Exchange Protection - EVO 4G General

Is there any way to get out of having to enter a pin because of the exchange server security requirements? I don't have any info on my work email I am worried about.. so it would be nice not to have to have a PIN/Password to be able to use it.

I have an exchange, it doesn't have to ise a pin at all, I just put it on to the native the email app
Just open and your in.

If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.

clintre said:
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
Click to expand...
Click to collapse
Ok. Guess I'll see if I can access it through other means than exchange. Not sure. Just hate typing in the pin all the time!!
Thanks for the info though

I run an exchange server myself with a few activesync devices running. It sounds like the pin you are describing is imposed by your system administrator, when I set up an account on an evo or inc all I need is my domain credentials and a server address.

I also run an Exchange setup. I can verify that a few native e-mail apps from 2.1 days somehow bypass certain Exchange requirements, much to my dismay (Motorola comes to mind). They pretty much lied to Exchange and said they were compliant when they weren't and didn't enforce some rules. However, all the new stuff follows the ActiveSync rules, assuming that's the setup you're aiming for. I suppose if you really wanted to bypass the security you could check to see if they left IMAP or POP open, but then they'd just be some not-very-smart sysadmins.
Also, you shouldn't need anything more than your e-mail address and your password to ActiveSync. After the initial attempt at syncing it will ask for you to verify the security permissions. If it drops out and asks for your server name, domain, and such then tell your admins to fix AutoDiscover.
Oh, and while the thought of your admins being able to wipe on command is scary, you will have the ability to remote wipe your device in the event you lose it. It'll be accessible under OWA, so that's handy.

Related

How do I disable password on phone???

When I set up an exchange account the phone ask me to set a password. Now every time I turn on my phone it or wake it up it asks me to enter the password. How do I remove the password???
If you were forced to set a password when you set up exchange activesync then the password is enforced, you can't remove the need for a password as long as you sync to that server.
The IT policy is set by whoever administers the server for all connected devices, most companies would use that setting for example to protect their data.
Who is hosting your exchange? Is it a work account?
It's 1&1. I really wish i knew that before i bought. Everytime I wake up the phone I have to put in a darn code. Is there any way around this? Very annoying.
Only way around it is to remove the exchange connection.
It's a server-wide policy - to cope for some users needing passwords, maybe even their own staff it will have been set up.
I'd stick with it personally, the device is more secure when lost with it enabled... I carry a wizard and Blackberry - both need password entry but I'm used to it
This week end I tried to sync my oulook mailbox and it asked me to accept new security policy.
It was in fact my company that upgraded to latest Outlook mail server with push functionality.
I was very happy and push is working fine.
But now I also have this annoying Pin code to enter every hour.
Also even when I entered the code and I am free to use my phone during one hour, I noticed that each time I turn it on I have a blank screen for 1 seconde before it loads the today page slowly.
This password feature is not nice at all and I really want to get rid of it.
I am pretty sure we will be able to find some regkey to unlock this stupid security policy like in HKLM\security\Policies\Policies.
It has to be a user choice in the end.
Do you know if I stop syncing with my server if i can remove it?
no, as I've said twice already, if you're using exchange activesync then this policy is enforced.
It's not user choice, if you're syncing your device with your employers equpment it's their data, they're legally entitled to protect it. If you're syncing with a third party server then the device will do as its told... the server is considered authorative - the same is true of Blackberry.
If you can find a way to alter the policy the checksum of your settings will differ to that stored on exchange, when the device next syncs it will see the change in policy and enforce the correct settings, turning the security back on.
Seriously guys, if you want exchange activesync then live with the policy , if you don't then disable the server connection.
remove the activesync service then yes you should be able to edit again to disable.
of course the thing mentioned above is not a solution...
i'm hal-way there and spoke with the rom makers to find a complete solution...this one is just temparary...
SeanH said:
I have been using a registry hack everyday to prevent my WM5 device from locking itself every 30 minutes. At around 7:00pm the company I work for forces a policy to my device using push email. At that time I open a registry editor and modify \hklm\security\policies\policies\00001023 from 0 to 1. That prevents the unit from asking for a password for 24 hours.
Click to expand...
Click to collapse
good luck
remen said:
of course the thing mentioned above is not a solution...
i'm hal-way there and spoke with the rom makers to find a complete solution...this one is just temparary...
good luck
Click to expand...
Click to collapse
I've decided I'm not going to be able to help on this one. It's your company's choice to enforce that security policy and not mine to help you get around it. I'm not being rude, I'm just not able to put time into research to do that at this moment.
Good luck.

Accessing Company Email

Quick question .. not sure if anyone can help or not.
My Company uses Xchange email and was wondering if there was a way to get this email pushed on to the phone first. I guess the main problem is that I am not sure if the company has pop enabled. Not really even sure what the incoming mail server and outgoing mail server are or where to find this information. Asking them really isnt an option... any thoughts?
This is the first thing that i tested with my Dopod. When it asked for servers, i just put in the web address to our Outlook Web Access site.
Hard reset after about 30 mins because my server enforced a 30min lock policy and i wasnt sure if i was allowed to hook my dopod upto the exchange server (we have strict policies about attaching non approved hardware to servers and or network)
Exchange servers don't use POP or SMTP, they use Exchange. So there are no 'incoming' or 'outgoing' mail server names.
Get your Exchange server address from your internal tech support group or your system administrator and go through the email account setup on your phone. You'll find one of the options early on is "Exchange Server".
You say that asking them for this info isn't an option, but it's the only way you're going to get this information. If you know where to look on your desktop, you can check your Outlook installation for the Exchange server name there. Otherwise, you're stuck having to ask someone.
If you just simply can't ask anyone, and can't find out on your own, it's a safe bet that your company doesn't want you to do this, and someone might get upset if you try.
i guess the real question here is. If I were to install the BBconnect 4.0 software on my phone; would this then allow me to access my company email on my Tytn?. The problem is that I am trying to get my company email on my Tytn without having to go to my corporate IT department and ask for official permission as they are idiots and say I do not have a need for this. Currently certain people have blackberry's in the company which they receive there email. From my point of view I could careless what they think I have a need for or dont. So in the end I am just trying to circumvent the IT department to achieve what I need. Any thoughts on how this could be done?
- Should also be noted that I have gone into my outlook settings on my Work PC; retrieved what is listed in there as the Microsoft Exchange server address and inputed this along with my netwrok id and password into my Tytn but when you do the Sync it does not work. I have also pinged the server address and inputed the IP# and tried that way unsucessfully as well ... any thoughts?
It's a pretty involved process. You will need to know the server addresss, user name and password and additionally an SSL certificate in order to get true push email. That's unless they use a big company like Verisign to provide SSL certificates. So you might have to talk to them...
First things first though.... Find out what the name of the exchange server is. You will also need a domain name. I'm sure you know what your username and password are.
NRGZ28 said:
It's a pretty involved process. You will need to know the server addresss, user name and password and additionally an SSL certificate in order to get true push email. That's unless they use a big company like Verisign to provide SSL certificates. So you might have to talk to them...
First things first though.... Find out what the name of the exchange server is. You will also need a domain name. I'm sure you know what your username and password are.
Click to expand...
Click to collapse
I have retrieved the domain name from going into the control panel and system icon and checked under computer name. So I know what the domain name is; I have also retrieved what is listed in the Microsoft Exchange Server address. However for some reason it still does not work; I am wondering if what is listed in the MES address field is only accessible if you are on the company internet and not an outside connection? - Thoughts?
If you retrieved that address from a computer on their internal network, than it's an "inside" address and it wont work on your phone. You need to figure out what the outside address is and it's pretty easy to do. It's usually "mail.blahblahcompanyname.com" or something like that.
Any thoughts on when the usual mail.blahblahcompanyname.com doesn't work? Any thoughts where one might find this information?
Yes. See above for my thoughts.
Pk2007 said:
Any thoughts on when the usual mail.blahblahcompanyname.com doesn't work? Any thoughts where one might find this information?
Click to expand...
Click to collapse
As mentioned by one of the posters above, the Outlook Web Access address is the best one to use to ensure that it is a valid routable host. You also mention that some of the other network users have blackberry devices. If your corporate IT guys are using Blackberry Enterprise Server, it may mean that Exchange Activesync is not enabled at the server end (or indeed that they are not using a late enough version of Exchange server) in which case, you will not be able to use it no matter what settings you have.
embeeowes said:
As mentioned by one of the posters above, the Outlook Web Access address is the best one to use to ensure that it is a valid routable host. You also mention that some of the other network users have blackberry devices. If your corporate IT guys are using Blackberry Enterprise Server, it may mean that Exchange Activesync is not enabled at the server end (or indeed that they are not using a late enough version of Exchange server) in which case, you will not be able to use it no matter what settings you have.
Click to expand...
Click to collapse
By Outlook Web Address; do you mean the website that you can visit to get your company email when you are away from the office?
Yes, try that address. Ours is https://blahblah.wahwah.com/exchange
If yours is also HTTPS you'll need the certificate. If it's a MAJOR provider like someone else posted, no worries, your device will handle it on its own. If it's a self-signed certificate, SOL.
pkley said:
Yes, try that address. Ours is https://blahblah.wahwah.com/exchange
If yours is also HTTPS you'll need the certificate. If it's a MAJOR provider like someone else posted, no worries, your device will handle it on its own. If it's a self-signed certificate, SOL.
Click to expand...
Click to collapse
Yeah I tried the web address that I login into my web mail when I am not in the office. However that does not seem to work either.
Thank you to all those who replied with useful information. Combined with the answers I received a little tinkering around; I was able to successfully accomplish what i was trying to do; which was receive company email without the involvement of the IT department.
computer misuse act
without sounding picky, you shouldnt be doing this unless you have explicit permission.
IT departments have specific policys in place to safeguard the data transmitted to mobile devices, and in this case, I doubt you know what these policies are and potentially opening up your corporate network for attack
all you have to do is call your IT department. Tell them you want to enable Outlook Mobile Access (OMA) on the server.
Once this is done, ask them for the Outlook Web Access (OWA) URL. Also, check to see if your server requires SSL or a domain (if you are unsure).
Once you're off the phone with IT, launch activesync on your ppc. press menu and choose "add server source"
enter your OWA address (without http:// or https://) and be sure to include " /exchange " without quotations at the end. press next. enter your outlook username. this is usually the same as your email before the @ symbol, however it can be different.
enter your password and then domain. ensure 'save password' is check. choose next
choose what you want to sync wirelessly , such as contacts, calendar, and task.
note: whatever you sync wirelessly will be deleted if you ever decide to stop using exchange activesycn
choose finish. the initial sync will begin. also, your company's security or it policy may force you to have a password on your phone. if so, you will be prompted during the initial sync to set up a password.
if you need any more help, let me know..

Exchange OMA Help!

I have searched and searched for an answer to this problem and have not been able to find anything. Hopefully someone here has run into this before and might have an idea or solutuion. Her is my problem.
I have two exchange servers (2003 SP2) on of which is a front end server handling OWA and OMA. We sync about 18 Windows Mobile 6.1 devices over the air using OMA. We are using SSL. All of our devices have random problems connecting to the server. They will sync fine most of the time but will randomly for no particular reason ask the user for their exchange password. We are not enforcing any password policies on the server and we are always checking the box to save the password. In order to get the device synching again the user has to re-enter their password multiple times and often has to kill and restart activesync on their device.
Any ideas as to what might be causing this?
Any help would be much appreciated.
You could try unchecking the box in Activesync on the phone that requires SSL. We use SSL as well, but we have to uncheck that box on the phone. Although our problem is that the phone never syncs when its checked as opposed to your problem of randomly not syncing and asking for a password.
Unfortunately that is not an option. Our SSL is required for authentication. It will not connect without it. It seems like what is happening is that the device is not always passing the credentials to the server. Usually when it asks me for the password I enter the password once making sure I check the Save Password box then when it asks me the second time I hit cancel. ActiveSync then gives me a could not authenticate error. Now if I just hit Sync again it goes through and works just fine without asking for the password. So my guess is that it is not passing the credentials until after the connection is reinitialized.
From what I understand, Push Email relies on the OMA functionality which uses IIS. The problem my lie there. Although I've never tried, you may have to uninstall/reinstall (or confirm) that the OMA part of Exchange is functioning correctly. Sorry I can't be of more help.
Do the log files on the server show anything when a phone can't log in?
No, the exchange logs don't show much. I almost think it might be something with the device configuration. At this point I just don't know. We will be migrating to Exchange 2007 sometime in the next few months. Hopefully that will resolve the problem permanently. I was just hoping maybe by some chance someone here had seen this problem before. Thanks a bunch for your help.
Is the FE server doing the authentication (NTLM) or is there an ISA server in the way configured with Forms Based Authentication? You should make sure the IIS virtual directory for OMA is set only for Basic Auth - and the following article might be worth a read.... http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1188440,00.html
Hope that helps - good luck!!
Mark.
^^^What he said. Took the words right out of my mouth. You'll still be secured through the SSL certificate, even though you're doing "basic auth" you aren't exactly sending your password as clear text. Requiring SSL on the OMA site will automatically encrypt the connection so you have no need to worry.
Try it out and get back in here. I manage a site with about 50 WM 6.1 Black Jack II's that sync with Exchange 2007 with no issues whatsoever. Also verify that you have all your hotfixes related to OMA installed on your Exchange 2003 server.

Needed Development - Security Policies on Exchange Servers

In my work to access OWA I need passcode(RSA, that is a pain in the ass if your connection is cut), and due to the security policy of my work, I can't access the Exchange e-mail account in the android (is on a Exchange server 2003 SP1, with forced password policy, that prompt for password every minute without use and wipes everything, when two many times the password is wrong)
iPhones and WM based devices they are activated normally throw the same server address to exchange mobile service (with the security police enforced), but (i think) due to the unlock pattern tech, that there's no password and security sucks, I just can't configure it.
Even the Radius server blocks my nt account after a few attempts.
On the other e-mail with the Exchange server 2007 SP1, no policy, it works great..
I love android and I don't really like the idea of coming back to a WM or trying a iPhone or maybe a Blackberry since we have a BES too..
On the WM devices I installed a program that remove the annoying requesting always for password without removing the certification stamp that I'm following the policy...
Somebody came up with something like this for android?
Is something it can be worked around on future developments?
Any idea on working around on my issue?
Simply install something like Touchdown....
In any case.. this is not really a development question.

Exchange security policy

I've read a few threads after searchign on Android and Exchange but can't really find what I'm after.
I need to enforce a security policy if users want to sync their exchange account. There's a few people in the office who want Android devices (we provide them with a device) but until there's somethign which enforces something along the lines fo a PIN after 20 mins ala WinMo then we can't do it.
Anyone have any ideas if it's coming or if there's an app to do it? I've tried Touchdown but just seems the same as the Hero Exchange app to me.
I've not tried Touchdown, but they say they support PIN enforcement.
http://www.nitrodesk.com/dk_touchdownFeatures.aspx
Regards,
Dave
Yes, Touchdown and Roadsync both support the PIN function (they ignore it somehow, as android doesn't have a PIN function!)
although i do believe that it is technically possible to exclude individual accounts from the policy on the server (although not exactly the best idea in terms of security).
Alternatively, just do what we did at work and say 'No, you cannot have an Android Phone for your Work Phone'.
Since the ROM update on the HTC hero, I have been able to access my work email (a massive highly secured company who generally know what they are doing) and I know for a fact that they enforce this kind of security arangement on mobiles that want to connect - however android has somehow got around this and there is no remote enforcement and I can use my phone for these emails via PUSH. (I use the gesture lock as a password) You could get them to sign an agreement that they will apply this kind of thing to their phone manually. I don't know if there is an app for remote wipe.
Your company isn't allowing you in some backdoor or anything... depending on their version of exchange they are simply allowing you to use activesync through exchange.
What we all really need is an andriod client to take advantage of exchange 2007's exchange web services protocol, activesync is old technology and limited.
O.P. - You can limit users on a single user basis, if you're running windows active directory. Need a little more info on what you are trying to accomplish. If you're allowing them to use their mail client setup they are saving a password that is not clear text and is hashed... you can install a remote wipe on the phone and if they lose it, simply wipe it and forget it.

Categories

Resources