Jump to content
Welcome to our new Citrix community!
  • 1

Endpoint Management and Android Enterprise (Afw) - enable_system_app


Alessandro Miotto Marques1709152314

Question

Hello all,

I''m with a problem in a Endpoint Management onprem implementation. The customer needs enroll mobile devices using Android for Work method (afw#xenmobile after reset his devices) without using Google account.

I saw that Afw removes all non-corp apps from device (like camera, sms, calendar, etc) and maintain just apps delivered from Play Store for Work apps.

My problem is that the customer have to use an app that is pre-installed on Android system (who is beeing not presented to user) and this app is not avaliable on Google Play Store.

I saw that there is other player that support use command enable_system_app Blundle_ID (enable_system_app com.android.chrome for example) to re-enable apps that were disabled previously by Afw.


How can I use enable_system_app on XenMobile? I saw that I can delivery scripts in the File policy, but I wasn't able to run this command on device...

Reference link: https://www.soti.net/mc/help/v14.0/en/scriptcmds/reference/androidplus.html

Link to comment

10 answers to this question

Recommended Posts

Hi Alessandro,

 

This is not something I have tried for myself yet, though I believe the Kiosk Policy can be used here.

The Kiosk Policy has a form which can be used to enable the native apps.

 

https://docs.citrix.com/en-us/citrix-endpoint-management/policies/kiosk-policy.html#android-enterprise-settings

https://docs.citrix.com/en-us/citrix-endpoint-management/device-management/android/android-enterprise.html

 

I hope this helps!

 

Thanks,

David

Link to comment

@David Egan, Thanks for your sugestions.

 

The documentation says that kiosk policy are applied for Android Enterprise but on onpremises XenMobile console, kiosk policy are available only to Samsung SAFE devices... like the following screenshot attached (screen1).

 

All the policies available to Android Enterprise are on screen2 attached..

 

I tried set the policy App Access, available to Android devices, but it was not able to show de App to users.

 

My XenMobile version 10.9.0.12.

screen1.png

screen2.png

Link to comment

Hi Alessandro,

 

I believe that this indicates you are using 'XenMobile Server' (on-premises). This doesn't have quite the same feature set as our 'On-Cloud' offering (Citrix Endpoint Management).

 

Here are the two different versions of the 'Kiosk' Device Policy available, depending on where your server is hosted:

 

On-Cloud:

https://docs.citrix.com/en-us/citrix-endpoint-management/policies/kiosk-policy.html

 

On-Premises

https://docs.citrix.com/en-us/xenmobile/server/policies/kiosk-policy.html

 

As you can see, only 'on-cloud' has the option to use Kiosk mode with Android Enterprise. For 'on-premises' deployments, only Samsung SAFE can have this policy applied. I believe that this explains why you do not have access to the method suggested. My apologies for the confusion caused by my original advice.

Best regards,
David

Link to comment

Hello David, I was able to do a workaround in this scenario:

I created the following json using the DPC:  "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true

 

All JSON content is:

{
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.zenprise/com.zenprise.configuration.AdminFunction",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "qn7oZUtheu3JBAinzZRrrjCQv6LOO6Ll1OjcxT3-yKM",
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "https://play.google.com/managed/downloadManagingApp?identifier=xenmobile",
    "android.app.extra.PROVISIONING_LOCALE": "pt_BR",
    "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true
}
After, I created a QRCode with this content, reseted the device to factory mode and on the welcome screen, I tap 6 times on the screen to download the QR reader... 

It was a workaround to Android Enterprise doesn't block (or remove) the user access to system apps.

Link to comment
5 hours ago, Alessandro Miotto Marques1709152314 said:

Hi David, good announcement!

 

Customer uses Zebra devices here and now they can use Custom XML policies with AE.

 

Thanks!

 

Alessandro Marques

Was it the update 10.10 that enabled the custom XML to work?

 

We are seeing the same thing in our Zebra deployment with AE that the custom XML's do not apply.

We have also enrolled unlocking system apps as a work around to directly use the stagenow app.  The XML's however still do not apply or try to apply.

Running Oreo Update Feb 2019

Link to comment
1 hour ago, Steven Sweeny said:

Was it the update 10.10 that enabled the custom XML to work?

 

We are seeing the same thing in our Zebra deployment with AE that the custom XML's do not apply.

We have also enrolled unlocking system apps as a work around to directly use the stagenow app.  The XML's however still do not apply or try to apply.

Running Oreo Update Feb 2019

 

 

Hi ssweeny573, 

 

I validated in my lab, the 10.10 version solved the Custom XML on Zebra devices using Android Enterprise.

 

To validate, I've configured a Custom XML policy to set only wifi channels 1,6 and 11 to Zebra TC51, with the follow content:

---------

<wap-provisioningdoc>
<characteristic type="Profile">
  <parm name="ProfileName" nooverwrite="0" rw-access="3" value="CitrixZebraProfile"/>
    <characteristic version="5.3" type="Wi-Fi">
    <characteristic type="System">
      <parm name="WiFiAction" value="enable" />
      <parm name="WifiSleepPolicy" value="AlwaysOn" />
    </characteristic>
    <parm name="UseRegulatory" value="0" />
    <characteristic type="Radio">
      <parm name="BandSelection" value="Auto" />
      <characteristic type="ChannelSelection">
        <parm name="2.4GHzChannels" value="1,6,11" />
        <parm name="5.0GHzChannels" value="(36-64),(100-140),157,161" />
      </characteristic>
    </characteristic>
    <parm name="UseDiagnosticOptions" value="0" />
    <parm name="UseAdvancedOptions" value="1" />
    <characteristic type="AdvancedOptions">
      <parm name="AutoTimeConfig" value="0" />
      <parm name="HFSR" value="1" />
      <parm name="CCKM" value="1" />
      <parm name="FT" value="1" />
      <parm name="FTRIC" value="0" />
      <parm name="OKC" value="0" />
      <parm name="PMKID" value="1" />
      <parm name="PreAuth" value="0" />
      <parm name="AdvancedLogging" value="0" />
      <parm name="FIPS" value="0" />
      <parm name="802.11K" value="0" />
      <parm name="BandPreference" value="2" />
      <parm name="FTOverTheDS" value="0" />
      <parm name="AggregatedFT" value="0" />
      <parm name="ScanAssist" value="0" />
      <parm name="CHD" value="0" />
      <parm name="SubNetRoam" value="0" />
      <parm name="WANCountry" value="0" />
    </characteristic>
    <parm name="UseHotspotOptions" value="0" />
  </characteristic>
  </characteristic>
</wap-provisioningdoc>

---------

 

The policy was applied successfully to device.

 

 

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...