;;;;;;;;;;;;;;;;;;;;;;;;
; About policies.ini   ;
;;;;;;;;;;;;;;;;;;;;;;;;

; Z-Push policies' file holds the configuration to be applied
; during the provisioning of a mobile device.
; Check Z-Push wiki page regarding the provisioning policies:
; https://wiki.z-hub.io/x/eYAa
; For more information see the ActiveSync documentation at:
; https://msdn.microsoft.com/en-us/library/dd299443.aspx


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; The default ActiveSync policy. Do not change its name.
[default]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Policies for ActiveSync version 12.0 and higher
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Specifies if a device requires a password to unlock it.
; 0 - Password not required.
; 1 - Password is required.
devpwenabled = 0

; Specifies if a device requires an alphanumeric password to unlock it.
; 0 - Alphanumeric password not required.
; 1 - Alphanumeric password required.
alphanumpwreq = 0

; Deprecated. Specifies if the device encrypts the content of the storage card.
; 0 - Storage card encryption not enabled.
; 1 - Storage card encryption enabled.
devencenabled = 0

; Specifies if the server supports storing a recovery password which could be
; sent by the client using the Settings command.
; This policy is currently not supported by Z-Push.
; 0 - Password recovery not enabled on the server.
; 1 - Password recovery enabled on the server.
; pwrecoveryenabled = 0

; Deprecated.
docbrowseenabled =

; Specifies if email attachments are enabled for download.
; 0 - Attachments not allowed for download.
; 1 - Attachments allowed for download.
attenabled = 1

; Specifies the minimum client password length to unlock it.
; The mindevpwlenngth can be empty or have a value between 1 and 16.
; If the value is empty or 1, there is no minimum length for the device password.
mindevpwlenngth = 4

; The maximum number of seconds of inactivity before the device locks itself.
; If this value is greater than or equal to 9999, the client interprets it as unlimited.
maxinacttimedevlock = 900

; The maximum number of failed password attempts to unlock the device.
; The client SHOULD perform a local wipe or enter a timed lock out mode if the maximum
; number of failed password attempts is reached.
; The maxdevpwfailedattempts can be empty or have a value between 4 and 16.
; If the value is empty, the client interprets this as no maximum number of
; failed password attempts has been set by the security policy.
maxdevpwfailedattempts = 8

; The maximum attachment size in bytes as determined by security policy.
maxattsize = ''

; Specifies if the device allows simple passwords. A simple password contains
; repeated ("0000") or sequential ("xyz") characters only.
allowsimpledevpw = 1

; The maximum number of days until a password expires.
; Empty or 0 devpwexpiration value indicates that the password will not expire.
devpwexpiration = 0

; The minimum number of previously used passwords stored to prevent reuse by the device.
; 0 - Do not store previously used passwords.
; >0 - Store the minimum number of previously used passwords.
devpwhistory = 0

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Policies for ActiveSync version 12.1 and higher
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; The device allows to use a storage card.
; 0 - SD card not allowed.
; 1 - SD card allowed.
allowstoragecard = 1

; The device allows to use the built-in camera.
; 0 - Usage of the built-in camera not allowed.
; 1 - Usage of built-in the camera allowed.
allowcam = 1

; Specifies if the client uses encryption.
; 0 - Encryption not required.
; 1 - Encryption required.
reqdevenc = 0

; Specifies if the device allows unsigned applications to execute.
; 0 - Unsigned applications not allowed to execute.
; 1 - Unsigned applications allowed to execute.
allowunsignedapps = 1

; The required complexity level of the device password.
; Valid values for mindevcomplexchars are between 1 and 4. The value specifies
; the number of character groups to be contained in the password.
; The character groups are:
; - Lower case alphabetical characters
; - Upper case alphabetical characters
; - Numbers
; - Non-alphanumeric characters
; For example, if the value of mindevcomplexchars is 2, a password may contain
; lower case and upper case characters. A password with numbers and non-alphanumeric
; characters would be also valid.
mindevcomplexchars = 3

; The device allows the use of Wi-Fi connections.
; 0 - The use of Wi-Fi connections not allowed.
; 1 - The use of Wi-Fi connections allowed.
allowwifi = 1

; The device allows the use of SMS or text messaging.
; 0 - SMS or text messaging not allowed.
; 1 - SMS or text messaging allowed.
allowtextmessaging = 1

; The device allows access to POP or IMAP email.
; 0 - POP or IMAP email access not allowed.
; 1 - POP or IMAP email access allowed.
allowpopimapemail = 1

; The use of Bluetooth on the device.
; 0 - Disable Bluetooth.
; 1 - Disable Bluetooth, but allow the configuration of hands-free profiles.
; 2 - Allow Bluetooth.
allowbluetooth = 2

; The device allows the use of IrDA (infrared) connections.
; 0 - Disable IrDA.
; 1 - Allow IrDA.
allowirda = 1

; The device requires manual synchronization when the device is roaming.
; 0 - Do not require manual sync; allow direct push when roaming.
; 1 - Require manual sync when roaming.
reqmansyncroam = 0

; The maximum number of calendar days that can be synchronized.
; 0 - All days
; 4 - 2 weeks
; 5 - 1 month
; 6 - 3 months
; 7 - 6 months
maxcalagefilter = 0

; Specifies if the client uses HTML-formatted email.
; 0 - HTML-formatted email not allowed.
; 1 - HTML-formatted email allowed.
allowhtmlemail = 1

; The email age limit for synchronization.
; 0 - Sync all
; 1 - 1 day
; 2 - 3 days
; 3 - 1 week
; 4 - 2 weeks
; 5 - 1 month
maxemailagefilter = 0

; The maximum truncation size for plain text–formatted email.
; -1 - No truncation.
; 0 - Truncate only the header.
; >0 - Truncate the email body to the specified size.
maxemailbodytruncsize = -1

; The maximum truncation size for HTML-formatted email.
; -1 - No truncation.
; 0 - Truncate only the header.
; >0 - Truncate the email body to the specified size.
maxemailhtmlbodytruncsize = -1

; Specifies if the client sends signed S/MIME messages.
; 0 - Signed S/MIME messages not required.
; 1 - Signed S/MIME messages required.
reqsignedsmimemessages = 0

; Specifies if the client sends encrypted email messages.
; 0 - Encrypted email messages not required.
; 1 - Email messages required to be encrypted.
reqencsmimemessages = 0

; The algorithm used to sign S/MIME messages.
; 0 - Use SHA1.
; 1 - Use MD5.
reqsignedsmimealgorithm = 0

; The algorithm used to encrypt S/MIME messages.
; 0 - TripleDES algorithm
; 1 - DES algorithm
; 2 - RC2128bit
; 3 - RC264bit
; 4 - RC240bit
reqencsmimealgorithm = 0

; Controls negotiation of the encryption algorithm.
; 0 - Do not negotiate.
; 1 - Negotiate a strong algorithm.
; 2 - Negotiate any algorithm.
allowsmimeencalgneg = 2

; Specifies if the client can use soft certificates to sign outgoing messages.
; 0 - Soft certificates are not allowed.
; 1 - Soft certificates are allowed.
allowsmimesoftcerts = 1

; Specifies if the device allows the use of a web browser.
; 0 - Do not allow the use of a web browser.
; 1 - Allow the use of a web browser.
allowbrowser = 1

; Specifies if the device allows the user to configure a personal email account.
; 0 - Do not allow the user to configure a personal email account.
; 1 - Allow the user to configure a personal email account.
allowconsumeremail = 1

; Specifies if the device allows the use of Internet Sharing.
; 0 - Do not allow the use of Internet Sharing.
; 1 - Allow the use of Internet Sharing.
allowinternetsharing = 1