Script Commands for Android Enterprise: Managed Devices

Use the options and examples below to help you create powerful script commands.

Note: Not all script commands are compatible with all devices within a platform. The table entries note the limitations.
Tip: You can also use JavaScript to create and send scripts to your Android Plus devices. See Android Plus JavaScript Scripts for details.

Legend

Format Meaning
text Enter the command exactly as shown.
text Replace with the requested information.
[text] Information contained within square brackets is optional to the command.
text|text Choose one of the options separated by the vertical pipe.

Commands

Command Syntax
_adminmode

Enables or disables the administrator mode on a device in lockdown mode.

_adminmode on|off
afw_prevent_uninstall

Prevents the device user from uninstalling an application that a package installed before.

afw_prevent_uninstall bundleID enable|disable

Where bundleID is the bundle id of the application whose uninstallation you want to prevent.

Example

To prevent the device user from uninstalling the Google Photos app:

afw_prevent_uninstall com.google.android.apps.photos enable

com.google.android.apps.photos
afw_set_permission_grant_state

Grants specified permissions to specified applications. You cannot grant special permissions such as Draw Over or Usage Access, to third party applications.

For a full list of all the permissions available and what API level they implement in by Google, see https://developer.android.com/reference/android/Manifest.permission

afw_set_permission_grant_state packageName disable|enable
afw_set_permission_policy

Sets the default response for future runtime permission requests by the SOTI MobiControl device agent.

afw_set_permission_policy prompt|grant|deny|clear

Where:

  • prompt prompts the device user for all permissions
  • grant automatically grants all permissions that an application requires
  • deny automatically denies all permissions that an application requires
  • clear resets the policy to the agent define default state
afw_set_preferred_keyboard

Specifies a preferred keyboard for use.

Minimum device agent version: 15.1.5

Android OS: OS6 and above

Note: Setting the keyboard via this script does not prevent the user from changing the keyboard later.
afw_set_preferred_keyboard<pkg_name>

Where <pkg_name> is the font package containing the keyboard.

Example

afw_set_preferred_keyboard com.fontskeyboard.fonts

afw_work_profile

Enables or disables the Android Enterprise work profile.

afw_work_profile enable|disable
agent_mode

Retrieves the current agent mode (user or administrator) of a device with lockdown mode applied and displays it in the Logs section of the Device Information panel.

agent_mode
app_upgrade disable <package-list>

Enables the administrator to disable automatic Android Enterprise agent updates to the latest versions from the Google Play Store remotely on Android devices through SOTI MobiControl.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

app_upgrade disable <package-list>

Example

app_upgrade disable com.businessapp

app_upgrade enable <package-list>

Enables the administrator to enable automatic Android Enterprise agent updates to the latest versions from the Google Play Store remotely on Android devices through SOTI MobiControl.

Minimum device agent version: 15.1.5

Android OS:

Samsung: API Level 11 and MDM v 5.0+ and above

Zebra: API Level 26 and MXMF v10.3 and above

OEMs supported: Samsung and Zebra

app_upgrade enable <package-list>

Example

app_upgrade disable com.businessapp

Note: You can skip <package-list> for Samsung devices.
certdelete

Deletes a certificate on the device.

Note: You can only use certdelete to remove certificates installed by SOTI MobiControl unless the device has a Samsung ELM agent installed. In this case, certdelete removes any specified certificates.
certdelete -issuer "IssuerName" -sn "SerialNumber" -storage "storage"

Where:

  • IssuerName is the common name of the certificate issuer
  • SerialNumber is the serial number of the certificate
  • storage is the type of storage into which to import the certificate

Example

To delete a certificate issued by apache.org:

certdelete -issuer "*.apache.org" -sn 00A03DB42A7841AFF5

clearappcache

Clears the cache memory of the specified application.

Devices supported: Supported on Android Classic and Work Managed devices.
Note:
  • For Android Work Managed devices, this script only supports the devices that SOTI MDM plugins supports. Visit the following website to see the supported MDM plugins - https://docs.soti.net/mobicontrolagentdownloads.
  • Samsung devices do not support this script.

Minimum Android agent version: 15.3.3

clearappcache packageName

Example

To clear the cache memory of the Business App application:

clearappcache com.businessapp
connect

Prompts the device agent to try to connect to the deployment server.

connect [-f]

Where -f forces the device agent to connect regardless of configuration or setup settings.

Example

To connect to the deployment server regardless of configuration or setup settings:

connect -f

devrename

Renames a device.

devrename newDeviceName

If the name has spaces, use quotation marks.

Example

To change the name of a device to Apricot Candy:

devrename "Apricot Candy"

disconnect

Disconnects the device from the SOTI MobiControl deployment server.

disconnect
disable_mac_randomization

Provides the administrator the ability to manage disable/enable Wi-Fi MAC Randomization or ability to restrict it to Use device MAC or Random

Minimum device agent version: 15.1.5

Android OS: 11 and later

OEMs supported: Zebra

disable_mac_randomization [0 | 1]

Example

To enable MAC randomization:

disable_mac_randomization 0

To disable MAC randomization:

disable_mac_randomization 1

_efota _efota enroll|upgrade corpID targetVersion where corpID is the customer ID and targetVersion is the Samsung firmware version.
elm_awaken

Adds or removes the Samsung ELM agent to/from the Android Doze Mode whitelist. Enables the agent to circumvent battery optimizations that limit connectivity between the agent and the deployment server.

Available on Samsung devices running Android 6.0 or later and Knox Standard SDK 5.7 or later.

elm_awaken 0|1

Example

To add the ELM agent to the whitelist:

elm_awaken 1

To remove the ELM agent from the whitelist:

elm_awaken 0

enable_system_app

Enables a system application on the device for use in the Android Enterprise container.

Note: This command is only for applications included in the device’s firmware.
enable_system_app appBundleID

Example

To add Google Chrome to the Android Enterprise container:

enable_system_app com.android.chrome

ftp

Copies a file or directory from an FTP server to a device.

ftp [wget] [-o,-r] source destination

Where:

  • wget copies a file from an FTP server to a local storage or SD card on the device
  • -o specifies to override existing files
  • -r specifies to recursively read all files under each folder

Example

To copy a file from FTP to local storage on the device:

ftp wget -o -r ftp://user:123@server/folder /storage/emulated/0/Download

httpget

Downloads files using the HTTP protocol.

httpget URL localPath
identify_activity

Identifies the current top activity on the device.

identify_activity
import_contacts_vcf

This feature enables the administrator to add Collation/Unicode in import_contacts_vcf scripts so that it maintains the proper character format of the .vcf file when you import it.

Minimum Agent: 15.2.4

Limitations/Constraints/Pre-requisites: This is a generic implementation. There is no OS or OEM limitation

import_contacts_vcf <filePath> 1/0 <charsetName>

Where:

  • 0 = Add contacts to existing contacts
  • 1 = Replace existing contacts with the new contacts of the .vcf file
  • charsetName = Character encoding in the .vcf file

Example

import_contacts_vcf "/storage/ contacts.vcf" 1 UTF-8

install

Installs an application on the device.

install appInstallerPath

Where appInstallerPath is the full path to the application installer file on the device

Example

To install the Gmail app located on an SD card:

install /sdcard/Download/Gmail.apk

install_system_update
Installs a system update from the specified file. This command supports the following OEMs:
  • Getac
  • Pointmobile
  • Zebra
  • Chainway
Note: Do not use this command on encrypted devices. Use the sendintent command instead.
install_system_update filename

Example

To install a system update from a file on an SD card:

install_system_update /sdcard/Download/et1.zip

Note: If /sdcard/Download does not work, use /storage/sdcard0/Download instead, as in:

install_system_update /storage/sdcard0/Download/et1.zip

lock

Turns the device screen off and locks the device until the device user enters the correct password.

lock
log

Sends a custom message to the SOTI MobiControl deployment server from the device. This message appears in the Logs tab of the Device Information panel in the SOTI MobiControl console.

log type message

Where type is the type of the associated message, and the options are:

  • -e for Error
  • -w for Warning
  • -i for Information

Example

To send a notification to the SOTI MobiControl console at certain intervals during a software push:

Note: Put the command in the pre-install script

log -i "Starting Software Push"

mxconfig

Submits XML configuration instructions to the MX layer of the device.

Note: This script command is only applicable on Zebra Android devices. mxconfig uses the StageNow XML format (MXMS)
mxconfig xmlFilepath

Example

mxconfig /sdcard/Download/test.xml

notify kiosk

Enables or disables lockdown mode on the device.

notify kiosk on | off
read_activities

Lists all the activities of an application package.

read_activities packageName
request_appops_permission

Sends a request to the device prompting the user to grant the specified permissions.

request_appops_permission permissionName where the permissionName can be one of:
  • SYSTEM_ALERT_WINDOW requests the Draw Over permission. Requires an Android Classic or Enterprise agent of 13.5.2 or later
  • PACKAGE_USAGE_STATS requests the Usage Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later
  • BIND_NOTIFICATION_LISTENER_SERVICE requests the Notification Access permission. Requires an Android Classic or Enterprise agent of 13.6.1 or later.
  • WRITE_SETTINGS requests the Modify System Settings permission. Requires an Android Classic or Enterprise agent of 13.7.0 or later

Where possible, the permissions are granted silently.

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>
Note: This command is supported in Android Enterprise Work Managed, Android Classic, and in the external agent (that is, COPE Work Managed)
insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>
Note: This command is supported in the internal agent (that is, COPE Work Profile).

Enables any third-party application (this applies to the SOTI MobiControl agent as well) to silently display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow <Package_ID>

Example:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW allow com.businessapp

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>
Note: This command is supported in Android Enterprise Work Managed, Android Classic, and in external agent (that is, COPE Work Managed)
insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>
Note: This command is supported in internal agent (that is, COPE Work Profile).

Disables the ability of any third-party application (this applies to the SOTI MobiControl agent as well) to silently display over other applications across all Android devices.

Minimum Agent: 15.1.5

Plugin Versions: 1.15.1.102 (recommended for silent granting)

Devices supported: Android Enterprise with plugins (DO, COPE) and Android Classic devices

Android OS: 6 and later

OEMs Supported: Samsung, Zebra, Google, Honeywell (This feature is not OEM specific)

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow <Package_ID>

Examples:

request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

insideagent request_appops_permission android.permission.SYSTEM_ALERT_WINDOW disallow com.businessapp

request_bug_report

Requests permission from the device user to send bug reports back to SOTI MobiControl.

request_bug_report
reset

Performs a soft or hard reset of the device.

reset [/s | /H | /W | /E] [/delaysec]

Where:

  • /s is the default option, and soft resets the device. This option terminates any desktop remote control sessions.
  • /H can hard reset a device running on the Windows Pocket PC or Windows CE platforms. It clears any data stored in the volatile memory. On Windows Mobile 5.0 and later devices, this is equivalent to a soft reset. The real-time clock may also reset depending on the device's make and model.
  • /W can wipe data stored on the device and reset the device to factory default settings.
    Note: The wipe command is only supported on the Windows Mobile 5 operating system with AKU2 or later and newer versions of Windows Mobile.
  • /E can wipe data stored on the device and its external storage and to reset the device to factory default settings.
  • /P can bypass factory reset protection. It is only supported on Android Enterprise Work Managed devices.

On Android Plus devices, it is possible to specify a /delay parameter (in seconds): reset /s /delay 10

If /delay parameter is not defined, the default value is 5 seconds.

Example

To soft reset a device:

reset /s

To reset an Android Plus device to its factory settings in 30 seconds:

reset /E /delay 30

_resetfailedrcdetectionflag

Resets the remote control detection attempt counter.

_resetfailedrcdetectionflag
resetwifiproxy

Clears proxy configuration settings for the specified SSID (which should exist on the device before sending the command).

Note: Supported on devices running Android 4.0 or later.
resetwifiproxy ssid

Example

To reset a proxy configuration for SSID 105:

resetwifiproxy 105

restartagent

Restarts the device agent.

restartagent

As of Android agent v14.3.1, the agent waits until it is idle before it restarts (generally less than 10 seconds). Add --immediately to restart the agent the moment you receice the script. Earlier versions of the agent restart immediately.

sendinfo net.soti.action.hub ENABLESCREENCAPTURE

Controls whether device users can take screen captures within the SOTI Hub app.

Note: If you disable screen capture, there may be a blank screen if you remote control a device and open a file in SOTI Hub.
sendinfo net.soti.action.hub ENABLESCREENCAPTURE 0 | 1

Where:

  • 0 blocks screen captures
  • 1 enables screen captures

Example

To block a device user from taking screenshots within the SOTI Hub app:

sendinfo net.soti.action.surf ENABLESCREENCAPTURE 0

sendinfo net.soti.action.surf BROWSERZOOMLEVEL

Sets the zoom level in the SOTI Surf app.

sendinfo net.soti.action.surf BROWSERZOOMLEVEL value

Where value is a percentage that represents the level of zoom.

Example

To set the zoom level of the SOTI Surf app to 400%:

sendinfo net.soti.action.surf BROWSERZOOMLEVEL 400

sendinfo net.soti.action.surf DISABLEBROWSERZOOMGESTURE

Controls whether device users can use gestures (like pinch to zoom) to magnify web pages opened in the SOTI Surf app.

sendinfo net.soti.action.surf DISABLEBROWSERZOOMGESTURE 0|1

Where:

  • 0 enables zoom gestures
  • 1 disables zoom gestures

Example

To disable zoom gestures in the SOTI Surf app:

sendinfo net.soti.action.surf DISABLEBROWSERZOOMGESTURE 1

sendinfo net.soti.action.surf DISABLEMEDIAAUTOPLAY

Turns on or off media autoplay and controls SOTI Surf access to the device camera.

sendinfo net.soti.action.surf DISABLEMEDIAAUTOPLAY 0 | 1

Where 0 turns on media autoplay and 1 turns off media autoplay.

Example

To turn on media autoplay and grant SOTI Surf access to the device camera:

sendinfo net.soti.action.surf DISABLEMEDIAAUTOPLAY 0

sendinfo net.soti.action.surf DISABLEPULLTOREFRESH

Controls whether device users can swipe downwards on their screen to refresh the current webpage in the SOTI Surf app.

sendinfo net.soti.action.surf DISABLEPULLTOREFRESH 0|1

Where:

  • 0 enables pull to refresh
  • 1 disables pull to refresh

Example

To disable the pull to refresh gesture in the SOTI Surf app:

sendinfo net.soti.action.surf DISABLEPULLTOREFRESH 1

sendinfo net.soti.action.surf ENABLETHIRDPARTYCOOKIES

Controls whether cookies from third-party domains (that is, domains beyond the site the user is visiting) are blocked on SOTI Surf.

sendinfo net.soti.action.surf ENABLETHIRDPARTYCOOKIES 0|1

Where:

  • 0 blocks third-party cookies
  • 1 enables third-party cookies

Example

To allow third-party cookies in the SOTI Surf app:

sendinfo net.soti.action.surf ENABLETHIRDPARTYCOOKIES 1

sendreport

Sends a debug report from the device agent to the SOTI FTP server.

sendreport
set_system_update_policy

Configures the system update policy for Android devices with work feature enabled.

Note: Supported on Android Enterprise Managed Devices running Android 6.0 or later with an agent of 13.8.x or earlier.

Devices with later agents (13.9.0+) should use either writeprivateprofstring (see The writeprivateprofstring Command for an example) or the System Update Policy profile configuration instead.

set_system_update_policy policy type [startTime] [endTime]

Where:

  • policy type specifies the behavior of the update policy with the following options:
    • 0 is the default option and represents the platform's default behavior
    • 1 is Automatic. The system update installs automatically as soon as an update is available
    • 2 is Windowed. The system update is only installed automatically when the system clock is inside a daily maintenance window. If the update is not installed within 30 days, the system reverts to the default policy.
    • 3 is Postpone. The system update postpones for 30 days. After 30 days, the system reverts to the default policy.
      Note: Rebooting the device can remove the script and unblock the system update.
  • startTime is the start of the maintenance window. Only applicable on the Windowed policy type. Time
  • endTime is the end of the maintenance window. Only applicable on the Windowed policy type.
Note: Windowed policy measures time parameters as the number of minutes from midnight in the device's local time. They range from 0-1440.

If the start and end times are the same, the window includes the whole 24 hours, that is, updates can install at any time. If the start time is later than the end time, the window spans midnight.

Example

To set the system update policy as default:

set_system_update_policy 0

To set the system update policy as windowed with the maintenance window set to occur from 11 PM to 3 AM:

set_system_update_policy 2 1380 180

set_configurable_kiosk_splash

This feature enables the administrator to suppress or change the SOTI agent logo while in kiosk mode.

Minimum Agent: 15.2.4, same as lockdown

Plugin Versions: Not required

Devices supported: Android Classic and Android Enterprise DO

Android OS: same as lockdown

set_configurable_kiosk_splash <0,1> <file path>

set_configurable_kiosk_splash <0,1>

Where:

  • 0 = Display SOTI MobiControl logo as it is.
  • 1 = Disable SOTI MobiControl logo and show nothing.
  • file path = the file path to fetch the desired logo

Examples

set_configurable_kiosk_splash 1

set_configurable_kiosk_splash 1 /storage/ image.png

Note: The script fails if you do not supply an argument.
setwifipacurl

Sets WiFi proxy settings using a provided PAC file. The access point ID should exist on the device before sending this command.

Note: Supported on devices running Android 4.0.
setwifipacurl ssid PACfileURL

Example

To set up a WiFi proxy using a PAC file:

setwifipacurl 105 https://website.com/proxy.pac

setwifiproxy

Sets WiFi proxy settings using a provided host and port for the specified SSID. The access point ID should exist on the device before sending this command.

Note: Supported on devices running Android 4.0.
setwifiproxy ssid host port

Example

To set up a WiFi proxy:

setwifiproxy 105 192.168.2.127 8080

showmessagebox

Displays a message box on the device screen.

Note: The Android Plus agent has the following limitations:
  • It does not support a complex showmessagebox that contains more than one command
  • It cannot return the user response
  • It does not support "if" and related keywords
showmessagebox message [timer] [type] [default button] [action]

Where:

  • message is the message displayed in the message box. Use quotation marks (" ") if there are spaces in the message.
  • [timer] is the number of seconds until the message box disappears automatically. If you omit a timer value or add the keyword NO_TIMER, the message box persists until the device user dismisses it.
  • [type] is type of message box. Options are:
    • 1 displays an information window with an OK button
    • 2 displays a question window with Yes and No buttons
    • 3 displays a warning window with an OK button
    • 4 displays a question window with OK and Cancel buttons
    • 5 displays an error window with an OK button
  • [default button] sets the default buttons for message box types 2 (YES | NO) or 4 (OK | CANCEL)
  • NOTIFY_DEVICE notifies the device user of the message, depending on the notification settings applied to the device. Devices can be set to ring, vibrate, or muted to have no notification. Only Android Plus devices with agents 14.0.0 or later are supported.

The return values for the showmessagebox are stored in a global variable, ShowMessageBoxReturn Use this variable in scripts as %ShowMessageBoxReturn% to execute actions based on user response. Possible return values are IDYES, IDNO, IDOK, IDCANCEL. The value for this global variable does not change if the type is not 2 or 4.

Example

To show a simple message:

showmessagebox "This is a test message"

To provide device information using a macro:

showmessagebox "Your device's IP address is %IP%"

To set a 3-second timer to your message:

showmessagebox "This is a test message with a 3-second timer" 3

To add YES and NO buttons to your message box with no timer

showmessagebox "This is a test message with Yes/No button and no timer" NO_TIMER 2

To provide follow-up actions to a user's response to a message box:

showmessagebox "Abort the operation?" NO_TIMER 2 YES
if %ShowMessageBoxReturn% == IDYES goto Exit
sleep

Initiates sleep mode on the device for a set period. Only use this command in scripts.

sleep [length]

Where length is in seconds

Example

To set the device to sleep for 5 seconds:

sleep 5

sleepex

Initiates sleep mode on the device for a set period. Only use this command in scripts.

sleep [length]

Where length is in milliseconds

Example

To set the device to sleep for 3.5 seconds:

sleep 3500

turnoff

Turns off the device.

Note: Script to turn off device works only for Lenovo managed devices with an activated license.
turnoff [delay]

Where delay is a time in seconds.

Example

To turn off the device:

turnoff

To turn off the device in 25 seconds:

turnoff 25

uninstall

Removes the specified program from the device.

uninstall program [force]

Where:

  • program is the program ID for the program you want to uninstall
  • force forces uninstallation of the program, even if it is a system application

Example

To remove the program Google Maps:

uninstall com.google.maps

unlock

Unlocks the device and dismisses the password lock screen.

unlock
wifiapenable

Enables or disables a WiFi mobile access point.

Note: Supported on devices running Android 4.0 to 8.0.
wifiapenable 0|1

Where 0 disables WiFi and 1 enables WiFi

Example

To disable WiFi:

wifiapenable 0

wipeapplication

Wipes application data for the specified application from the device.

wipeapplication packageName
writeprivateprofstring

Saves or deletes specified settings on a device.

See The writeprivateprofstring Command for more information.