managed devices that they no longer want or that are no longer in their possession. Choices that you make on the Portal Administrationpage determine the contents of this site. The URL for this page is: https:// servername: port/pages/devicelist.aspx
New Enrollment	This page lets users enroll their Windows Mobile devices and manage them on the My Devicespage. The URL for this page is: https:// servername: port/pages/startenrollment.aspx
Portal Administration	This page lets you or another MDM administrator, customize what users can do by using the portal. The URL for this page is: https:// servername: port/pages/adminconfig.aspx

Page

Description

My Devices

This page lets users manage their Windows Mobile devices. Based on system administrator settings, users can monitor device enrollment status and wipe managed devices that they no longer want or that are no longer in their possession.

Choices that you make on the Portal Administrationpage determine the contents of this site.

The URL for this page is: https:// servername: port/pages/devicelist.aspx

New Enrollment

This page lets users enroll their Windows Mobile devices and manage them on the My Devicespage.

The URL for this page is: https:// servername: port/pages/startenrollment.aspx

Portal Administration

This page lets you or another MDM administrator, customize what users can do by using the portal.

The URL for this page is: https:// servername: port/pages/adminconfig.aspx

The following shows the My Devicespage.

The following shows the Portal Administrationpage where you can configure the portal.

Configuring the Settings for MDM Self Service Portal

You can use the Portal Administrationpage to configure portal settings for the following:

Let users request device enrollment from MDM Enrollment Server.
Let users wipe devices that they no longer want or that are no longer in their possession.
Let users request a recovery password so they can reset their Windows Mobile device password.

To configure MDM Self Service Portal for users

On the Portal Administrationpage, make the changes that you want, and then choose Apply.

Note:

You can cancel a change that you made before you apply it to the Web site. To do this, choose Cancel.

Note:
You can cancel a change that you made before you apply it to the Web site. To do this, choose Cancel.

The following tables describe the settings you can configure on the portal. The settings are grouped as they appear on the Portal Administrationpage.

Available Portal Features

Setting	Description
Device Enrollment	Allows users to create a new enrollment request that goes to MDM Enrollment Server or cancel existing enrollment requests. If you do not select the Device Enrollmentoption, the user can view pending enrollments in the My Devicesand receive enrollment details. However, the user cannot enroll a new device or cancel a pending enrollment. This means that users can view what you do on their behalf through the MDM Console. However, the user cannot change device status. This is the default setting. You can also change this setting by changing the enableSelfEnrollmentvalue in the configuration file.
Device Wipe	Allows users to wipe a device. This is the default setting. When you clear the Device Wipeoption, the user can still view recently wiped devices but cannot wipe a device or cancel a pending wipe. You can wipe a device on behalf of the user by using the MDM Console. You can also change this setting by changing the enableWipevalue in the configuration file.
Device Password Recovery	Enables users who have forgotten their Windows Mobile device passwords to retrieve a recovery password, stored on MDM Device Management Server, to reset the password. Password reset must be enabled in MDM by the MDM administrator.

Setting

Description

Device Enrollment

Allows users to create a new enrollment request that goes to MDM Enrollment Server or cancel existing enrollment requests.

If you do not select the Device Enrollmentoption, the user can view pending enrollments in the My Devicesand receive enrollment details. However, the user cannot enroll a new device or cancel a pending enrollment. This means that users can view what you do on their behalf through the MDM Console. However, the user cannot change device status. This is the default setting.

You can also change this setting by changing the enableSelfEnrollmentvalue in the configuration file.

Device Wipe

Allows users to wipe a device. This is the default setting.

When you clear the Device Wipeoption, the user can still view recently wiped devices but cannot wipe a device or cancel a pending wipe. You can wipe a device on behalf of the user by using the MDM Console.

You can also change this setting by changing the enableWipevalue in the configuration file.

Device Password Recovery

Enables users who have forgotten their Windows Mobile device passwords to retrieve a recovery password, stored on MDM Device Management Server, to reset the password. Password reset must be enabled in MDM by the MDM administrator.

Enrollment Settings

Setting Description

Default OU

Identifies the Default Active Directory container, also known as the organizational unit (OU), for devices that you enroll through this Web site. MDM Self Service Portal discovers this information when you run Setup. You can change this information to specify another OU.

You can also change this setting by changing the defaultOUvalue in the configuration file.

Enrollment Request Limit

Identifies the maximum number of devices that can be pending enrollment for each user at the same time. The default value, specified in the Limited to:box, is 100. Selecting Unlimitedmeans that a maximum number of devices is not enforced and unlimited devices can be pending enrollment at the same time.

You can also change this setting by changing the pendingEnrollmentLimitvalue in the configuration file. Setting the value to zero (0) represents Unlimited.

Password Delivery Method

Indicates how to send the password to the user. You can send a password through e-mail message, display it on the MDM Self Service Portal Web site, or use neither method. By default, MDM Self Service Portal selects both the e-mail message and the Web site delivery methods.

Important:
The user needs an enrollment password to complete the enrollment process. If you disable both e-mail message and Web site delivery, you must use another method to communicate the password to the user, for example in person or by voice-mail.

If you select E-mailas the password delivery method, MDM Enrollment Server sends the user an e-mail message that contains the enrollment password. MDM Enrollment Server sends the enrollment password to the e-mail account listed in Active Directory for that user. If you do not select the E-mailoption, MDM Enrollment Server does not send an e-mail message to the user.
If you select Portalas the password delivery method, the Pending Enrollment Detailspage displays the enrollment password to the user. If you do not select the Portaloption, the Pending Enrollment Detailspage does not display the enrollment password.

You can also change this setting by changing the enableEmailDeliveryand enableWebsiteDeliveryvalues in the configuration file.

Device Name Validator

Specifies the rules for valid device names that users can specify when they enroll devices in MDM. The rule that you specify is displayed on the New Enrollmenttab, after the following bullet item: has to follow this rule:. The rule that you provide can include standard options such as an asterisk (*). For example, you could provide the following rule: <user>[0-9][0-9]. With this validation rule in place, users could only enter a device name such as Mary23.

Logging Settings

Setting	Description
Enable User Activity Logging	Indicates whether to log user activities. When you select Enable User Activity Logging, you can monitor user activity through log files. Activity logging shows user activity on the site. This includes the cmdlets that run. This is the default setting. If you do not select this setting, MDM Self Service Portal does not log user activity.
Enable Trace Logging	Indicates whether to log tracing activity. This lets you monitor code execution details for later reference. When you select Enable Trace Logging, you can monitor tracing through log files. This is the default setting. The following shows examples of tracing information that is logged: Errors and exceptions Expected and unexpected events Identifies points of execution to support instrumentation If you do not select Enable Trace Logging, MDM Self Service Portal does not log trace messages.

Setting

Description

Enable User Activity Logging

Indicates whether to log user activities. When you select Enable User Activity Logging, you can monitor user activity through log files. Activity logging shows user activity on the site. This includes the cmdlets that run. This is the default setting.

If you do not select this setting, MDM Self Service Portal does not log user activity.

Enable Trace Logging

Indicates whether to log tracing activity. This lets you monitor code execution details for later reference. When you select Enable Trace Logging, you can monitor tracing through log files. This is the default setting.

The following shows examples of tracing information that is logged:

Errors and exceptions
Expected and unexpected events
Identifies points of execution to support instrumentation

If you do not select Enable Trace Logging, MDM Self Service Portal does not log trace messages.

You can configure the maximum size of the log files by using the configuration file. For more information, see the MDM Self Service Portal documentation.

Additional Settings

In addition to the user interface, MDM Self Service Portal installs several other settings. Typically, you do not have to change these settings.

Setting	Description
Web site name	SelfServicePortal is the default.
Application pool name	SelfServicePortalAppPool is the default.
Application name	SlfSrvWebSiteApp is the default.
Virtual directory name	SelfServicePortal is the default.
IIS settings	Use IIS Manager to configure IIS settings.
ASP.Net settings	Use the ASP.Net Administration tool to change the ASP.Net settings for MDM Self Service Portal. For more information about how to configure .NET Framework applications, see this Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=105959 .