Microsoft System Center Configuration Manager 2007 uses either DMCommonInstaller.ini or ClientSettings.ini during the mobile device client installation, upgrade and uninstall processes. The values within the .ini file specify whether the client is installed, upgraded or uninstalled and configure how the process is performed. During the install and upgrade processes the values of the .ini file then configure the mobile device client.

Configuration file values

The categories of values in the .ini file are as follows:

  • Installation values

  • Microsoft System Center Configuration Manager 2007 environment values

  • Communication values

  • User interface configuration values

  • Certificate values

Installation values

The DMCommonInstaller.ini file and ClientSettings.ini files define values for client installation.

Installer base values

These values define the files used during mobile device client installation and the basic parameters of the mobile device to be installed. They also specify that verbose logging is to be turned off. For the DMCommonInstaller.ini these files are marked 'Do not change' because they are already configured for specific platforms. For ClientSettings.ini the values specified can be used for the target mobile device platform.

Installer - The name of the platform-specific device management installer program. The file name has the format DMInstaller_[platform].exe. For more information about the mobile device client installer program, see How to Install or Upgrade the Mobile Device Management Client.

ClientSetup - The name of the platform-specific mobile device client setup program. The file name has the format DMClientSetup_[platform].exe.

Client - The name of the platform-specific client cabinet file required for mobile device client installation. The file name has the format DeviceClient_[platform].exe.

ClientVersion - The version of the mobile device client being installed. BaseOSMinVersion - The minimum version number of the platform operating system required to support the client.

BaseOSMaxVersion - The maximum version number of the platform operating system required to support the client.

Devicetype - The type of mobile device supported by the mobile device client.

ProcessorType - The type of processor supported by the mobile device client.

EnableVerboseLogging - Enabled verbose logging on the mobile device. By default this is 'False.'

Note
Windows Mobile 6 devices use Windows Mobile 5 mobile device client installation files. For more information about installation files, see Installation files for the Mobile Device Client.

Installer configurations

These values specify options for the installation process such as whether the client is being installed, updated or uninstalled and whether additional files or commands are applied during the installation process.

ClientInstallAction - Defines the action to be taken by the installer. By default ClientInstallAction is set to 'Install.' This supports three values:

  • 'None' - Makes no change to the mobile device client state.

  • 'Install' - Install the mobile device client distributed with the installation package onto the mobile device.

  • 'Uninstall' - Removes the mobile device client from the mobile device. This option uninstalls the mobile device client.

If the device Mobile device management settings will be set depending upon the state of the mobile device client:

Device state

Client deployment action

No client

Install deployed client

Older client than deployed client

Upgrade to deployed client

Same client as staged client

Reconfigure client settings

Newer client than staged client

No action

InstallType - Defines the type of installation that will be performed. By default InstallType is set to 'Clean.' This supports two values:

  • 'Clean' to remove program database

  • 'Preserve' to keep the record of installed programs

Important
Setting 'InstallType=clean' for a mandatory 'over the air' upgrade will cause the mobile device to repeatedly download and upgrade mobile device client policy.

Pre-InstallCommandLine - Defines the command line to be run before the installation of the mobile device client or other actions on the mobile device. This option is commented out by default.

Post-InstallCommandLine - Defines the command line to be run after the installation of the mobile device client or other actions on the mobile device. This option is commented out by default.

AdditionalFileX - Defines additional files that will be copied to the \temp\dminstall folder on the mobile device when the install program is run. Ensure a unique entry for each file by appending a number to the 'AdditionalFile' name. This option is commented out by default.

Configuration Manager Environment values

The environment values define the environment for the Configuration Manager 2007 mobile device client.

Site Server definitions

The following values define servers the mobile device communicates information to and polls for policy.

DMServerName - The server name of the Device Management Point to which the mobile device will connect. This value must be defined for correct client operation.

Note
If the device management point is changed without updating the server name then mobile device clients will lose communication with the Configuration Manager 2007 server. For information about how to update the mobile device client, see How to Install or Upgrade the Mobile Device Management Client.

ServerPort - Changes the port on which the mobile device client communicates from port 80 (HTTP) or 443 (HTTPS) to the specified port number. Change this value and uncomment if the Configuration Manager 2007 environment uses a custom port configuration. By default this value is commented out.

SiteCode- The three character alphanumeric site code of the site from which the mobile device client will receive policy. If the DMServerName specified for the client is in a primary site, use the site code of the site that the client installed into. If the DMServerName specified for the client is in a secondary site, use the site code of the parent site of the secondary site. This value must be changed for correct mobile device client operation in native security mode. For more information about site codes, see Understanding Configuration Manager Sites.

FSPServerName - The server name of the Fallback Status Point to which the mobile device sends FSP Messages. FSPServerName can be defined as a NetBIOS name, a FQDN, or a URL. Fallback Status Point servers should be defined as a URL and be published in external DNS in order for Internet based devices to connect. Internet-based mobile devices will only use HTTP to contact the Fallback Status Point Server. For more information about Fallback Status Points, see About the Fallback Status Point in Configuration Manager.

FSPPort - The primary http port on which the mobile device client communicates to the Fallback Status Point Server. FSPPort is 80 by default.

FSPAlternatePort - The alternate http port on which the mobile device client communicates to the Fallback Status Point Server. FSPPort is 80 by default.

Communication Values

SecurityMode - Defines the security mode of the mobile device client authentication. The default value for SecurityMode is 'None.' SecurityMode accepts three values:

  • 'None' - No server or client authentication is required.

  • 'SSLServerAuth' - Secure HTTP (HTTPS) server authentication is required. A server certificate will have to be installed on the device, see documentation for more information.

  • 'NativeMode' - Secure HTTP (HTTPS) mutual authentication is required between Device Client and the DMP/DP. A client Auth Certificate is required for registering the client with Configuration Manager 2007 database and signing the client data.

CreateConnection - Defines when a connection for Configuration Manager 2007 mobile device client communication is created. The default value for CreateConnection is 'USER.' CreateConnection accepts three values:

  • ‘ALL’ - Allows the mobile device client to create a connection for any action.

  • ‘USER’ - Allows the mobile device client to invoke a connection only for a user invoked action.

  • ‘NEVER’ - Prevent the mobile device client from invoking connections for any operations. The mobile device client only communicates on an existing connection.

InternetConnected - Indicates whether the device client is connecting to the device management point from the Internet. The default value is 'False.' InternetConnected accepts two values:

  • 'True' - The mobile device client is connecting to the device management point from the Internet.

  • 'False' - The mobile device client is not connecting to the device management point from the Internet.

User interface configuration

EnforceConfig - Defines the mobile device configuration user interface to be disabled for certain options so that the user cannot change the Configuration Manager 2007 mobile device configuration settings. The default value is 'ServerName.' EnforceConfig accepts three values:

  • 'None' - Allows the user to change server name, security mode and auto connect options.

Note
When a mobile device client installer is run, for example when the mobile device is docked, user-modified settings for the server name and security mode will be overwritten.
  • 'ServerName' - Prevents users from editing the server name and security mode options.

  • 'All' - Prevents users from editing the server name, security mode and auto connect options.

Certificate Values

The DMCommonInstaller.ini file and ClientSettings.ini files define values for certificate deployment and enrollment. These values must be edited for your specific environment. The following are categories of values for deploying certificates to devices:

  • Certificate enroller

  • Importing certificates

  • Renewing the site server signing certificate

Certificate enroller values

The following values in the DMCommonInstaller.ini file or the ClientSettings.ini file are used to define certificate enrollment during client installation or upgrade. Define these values for the site environment if certificates are to be enrolled:

CertEnrollAction - Defines whether a certificate is enrolled during mobile device client installation. The default for CertEnrollAction is 'Enroll.' CertEnrollAction accepts three values:

  • 'None' - No certificate is enrolled.

  • 'Enroll' - Enrolls a client authentication certificate and add server certificate to the ROOT certificate store of the mobile device if the existing certificate cannot be used for device registration. The user will be prompted for their credentials to enroll the certificate.

  • 'ForceEnroll' - Enrolls a client authentication certificate and adds a server certificate to the ROOT certificate store of the mobile device regardless of the current state of the existing enrolled certificate. The user will be prompted for their credentials to enroll the certificate CertEnrollAction=Enroll.

CertEnrollServer - The name of the Internet Information Services (IIS) web server front end to the certification authority (CA).

CertEnrollServerPort - The port number of the Internet Information Services (IIS) web server front end of the certification authority (CA).

Note
HTTPS is not supported by the Configuration Manager 2007 mobile device certificate enroller.

CertSubjectName - Specifies a hint for which certificate in the user store to use for registering the mobile device. The mobile device management client tries all the certificates where the subject name contains the valid CertSubjectName criteria. If the value is 'None' then all valid client authentication certificates in the user store will be tried. By default the value is 'None.' The format of the subject name is as follows:

CertSubjectName = The site code of this site server is [sitecode]

where [sitecode] is the site code of the site server. This string is not case sensitive.

CertRequestPage - The web page on a web server that receives the certificate request.

CertDownloadPage - The web page on the web server used for downloading the certificate.

CertChainDownloadPage - The web page on the web server used for downloading the certificate chain.

Importing certificates value: ImportCerts

ImportCerts - Defines that certificate files (*.cer) will be imported to the certificate store on the mobile device. This option can be used to deploy certificates for required for security modes. The certificate files (*.cer) must be included in the mobile device client deployment folder. Certificates to be imported must be in distinguished encoding rules (DER) encoded binary X.509 format. Base-64 encoded X.509 certificates are not supported. The default value is 'False.' ImportCerts takes two values:

  • 'True' - Import certificates.

  • 'False' - Do not import certificates.

Renewing site server signing certificates

EnableSSSCRenewal - Defines whether a site server signing certificate should be renewed when it expires.

  • 'True' - Enable site server signing certificate renewal

  • 'False' - Do not enable site server signing certificate renewal

See Also