Script Commands for Android Enterprise: Managed Devices

Use the options and examples below to help you create your own powerful script commands.

Note: Not all script commands are compatible with all devices within a platform. Limitations are noted in the table entries.
Tip: You can also use JavaScript to create and send scripts to your Android Plus devices. See Android Plus JavaScript Scripts for details.

Legend

Format Meaning
text Enter the command exactly as shown.
text Replace with the requested information.
[text] Information contained within square brackets is optional to the command.
text|text Choose one of the options separated by the vertical pipe.

Commands

Command Syntax
_adminmode

Enables or disables the administrator mode on a device in lockdown mode.

_adminmode on|off
afw_prevent_uninstall

Prevents the device user from uninstalling an application that was installed using packages.

afw_prevent_uninstall bundleID enable|disable

Where bundleID is the bundle id of the application whose uninstallation you want to prevent.

Example

To prevent the device user from uninstalling the Google Photos app:

afw_prevent_uninstall com.google.android.apps.photos enable

com.google.android.apps.photos
afw_set_permission_grant_state

Grants specified permissions to specified applications. You cannot grant special permissions such as Draw Over or Usage Access, to third party applications.

afw_set_permission_grant_state packageName allow|deny
afw_set_permission_policy

Sets the default response for future runtime permission requests by the SOTI MobiControl device agent.

afw_set_permission_policy prompt|grant|deny|clear

Where

  • prompt prompts the device user for all permissions
  • grant automatically grants all permissions that an application requires
  • deny automatically denies all permissions that an application requires
  • clear resets the policy to the agent define default state
afw_set_preferred_keyboard

Specifies a preferred keyboard for use.

Minimum device agent version: 15.1.5

Android OS: OS6 and above

Note: Setting the keyboard via this script will not prevent the user from changing the keyboard later.
afw_set_preferred_keyboard<pkg_name>

Where <pkg_name> is the font package containing the keyboard.

Example

afw_set_preferred_keyboard com.fontskeyboard.fonts

afw_work_profile

Enables or disables the Android Enterprise work profile.

afw_work_profile enable|disable
agent_mode

Retrieves the current agent mode (user or administrator) of a device with lockdown mode applied and displays it in the Logs section of the Device Information panel.

agent_mode
app_upgrade disable <package-list>

Allows the administrator to disable automatic Android Enterprise agent updates to latest versions from the Google Play Store, remotely on Android devices through MobiControl. Each execution of the script will append to the list of apps for which scripts have been sent.

<package-list> indicates that a comma separated list of application bundle ids in a single command can also be entered.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

app_upgrade disable <package-list>

Example

app_upgrade disable com.businessapp,com.web.browsername

Note: <package-list> can be skipped for Samsung devices. Samsung does not remove specific packages from upgrade blacklist. It clears the complete list.
app_upgrade enable <package-list>

Allows the administrator to enable automatic Android Enterprise agent updates to latest versions from the Google Play Store, remotely on Android devices through MobiControl. Each execution of the script will append to the list of apps for which scripts have been sent.

<package-list> indicates that a comma separated list of application bundle ids in a single command can also be entered.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

app_upgrade enable <package-list>

Example

app_upgrade enable com.businessapp,com.web.browsername

Note: <package-list> can be skipped for Samsung devices. Samsung does not remove specific packages from upgrade blacklist. It clears the complete list.
certdelete

Deletes a certificate on the device.

Note: You can only use certdelete to remove certificates that were installed by SOTI MobiControl unless the device has a Samsung ELM agent installed, in which case certdelete will remove any specified certificates.
certdelete -issuer "IssuerName" -sn "SerialNumber" -storage "storage"

Where

  • IssuerName is the common name of the certificate issuer
  • SerialNumber is the serial number of the certificate
  • storage is the type of storage into which to import the certificate

Example

To delete a certificate issued by apache.org:

certdelete -issuer "*.apache.org" -sn 00A03DB42A7841AFF5

connect

Prompts the device agent to attempt to connect to the deployment server.

connect [-f]

Where -f forces the device agent to connect regardless of configuration or setup settings.

Example

To connect to the deployment server regardless of configuration or setup settings:

connect -f

devrename

Renames a device.

devrename newDeviceName

If the name contains spaces, use quotation marks

Example

To change the name of a device to Apricot Candy:

devrename "Apricot Candy"

disconnect

Disconnects the device from the SOTI MobiControl deployment server.

disconnect
disable_mac_randomization

Provides the administrator the ability to manage disable/enable Wi-Fi MAC Randomization or ability to restrict it to Use device MAC or Random

Minimum device agent version: 15.1.5

Android OS: 11 and later

OEMs supported: Zebra

disable_mac_randomization [0 | 1]

Example

To enable MAC randomization:

disable_mac_randomization 0

To disable MAC randomization:

disable_mac_randomization 1

_efota _efota enroll|upgrade corpID targetVersion where corpID is the customer ID and targetVersion is the Samsung firmware version.
elm_awaken

Adds or removes the Samsung ELM agent to/from Android Doze Mode whitelist, enabling the agent to circumvent battery optimizations that limit connectivity between the agent and the deployment server.

Available on Samsung devices running Android 6.0 or later and Knox Standard SDK 5.7 or later.

elm_awaken 0|1

Example

To add ELM agent to whitelist:

elm_awaken 1

To remove ELM agent from whitelist:

elm_awaken 0

enable_system_app

Allows a system application on the device to be used in the Android Enterprise container.

Note: Only applications that are included in the device's firmware can be used in this command.
enable_system_app appBundleID

Example

To add Google Chrome to the Android Enterprise container:

enable_system_app com.android.chrome

ftp

Copies a file or directory from an ftp server to a device.

ftp [wget] [-o,-r] source destination

Where

  • wget copies a file from an ftp server to a local storage or sd card on the device
  • -o specifies to override existing files
  • -r specifies to recursively read all files under each folder

Example

To copy a file from ftp to local storage on the device:

ftp wget -o -r ftp://user:123@server/folder /storage/emulated/0/Download

httpget

Downloads files using the HTTP protocol.

httpget URL localPath
identify_activity

Identifies the current top activity on the device.

identify_activity
install

Installs an application on the device.

install appInstallerPath

Where appInstallerPath is the full path to the application installer file on the device

Example

To install the Gmail app located on an sd card:

install /sdcard/Download/Gmail.apk

install_system_update
Installs a system update from the specified file. This command is supported for the following OEMs:
  • Getac
  • Pointmobile
  • Zebra
  • Chainway
Note: This command cannot be used on encrypted devices. Use the sendintent command instead.
install_system_update filename

Example

To install a system update from a file on an SD card:

install_system_update /sdcard/Download/et1.zip

Note: If /sdcard/Download does not work, use /storage/sdcard0/Download instead, as in:

install_system_update /storage/sdcard0/Download/et1.zip

import_contacts_vcf

This feature allows the administrator to add Collation/Unicode in import_contacts_vcf scripts so that the proper character format of the .vcf file is maintained when you import it.

Minimum Agent: 15.2.4

Limitations/Constraints/Pre-requisites: This is generic implementation, there is no OS or OEM limitation

import_contacts_vcf <filePath> 1/0 <charsetName>

Where:

  • 0 = Add contacts to existing contacts
  • 1 = Replace existing contacts with the new contacts of the .vcf file
  • charsetName = Character encoding in the .vcf file

Example

import_contacts_vcf "/storage/ contacts.vcf" 1 UTF-8

lock

Turns the device screen off and locks device until device user enters the correct password.

lock
log

Sends a customs message to the SOTI MobiControl deployment server from the device. This message appears in the Logs tab of the Device Information panel in the SOTI MobiControl console.

log type message

Where type is the type of the associated message and the options are:

  • -e for Error
  • -w for Warning
  • -i for Information

Example

To send a notification to the SOTI MobiControl console at certain intervals during a software push:

Note: Put the command in the pre-install script

log -i "Starting Software Push"

mxconfig

Submits XML configuration instructions to the MX layer of the device.

Note: This script command is only applicable on Zebra Android devices. mxconfig uses the StageNow XML format (MXMS)
mxconfig xmlFilepath

Example

mxconfig /sdcard/Download/test.xml

notify kiosk

Enables or disables lockdown mode on the device.

notify kiosk on | off
read_activities

Lists all the activities of an application package.

read_activities packageName
request_appops_permission

Sends a request to the device prompting the device user to grant the specified permissions.

request_appops_permission permissionName where the permissionName can be one of:
  • SYSTEM_ALERT_WINDOW requests the Draw Over permission. Requires an Android Classic or Enterprise agent of 13.5.2 or later
  • PACKAGE_USAGE_STATS requests the Usage Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later
  • BIND_NOTIFICATION_LISTENER_SERVICE requests the Notification Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later.
  • WRITE_SETTINGS requests the Modify System Settings permission. Requires an Android Classic or Enterprise agent of 13.7.0 or later

Where possible, the permissions are granted silently.

request_bug_report

Requests permission from the device user to send bug reports back to SOTI MobiControl.

request_bug_report
request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>
Note: This command is supported in Android Enterprise Work Managed, Android Classic, and external agent (i.e. COPE Work Managed)
insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>
Note: This command is supported in internal agent (i.e. COPE Work Profile).

Enables the ability to silently allow any third-party application (this applies to the SOTI MobiControl agent as well) to display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

Example:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>
Note: This command is supported in Android Enterprise Work Managed, Android Classic, and external agent (i.e. COPE Work Managed)
insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>
Note: This command is supported in internal agent (i.e. COPE Work Profile).

Disables the ability to silently allow any third-party application (this applies to the SOTI MobiControl agent as well) to display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

Examples:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

reset

Performs a soft or hard reset of the device.

reset [/s | /H | /W | /E] [/delaysec]

Where

  • /s is the default option and soft resets the device. Any desktop remote control sessions will also be terminated.
  • /H is used to hard reset a device running on the Windows Pocket PC or Windows CE platforms. It clears any data stored in the volatile memory. On Windows Mobile 5.0 and later devices this is equivalent to a soft reset. The real-time clock may also reset depending on the device make and model.
  • /W is used to wipe data stored on the device and reset the device to factory default settings.
    Note: The wipe command is only supported on the Windows Mobile 5 operating system with AKU2 or later and newer versions of Windows Mobile.
  • /E is used to wipe data stored on the device and its external storage as well as reset the device to factory default settings.
  • /P is used to bypass factory reset protection. It is only supported on Android Enterprise Work Managed devices.

On Android Plus devices it is possible to specify a /delay parameter (in seconds): reset /s /delay 10

If /delay parameter is not defined, the default value is 5 seconds

Example

To soft reset a device:

reset /s

To reset an Android Plus device to its factory settings in 30 seconds:

reset /E /delay 30

_resetfailedrcdetectionflag

Resets the remote control detection attempt counter.

_resetfailedrcdetectionflag
resetwifiproxy

Clears proxy configuration settings for the specified SSID (which should exist on the device before sending the command).

Note: Supported on devices running Android 4.0 or later.
resetwifiproxy ssid

Example

To reset a proxy configuration for SSID 105:

resetwifiproxy 105

restartagent

Restarts the device agent.

restartagent

As of Android agent v14.3.1, the agent waits until it's idle before it restarts (generally less than 10 seconds). Add --immediately if you want to restart the agent as soon as the script is received. Earlier versions of the agent restart immediately.

sendinfo net.soti.action.hub ENABLESCREENCAPTURE

Controls whether device users can take screen captures within the SOTI Hub app.

Note: If screen capture is disabled, you may see a blank screen if you remote control a device and then open a file in SOTI Hub.
sendinfo net.soti.action.hub ENABLESCREENCAPTURE 0 | 1

Where

  • 0 blocks screen captures
  • 1 allows screen captures

Example

To block device user from taking screenshots within the SOTI Hub app:

sendinfo net.soti.action.surf ENABLESCREENCAPTURE 0

sendinfo net.soti.action.surf BROWSERZOOMLEVEL

Sets the zoom level in the SOTI Surf app.

sendinfo net.soti.action.surf BROWSERZOOMLEVEL value

Where value is a percentage that represents the level of zoom.

Example

To set the zoom level of the SOTI Surf app to 400%:

sendinfo net.soti.action.surf BROWSERZOOMLEVEL 400

sendinfo net.soti.action.surf DISABLEBROWSERZOOMGESTURE

Controls whether device users can use gestures (like pinch to zoom) to magnify web pages opened in the SOTI Surf app.

sendinfo net.soti.action.surf DISABLEBROWSERZOOMGESTURE 0|1

Where

  • 0 enables zoom gestures
  • 1 disables zoom gestures

Example

To disable zoom gestures in the SOTI Surf app:

sendinfo net.soti.action.surf DISABLEBROWSERZOOMGESTURE 1

sendinfo net.soti.action.surf DISABLEMEDIAAUTOPLAY

Turns on or off media auto-play and controls SOTI Surf access to the device camera.

sendinfo net.soti.action.surf DISABLEMEDIAAUTOPLAY 0 | 1

Where 0 turns on media auto-play and 1 turns off media auto-play.

Example

To turn on media auto-play and grant SOTI Surf access to the device camera:

sendinfo net.soti.action.surf DISABLEMEDIAAUTOPLAY 0

sendinfo net.soti.action.surf DISABLEPULLTOREFRESH

Controls whether device users can swipe downwards on their screen to refresh the current webpage in the SOTI Surf app.

sendinfo net.soti.action.surf DISABLEPULLTOREFRESH 0|1

Where

  • 0 enables pull to refresh
  • 1 disables pull to refresh

Example

To disable the pull to refresh gesture in the SOTI Surf app:

sendinfo net.soti.action.surf DISABLEPULLTOREFRESH 1

sendinfo net.soti.action.surf ENABLETHIRDPARTYCOOKIES

Controls whether cookies from third-party domains (that is, domains beyond the site the user is currently visiting) are blocked on SOTI Surf.

sendinfo net.soti.action.surf ENABLETHIRDPARTYCOOKIES 0|1

Where

  • 0 blocks third-party cookies
  • 1 allows third-party cookies

Example

To allow third-party cookies in the SOTI Surf app:

sendinfo net.soti.action.surf ENABLETHIRDPARTYCOOKIES 1

sendreport

Sends a debug report from the device agent to the SOTI ftp server.

sendreport
set_system_update_policy

Configures the system update policy for Android devices with work feature enabled.

Note: Supported on Android Enterprise Managed Devices running Android 6.0 or later with an agent of 13.8.x or earlier.

Devices with later agents (13.9.0+) should use either writeprivateprofstring (see The writeprivateprofstring Command for an example) or the System Update Policy profile configuration instead.

set_system_update_policy policy type [startTime] [endTime]

Where

  • policy type specifies the behavior of the update policy with the following options:
    • 0 is the default option and represents the platform's default behavior
    • 1 is Automatic. The system update installs automatically as soon as an update is available
    • 2 is Windowed. The system update is only installed automatically when the system clock is inside a daily maintenance window. If the update is not installed within 30 days, the system reverts to the default policy.
    • 3 is Postpone. The system update is postponed for 30 days. After 30 days, the system reverts to the default policy.
      Note: Rebooting the device can remove the script and unblock the system update.
  • startTime is the start of the maintenance window. Only applicable on the Windowed policy type. Time
  • endTime is the end of the maintenance window. Only applicable on the Windowed policy type.
Note: For the Windowed policy, time parameters are measured as the number of minutes from midnight in the device's local time. They range from 0-1440.

If the start and end times are the same, the window includes the whole 24 hours, that is, updates can install at any time. If the start time is later than the end time, the window spans midnight.

Example

To set the system update policy as default:

set_system_update_policy 0

To set the system update policy as windowed with the maintenance window set to occur from 11 pm to 3 am:

set_system_update_policy 2 1380 180

set_configurable_kiosk_splash

This feature allows the administrator to suppress or change the SOTI agent logo while in kiosk mode.

Minimum Agent: 15.2.4, same as lockdown

Plugin Versions: Not required

Devices supported: Android Classic and Android Enterprise DO

Android OS: same as lockdown

set_configurable_kiosk_splash <0,1> <file path>

set_configurable_kiosk_splash <0,1>

Where:

  • 0 = Display SOTI MobiControl logo as it is.
  • 1 = Disable SOTI MobiControl logo and show nothing.
  • file path = the file path to fetch the desired logo

Examples

set_configurable_kiosk_splash 1

set_configurable_kiosk_splash 1 /storage/ image.png

Note: The script will fail if you do not supply an argument.
setwifipacurl

Sets WiFi proxy settings using a provided PAC file. The access point ID should exist on the device before sending this command.

Note: Supported on devices running Android 4.0.
setwifipacurl ssid PACfileURL

Example

To set up a WiFi proxy using a PAC file:

setwifipacurl 105 https://website.com/proxy.pac

setwifiproxy

Sets WiFi proxy settings using a provided host and port for the specified SSID. The access point ID should exist on the device before sending this command.

Note: Supported on devices running Android 4.0.
setwifiproxy ssid host port

Example

To set up a WiFi proxy:

setwifiproxy 105 192.168.2.127 8080

showmessagebox

Displays a message box on the device screen.

Note: The Android Plus agent has the following limitations:
  • It does not support a complex showmessagebox that contains more than one command
  • It cannot return the user response
  • It does not support "if" and related keywords
showmessagebox message [timer] [type] [default button] [action]

Where

  • message is the message displayed in the message box. Use quotation marks (" ") if there are spaces in the message.
  • [timer] is the number of seconds until the message box disappears automatically. If you omit a timer value or add the keyword NO_TIMER, the message box will persist until the device user dismisses it.
  • [type] is type of of message box. Options are:
    • 1 displays an information window with an OK button
    • 2 displays a question window with Yes and No buttons
    • 3 displays a warning window with an OK button
    • 4 displays a question window with OK and Cancel buttons
    • 5 displays an error window with an OK button
  • [default button] sets the default buttons for message box types 2 (YES | NO) or 4 (OK | CANCEL)
  • NOTIFY_DEVICE notifies the device user of the message, depending on the notification settings applied to the device. That is, devices set to ring, will ring, set to vibrate, will vibrate, and muted devices will have no notification. Only supported on Android Plus devices with agents 14.0.0 or later.

The return values for the showmessagebox are stored in a global variable, ShowMessageBoxReturn This variable can be used in scripts as %ShowMessageBoxReturn% to execute actions based on user response. Possible return values are IDYES, IDNO, IDOK, IDCANCEL. The value for this global variable does not change if the type is not 2 or 4.

Example

To show a simple message:

showmessagebox "This is a test message"

To provide device information using a macro:

showmessagebox "Your device's IP address is %IP%"

To set a 3 second timer to your message:

showmessagebox "This is a test message with a 3 second timer" 3

To add YES and NO buttons to your message box with no timer

showmessagebox "This is a test message with Yes/No button and no timer" NO_TIMER 2

To provide followup actions to a user response to message box:

showmessagebox "Abort the operation?" NO_TIMER 2 YES
if %ShowMessageBoxReturn% == IDYES goto Exit
sleep

Initiates sleep mode on the device for a set period. Only use this command in scripts.

sleep [length]

Where length is in seconds

Example

To set the device to sleep for 5 seconds:

sleep 5

sleepex

Initiates sleep mode on the device for a set period. Only use this command in scripts.

sleep [length]

Where length is in milliseconds

Example

To set the device to sleep for 3.5 seconds:

sleep 3500

turnoff

Turns off the device.

Note: Script to turn off device works only for Lenovo managed devices with an activated license.
turnoff [delay]

Where delay is a time in seconds.

Example

To turn off the device:

turnoff

To turn off the device in 25 seconds:

turnoff 25

uninstall

Removes the specified program from the device.

uninstall program [force]

Where

  • program is the program ID for the program you want to uninstall
  • force forces uninstallation of the program, even if it is a system application

Example

To remove the program Google Maps:

uninstall com.google.maps

unlock

Unlocks the device and dismisses the password lock screen.

unlock
wifiapenable

Enables or disables WiFi mobile access point.

Note: Supported on devices running Android 4.0 to 8.0.
wifiapenable 0|1

Where 0 disables WiFi and 1 enables WiFi

Example

To disable WiFi:

wifiapenable 0

wipeapplication

Wipes application data for the specified application from the device.

wipeapplication packageName
writeprivateprofstring

Saves or deletes specified settings on a device.

See The writeprivateprofstring Command for more information.