0

I'm looking for a registry in the windows CE that if I will change/add/remove the registry I will enable/disable remote access.

Thanks for the help,

Janne

Answer: There is need to add/remove the below registry:

HKEY_LOCAL_MACHINE\Startup

(NAme - Value - Type)

Process0 - cerdisp -c - new string value

Process0Delay - 5000 - DWord

Process1 - ConmanClient2.exe - new string value

Process1Delay - 10000 - Dword

janneob
  • 959
  • 2
  • 11
  • 25

1 Answers1

4

i am assuming you mean 'remote access via activesync'.

one method is to set policy 4097 to 0

from msdn:

The Remote API (RAPI) policy restricts the access of remote applications that are using RAPI to implement ActiveSync operations on mobile devices.  
0   ActiveSync service is shut down. RAPI calls are rejected.
1   Full access to ActiveSync is provided. RAPI calls are allowed to process without restrictions.
2   Access to ActiveSync is restricted to the SECROLE_USER_AUTH (User Authenticated) role. RAPI calls are checked against this role mask before they are granted. ( default )

you can do this in several ways:

1) via the CeProcessConfig api ( or the RapiConfig.exe tool )

<wap-provisioningdoc>
    <characteristic type="SecurityPolicy">
        <parm name="4097" value="0"/>
    </characteristic>
</wap-provisioningdoc>

2) in the registry path HKLM\Security\Policies\Policies lookup the value for 00001001, and set it to 0

a summary of all policy settings can be found here: http://itsme.home.xs4all.nl/projects/xda/smartphone-policies.html

Willem Hengeveld
  • 2,758
  • 23
  • 19
  • First of all thank you very much for the answer!! I'm trying to close the access to programs like this: "Remote File Viewer". Does this programs using remote access via activesync? – janneob Feb 09 '12 at 14:26
  • yes it does, and everything else that needs the activesync state tray icon lit green. – Willem Hengeveld Feb 09 '12 at 15:16
  • I added the RDP to the Image and removed the remote display application from the Image, Now I can't see the device on the cerhost and I can't connect to the devise via the mstsc. Do you know how can I connect to the device? And I still can connect via remote file viewer even when I'm changing the 1001 registry value to 0. – janneob Feb 13 '12 at 08:28
  • the ce activesync handler is called repllog.exe, it is launched when some events specified in the mxip_notify.vol database trigger: AppRunAtRs232Detect, AppRunAfterRndisFnDetected or AppRunAfterTimeChange. you can also try to overwrite repllog.exe with a dummy or empty executable. – Willem Hengeveld Feb 13 '12 at 10:55
  • and, btw, the zeros before 1001 are important, so the correct keyname is "00001001" – Willem Hengeveld Feb 13 '12 at 10:59
  • and you have to reboot the device to get rid of any previously still running client for the remote fileviewer application. – Willem Hengeveld Feb 13 '12 at 11:19
  • Thank you for the answer, I found the needed registry and added to my question – janneob Feb 13 '12 at 14:16
  • that `HKLM\startup` key you mention is not one i have seen before, i think it is something specific to your device. normally the ConManClient2.exe binary is copied to your device by the cefileviewer application when it starts. – Willem Hengeveld Feb 13 '12 at 15:45
  • I saw this key in windows compact 7 book... I think you can do it in the both ways. – janneob Feb 13 '12 at 15:52