The Password Policy configuration item provides Configuration Manager 2007 password management support for Pocket PC 2003-based mobile devices.
Many enterprises have a corporate policy that all employee contact information and current e-mail must be securely protected. Password policy allows a Configuration Manager 2007 administrator to enforce password usage by users. The Configuration Manager 2007 administrator can specify the type of password and the timeout interval. Configuration Manager 2007 administrators can decide whether to allow users to change these settings on mobile devices.
Password policy also allows for the Configuration Manager 2007 administrator to enforce a strong administrator password after a specified number of failed entry attempts. This setting instructs the mobile device to display a strong administrator password prompt if a user incorrectly enters a password into the password entry dialog box a specified number of times. The administrator password feature is designed so that, in the event of an attack on a locked stolen mobile device, an administrator-defined strong password protects the mobile device. A different message appears, saying that an administrator password is required to return to the user-defined password prompt.
The administrator-defined password does not circumvent the user’s password since the user password is still required to be entered following successful entry of the administrator lock-out password. Also, this feature is not designed to assist users if they have forgotten their user-defined password. In this scenario, users must perform a reset on the mobile device and reload their data.