FZ B2 -> user change -> lock down switch off

FZ B2 -> user change -> lock down switch off

 

Hello all,

 

I have a table FZ B2 (android 6.0) with a lock down, all works fine but the security service has find a gap ...

It's possible to change user, and of course, delete the lock down ...the lock down disapear when you change the user ...

 

I've try to delete ALL USERS under settings ...but it's not possible ...

On lock down, i have checked => disable status bar expansion / disable settings change / hide status bar

 

How to reproduce this : tablet sleep, touch on ...touch several time the user (blue icon) and you obtain this screen.

After click a other icon represent a user or + , and the lock down switch off ...

 

How i can resolve this ?

thanks

21 Answers

Order By:   Standard | Newest | Votes
Raymond, Chan | posted this 02 January 2019

I don't have any FZ-B2 or other Panasonic device on hand at the moment.

However, my previous tests on Panasonic device more than 18 months ago showed that multi-user feature control was not supported.    I wouldn't be surprised that it is still not supported with the latest Panasonic agent and Android firmware on the device.  While most feature-control options available on the web-console UI are supported for Samsung devices, almost all other OEM brands only support a subset of the options.  This is documented in online manual at

 

 https://www.soti.net/mc/help/v13/en/Content/Web/Profiles/AndroidPlus/VendorCompatibilityMatrix.htm

or

 https://www.soti.net/mc/help/v14.2/en/console/reference/dialogs/profiles/androidplus/vendorcompatmatrix_featurecontrol_androidplus.html

 

There is nothing that we end-user or Soti can do if the OEM device manufacturer (Panasonic in your case) does not invest engineering resources to add the codes to support the feature-control options (which are actually all available and supported on Soti side of the code base). 

 

 

So, your only option maybe is to check if the multi-user functionalities are cleanly handled by an app modules (with  well-defined bundle-ID's or activity names)  and have them blacklisted with application run control policy if they are.  Please note that if the blacklist module(s) also support other critical functions,  your device may get unstable (e.g. hanged or rebooted in the worst case) unexpectedly.  So, care must be taken to carry out sufficient tests on the field if this approach is to be used.

 

 

  • 1
  • 0
christopheBERNARD | posted this 09 January 2019

Hello asmod,

thanks for your time and ok i m going create a case by sending a mail at the address support@soti.net.

 

I have checked these three options:

- disable status

- disable settings change

- hide status bar

it's ok IF THE TABLET IS NOT IN MODE SLEEP ...

After 30 minutes (time maximum) the FZ B2 sleep and when it's sleep it's possible to access the multi user settings as show the screen sot . And of course user can SELECT another USER and lock down is off ..

 

thanks for all

 

 

  • 0
  • 0
ASMOD@SOTI | posted this 08 January 2019

Hi ChristopheBernard,

I wanted to share my testing result with you regarding the issue. I am able to reproduce the issue with latest version of 13.4 maintenance release and latest agent. Therefore I will suggest to get a case open regarding the issue so that we can investigation and try to provide a possible solution. As a work around in lockdown mode profile you can select Disable Status Bar Expansion, Disable Settings Changes and Hide Status Bar, so that user cannot access the option to add another user account. I hope this help.

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
christopheBERNARD | posted this 03 January 2019

Hello all,

@ASMOD => thanks for your time ..

 

  • 0
  • 0
ASMOD@SOTI | posted this 02 January 2019

Hi Christopher,

 

I am currently testing a possible solution for the issue and will be sharing my results soon.

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
christopheBERNARD | posted this 02 January 2019

Hello again,

thanks for your comment raymond, i have open a case in Panasonic and i'm waiting and hope to find a reply

 

thanks for your idea, in fact, i've look into the device FZ B2 (process runing) with namespace com.panasonic there are a lot .

 

i think i've try to kill one by one and see perhpas what's happen's ...while to wait a reply from panasonic

 

Great thanks for your help

  • 0
  • 0
christopheBERNARD | posted this 02 January 2019

Hello all,

all my wish to this new year ..

 

@raymond => thanks for explanation but my problem still open ...

 

I need to disable multiple user in this tablet FZ B2.

I've try with the checkbox => disable multi user control from feature control locate in profil ...but no working for me ..

 

If someone has another idea ...all are welcome

 

thanks for all

  • 0
  • 0
Raymond, Chan | posted this 28 December 2018

You are right that MobiControl device agent and the command shell in it remote control session does not have right permission to copy file to a system folder or the private sandbox folder of each installed apps.  Just remember that the device agent is not a kernel module and such access permissions are not granted  by design on any Android implementation.

 

  • 0
  • 0
christopheBERNARD | posted this 28 December 2018

Hello all,

@ASMOD => any idea about this topic ?

how we can DISABLE multi user on tablet FZ B2 (android 6.0) ...

Have you got reproduce this problem ?

 

thanks for all and have an happy end year ...

 
  • 0
  • 0
christopheBERNARD | posted this 20 December 2018

Hello;

Update help will be great ...

 

thanks

  • 0
  • 0
christopheBERNARD | posted this 20 December 2018

additionnal info, i've try the same operation on tc 75x 

remote on device, goto SHELL and execute a copy with the file modify ...

 

but not work, i think but i'm not an expert the soti client can't copy file into the system folder

 

thanks for your comment and help

 

  • 0
  • 0
christopheBERNARD | posted this 20 December 2018

Hello matt,

manually it's not possible because the device isn't ROOT ...

Of course, i can ROOT the device and add this property ...but we don't want to root the device ..

 

Actually, i can move the file from the tablet to my computer, change the build.prop on my computer BUT when i try to replace this file i receive a message acces denied ...

Is it normally ?

 

Here is it a copy of the result

thanks

  • 0
  • 0
Matt Dermody | posted this 19 December 2018

What I'm also asking is if you've managed to make this change on a device successfully without the use of SOTI. Have you confirmed that manually adjusting the property in the file and manually replacing the file on the device produces the desired results that you want? I would confirm that it works before then trying to reproduce the manual steps through a SOTI Package with Scripting. 

  • 0
  • 0
christopheBERNARD | posted this 19 December 2018

Hello matt,

i'm trying to delete option MULTI USER ...

For this, i've find on google, i must to edit the build.prop and add fw.show_multiuserui=0

 

the path is system, the file build.prop is locate here.

On remote on the device, i've copy paste the file on my desktop.

add the line.

 

Create a package with pre install script  as this:

mkdir "\sdcard\testcreationfolder"  -> ok folder is well create

mkdir "\system\testcreationfolder" -> not ok folder is not create

 

copy "\sdcard\build.prop" "\sdcard\testcreationfolder" -> sucess file is well copy

copy "\sdcard\build.prop" "\system"  -> file never copy

 

yes i've try ot distribute also the file by include into the package 

click right on the project package add file , select destination file -> system and check the radio button always copy the file on device ...

 

yes i've also copy paste the file after package is installed and the file doesn't contains my line !

 

Nothing works ...

 

how ?

any idea ?

thanks matt

 

 

  • 0
  • 0
Matt Dermody | posted this 19 December 2018

What is the path where the file needs to go and how have you setup your package? Have you attempted to distribute the file directly to the directory rather than using a move/copy script?

How do you know that it isn't working? Did you confirm that this process works after manually copying the updated file back onto the device from your computer?

  • 0
  • 0
christopheBERNARD | posted this 19 December 2018

Hello again,

nothing work , i've try to make a package with script for to install the file into the path to system ..

but i can't ...

 

How i can solve this issue ?

thanks for your time

  • 0
  • 0
christopheBERNARD | posted this 19 December 2018

Hello again,

Any idea about this problem ?

I've find on google I can modify a file name build.prop on system folder and add :

fw.show_multiuserui=0

 

Ok, i've find this file, copy paste to my computer and modify it with the line

But when i try to update the file with a remote connection with mobicontrol admin on the device, i haven't the right to delete and copy the new file.

 

Ok, i can make a package with a script who copy this file to the system folder but how i can copy a file into this folder ?

which command i must to use ?

 

thanks

 

 

  • 0
  • 0
christopheBERNARD | posted this 18 December 2018

Hello again,

i've try to install stayAlive application who make the screen never sleep ...

by default it's 30 minutes ...

 

well, that's works BUT if i reboot the device ...the screen is on sleep ...

 

Is there an option in mobicontrol perhpas for to tell screen NEVER SLEEP even after stop and start ?

 

arghhhhhh my good !

thanks for help

  • 0
  • 0
christopheBERNARD | posted this 18 December 2018

Hello asmod, matt,

@asmod => i used client on version 13.6.1257 tablet is Panasonic FZ B2 Android 6.0.1

version of mobicontrol server is : 13.3.0.3454

 

@matt : we used android+ and on configuration profile we have some restriction options also

i see , this option => disable multi users

if i modify my profil, check this option and apply it's NOT working ...as you mentionned 

 

i'm not an expert with mobicontrol, witch difference there is between : 

android entreprise

android+

 

is it possible to enroll this tablet with android entreprise with my config ?

Or any other idea ?

 

thanks for your time

  • 0
  • 0
Matt Dermody | posted this 17 December 2018

Are you enrolling the devices with Android Enterprise or Android+? AE with DO (Managed Device) has the option to restrict Multi-User within Feature Control

  • 0
  • 0
ASMOD@SOTI | posted this 17 December 2018

Hi ChristopheBernard,

Can you please confirm the version of MobiControl and agent version running on the device so that can issue can be reproduce at our end. Thank you

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Give us your feedback
Give us your feedback
Feedback