The writeprivateprofstring and writesecuresetting Commands

writeprivateprofstring is a general purpose script command that writes to (or deletes from) an agent side database. The writeprivateprofstring script's behavior depends on the device family and whether a device has an agent or not, as follows:

Device Family Script Behavior
Windows Mobile and Desktop Writes to the registry under the PDB registry path and the pdb.ini file.
Android Writes to the agent's internal database file.
Linux Writes to the pdb.ini file in the agent's installation directory.
CAUTION: The writeprivateprofstring script is powerful and can impact devices significantly.

Syntax

Write writeprivateprofstring scripts using the following syntax:

writeprivateprofstring section [key] [value]

Where:

  • section is the name of the section in the .ini file the value gets written to. The section gets created if it does not already exist. The name of the section is case-sensitive.
  • key is the name of the key. The key gets created if it does not exist. If this parameter is not entered, the entire section (including all entries within it) gets deleted.
  • value is the string that gets written to the file. The key gets deleted if this parameter is not entered.
Important: Use quotation marks if either the key or value contain spaces.

Commands

Description Syntax
Allow or block credential managers writeprivateprofstring CredentialManagerControl AppList {package name} apply featurecontrol

example package name: com.example.myapp

writeprivateprofstring CredentialManagerControl Type {number} apply featurecontrol

Where number is one of the following numeric values:

  • 1 block
  • 2 enable and OEM
  • 3 enable
Changes a device's name writeprivateprofstring Device DeviceName MyDevice
Changes the orientation of the display image of a device that is remote controlled.

Requires:

  • Android
writeprivateprofstring RcOrientationFix manufacturer model value

Where

  • manufacturer is from android.os.Build.MANUFACTURER("ro.product.manufacturer") and falling back to android.os.Build.BRAND("ro.product.brand") if the manufacturer is unknown
  • modelis from android.os.Build.MODEL("ro.product.model")
  • value is one of the following:
    • CW for clockwise
    • CCW for counter-clockwise
    • NONE for no rotation
    • UPSIDEDOWN for upside-down
Specifies the minimum WiFi security level on a device.

Requires:

  • Android Enterprise
writeprivateprofstring DeviceFeature MinimumWifiSecurityLevel securityLevel apply featurecontrol

Where securityLevel is one of the following values:

  • 0 sets the WiFi security level to Open
  • 1 sets the WiFi security level to WEP
  • 2 sets the WiFi security level to WPA
  • 3 sets the WiFi security level to EAP LEAP
  • 4 sets the WiFi security level to EAP FAST
  • 5 sets the WiFi security level to EAP TTLS
  • 6 sets the WiFi security level to EAP TLS
Blocks users from removing Managed WiFi networks.

Requires:

  • Android OS version 11 and earlier.
writeprivateprofstring DeviceFeature DisableWiFiManagement value apply featurecontrol

Where value is one of the following numeric values:

  • 0 sets the ability to remove WiFi networks to Allowed
  • 1 sets the ability to remove WiFi networks to None
  • 2 sets the ability to remove WiFi networks to Restricted
Enables or disables 2G cellular connectivity writeprivateprofstring DeviceFeature DisableCellular2G {number}

Where number is one of the following numeric values:

  • 0 enforced ON
  • 1 enforced OFF
Prevents users from disabling/enabling mobile data. writeprivateprofstring DeviceFeature DisableCellularData value apply featurecontrol

Where value is one of the following numeric values:

  • 0 controllable by the users
  • 1 enforced OFF
  • 2 enforced ON
Controls system updates

Requires

  • Android Enterprise (Work Managed) with an agent 13.9.0 or later.

writeprivateprofstring SystemUpdatePolicy SystemUpdatePolicy 0|1|2|3

apply SystemUpdatePolicy

Where

  • 0 is the default option and represents the device's default behavior. Use when you want to remove a system update policy.
  • 1 is Automatic. The system update installs automatically as soon as an update is available
  • 2 is Windowed. The system update installs automatically when the system clock is inside the specified daily maintenance window. If the update is not installed within 30 days, the system reverts to the default update policy.
  • 3 is Postpone. The system update gets postponed for 30 days. After 30 days, the system reverts to the default policy.
  • apply SystemUpdatePolicy is the last line of your script.

For windowed 2, add the following commands:

writeprivateprofstring SystemUpdatePolicy StartTime minute

writeprivateprofstring SystemUpdatePolicy EndTime minute

Where

  • StartTime is the start of the maintenance window.
  • EndTime is the end of the maintenance window.
  • minute indicates the number of minutes from midnight when the window opens or closes.
Tip: You can add Freeze Periods on top of your system update policies. A freeze period stops all updates during the specified time. When the freeze period is inactive, the regular system update policy applies.

Freeze periods can last up to 90 days. You can set many freeze periods but they cannot overlap and there must be at least 60 days between freeze periods. Freeze periods can cross year boundaries so you can set a freeze that lasts from 12 to 12 to 02 to 13 (December 12 to February 13).

Supported on Android 9 and later.

To set a freeze period, add this command: writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodCount number

Where

  • number is the number of freeze periods you want to set.

Then, for each freeze period add:

writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodStartDatenumber "monthDay"

writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodEndDatenumber "monthDay"

Where

  • The number in UpdateFreezePeriodStartDatenumber and UpdateFreezePeriodEndDatenumber is a number that identifies the matching start and end dates of the freeze periods.
  • monthDay is the start or end of the freeze period, in the format of MM-DD. So October 19 becomes 10-19

Examples:

To postpone a system update for 30 days:

writeprivateprofstring SystemUpdatePolicy SystemUpdatePolicy 3
apply SystemUpdatePolicy

To set a maintenance window between 1 and 6 AM for system updates with a summer holiday and a winter holiday freeze period:

writeprivateprofstring SystemUpdatePolicy SystemUpdatePolicy 2
writeprivateprofstring SystemUpdatePolicy StartTime 60
writeprivateprofstring SystemUpdatePolicy EndTime 360
writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodCount 2
writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodStartDate0 "06-01"
writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodEndDate0 "09-01"
writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodStartDate1 "12-22"
writeprivateprofstring SystemUpdatePolicy UpdateFreezePeriodEndDate1 "01-07"
apply SystemUpdatePolicy
Disables the side key on Samsung OEM devices.

Requires:

  • Minimum Agent 15.4.2
  • Android Enterprise Work Managed devices only
  • Android OS11 and later
  • Knox version 3.4 and later
writeprivateprofstring DeviceFeature DisableSideKeySettings value apply featurecontrol

Where value is one of the following numeric values:

  • 0 enable side key
  • 1 disable side key

Example: writeprivateprofstring DeviceFeature DisableSideKeySettings 1 apply featurecontrol'

Restriction: This script command is only for Samsung OEM devices.
Enables or disables ultra-wideband device connectivity writeprivateprofstring DeviceFeature DisableUltraWideband {number}

Where number is one of the following numeric values:

  • 0 enforced On
  • 1 enforced Off
Reduces the number of days that script data gets retained on devices. writeprivateprofstring ScriptExecutionInfo ScriptOutputRetentionPeriod value

Where value is the maximum number of days that script status and output data is available on a device before it is automatically deleted. The default is 30 days. Value must be less than 30 days.

Example: ScriptExecutionInfo ScriptOutputRetentionPeriod 10

Restriction: This script command applies only to devices that run scripts with the Capture Script Status and Output option. To learn more about the Capture Script Status and Outputfeature, see View the Status of Sent Windows Modern Scriptsfor Windows Modern devices and View the Status of Sent macOS Scripts for macOS devices.
Specifies the amount of storage that devices use for script data. writeprivateprofstring ScriptExecutionInfo ScriptOutputMaxSize value

Where value is the maximum amount of bytes that a device uses to store script status and output data. The default value is 100, 000 bytes.

Example: writeprivateprofstring ScriptExecutionInfo ScriptOutputMaxSize 30000

Restriction: This script command applies only to devices that run scripts with the Capture Script Status and Output option. To learn more about the Capture Script Status and Output feature, see View the Status of Sent Windows Modern Scriptsfor Windows Modern devices and View the Status of Sent macOS Scripts for macOS devices.

..

writesecuresetting

The writesecuresetting script command changes the values in the Android Device Settings database. Restart the device to effect the changes in settings.

Description Syntax
Modifies device system settings

Requires:

  • Android Classic
  • Android Enterprise agent 13.7.1+
    • Plugin 1.16.0.100+
  • Android Enterprise
    • Managed devices
    • Agent: 13.7.1+
    • If running an Android version earlier than 9.0 Plugin: 1.16.0.100
writesecuresetting -sys parameter value

To see a list of available parameters, visit Android Developers Reference: Settings.System.

Examples

Use writesecuresetting -sys accelerometer_rotation 1 to enable screen . 0 disables.

Use writesecuresetting -sys screen_off_timeout 60000 to control how long (in milliseconds) until the device goes to sleep after being idle.

Modifies global settings.

Requires:

  • Android Classic
  • Android Enterprise
    • Managed devices
    • Agent: 13.7.1+
writesecuresetting -glo parameter value

To see a list of available parameters, visit Android Developers Reference: SetGlobalSetting.

Example

Use writesecuresetting -glo auto_time 1 to tell the device to use date, time, and time zone information pulled from the device's network.

Modifies secure settings..

Requires:

  • Android Classic
  • Android Enterprise
    • Managed devices
    • Agent 13.6.0+
writesecuresetting -sec parameter value

To see a list of available parameters, visit Android Developers Reference: SetSecureSetting.

Example

Use writesecuresetting -sec skip_first_use_hints 1 to indicate that apps should bypass any initial launch hints.