locked
Windows 10 TP Build 10162 - Password Policy doesn't apply to the device RRS feed

  • Question

  • I am sending commands to Windows 10 TP 10162, for setting password policy 

    <SyncML xmlns="SYNCML:SYNCML1.2">
    	<SyncHdr>
    		<VerDTD>1.2</VerDTD>
    		<VerProto>DM/1.2</VerProto>
    		<SessionID>35</SessionID>
    		<MsgID>2</MsgID>
    		<Target>
    			<LocURI>fc97334a-daf5-41c1-b470-31107956d9b2</LocURI>
    		</Target>
    		<Source>
    			<LocURI>https://dummyserver/microsoft/mdm</LocURI>
    		</Source>
    	</SyncHdr>
    	<SyncBody>
    		<Status>
    			<CmdID>230ee67c-d624-4c9a-9bea-287c5b5200be</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>0</CmdRef>
    			<Cmd>SyncHdr</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>b5c9b991-f6c3-428b-aad8-61873c985802</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>1</CmdRef>
    			<Cmd>Alert</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>c9fc0459-9505-4597-a7e7-9de2da43802b</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>4</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Replace>
    			<CmdID>a92a6cf1-b9c1-4f2b-9c9b-5996d1567ad4</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/AllowSimpleDevicePassword</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>0</Data>
    			</Item>
    		</Replace>
    		<Replace>
    			<CmdID>32cd31df-a05f-4815-b944-1585bf3b48e7</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordLength</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>6</Data>
    			</Item>
    		</Replace>
    		<Replace>
    			<CmdID>18607fcc-f359-4165-b754-bcae2898858a</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>1</Data>
    			</Item>
    		</Replace>
    		<Replace>
    			<CmdID>1a7aa454-d25e-48ae-8a21-81c0c3c41b1a</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/AlphanumericDevicePasswordRequired</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>1</Data>
    			</Item>
    		</Replace>
    		<Replace>
    			<CmdID>113746b7-14b6-4b16-927a-40bd9ce0bf2a</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordHistory</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>3</Data>
    			</Item>
    		</Replace>
    		<Replace>
    			<CmdID>dfb0d8bd-137f-4f7d-bd32-f62a41afbcd7</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/MaxDevicePasswordFailedAttempts</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>5</Data>
    			</Item>
    		</Replace>
    		<Replace>
    			<CmdID>bdf41c19-d3c9-4545-b16d-3f457443f291</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/MaxInactivityTimeDeviceLock</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>1</Data>
    			</Item>
    		</Replace>
    		<Replace>
    			<CmdID>6b49903e-11a3-4d11-86db-446db066d587</CmdID>
    			<Item>
    				<Target>
    					<LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/MinDevicePasswordComplexCharacters</LocURI>
    				</Target>
    				<Meta>
    					<Format xmlns="syncml:metinf">int</Format>
    				</Meta>
    				<Data>3</Data>
    			</Item>
    		</Replace>
    		<Final/>
    	</SyncBody>
    </SyncML>
    

    I am receiving 200 status code for all commands as follows,

    <SyncML xmlns="SYNCML:SYNCML1.2">
    	<SyncHdr>
    		<VerDTD>1.2</VerDTD>
    		<VerProto>DM/1.2</VerProto>
    		<SessionID>35</SessionID>
    		<MsgID>3</MsgID>
    		<Target>
    			<LocURI>https://dummyserver/microsoft/mdm</LocURI>
    		</Target>
    		<Source>
    			<LocURI>fc97334a-daf5-41c1-b470-31107956d9b2</LocURI>
    		</Source>
    	</SyncHdr>
    	<SyncBody>
    		<Status>
    			<CmdID>1</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>0</CmdRef>
    			<Cmd>SyncHdr</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>2</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>a92a6cf1-b9c1-4f2b-9c9b-5996d1567ad4</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>3</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>32cd31df-a05f-4815-b944-1585bf3b48e7</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>4</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>18607fcc-f359-4165-b754-bcae2898858a</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>5</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>1a7aa454-d25e-48ae-8a21-81c0c3c41b1a</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>6</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>113746b7-14b6-4b16-927a-40bd9ce0bf2a</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>7</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>dfb0d8bd-137f-4f7d-bd32-f62a41afbcd7</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>8</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>bdf41c19-d3c9-4545-b16d-3f457443f291</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Status>
    			<CmdID>9</CmdID>
    			<MsgRef>2</MsgRef>
    			<CmdRef>6b49903e-11a3-4d11-86db-446db066d587</CmdRef>
    			<Cmd>Replace</Cmd>
    			<Data>200</Data>
    		</Status>
    		<Final/>
    	</SyncBody>
    </SyncML>
    
    But this password policy has no effect on device. I tried sign out / sign in and restarting device. But it doesn't work.

    Monday, July 6, 2015 6:12 AM

All replies

  • Hi,

    Seems that you are not properly setting the password. The data inside DevicePasswordEnabled should be 0 and not 1 for it to be enabled on your device:

    <Replace>
     <CmdID>18607fcc-f359-4165-b754-bcae2898858a</CmdID>
     <Item>
      <Target>
       <LocURI>./Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled</LocURI>
      </Target>
      <Meta>
       <Format xmlns="syncml:metinf">int</Format>
      </Meta>
      <Data>1</Data>
     </Item>
    </Replace>

    From MSDN doc:

    DeviceLock/DevicePasswordEnabled

    Specifies whether device lock is enabled.

    Note  This policy must be wrapped in an Atomic command.
     

    The following list shows the supported values:

    • 0 (default) – Enabled
    • 1 – Disabled

    • Proposed as answer by Moonprince Friday, March 11, 2016 6:15 PM
    Friday, March 11, 2016 3:19 PM