Script Commands for Android Enterprise: Managed Devices

Enables or disables the administrator mode on a device in lockdown mode.

Prevents the device user from uninstalling an application that a package installed before.

Where bundleID is the bundle id of the application whose uninstallation you want to prevent.

Example

To prevent the device user from uninstalling the Google Photos app:

afw_prevent_uninstall com.google.android.apps.photos enable

Grants specified permissions to specified applications. You cannot grant special permissions such as Draw Over or Usage Access, to third party applications.

For a full list of all the permissions available and what API level they implement in by Google, see https://developer.android.com/reference/android/Manifest.permission

Sets the default response for future runtime permission requests by the SOTI MobiControl device agent.

Where:

• prompt prompts the device user for all permissions
• grant automatically grants all permissions that an application requires
• deny automatically denies all permissions that an application requires
• clear resets the policy to the agent define default state

Specifies a preferred keyboard for use.

Minimum device agent version: 15.1.5

Android OS: OS6 and above

Where <pkg_name> is the font package containing the keyboard.

Example

afw_set_preferred_keyboard com.fontskeyboard.fonts

Enables or disables the Android Enterprise work profile.

Retrieves the current agent mode (user or administrator) of a device with lockdown mode applied and displays it in the Logs section of the Device Information panel.

Enables the administrator to disable automatic Android Enterprise agent updates to the latest versions from the Google Play Store remotely on Android devices through SOTI MobiControl.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

Example

app_upgrade disable com.businessapp

Enables the administrator to enable automatic Android Enterprise agent updates to the latest versions from the Google Play Store remotely on Android devices through SOTI MobiControl.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

Example

app_upgrade disable com.businessapp

Deletes a certificate on the device.

Where:

• IssuerName is the common name of the certificate issuer
• SerialNumber is the serial number of the certificate
• storage is the type of storage into which to import the certificate

Example

To delete a certificate issued by apache.org:

certdelete -issuer "*.apache.org" -sn 00A03DB42A7841AFF5

Clears the cache memory of the specified application.

Minimum Android agent version: 15.3.3

Example

To clear the cache memory of the Business App application:

Prompts the device agent to try to connect to the deployment server.

Where -f forces the device agent to connect regardless of configuration or setup settings.

Example

To connect to the deployment server regardless of configuration or setup settings:

connect -f

Renames a device.

If the name has spaces, use quotation marks.

Example

To change the name of a device to Apricot Candy:

devrename "Apricot Candy"

Disconnects the device from the SOTI MobiControl deployment server.

Provides the administrator the ability to manage disable/enable Wi-Fi MAC Randomization or ability to restrict it to Use device MAC or Random

Minimum device agent version: 15.1.5

Android OS: 11 and later

OEMs supported: Zebra

Example

To enable MAC randomization:

disable_mac_randomization 0

To disable MAC randomization:

disable_mac_randomization 1

Adds or removes the Samsung ELM agent to/from the Android Doze Mode whitelist. Enables the agent to circumvent battery optimizations that limit connectivity between the agent and the deployment server.

Available on Samsung devices running Android 6.0 or later and Knox Standard SDK 5.7 or later.

Example

To add the ELM agent to the whitelist:

elm_awaken 1

To remove the ELM agent from the whitelist:

elm_awaken 0

Enables a system application on the device for use in the Android Enterprise container.

Example

To add Google Chrome to the Android Enterprise container:

enable_system_app com.android.chrome

Copies a file or directory from an FTP server to a device.

Where:

• wget copies a file from an FTP server to a local storage or SD card on the device
• -o specifies to override existing files
• -r specifies to recursively read all files under each folder

Example

To copy a file from FTP to local storage on the device:

ftp wget -o -r ftp://user:123@server/folder /storage/emulated/0/Download

Downloads files using the HTTP protocol.

Identifies the current top activity on the device.

This feature enables the administrator to add Collation/Unicode in import_contacts_vcf scripts so that it maintains the proper character format of the .vcf file when you import it.

Minimum Agent: 15.2.4

Limitations/Constraints/Pre-requisites: This is a generic implementation. There is no OS or OEM limitation

Where:

• 0 = Add contacts to existing contacts
• 1 = Replace existing contacts with the new contacts of the .vcf file
• charsetName = Character encoding in the .vcf file

Example

import_contacts_vcf "/storage/ contacts.vcf" 1 UTF-8

Installs an application on the device.

Where appInstallerPath is the full path to the application installer file on the device

Example

To install the Gmail app located on an SD card:

install /sdcard/Download/Gmail.apk

Example

To install a system update from a file on an SD card:

install_system_update /sdcard/Download/et1.zip

install_system_update /storage/sdcard0/Download/et1.zip

Turns the device screen off and locks the device until the device user enters the correct password.

Sends a custom message to the SOTI MobiControl deployment server from the device. This message appears in the Logs tab of the Device Information panel in the SOTI MobiControl console.

Where type is the type of the associated message, and the options are:

• -e for Error
• -w for Warning
• -i for Information

Example

To send a notification to the SOTI MobiControl console at certain intervals during a software push:

log -i "Starting Software Push"

Submits XML configuration instructions to the MX layer of the device.

Example

mxconfig /sdcard/Download/test.xml

Enables or disables lockdown mode on the device.

Lists all the activities of an application package.

Sends a request to the device prompting the user to grant the specified permissions.

• SYSTEM_ALERT_WINDOW requests the Draw Over permission. Requires an Android Classic or Enterprise agent of 13.5.2 or later
• PACKAGE_USAGE_STATS requests the Usage Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later
• BIND_NOTIFICATION_LISTENER_SERVICE requests the Notification Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later.
• WRITE_SETTINGS requests the Modify System Settings permission. Requires an Android Classic or Enterprise agent of 13.7.0 or later

Where possible, the permissions are granted silently.

Enables any third-party application (this applies to the SOTI MobiControl agent as well) to silently display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

Example:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

Disables the ability of any third-party application (this applies to the SOTI MobiControl agent as well) to silently display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

Examples:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

Requests permission from the device user to send bug reports back to SOTI MobiControl.

Performs a soft or hard reset of the device.

Where:

• /s is the default option, and soft resets the device. This option terminates any desktop remote control sessions.
• /H can hard reset a device running on the Windows Pocket PC or Windows CE platforms. It clears any data stored in the volatile memory. On Windows Mobile 5.0 and later devices, this is equivalent to a soft reset. The real-time clock may also reset depending on the device's make and model.
• /W can wipe data stored on the device and reset the device to factory default settings.
  Note: The wipe command is only supported on the Windows Mobile 5 operating system with AKU2 or later and newer versions of Windows Mobile.
• /E can wipe data stored on the device and its external storage and to reset the device to factory default settings.
• /P can bypass factory reset protection. It is only supported on Android Enterprise Work Managed devices.

On Android Plus devices, it is possible to specify a /delay parameter (in seconds): reset /s /delay 10

If /delay parameter is not defined, the default value is 5 seconds.

Example

To soft reset a device:

reset /s

To reset an Android Plus device to its factory settings in 30 seconds:

reset /E /delay 30

Resets the remote control detection attempt counter.

Clears proxy configuration settings for the specified SSID (which should exist on the device before sending the command).

Example

To reset a proxy configuration for SSID 105:

resetwifiproxy 105

Restarts the device agent.

As of Android agent v14.3.1, the agent waits until it is idle before it restarts (generally less than 10 seconds). Add --immediately to restart the agent the moment you receice the script. Earlier versions of the agent restart immediately.

Controls whether device users can take screen captures within the SOTI Hub app.

Where:

• 0 blocks screen captures
• 1 enables screen captures

Example

To block a device user from taking screenshots within the SOTI Hub app:

sendinfo net.soti.action.surf ENABLESCREENCAPTURE 0

Sets the zoom level in the SOTI Surf app.

Where value is a percentage that represents the level of zoom.

Example

To set the zoom level of the SOTI Surf app to 400%:

sendinfo net.soti.action.surf BROWSERZOOMLEVEL 400

Controls whether device users can use gestures (like pinch to zoom) to magnify web pages opened in the SOTI Surf app.

Where:

• 0 enables zoom gestures
• 1 disables zoom gestures

Example

To disable zoom gestures in the SOTI Surf app:

sendinfo net.soti.action.surf DISABLEBROWSERZOOMGESTURE 1

Turns on or off media autoplay and controls SOTI Surf access to the device camera.

Where 0 turns on media autoplay and 1 turns off media autoplay.

Example

To turn on media autoplay and grant SOTI Surf access to the device camera:

sendinfo net.soti.action.surf DISABLEMEDIAAUTOPLAY 0

Controls whether device users can swipe downwards on their screen to refresh the current webpage in the SOTI Surf app.

Where:

• 0 enables pull to refresh
• 1 disables pull to refresh

Example

To disable the pull to refresh gesture in the SOTI Surf app:

sendinfo net.soti.action.surf DISABLEPULLTOREFRESH 1

Controls whether cookies from third-party domains (that is, domains beyond the site the user is visiting) are blocked on SOTI Surf.

Where:

• 0 blocks third-party cookies
• 1 enables third-party cookies

Example

To allow third-party cookies in the SOTI Surf app:

sendinfo net.soti.action.surf ENABLETHIRDPARTYCOOKIES 1

Sends a debug report from the device agent to the SOTI FTP server.

Configures the system update policy for Android devices with work feature enabled.

Where:

• policy type specifies the behavior of the update policy with the following options:
  • 0 is the default option and represents the platform's default behavior
  • 1 is Automatic. The system update installs automatically as soon as an update is available
  • 2 is Windowed. The system update is only installed automatically when the system clock is inside a daily maintenance window. If the update is not installed within 30 days, the system reverts to the default policy.
  • 3 is Postpone. The system update postpones for 30 days. After 30 days, the system reverts to the default policy.
    Note: Rebooting the device can remove the script and unblock the system update.
• startTime is the start of the maintenance window. Only applicable on the Windowed policy type. Time
• endTime is the end of the maintenance window. Only applicable on the Windowed policy type.

If the start and end times are the same, the window includes the whole 24 hours, that is, updates can install at any time. If the start time is later than the end time, the window spans midnight.

Example

To set the system update policy as default:

set_system_update_policy 0

To set the system update policy as windowed with the maintenance window set to occur from 11 PM to 3 AM:

set_system_update_policy 2 1380 180

This feature enables the administrator to suppress or change the SOTI agent logo while in kiosk mode.

Minimum Agent: 15.2.4, same as lockdown

Plugin Versions: Not required

Devices supported: Android Classic and Android Enterprise DO

Android OS: same as lockdown

set_configurable_kiosk_splash <0,1> <file path>

set_configurable_kiosk_splash <0,1>

Where:

• 0 = Display SOTI MobiControl logo as it is.
• 1 = Disable SOTI MobiControl logo and show nothing.
• file path = the file path to fetch the desired logo

Examples

set_configurable_kiosk_splash 1

set_configurable_kiosk_splash 1 /storage/ image.png

Sets WiFi proxy settings using a provided PAC file. The access point ID should exist on the device before sending this command.

Example

To set up a WiFi proxy using a PAC file:

setwifipacurl 105 https://website.com/proxy.pac

Sets WiFi proxy settings using a provided host and port for the specified SSID. The access point ID should exist on the device before sending this command.

Example

To set up a WiFi proxy:

setwifiproxy 105 192.168.2.127 8080

Displays a message box on the device screen.

Where:

• message is the message displayed in the message box. Use quotation marks (" ") if there are spaces in the message.
• [timer] is the number of seconds until the message box disappears automatically. If you omit a timer value or add the keyword NO_TIMER, the message box persists until the device user dismisses it.
• [type] is type of message box. Options are:
  • 1 displays an information window with an OK button
  • 2 displays a question window with Yes and No buttons
  • 3 displays a warning window with an OK button
  • 4 displays a question window with OK and Cancel buttons
  • 5 displays an error window with an OK button
• [default button] sets the default buttons for message box types 2 (YES | NO) or 4 (OK | CANCEL)
• NOTIFY_DEVICE notifies the device user of the message, depending on the notification settings applied to the device. Devices can be set to ring, vibrate, or muted to have no notification. Only Android Plus devices with agents 14.0.0 or later are supported.

The return values for the showmessagebox are stored in a global variable, ShowMessageBoxReturn Use this variable in scripts as %ShowMessageBoxReturn% to execute actions based on user response. Possible return values are IDYES, IDNO, IDOK, IDCANCEL. The value for this global variable does not change if the type is not 2 or 4.

Example

To show a simple message:

showmessagebox "This is a test message"

To provide device information using a macro:

showmessagebox "Your device's IP address is %IP%"

To set a 3-second timer to your message:

showmessagebox "This is a test message with a 3-second timer" 3

To add YES and NO buttons to your message box with no timer

showmessagebox "This is a test message with Yes/No button and no timer" NO_TIMER 2

To provide follow-up actions to a user's response to a message box:

showmessagebox "Abort the operation?" NO_TIMER 2 YES
if %ShowMessageBoxReturn% == IDYES goto Exit

Initiates sleep mode on the device for a set period. Only use this command in scripts.

Where length is in seconds

Example

To set the device to sleep for 5 seconds:

sleep 5

Initiates sleep mode on the device for a set period. Only use this command in scripts.

Where length is in milliseconds

Example

To set the device to sleep for 3.5 seconds:

sleep 3500

Turns off the device.

Where delay is a time in seconds.

Example

To turn off the device:

turnoff

To turn off the device in 25 seconds:

turnoff 25

Removes the specified program from the device.

Where:

• program is the program ID for the program you want to uninstall
• force forces uninstallation of the program, even if it is a system application

Example

To remove the program Google Maps:

uninstall com.google.maps

Unlocks the device and dismisses the password lock screen.

Enables or disables a WiFi mobile access point.

Where 0 disables WiFi and 1 enables WiFi

Example

To disable WiFi:

wifiapenable 0

Wipes application data for the specified application from the device.

Saves or deletes specified settings on a device.

See The writeprivateprofstring Command for more information.