Script Commands for Android Enterprise: Devices with Work Profiles

Use the options and examples below to help you create your own powerful script commands.

Note: Not all script commands are compatible with all devices within a platform. Limitations are noted in the table entries.
Tip: You can also use JavaScript to create and send scripts to your Android Plus devices. See Android Plus JavaScript Scripts for details.

Legend

Format Meaning
text Enter the command exactly as shown.
text Replace with the requested information.
[text] Information contained within square brackets is optional to the command.
text|text Choose one of the options separated by the vertical pipe.

Commands

Command Syntax
_adminmode

Enables or disables the administrator mode on a device in lockdown mode.

_adminmode on|off
afw_prevent_uninstall

Prevents the device user from uninstalling an application that was installed using packages.

afw_prevent_uninstall bundleID enable|disable

Where bundleID is the bundle id of the application whose uninstallation you want to prevent.

Example

To prevent the device user from uninstalling the Google Photos app:

afw_prevent_uninstall com.google.android.apps.photos enable

com.google.android.apps.photos
afw_set_permission_grant_state

Grants specified permissions to specified applications. You cannot grant special permissions such as Draw Over or Usage Access, to third party applications.

For a full list of all the permissions available and what API level they are implemented in by Google, see https://developer.android.com/reference/android/Manifest.permission

afw_set_permission_grant_state packageName disable|enable
afw_set_permission_policy

Sets the default response for future runtime permission requests by the SOTI MobiControl device agent.

afw_set_permission_policy prompt|grant|deny|clear

Where

  • prompt prompts the device user for all permissions
  • grant automatically grants all permissions that an application requires
  • deny automatically denies all permissions that an application requires
  • clear resets the policy to the agent define default state
afw_set_preferred_keyboard

Specifies a preferred keyboard for use.

Minimum device agent version: 15.1.5

Android OS: OS5 and above

Note: Setting the keyboard via this script will not prevent the user from changing the keyboard later.
afw_set_preferred_keyboard<pkg_name>

Where <pkg_name> is the font package containing the keyboard.

Example

afw_set_preferred_keyboard com.fontskeyboard.fonts

afw_work_profile

Enables or disables the Android Enterprise work profile.

afw_work_profile enable|disable
agent_mode

Retrieves the current agent mode (user or administrator) of a device with lockdown mode applied and displays it in the Logs section of the Device Information panel.

agent_mode
app_upgrade disable <package-list>

Allows the administrator to disable automatic Android Enterprise agent updates to latest versions from the Google Play Store, remotely on Android devices through MobiControl.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

app_upgrade disable <package-list>

Example

app_upgrade disable com.businessapp

app_upgrade enable <package-list>

Allows the administrator to enable automatic Android Enterprise agent updates to latest versions from the Google Play Store, remotely on Android devices through MobiControl.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

app_upgrade enable <package-list>

Example

app_upgrade disable com.businessapp

Note: <package-list> can be skipped for Samsung devices.
certdelete

Deletes a certificate on the device.

Note: You can only use certdelete to remove certificates that were installed by SOTI MobiControl unless the device has a Samsung ELM agent installed, in which case certdelete will remove any specified certificates.
certdelete -issuer "IssuerName" -sn "SerialNumber" -storage "storage"

Where

  • IssuerName is the common name of the certificate issuer
  • SerialNumber is the serial number of the certificate
  • storage is the type of storage into which to import the certificate

Example

To delete a certificate issued by apache.org:

certdelete -issuer "*.apache.org" -sn 00A03DB42A7841AFF5

clearappcache

Clears the cache memory of the specified application.

Devices supported: Supported on Android Classic and Work Managed devices.
Note:
  • For Android Work Managed devices, this script is supported only on the devices that are supported by SOTI MDM plugins. Visit the following website to see the supported MDM plugins - https://docs.soti.net/mobicontrolagentdownloads.
  • Samsung devices do not support this script.

Minimum Android agent version: 15.3.3

clearappcache packageName

Example

To clear the cache memory of the Business App application:

clearappcache com.businessapp
connect

Prompts the device agent to attempt to connect to the deployment server.

connect [-f]

Where -f forces the device agent to connect regardless of configuration or setup settings.

Example

To connect to the deployment server regardless of configuration or setup settings:

connect -f

devrename

Renames a device.

devrename newDeviceName

If the name contains spaces, use quotation marks

Example

To change the name of a device to Apricot Candy:

devrename "Apricot Candy"

disconnect

Disconnects the device from the SOTI MobiControl deployment server.

disconnect
ftp

Copies a file or directory from an ftp server to a device.

ftp [wget] [-o,-r] source destination

Where

  • wget copies a file from an ftp server to a local storage or sd card on the device
  • -o specifies to override existing files
  • -r specifies to recursively read all files under each folder

Example

To copy a file from ftp to local storage on the device:

ftp wget -o -r ftp://user:123@server/folder /storage/emulated/0/Download

httpget

Downloads files using the HTTP protocol.

httpget URL localPath
identify_activity

Identifies the current top activity on the device.

identify_activity
install

Installs an application on the device.

install appInstallerPath

Where appInstallerPath is the full path to the application installer file on the device

Example

To install the Gmail app located on an sd card:

install /sdcard/Download/Gmail.apk

lock

Turns the device screen off and locks device until device user enters the correct password.

lock
log

Sends a customs message to the SOTI MobiControl deployment server from the device. This message appears in the Logs tab of the Device Information panel in the SOTI MobiControl console.

log type message

Where type is the type of the associated message and the options are:

  • -e for Error
  • -w for Warning
  • -i for Information

Example

To send a notification to the SOTI MobiControl console at certain intervals during a software push:

Note: Put the command in the pre-install script

log -i "Starting Software Push"

read_activities

Lists all the activities of an application package.

read_activities packageName
request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>
Note: This command is supported in Android Enterprise Work Managed, Android Classic, and external agent (i.e. COPE Work Managed)
insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>
Note: This command is supported in internal agent (i.e. COPE Work Profile).

Enables the ability to silently allow any third-party application (this applies to the SOTI MobiControl agent as well) to display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

Example:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>
Note: This command is supported in Android Enterprise Work Managed, Android Classic, and external agent (i.e. COPE Work Managed)
insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>
Note: This command is supported in internal agent (i.e. COPE Work Profile).

Disables the ability to silently allow any third-party application (this applies to the SOTI MobiControl agent as well) to display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

Examples:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

request_appops_permission

Sends a request to the device prompting the device user to grant the specified permissions.

request_appops_permission permissionName where the permissionName can be one of:
  • SYSTEM_ALERT_WINDOW requests the Draw Over permission. Requires an Android Classic or Enterprise agent of 13.5.2 or later
  • PACKAGE_USAGE_STATS requests the Usage Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later
  • BIND_NOTIFICATION_LISTENER_SERVICE requests the Notification Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later.
  • WRITE_SETTINGS requests the Modify System Settings permission. Requires an Android Classic or Enterprise agent of 13.7.0 or later

Where possible, the permissions are granted silently.

reset

Performs a soft or hard reset of the device.

reset [/s | /H | /W | /E] [/delaysec]

Where

  • /s is the default option and soft resets the device. Any desktop remote control sessions will also be terminated.
  • /H is used to hard reset a device running on the Windows Pocket PC or Windows CE platforms. It clears any data stored in the volatile memory. On Windows Mobile 5.0 and later devices this is equivalent to a soft reset. The real-time clock may also reset depending on the device make and model.
  • /W is used to wipe data stored on the device and reset the device to factory default settings.
    Note: The wipe command is only supported on the Windows Mobile 5 operating system with AKU2 or later and newer versions of Windows Mobile.
  • /E is used to wipe data stored on the device and its external storage as well as reset the device to factory default settings.
  • /P is used to bypass factory reset protection. It is only supported on Android Enterprise Work Managed devices.

On Android Plus devices it is possible to specify a /delay parameter (in seconds): reset /s /delay 10

If /delay parameter is not defined, the default value is 5 seconds

Example

To soft reset a device:

reset /s

To reset an Android Plus device to its factory settings in 30 seconds:

reset /E /delay 30

_resetfailedrcdetectionflag

Resets the remote control detection attempt counter.

_resetfailedrcdetectionflag
resetwifiproxy

Clears proxy configuration settings for the specified SSID (which should exist on the device before sending the command).

Note: Supported on devices running Android 4.0 or later.
resetwifiproxy ssid

Example

To reset a proxy configuration for SSID 105:

resetwifiproxy 105

sendreport

Sends a debug report from the device agent to the SOTI ftp server.

sendreport
setwifipacurl

Sets WiFi proxy settings using a provided PAC file. The access point ID should exist on the device before sending this command.

Note: Supported on devices running Android 4.0.
setwifipacurl ssid PACfileURL

Example

To set up a WiFi proxy using a PAC file:

setwifipacurl 105 https://website.com/proxy.pac

setwifiproxy

Sets WiFi proxy settings using a provided host and port for the specified SSID. The access point ID should exist on the device before sending this command.

Note: Supported on devices running Android 4.0.
setwifiproxy ssid host port

Example

To set up a WiFi proxy:

setwifiproxy 105 192.168.2.127 8080

showmessagebox

Displays a message box on the device screen.

Note: The Android Plus agent has the following limitations:
  • It does not support a complex showmessagebox that contains more than one command
  • It cannot return the user response
  • It does not support "if" and related keywords
showmessagebox message [timer] [type] [default button] [action]

Where

  • message is the message displayed in the message box. Use quotation marks (" ") if there are spaces in the message.
  • [timer] is the number of seconds until the message box disappears automatically. If you omit a timer value or add the keyword NO_TIMER, the message box will persist until the device user dismisses it.
  • [type] is type of of message box. Options are:
    • 1 displays an information window with an OK button
    • 2 displays a question window with Yes and No buttons
    • 3 displays a warning window with an OK button
    • 4 displays a question window with OK and Cancel buttons
    • 5 displays an error window with an OK button
  • [default button] sets the default buttons for message box types 2 (YES | NO) or 4 (OK | CANCEL)
  • NOTIFY_DEVICE notifies the device user of the message, depending on the notification settings applied to the device. That is, devices set to ring, will ring, set to vibrate, will vibrate, and muted devices will have no notification. Only supported on Android Plus devices with agents 14.0.0 or later.

The return values for the showmessagebox are stored in a global variable, ShowMessageBoxReturn This variable can be used in scripts as %ShowMessageBoxReturn% to execute actions based on user response. Possible return values are IDYES, IDNO, IDOK, IDCANCEL. The value for this global variable does not change if the type is not 2 or 4.

Example

To show a simple message:

showmessagebox "This is a test message"

To provide device information using a macro:

showmessagebox "Your device's IP address is %IP%"

To set a 3 second timer to your message:

showmessagebox "This is a test message with a 3 second timer" 3

To add YES and NO buttons to your message box with no timer

showmessagebox "This is a test message with Yes/No button and no timer" NO_TIMER 2

To provide followup actions to a user response to message box:

showmessagebox "Abort the operation?" NO_TIMER 2 YES
if %ShowMessageBoxReturn% == IDYES goto Exit
sleep

Initiates sleep mode on the device for a set period. Only use this command in scripts.

sleep [length]

Where length is in seconds

Example

To set the device to sleep for 5 seconds:

sleep 5

sleepex

Initiates sleep mode on the device for a set period. Only use this command in scripts.

sleep [length]

Where length is in milliseconds

Example

To set the device to sleep for 3.5 seconds:

sleep 3500

uninstall

Removes the specified program from the device.

uninstall program [force]

Where

  • program is the program ID for the program you want to uninstall
  • force forces uninstallation of the program, even if it is a system application

Example

To remove the program Google Maps:

uninstall com.google.maps

unlock

Unlocks the device and dismisses the password lock screen.

unlock
wifiapenable

Enables or disables WiFi mobile access point.

Note: Supported on devices running Android 4.0 to 8.0.
wifiapenable 0|1

Where 0 disables WiFi and 1 enables WiFi

Example

To disable WiFi:

wifiapenable 0

writeprivateprofstring

Saves or deletes specified settings on a device.

See The writeprivateprofstring Command for more information.