Hello Raz,

In order to manage your devices efficiently, you would need to create Groups (collection of your devices) and policies to be applied. Link a group to a policy to manage all devices in that group. Hence you must start by creating a group out of these available types:

• Static – includes devices that you manually
  select. Membership changes only when you add a device to the group, or delete a
  device from the group or from Afaria.
• Dynamic – includes devices that are included in
  a device view, as defined in the Device page, when you click Select View on the
  left toolbar. Membership changes automatically based on changes to the results of
  the view.
• User – includes devices that are associated with
  users that are included in a user group, as defined by the Afaria server’s
  Windows users groups, LDAP groups, or NT domain groups. Device members may
  change as user group membership changes. Membership changes automatically based
  on changes to the selected.
• Composite – includes one or more Afaria groups.

Creating a Group (Dynamic):

• On the Group page, on the top toolbar, click New > Dynamic.
• Enter a group name and note.
• A list of device views from the Device page appears.
• In the selected view list, select the view to define the group (System views > Device Type > Windows in your case), and then click OK.
• The dynamic group includes the devices from the view you selected.
• Click Save.

Similarly, you could create other groups based on your requirements. Once you are done creating a group, create policies you would want to push on your devices. Creating a policy is as easy as:

• Application – manage applications for iOS and Android devices.
• Configuration – define device settings and options, and collect device inventory and device activity expense management data.
• Enrollment – enroll and provision devices that are assigned configuration policies so you can enforce security parameters and deploy and manage enterprise applications.
• Session – select channels for devices to run. Channels include scripted events and logic to perform tasks on the devices,
  such as file transfers and registry updates.

Create a policy for scheduling device connections, collecting inventory, and configuring device settings for Windows computers.

The policy includes multiple pages, such as Summary and Schedule. Complete them in any order. To save changes on all pages, click Save at the top of any page.

1. On the Policy page, on the top toolbar, click New > Configuration > Windows.
2. On the Summary page, enter the policy name.

You can specify duplicate policy names across tenants and within a tenant for all policy types. Changes made in the Afaria application to support duplicate policy names are compatible with Afaria 6.6 and Afaria 7 servers.

1. Enter or select the remaining properties.

• Note – add a description for the policy.

State – indicate published or unpublished. Connecting devices receive only published policies.

• Priority – set a user-defined value that Afaria uses to determine which configuration policy prevails when multiple policies define the same default settings. The lower the numeric value, the higher the priority.

• Authentication – require the server to verify the connecting user’s identity against your authentication authority before allowing the channel to run. This option is available only if you have authentication enabled on the server, as defined on the Server >Configuration > Security page.

• Inventory – select the inventory type to collect. You can view inventory information on the Device page's Device Inspector.

• None – no inventory collection.

• Hardware – scan collects data relating to the device's physical components, such as processors and memory cards.

• Hardware and Software – scan collects hardware data and data for installed software.

On the Schedule page, you can select, edit, create, or delete schedules to define a schedule’s basic type and time properties.

In the selected schedule click Retries to define the number of times the server should retry the scheduled task, if the task fails. The retry interval is the time to wait before the next retry attempt. Retry attempts cease if the scheduled task succeeds.

Enter the following details to create a new schedule:

• Schedule – a meaningful name for the schedule.

• Note – description of the scheduled task.

• Type – type of schedule:

• For “Daily” or “Weekly” type, select the days of the week.

• For “Monthly” type, select the months of the year.

• For “Once” type, select immediately for the earliest available day at specified time, or select a specified date/time schedule.

• Setting – change the start date, time, repeat, or retry preferences by changing the settings for each individually listed schedule.

• Rate – enter the start time and days for the schedule and indicate whether to run the schedule at start-up if the server was not running at the defined start time. The options displayed here are based on the schedule type selected.

• Range – indicate whether to run the schedule always or enter the starting and the ending date range for the schedule.

• Repeat – enter the parameters for repeating the scheduled task. You can repeat until a certain time or day or for certain duration.

• Randomize – enter the parameters for randomizing the start time for the scheduled task.

Creating a Session Policy:

Create a policy for running session channels on Android, BlackBerry, Windows Mobile, or Windows devices.The policy includes multiple pages. Clicking the Save button at the top of any page saves all pages.

1. On the Policy page, on the top toolbar, click New > Session.
2. On the Summary page, enter the policy name, note, and remaining properties, except the default
   channel.

• State – click to indicate published or unpublished. Connecting devices receive only published policies.
• OS – click to select the target device type.
• Priority – set a user-defined value that Afaria uses to determine which configuration policy prevails when multiple policies define the same default settings. The lower the numeric value, the higher the priority. A high priority prevails over a lower priority.
• Authentication – select to require the server to verify the connecting user's identity against your authentication authority before allowing the policy to run. This option is available only if you have authentication enabled on the server, as defined on the Server > Configuration > Security page.

1. On the Channels page, click Select Channel to add channels to the list of channels that a device is
   allowed to request.
2. (Optional) Return to the general page and select a default channel from the list of allowed channels.

The connecting device requests the default channel during every connection.

For the purpose of sending files to your client, you would need a channel created and associated to a session policy which should be linked to your Group or alternatively, you may bind your channel to your enrollment policy to send the file while enrollment.

Enrollment Policy > General > Channel > Setup

Creating A Channel:

You may create channel through ‘Channel Administrator’ present in Start Menu option or in Afaria folder.

• File > New Channel > Session Manager channel.
• Give an appropriate name and a description to your channel.
• Select ‘All Windows Clients’ as your client type and click ‘Finish’ button.

You would then see a new window ‘Work Object Editor’, wherein you may create a worklist or a sendlist object for your channel by right-clicking on the channel name.

Give a name to your worklist/sendlist object, for ex: “Deploy File”.

You will now see the events in right-side panel like: Make Directory, Send File To Client, etc.

Double-click on the event you want to add and fill in the required details. For Ex:

Source & Target File in case of ‘Send File To Client’. You may also use session variables to get the value of Target file on run-time.

Click Save and then close ‘Work Object Editor’.

Publish this channel by selecting the channel and clicking on the ‘Green Dot’ in the Channel Administrator toolbar.

When this channel is run your file should be deployed to Windows client.

I shall get back to you about 'Access Control' & 'Password Policy' for Windows. Do let me know if this helps. Thank you!

Hello,

You should be using 'Security Manager Channel Editor' to define password policies and configure encryption capabilities. What version of Afaria are you using?

Raz,

Not sure about Windows device but as far as Windows Professional or Standard devices are concerned, you could create a configuration policy for password & encryption settings. Under Security tab, you would find options to set password policy & encryption. Steps are:

1. On the Policy page, on the top toolbar, click New > Configuration > Windows Mobile Professional  or New > Configuration > Windows Mobile Standard.

2. On the Security page, click Add.

3. Select the Install or Uninstall mode.

4. Click Delete at the top of the page to delete the Security Policy.

Password tab:

• Set the minimum length, change rate, disallow previous passwords.

• Power-on Enforcement – enforces password use at the device. Data Security Manager offers flexible password criteria so that you can define a device password that meets your enterprise’s password strength requirements.

• Initial password – establishes an initial value for the user password if a device password or Data Security Manager password does not already exist. This value does not override an existing user password. You must communicate this password to the user.

• Administrator password – implements an administrator password on the device.

You can use the administrator password to access the user interface at any time, including when the device enters a lock downstate with the user password disabled.

Note:

The initial user password can be the same as the administrator password.

• Sample password – allows you to validate test password against defined password rules.

• Setting – select from the Available list of Format Rules.

Encryption tab:

• Allow minutes idle before password prompt – defines a time period of inactivity that must expire before Data Security Manager requires a password again.

• Allow minutes idle before power off for Windows Mobile 5 pre-AKU 2.x – defines whether to lock and turn off the device after a defined period of inactivity, rather than waiting for the user to manually lock the device. The time period you define begins after the last user interaction, plus any time period you define for the “Allow… before password prompt” data element.

• Click on the State for Data to Encrypt on the Inbox, Notes, or PIM (Calendar, Contacts, Tasks).

• Additional files to encrypt – identifies the additional data items you selected for encryption. Click Add, and click Not Included to include sub folders and click the Save icon.

• Allow the user to select additional files for encryption – defines whether the user is allowed to use the Data Security Manager interface to select additional device data items for encryption.