System Center Mobile Device Manager extensions to the Group Policy Management Console (GPMC) and Group Policy Object Editor enable network administrators to control managed Windows Mobile devices in a familiar environment and in a manner consistent with how they manage their networked desktop and portable computers. The extensions support existing GPMC functionality such as scripting, backup of Group Policy objects (GPOs), planning mode, and logging mode.
These extensions are not supported for the Resultant Set of Policy (RSoP) snap-in.
|You must install MDM Group Policy extensions on 32-bit versions of a Windows-based operating system, or a 64-bit version of Windows Vista, that has GPMC already installed.|
From the GPMC, you can configure managed devices by creating GPOs that contain the settings to push to the devices. When you apply the GPO to the Active Directory Domain Services object that represents the managed device that you want to target, the settings will be sent to the device the next time that it connects to MDM Device Management Server. You can configure groups of devices by linking the GPO to an Organization Unit (OU) that contains Active Directory objects for the managed devices that you want to target. Additionally, you can use familiar tools such as Security Groups and Windows Management Instrumentation (WMI) filters to apply a GPO to a group of managed devices that meet certain specified criteria.
Most device-related settings are defined in an MDM administrative template (ADM) file, mobile.adm, that you can access through the Group Policy Object Editor user interface. You must add this file to the list of ADM template files for the target GPO. For more information about how to add an ADM file to a GPO, see Creating a New Group Policy Object for Devices.
After you add the ADM file, Group Policy settings related to security, encryption and device management appear in the navigation pane in Computer Configuration/Administrative Templates/Windows Mobile Settings. User related Group Policy settings are located in User Configuration/Administrative Templates/Windows Mobile Settings.
|To obtain information about a managed device policy setting, locate the setting in the Group Policy Object Editor and then select it from the list in the details pane. The setting description is displayed with the setting in the details pane.|
Network and Certificate Management Settings
The settings for more complex tasks such as configuring new network connections, editing or deleting existing network connections, and managing certificate stores on the managed device, are provided through custom extensions to the Group Policy Object Editor. These settings are not defined in the Mobile.adm file. When you start the Group Policy Object Editor, they will appear in the navigation pane in Computer Configuration/Policies/Windows Mobile Settings.