Microsoft System Center Configuration Manager 2007 uses either DMCommonInstaller.ini or ClientSettings.ini during the mobile device client installation, upgrade and uninstall processes. The values within the .ini file specify whether the client is installed, upgraded or uninstalled and configure how the process is performed. During the install and upgrade processes the values of the .ini file then configure the mobile device client.
Configuration file values
The categories of values in the .ini file are as follows:
- Installation values
- Microsoft System Center Configuration Manager
2007 environment values
- Communication values
- User interface configuration values
- Certificate values
The DMCommonInstaller.ini file and ClientSettings.ini files define values for client installation.
Installer base values
These values define the files used during mobile device client installation and the basic parameters of the mobile device to be installed. They also specify that verbose logging is to be turned off. For the DMCommonInstaller.ini these files are marked 'Do not change' because they are already configured for specific platforms. For ClientSettings.ini the values specified can be used for the target mobile device platform.
Installer - The name of the platform-specific device management installer program. The file name has the format DMInstaller_[platform].exe. For more information about the mobile device client installer program, see How to Install or Upgrade the Mobile Device Management Client.
ClientSetup - The name of the platform-specific mobile device client setup program. The file name has the format DMClientSetup_[platform].exe.
Client - The name of the platform-specific client cabinet file required for mobile device client installation. The file name has the format DeviceClient_[platform].exe.
ClientVersion - The version of the mobile device client being installed. BaseOSMinVersion - The minimum version number of the platform operating system required to support the client.
BaseOSMaxVersion - The maximum version number of the platform operating system required to support the client.
Devicetype - The type of mobile device supported by the mobile device client.
ProcessorType - The type of processor supported by the mobile device client.
EnableVerboseLogging - Enabled verbose logging on the mobile device. By default this is 'False.'
|Windows Mobile 6 devices use Windows Mobile 5 mobile device client installation files. For more information about installation files, see Installation files for the Mobile Device Client.|
These values specify options for the installation process such as whether the client is being installed, updated or uninstalled and whether additional files or commands are applied during the installation process.
ClientInstallAction - Defines the action to be taken by the installer. By default ClientInstallAction is set to 'Install.' This supports three values:
- 'None' - Makes no change to the mobile device
- 'Install' - Install the mobile device client
distributed with the installation package onto the mobile
- 'Uninstall' - Removes the mobile device
client from the mobile device. This option uninstalls the mobile
If the device Mobile device management settings will be set depending upon the state of the mobile device client:
Client deployment action
Install deployed client
Older client than deployed client
Upgrade to deployed client
Same client as staged client
Reconfigure client settings
Newer client than staged client
InstallType - Defines the type of installation that will be performed. By default InstallType is set to 'Clean.' This supports two values:
- 'Clean' to remove program database
- 'Preserve' to keep the record of installed
|Setting 'InstallType=clean' for a mandatory 'over the air' upgrade will cause the mobile device to repeatedly download and upgrade mobile device client policy.|
Pre-InstallCommandLine - Defines the command line to be run before the installation of the mobile device client or other actions on the mobile device. This option is commented out by default.
Post-InstallCommandLine - Defines the command line to be run after the installation of the mobile device client or other actions on the mobile device. This option is commented out by default.
AdditionalFileX - Defines additional files that will be copied to the \temp\dminstall folder on the mobile device when the install program is run. Ensure a unique entry for each file by appending a number to the 'AdditionalFile' name. This option is commented out by default.
Configuration Manager Environment values
The environment values define the environment for the Configuration Manager 2007 mobile device client.
Site Server definitions
The following values define servers the mobile device communicates information to and polls for policy.
DMServerName - The server name of the Device Management Point to which the mobile device will connect. This value must be defined for correct client operation.
|If the device management point is changed without updating the server name then mobile device clients will lose communication with the Configuration Manager 2007 server. For information about how to update the mobile device client, see How to Install or Upgrade the Mobile Device Management Client.|
ServerPort - Changes the port on which the mobile device client communicates from port 80 (HTTP) or 443 (HTTPS) to the specified port number. Change this value and uncomment if the Configuration Manager 2007 environment uses a custom port configuration. By default this value is commented out.
SiteCode- The three character alphanumeric site code of the site from which the mobile device client will receive policy. If the DMServerName specified for the client is in a primary site, use the site code of the site that the client installed into. If the DMServerName specified for the client is in a secondary site, use the site code of the parent site of the secondary site. This value must be changed for correct mobile device client operation in native security mode. For more information about site codes, see Understanding Configuration Manager Sites.
FSPServerName - The server name of the Fallback Status Point to which the mobile device sends FSP Messages. FSPServerName can be defined as a NetBIOS name, a FQDN, or a URL. Fallback Status Point servers should be defined as a URL and be published in external DNS in order for Internet based devices to connect. Internet-based mobile devices will only use HTTP to contact the Fallback Status Point Server. For more information about Fallback Status Points, see About the Fallback Status Point in Configuration Manager.
FSPPort - The primary http port on which the mobile device client communicates to the Fallback Status Point Server. FSPPort is 80 by default.
FSPAlternatePort - The alternate http port on which the mobile device client communicates to the Fallback Status Point Server. FSPPort is 80 by default.
SecurityMode - Defines the security mode of the mobile device client authentication. The default value for SecurityMode is 'None.' SecurityMode accepts three values:
- 'None' - No server or client authentication
- 'SSLServerAuth' - Secure HTTP (HTTPS) server
authentication is required. A server certificate will have to be
installed on the device, see documentation for more
- 'NativeMode' - Secure HTTP (HTTPS) mutual
authentication is required between Device Client and the DMP/DP. A
client Auth Certificate is required for registering the client with
Configuration Manager 2007 database and signing the client
CreateConnection - Defines when a connection for Configuration Manager 2007 mobile device client communication is created. The default value for CreateConnection is 'USER.' CreateConnection accepts three values:
- ‘ALL’ - Allows the mobile device client to
create a connection for any action.
- ‘USER’ - Allows the mobile device client to
invoke a connection only for a user invoked action.
- ‘NEVER’ - Prevent the mobile device client
from invoking connections for any operations. The mobile device
client only communicates on an existing connection.
InternetConnected - Indicates whether the device client is connecting to the device management point from the Internet. The default value is 'False.' InternetConnected accepts two values:
- 'True' - The mobile device client is
connecting to the device management point from the Internet.
- 'False' - The mobile device client is not
connecting to the device management point from the Internet.
User interface configuration
EnforceConfig - Defines the mobile device configuration user interface to be disabled for certain options so that the user cannot change the Configuration Manager 2007 mobile device configuration settings. The default value is 'ServerName.' EnforceConfig accepts three values:
- 'None' - Allows the user to change server
name, security mode and auto connect options.
|When a mobile device client installer is run, for example when the mobile device is docked, user-modified settings for the server name and security mode will be overwritten.|
- 'ServerName' - Prevents users from editing
the server name and security mode options.
- 'All' - Prevents users from editing the
server name, security mode and auto connect options.
The DMCommonInstaller.ini file and ClientSettings.ini files define values for certificate deployment and enrollment. These values must be edited for your specific environment. The following are categories of values for deploying certificates to devices:
- Certificate enroller
- Importing certificates
- Renewing the site server signing
Certificate enroller values
The following values in the DMCommonInstaller.ini file or the ClientSettings.ini file are used to define certificate enrollment during client installation or upgrade. Define these values for the site environment if certificates are to be enrolled:
CertEnrollAction - Defines whether a certificate is enrolled during mobile device client installation. The default for CertEnrollAction is 'Enroll.' CertEnrollAction accepts three values:
- 'None' - No certificate is enrolled.
- 'Enroll' - Enrolls a client authentication
certificate and add server certificate to the ROOT certificate
store of the mobile device if the existing certificate cannot be
used for device registration. The user will be prompted for their
credentials to enroll the certificate.
- 'ForceEnroll' - Enrolls a client
authentication certificate and adds a server certificate to the
ROOT certificate store of the mobile device regardless of the
current state of the existing enrolled certificate. The user will
be prompted for their credentials to enroll the certificate
CertEnrollServer - The name of the Internet Information Services (IIS) web server front end to the certification authority (CA).
CertEnrollServerPort - The port number of the Internet Information Services (IIS) web server front end of the certification authority (CA).
|HTTPS is not supported by the Configuration Manager 2007 mobile device certificate enroller.|
CertSubjectName - Specifies a hint for which certificate in the user store to use for registering the mobile device. The mobile device management client tries all the certificates where the subject name contains the valid CertSubjectName criteria. If the value is 'None' then all valid client authentication certificates in the user store will be tried. By default the value is 'None.' The format of the subject name is as follows:
CertSubjectName = The site code of this site server is [sitecode]
where [sitecode] is the site code of the site server. This string is not case sensitive.
CertRequestPage - The web page on a web server that receives the certificate request.
CertDownloadPage - The web page on the web server used for downloading the certificate.
CertChainDownloadPage - The web page on the web server used for downloading the certificate chain.
Importing certificates value: ImportCerts
ImportCerts - Defines that certificate files (*.cer) will be imported to the certificate store on the mobile device. This option can be used to deploy certificates for required for security modes. The certificate files (*.cer) must be included in the mobile device client deployment folder. Certificates to be imported must be in distinguished encoding rules (DER) encoded binary X.509 format. Base-64 encoded X.509 certificates are not supported. The default value is 'False.' ImportCerts takes two values:
- 'True' - Import certificates.
- 'False' - Do not import certificates.
Renewing site server signing certificates
EnableSSSCRenewal - Defines whether a site server signing certificate should be renewed when it expires.
- 'True' - Enable site server signing
- 'False' - Do not enable site server signing