Indicates whether applications stored on a storage card are allowed to auto-run when inserted into the device.

Restricts the access of remote applications that are using Remote API (RAPI) to implement ActiveSync operations on Windows Mobile powered devices.

Indicates whether unsigned .cab files can be installed on the device.

Indicates whether unsigned applications are allowed to run on Windows Mobile powered devices.

Indicates whether theme files can be installed on the device.

Indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) role.

Specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.

Indicates whether a WAP signed message is accepted based on whether the role assigned to the message matches any of the roles specified in the policy setting. All messages are assigned role masks based on its security level and origin. The result of AND combination of the message role mask with the policy role mask determines how the message is processed. If the result is non-zero, the message is accepted.

Deprecated - Use OmaCPNetworkPINMessage and OmaCPUserPINMessage policies

Indicates whether SL messages are accepted. An SL message downloads new services or provisioning XML to the Windows Mobile powered device.

Indicates whether SI messages are accepted. An SI message is sent to Windows Mobile 6 Standard to notify users of new services, service updates, and provisioning services.

Indicates whether to accept unsigned WAP messages processed by the default security provider in the Security Module (Push Router), based on their origin.

Specifies which provisioning messages are accepted by the configuration host based on the roles assigned to the messages.

Indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.

Grants the system administrative privileges held by SECROLE_MANAGER to other security roles, without modifying metabase role assignments.

Grants privileges held by SECROLE_USER_AUTH to other security roles without modifying metabase role assignments.

This setting specifies the level of permissions required to create, modify, or delete a trusted proxy. WAP proxies are configured by means of the PXLOGICAL characteristic element in a WAP provisioning XML document. A WAP proxy is trusted when the TRUST parameter is specified in the PXLOGICAL characteristic element.

This setting indicates whether a user is prompted to accept or reject unsigned .cab, theme, .dll and .exe files.

Specifies which security model is implemented on the device.

Allows the operator to override https to use http or wsps to use wsp.

Determines whether software certificates can be used to sign outgoing messages. You can use this security policy with a tool that you create to allow people to import certificates.

Specifies which DRM rights messages are accepted by the DRM engine based on the role assigned to the message.

Indicates whether a password must be configured on the device.

Used when the over the air (OTA) OMA Client Provisioning message is signed with only a network personal identification number (PIN). Indicates whether or not to prompt the user to accept device setting changes.

Specifies if the user is allowed to change mobile encryption settings for the removable storage media.

Specifies if a Bluetooth enabled device allows other devices to perform a search on the device.

Specifies whether message transports will allow HTML messages.

Specifies whether the Inbox application will send all messaged signed.

Specifies whether the Inbox application will send all messages encrypted.

Specifies which algorithm to use to sign a message.

Specifies which algorithm to use to encrypt a message.

Determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Specifies whether the Inbox application can negotiate the encryption algorithm in case a recipient's certificate does not support the specified encryption algorithm.

Enables or disables Outlook Mobile SharePoint or UNC access through ActiveSync protocol to get documents.

Specifies how device authentication is handled when connecting to the desktop.

Determines whether one or more bit fields are set in the current instance.