[HELP] OnePlus 2 blocked from company exchange mail server(!) - OnePlus 2 Q&A, Help & Troubleshooting

Hi all,
Recently my company changed its exchange policy and decided that only iPhones and iPads and Samsung devices are eligible to receive mails from the exchange server
You can imagine it is VERY frustrating.......
How can I bypass the exchange policy? can I root my device and report the device type as iPhone/Samsung?
I really need mail access to my day to day job and don't want to give up my OnePlus 2 I love so much
Please help!!!!!!
Thanks,
Mike

Hi Mike,
Welcome to the OnePlus 2 family on XDA! I know this particular issue is very frustrating and I have been avoiding Exchange/Activesync for years.
There are only a few solutions/workarounds, but beware as some are a little dated. The link I have posted for you below is a favorite of mine that I used for a while before doing away with Exchange/Activesync.
Please read over the method(s) before trying and see if they are for you. I will try to search out other methods for you as well, but I'm a Systems Admin and I'm on call 24/7.
**NOTE**
Since this modification disables the enforcement of Exchange security policies, it may be illegal and may violate your workplace/school policies. If you chose to install and use this modification, please remember that you are doing so at your own discretion. I, AndroidSamurai, cannot and will not be held responsible for any issues, legal, technical or otherwise, that may arise due to the use of this modification.
Exchange Security Bypass
Look it over and let me know what you think.
Warm Regards,
AndroidSamurai
Sent from my OnePlus 2 running H2OS

Related

FREE EXCHANGE MAIL SERVICE FOR POCKETPC w/ DIRECT PUSH MAIL (reopened)

Free exchange mail service for your pocket pc with Outlook Web Access
I run an exchange server and I am welcoming pocketpc users that are in need of an exchange account to activesync with. This service also offers Direct Push for those of you that have have this on your PocketPC. As well as the ability to sync all of your contacts, calander events, and task wirelessly onto your Outlook desktop instantly.
Its totally free and has outlook web access, to sign-up simply point your browser to http://www.port88.org/signup.php, enter your desired account information and I will have your account ready within 24hrs. I even provide documentation on how to setup your wizard or other pocketpc device.
NOTICE: Lots of users have been asking if they can have an alias setup so that it looks like they are sending from thier personal email address (ie gmail, hotmail, yahoo ect..) and the answers is YES! With each account you can have an alias setup so that your recipents see your email address as anything you like! In order to keep this service alive, it is asked that you donate $15.00 USD in order to use this Email Alias service.
If you have/are signing up, it can take up to 48 hours for me to get your account activated. Please make sure to check your junk-mailbox for a confirmation email and then a activation notice! A lot of people are signing up and not activating thier accounts, if you do not activate it with in 3 days it will get deleted, so make sure to check your junk/bulk mail folders so you do not miss the notice of activation which contains your user information.
If you are intrested in other services or want more information, check out http://www.port88.org
This is something I do in my spare time for fun, so it may take me 48 hours before I get you set up. But being a Wizard/MDA user myself, I have found this to be a great tool.
Obviously all this cost money, and lots of it. I have had a few people donate to the cause which has been a great help. But some users ask me for special features that I normally would not offer to a basic user. Well the solution is simple, if more people donate (even a small ammount) I will be able to upgrade the server with more space and better processing power, and in turn more services will be free for everyone to use.
So if you like the service and feel that you can contribute, please send paypal payments to [email protected]
If you think you can donate in other ways (I currently looking for a forum site to be set up), please send me an email!
Keep our community growing, join today!
AK
PS - This time around it's a no nonsence approach that I am taking, so please do not waste my time. Additionally if you find that my emails are short in response, please know that I am not trying to be an ass, I just have a lot on my plate.
REGISTRATION ARE BACK OPEN - June 1st, 2007
awww how sweet!
hey just sent you an email
thx
hey he set it up for me
its working great
What is...
Sorry but what is an exchange server? How will it help me? Thanks for explaining.
not sure how this is supposed tp work but i did send an email and so far nothing. am i missing something here.
Austindkelly,
Thanks for the offer ! How does your service differ from Mail2Web live then ?
I might be interested ...
Cheers
Mark
Don't fall on this!!! Never give personal information over the internet.
:evil: Everyone must be smart enough to notice that this a trap!!
First of all this is totally legit, I do this in my spare time so it might take me a day or so to respond. If you send me an email about signing up, please include the username you would like. If you feel unsafe about sending your 'personal information' dont send me an email, as I will need your Name and a prefered username to sign you up, if you think this is too reveling, do not sign up for anything, or send an email, or use the internet in general. And please do not complain if it takes me more than a few hours to respond, this is free, so chill!
cmarti said:
Don't fall on this!!! Never give personal information over the internet.
:evil: Everyone must be smart enough to notice that this a trap!!
Click to expand...
Click to collapse
I am guessing that you are one of those hyper sensative people who don't like having your ssn on your driver's license either? Seriously get a grip and check out his website.
By the way...awesome service.. He sends out emails when the server is going down and gives alot more Customer Support then one of these other free places I am sure.
thank you!
Speaking of which Austin...can i get my login info again Being the dummy i am I never wrote down my password and reflashed my phone :-D sorry to be such a pain.
I want to retract from what i said Austin is providing an excelent service.
PROVEN!
Sorry, Austin :roll:
it's been a few days, just checking to make sure you didn't need anymore information from me to get set up.
Thanks,
Zak Deutsch
i'd be more concerned with my private and business emails being handled and stored on an unknown server.. but if you guys use your mail for fun, jump on this offer!
i sent the email a few days ago and havent recieved anything. am i doing something wrong Austin?? Should i resend??
Not trying to disrespect but what is the difference between this service and mail2web.com??
Okay guys, If you sent me an email I prob did get it! but the odds are that when i replied it got sent to your junkmail (I know yahoo does this) so check there, if you have not recieved anything from me, shoot me an instant message on here, and we can do it that way!
If you have concerns about privacy or hosting information on unknown servers, you should never, ever, ever use the internet again! even google stores the searches you make on some unknown server, and have you ever actually seen a server that host your email ? prob not. But just to reassure all of you skeptics, my server uses 128bit encryption and runs out of Richmond Virginia in a small office building.
As for whats the difference between this and mail2web, well Im assuming that you are using mail2web if you are asking this, so i will just tell you of the additional features:
1) direct push email support
2) sync with outlook web access
3) sync all contacts, events, tasks and email automatically
4) email alias addresses
there is more, but those are the main reasons that i set it up.
I have over a hundred people signed up and still going strong, so if you are intrested, registration is still open so shoot an email to [email protected] and dont forget to check out www.port88.org for more information.
AK
I thought Mail2Web Live supported Push Email? :?:
..... being an Exchange Admin myself, exchange has been setup in my corp so that admins can read everyone's emails if need be... not that i do
Just hope you lot know this when using this service....

WM 6.1 Sprint Mogul ROM killed exchange ActiveSync

(Appologize made new thread ... new to forum) I purchased a Mogul from RS about three weeks ago. For the first week, it worked great! I logged into my company exchange server down loaded and synced email, cal,contacts,tasks ... was very excited. I also got very excited when I started t read threads in this blog .... it seems like there are some pretty smart members maybe someone can help!!
Noticed that there was a new ROM (sprint TV and improved connection) installed the ROM.
Have spent endless hours with HTC technical support, sprint technical support (not an appropriate name). At times managed to get the email to load but never again Cal, Tasks, contacts. Always able to get sent emails to load. I'm left with a couple of alternatives (any others would be greatly appreciated (actually I really like this phone but I need my email,schedule,etc to work) The error is 0x8503001C there is no exact description about this from MSmobile it seems to be an awh**** code. Searching on the web provides 1000s of hits unfortunately not just my issue.
o Go to an early ROM WM6.0. So far it seems like to do this I need to unlock the phone then flash the earlier rom?? Since no SIM card I need to hack the registry?? There are several products out there which is best (I do not mind paying for something that works well). I down loaded several "Oficial ROm versions ... unfortunately did not write down the number of the one the phone came with.
o Find some way of getting this thing to work well to keep the extra features
o My grace period ends in a week ... cancel with Sprint go to Att but there is not a 3G phone I like ... only Iphone ... it has issues for exchange server??
o I got my wife a Touch at the same time (it runs WM6.1) same issue. Downloaded once my corp email no cal, etc.
o I was told that this Rom was cooked up by MS & Sprint what a disaster
Please, please help ... Thanks in advance
Scurfer
Sprint Touch WM6.1 Killed Exchange mail, Calendar; Skype not working
I upgraded my Sprint Touch to HTC official WM6.1 last week, it went smoothly and I liked the GPS and Rev. A speed!! However, it also killed the working Exchange sync with my company server, which was working on 6.0 ROM. I troubleshot with our IT with a Mogul and with his account on the Touch and finally narrowed down to the culprit--6.1 ROM on Touch (6.1 Mogul ROM has no problem). Another thing that is not working is the Skype, even with the 2.2.0.45 which Skype claims working with WM6.1--no sound after the first ring, even the Skype test call. Can someone share their experiences on Touch or any tips to get these two to work on the 6.1 ROM-- I do not want to give up GPS and Rev.A. Thanks.
Mogul clarification
Thanks for the feedback .... I think I was not as clear as I should have been
On my mogul, I can get the activesync/ exchange to work for email only. If I check cal, tasks, or contacts.... and If under acticesync / menu / options ... I check cal, tasks,or contacts ... and try again I get the infamous 0x8503001C support code.
Reading MS blog someone indicated that WM6.1 is very picky? ... and to try deleting cal with data etc. I limited my cal to the basics still no luck. Deleted all tasks and contacts except one each ... still no luck.
I think my first post was a little confusing in this regard.... (clarifiation) ....I can sync the email with exchange but as soon as I check other options ... or those options by themselves ...0x8503001C.
Thanks,
Scurfer
ive never had a problem with syncing everything on exchange with 6.1, im using DCDs roms, theres plenty of info here on how to use custom roms, so look around
A properly configured exchange server will have no problems syncing with the new rom... i do it all the time..
I would recomend working with your it staff rather than sprint or htc because the problem is most likely with the exchanfe server..
If you want to test it to make sure. I would recommend getting a free account at mail2web.com... they offer free exchange service and if it works with them you have something to show your exchange adim...
Well, ...I appreciate the confidence in the MS sprint WM6.1 ROM however,
... as well as the advice about our IT. The simple fact is we have thousands of employees and the exchange server is not restricted to an employee with the appropriate access rights however, it is unsupported, unless you are a very high level person within the company so while us peeons (pissed on) can have access ... if we have proplems we are on our own....
The simple fact is it (all) worked untill the 6.1 upgrade to my Mogul two weeks ago. There are probaly 50 Moguls with VP/Dirs. I imagine that they were all purchased with 6.0 ... they have no camera I'll never know for sure. Mine may start working properly the day IT has a problem with higher level employees devices. In this age of cost cutting IT assistance ... I am far down the food chain. I may be mistaken about this forum ... I really thought I might get some help here ... so far nothing ...
About the cooked ROMs I have considered but I find Imyself caught in some of the lingo and cautions through 2years of posts as an example:
o My ROm is 3.56.651, there have been posts indicating that you should not try to drop lower that 3.35 ??? I had found a ROM that is suppose to be an official ROM .....RUU_TITAN_SPRINT_WWE_3.35.651.2_RS_TITAN_3.35.04_4350H_SPCS_A
o THere was another post that gave about 30 steps usung special unlock an relock instructions as wel as reg editing and subsequently, several post about bricked phones.
So does anyone know if the referenced 3.35.651.2 is the ROm upgrade before mine. I may become more adventurous as time goes on ... but I'm just trying to get back to the ROm that I had three weeks ago that worked so well with exchange and active sync.
o Does anyone have any clear instructions that would enable me to get back ... I'm on the go so much at work that the push email was a huge benefit ...also being on the run and knowing when a meeting got tossed in my lap helps me schedule my time, updating tasks was great, contacts. That is all gone.
o Does'nt anyone find it strange that this all happen with 6.1 and no other changes?
o This is also not an issue of settings for the server I can still hit it ... I just only can sink my email and once again , not cal,cont,or tasks.
o Doesn't anyone fnd it strange that I can access my email and sync but cal, contacts & tasks do not.
o I can appreeciate that there are a large number of people that are just fascinated by more and more technology ... but all I wanted is my outlook completely back... THe attraction of technology got me in this mess because the Sprint TV like a great addition
Trying to "GO BACK"
As posted yesterday there are several confusing aspects for me involved in going back to a previous ROM .... based on the posts through the last 2 years in this forum
1. Is the ROM I posted above (previous post) the last official ROM before the infamous 7/21/08 post by HTC that gave the speed increase and Sprint TV? If not what is it and where can I get a copy?
2. Is the Titan ROM update utiity,relocker and unlocker posted in XDA wiki the latest if not what is?
3. In previous posts there are at least four ID/PINs that you should capture from your phone in case you get in trouble. How to get these?
4. What is a good utility I.e. Reg editor to use? Will this give me the above ID/PINs? I do not mind spending the money if it gets me out of this mess
5. Another post indicates that you should first unlock ... uninstall the previous ROM? (maybe I'm misunderstanding) then install an appropriate radio by itself then stop the sprint autoupdate before go forward ... relock soft reset, unlock then install the desired official ROM update stop the auto update, then relock. The inferernce is that subsequent future ROM updates will be OK true?
6. If the phone is left in an unlocked state then you try an official additional update does that cause an issue? I have heard that this does ... reading other forums.
7. So is anybody in this forum experienced enough to answer these questions without quessing or shooting from the hip? I'm sure that I am not the only one that would find these answers invaluable.
Assuming there is someon in XDA like that, .... I would greatly appreciate your assistance.
Thanks,
Scurfer
I have a 6.1 Mogul with the newest stock rom and have no problems at all with EAS and sync of email/contacts/calendar. Worked great before the rom update too. Unless you setup activesync on the mogul to only grab email, I can't guess what changed for you.
Active sync/exchange server
Well, I'm starting to believe that you are correct & no, I did not only request email (though I realy do thank you for making the suggestion...). After a lot of checking I believe that this is related to SSL and certificate chains. Because tasks, calendar, and contacts are closely tied to GAL (global address list) and email in some cases will work without it. I.E. if the SSL certificates are only partially recognized, this can apparently happen. The reason they can be only partially recognized is if there is an intermediate SSL certificate. I do believe that WM 6.1 is, as I said before, more Picky...
An intermediate certificate creates a SSL certificate chain that has to be honored. So far I have found that the only practical way to handle this is through XML and a _setup XML file. This in turn has to be put into a CAB and later installed in the CE registry. I have spent many hours trying to understand these processes and get the proper programs. Some from Microsoft for identifying the chain, others for making CABs, being able to view and chage corectly XML and appropriate tools.
Because this operation changes the registry and if not done correctly, it can turn the phone into a brick, I also needed a program that can make a restore. The new SKtools can do this it is a great program with many optimizing features; I highly recommend it after trying several others in the last 2 weeks. The best $20 I have spent in a long time... too bad it will not make CABs.
So finally, I'm able to make the XML file, just got to the point where I understand the CABs, have a way to restore the registry and about to give this a try.
I appreciate your feedback but I am disappointed that there seems to be so few people, other than yourself, in this forum that are willing to dig a little deeper and help some one out. While it is true that it is likely that WM6.1 is just fine (probably more picky), I have had to run through this completely on my own ....
I still have the questions I asked about what was the previous ROM and programs that can unlock/relock, the impact of locked and unlock status on adding a new programs ... earlier in this post ... still unanswered ... Maybe everyone that really knows about phones went to another forum???
I'm close to getting this and I'll post the solution ... and programs required, however, I would really like to get my other questions answered and some feedback from a senior / expert member.
Thanks,
Scurfer
Scurfer,
I'm a network admin for a rather large organization and when issues like these arise with our PDA's/Pocket PC's I usually have the user use their PC to access our Outlook Web Access so they can install and save the certificate on their PC.
Then once they have a copy of the cert, export it to a file (if necessary), copy it over to their PDA/Pocket PC and install/import the cert on the device through the cert program within the device. This has solved almost all of our syncing issues in the past.
I too have a Sprint Mogul 6800 with the newest rom (I wanted Sprint TV and faster speeds too) and following my instructions above has allowed me to sync with our Exchange 2007 server and receive all email/contacts/tasks/etc. I was browsing these forums actually looking for a fix to my HTC home plugin issue which I finally found...thankyou forums....so I figured I'd give you my 2 cents.
Sprint WM6.1 Rom Activesync Exchange Server
Thank you for your feedback. I had tried something similar using the WM forum SSL XML chain saver. I noticed an improvement when using the XML but not completely resolved... I could only hit & sync email. I could at that time hit the OWA directly with my PDA which I could not do before ... so you may be on the right track.
I noticed that we have many more certifiates than the two that the chain saver grabbed. It is possible that installing all of these intermediate certs and related Roots may do the trick, .... However ...
A recent update from me is that I was getting so close to my 30 days with Sprint that I had to push for and got a new phone from the repair center. This phone is at the WM6.0 level and I immediately hit the server downloading email, calendar, contacts but could not sync tasks.
Our company has thousands of employees and they are very slow to upgrade anything ... when I checked we are using 2003sp2++ (holdctrl&rightclick outlook icon).
I believe it is true that wm6.1 works well with 2007 exchange. I do not think it works well with 2003sp2++ here's hoping our poorly manned IT group gets it together at some point and nstalls 2007. It took them many years to change Access over.
So I'm going to close this thread as resolved (and open one to try and get this task issue resolved on 6.0). Contacts and tasks share the same categories in WM and theoretically in exchange / outlook. However, for some reason I cannot remove categories in WM6.0. My thought is that if I have a small number of items that cover the total range of my three catagories ... in both WM & Exch ...may be it will start to sync tasks .... but it did not ... any tips would be appreciated
Once again we are not prohibited from the access ...it is just not supported.
Thanks again to the people that were not so quick to assume that there is no problem .... the Sprint techs now have many, many complaints. About 6.1
Finally though there is that wild card ... what is Sprint adding / removing as an example … they pulled out the folder manager inWM6.1 it is necessary to edit the registry to add it back in (check the web for how to). what else got changed? Looking on the web there are many more Sprint customers with the issue....
Resolved WM 6.1 Sprint, HTC ROM killed Activesync & Exchange
Thanks, I'd like to provide an update... Thanks for the cert info but this last week I was able to get a phone from Sprint with a 6.0 ROM. Well Guess what ... exchange worked perfectly no importing of certs required ... just my base server information. This brought me back to where I was four weeks ago. Unfortunately, I have had to go through several of 6.0 reman phones because of poor repair by whoever Sprint has outsourced that task to, unstable operation, stuck buttons, keyboard that does not work (I'm imagining a cage full of monkeys doing the repairs). You would think that they would ensure that these phones, which are going to already potentially dissatisfied customers, would be given a good look over.
I hear Sprint is strapped for cash but this seems the wrong place to cut cost. The adage in business is that one dissatisfied person tells 4. Satisfied customers tell no one unless asked. Very satisfied people only tell 2. Therefore, dissatisfaction spreads at a rate of two to one. (this is often highly exaggerated by dissatisfied people) but two to one seems the actual case substantiated in business articles. Sprint has new people at the top ... maybe some of them have time to read the blogs, the old ones just wanted to play Monopoly. The moral is you do not have to piss off many people to lose market share.
The good news for Sprint is that, during my weeks of trials and tribulations, I have never met (I must have talked to 12 techs and supevisors) so many people that were honestly concerned and trying to help. So, I would lke to apologize for a comment I made earlier in this thread. There are actually a lot of caring techs there at Sprint
The bad news is that they do not seem to have a swat team that can stay ahead of these issues and communicate with their techs. Poor communication with their techs.... 12 techs and supervisors … twelve different stories.
But one tech supervisor and his manager went out of their way for me today … I heard today I may actually get a new 6.0 phone out of the box, so I’m going to fade away ... happily with my WM 6.0 phone. Because these two tried so hard for me … I’m back in the Sprint camp ... very satisfied with the effort these two made. That makes the difference … the people that try … I was a Verizon customer for many years (they are the kings of indifference), then T-mobile the last two … I could never get anyone at T-mobile to call back so, the people at Sprint seem to really care …. That works for me.
One final thing ... for anyone stuck in nearly the same spot. Initially, I was trying to also get Tasks synced. I finally found out that this is not supported for activesync 4.5 and exchange 2003 sp2 (not sure about 2007). Tasks will only sync with ativesync 4.5 and your desktop. A little know fact … sprint techs….or HTC techs or anybody else I talked to …did not know … dug it out of a WM blog the Windows Mobile team did not think this was a priority.
Really makes you think ... a lot of MS people just working on the desktop ...writing code ... out of touch with how business people work.
Once again thanks to everyone that tried to help
Scurfer
Any Have The Sprint Mogul 3.35 ROM?
I too loaded the new 3.35 ROM for the Sprint Mogul and I cannot access the internet using EVDO. I called HTC and they say that they do not have the old 3.35 ROM. If someone has this, could you please post it or e-mail it to me at [email protected].
Thanks
Updating with NEW ROMS
AKIran, My issue is likely different than yours. However, I may have info to help you. You mentioned that you cannot connect to the Internet. My issue was about Exchange Server. But if it is only cannot connect to the Internet and you put a new ROM in check this.
These may be named slightly different for your phone.
Open the settings icon, go to the connection tab, Then go to and open the phone Icon... Then, go to Services. Pick the Internet. There is a setting for ID passcode and domain. If these are blank then this is your problem.
This is because you do not need the internet to use your phone but you need the Sprint PCS service to contact the internet it is you ISP. A warrning that you cannot to Sprint PCS likely comes up when you try the Internet then times out.
This info gets wiped out when you phone has a hard reset or a new ROM Maybe because of Sprint or HTC not sure....
The Domain name is left blank, ID and passcode are unique to you ... and your account. ...
Call sprint technical support ask them for your unique ID and pass code it will likely be something like.
If the person does not know, suggest that you hear it is the same as the first part of your Sprint email address ... combined with your email passcode
"firstlastname###@Spprint.pcs.com"
so the ID for trhe Internet access is
"firstlastname###" all this with no spaces the ### is a number that is appended to your name by Sprint
and then a pass code
###### a combination of chars&numbs
and no domain name. Enter this info then restart your phone or however they tell you to do it.
If the person does not know, suggest that you hear it is the same as the first part of your Sprint email address ... combined with your email pascode
From their standpoint they do not care about the new ROM...
Sprint is going to discontinue email at the end of the year ... somethng about server space. But they are a litle trapped because of the above...
Keep in mind that you can only upgrade and cannot down grade without being quite a hack ... far beyond me .... hope this helps. Also if this does not do it you may have to have them unlock the phone and set up aditional info.
I tried very hard to get my old ROM from Sprint it is SOP for them & their dealrs to not keep old ROMs.
Scurfer

Microsoft Exchange setup

OK, so this is more exchange oriented than HD2, but perhaps somone might be able to help on this.
My IT dept. are being a bunch of douches. I pissed them off when I first started work having been in IT myself at one point in life ranging from desktop support up to MIS Director and let's just say I stupidly corrected some things and thwarted a few Draconian security efforts now and then on my new job. Very stupid of me as I know what happens when you piss off IT.
Anyway, I have been dying to set up push email, but they state that they are working on policies for this.
BS.
Is there a way to, through some discovery process, "discover" the exchange name so I can set up push email? This is killing me as one of the reasons (among many) that I waited to buy an MS superphone was specifically for this purpose!
Thanks in advance.
Dude, never piss IT off...
Dude, I work in IT. You have done something that most people mutter under their breath. Anyways, I will try to help as much as possible.
Now for the exchange server address do you by any chance have an Outlook Web Access address i.e. my company uses as the webaccess for outlook on the go.
https://webmail.acme.com/owa/auth/logon.aspx
so for my exchange setup I used "webmail.acme.com" in my activesync on my phone and checked the ssl thing.
Also the webaddress used above should have a proper SSL cert. and not a wlidcard one (google it).
Let me know if you have any more questions.
f_v_man said:
Dude, I work in IT. You have done something that most people mutter under their breath. Anyways, I will try to help as much as possible.
Now for the exchange server address do you by any chance have an Outlook Web Access address i.e. my company uses as the webaccess for outlook on the go.
https://webmail.acme.com/owa/auth/logon.aspx
so for my exchange setup I used "webmail.acme.com" in my activesync on my phone and checked the ssl thing.
Also the webaddress used above should have a proper SSL cert. and not a wlidcard one (google it).
Let me know if you have any more questions.
Click to expand...
Click to collapse
Trust me...I know. Having worked IT for 20+ years...I know.
So my company uses:
https://mail.xxxx.com/owa
As far as I am aware that is is.
I am not following the rest of what you have written though.
What do you mean by a "proper SSL thing?"
Camusa said:
OK, so this is more exchange oriented than HD2, but perhaps somone might be able to help on this.
My IT dept. are being a bunch of douches. I pissed them off when I first started work having been in IT myself at one point in life ranging from desktop support up to MIS Director and let's just say I stupidly corrected some things and thwarted a few Draconian security efforts now and then on my new job. Very stupid of me as I know what happens when you piss off IT.
Anyway, I have been dying to set up push email, but they state that they are working on policies for this.
BS.
Is there a way to, through some discovery process, "discover" the exchange name so I can set up push email? This is killing me as one of the reasons (among many) that I waited to buy an MS superphone was specifically for this purpose!
Thanks in advance.
Click to expand...
Click to collapse
Even if you figure out the proper address and domain name, there is a good chance you will need a security cert Cab to run to allow you access which must come from your IT dept.
Why not just take this to your boss and tell them you want work email on your phone and have he or she force them to set you up? If your boss isn't down with you having work email on your phone, then IT isn't going to let you anyhow...
I appreciate all the responses.
A couple of points to address:
1. I got it to work no problem.
2. I erased the profile and am going to wait for them to give me the green light/red light.
I am second in command for my satellite office.
I am the assistant program director for a FQHC (Federally Qualified Healthcare Center). We are JCAHO accredited and long-standing.
We have to play by some very serious rules according to the feds and HIPAA is always looming large.
When I put a small applet on my computer to stop the screensaver from engaging (since they took away our privs to be able to just change the setting) someone ratted me out and I was told that it was "HIPAA" policy.
Having been a privacy officer myself I assured them it was not HIPAA policy.
They then noted that it was company policy.
Long and short of it...I am going to have to wade through the BS.
Supervisor is here!
Gotta go!

[Q] security question regarding 'Trusted Credentials'

Is there any reason why I should have so many Trusted Certificates under the System tab in Credential Storage? I have probably close to 100 in there and most of them I don't recognize; they seem to have some gibberish with an expiration date of a few years in the future. To my knowledge these are baked into the ROM and are not installed by the user so I'm guessing most of them relate to a stock app of some kind (WatchOn, ChatOn, etc.) Because I haven't seen a lot of discussion about it, I am asking if these Certificates are safe( I know it's from android or Samsung blah blah)?
I'm in the tedious process of disabling them just to see what happens but can anyone else shed any light on the matter? Thank-yew...
http://support.google.com/android/bin/answer.py?hl=en&answer=1649774
I'd like to know about this as well.
Sent from my SAMSUNG-SGH-I337
These are all root certificates. The certificate authorities that issue cents to web sites have their root certificates loaded on the phone so the phone can verify that an sisal cert from a web site is legitimate.
This is a lucrative business so there are quite a few CAs around the world. And big banks have become CAs too.
Theoretically they are all legitimate as it is a huge process (or it used to be) to get your root cert included in an OS or browser by default.
Can you remove them? Yes, but be careful. If you only use USA websites then you can probably remove most non-USA CAs. But why do you care? Older versions of android didn't let you remove any, and the only time you need to is if a CA has been compromised.
If you do remove one you need, you will get SSL warnings about visiting an untrusted site, but you should be able to add the root cert back.
HTH
alphadog00, I realize your post is from 2013, but I've been searching for answers to this as well. Why do we need these certificates on our phones? I have 156 on mine, and some of them aren't even in English. Some have the country in the company name, like China, Turkey, and Germany. Some companies have more than one certificate. VeriSign, Inc. has 7, all with different issue dates going back to 1996 but all expiring between 2029 and 2036. A couple of them look sketchy to me, with 'certificate' spelled 'cirtificate', and 'global' spelled 'globel'. They remind me of emails that I get from my dear friend, the widow of a former bank president in Kenya, who needs my help getting her money out of the country. Why do I need 156 trusted credentials from half a dozen countries? How many do I really need? There is a grey item at the bottom of the security page that says “Clear Credentials,” but it’s un-clickable on my phone. Why would that be an option if these certificates are necessary? Would I be safe disabling all the ones from outside of the US and Canada? Are all these certificates taking up space on my phone? What is a ‘fingerprint’? Thanks in advance for any help and advice you can offer me.
27 July 2017. "Turned Off" all but two CAs. Result is could not access Play Store as well as several other sites. One screen stated "No internet connection. Make sure WIFI or cellular data is turned on, then try again." Needless to write, turning off all the CAs has repercussions.
I was helping a friend which I had no idea what was going on until I got there...it's a huge huge ring of I'm not sure what?? Now my phone, my parents phone, there desktop and laptop are all under attack! I downloaded over 20 antivirus apps and could not allow permissions, nor can I get any recovery codes to any email because it keeps changing the password. Plus I found strange apps just installed, settings changed that were not and all countries in the world chamber of commerce trusted certificates and so much more. I'm pretty sure we are under attack! I would GREATLY APPRECIATE and thoughts or ideas of what i should do to our info safe!!!!! Thank You!! p.s. I'm now living every second in fear like her and very scared!

Company wants to wipe my phone

I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
If you want to pay for it; use Nine mail application.
You can set a full device wipe or just application wipe.
So if your company decides to wipe it, only the mail gets wiped.
what kind of wipe? if your mean is factory reset or something like that. therefore yes. I mean factory reset wipe just own partition and won't touch of other partitions(I'm sorry for my bad English language. I hope you got what I mean) so, obviously you should sync your info between all roms yourself before wipe.
but if your mean is kind of wipe from recovery or flash with Windows P.C or something like that, don't count on multirom or anything else! ?
فرستاده شده از Nexus 6Pِ من با Tapatalk
Personally, if a company would remote wipe my phone if it gets lost or stolen because it contains company related info in it, I don't see the problem of letting them do so. I would even thank them for having my personal info wiped along with it. If I have issues with the company's terms regarding wiping data on MY phone (maybe like remote wiping without letting me know beforehand, even when my phone is not lost), I would use a secondary phone as a work phone.
The company should provide a work ? for you to use.
stankyou said:
I would use a secondary phone as a work phone.
Click to expand...
Click to collapse
I just realised the Samsung Galaxy S2 with its broken screen that my Nexus 6p will replace, will be perfect for this. No SIM card, just sync everything over Wi-Fi, done. Thanks for the creative thinking, all!
dratsablive said:
The company should provide a work for you to use.
Click to expand...
Click to collapse
I agree. If they want permission, they should provide the device.
Generally, companies that want your phone wiped any second are against rooting, unlocked bootloaders and custom roms. The best thing to do is to ask them about it first, so that you won't end up getting fired or sued.
Bluemail
PeterJP said:
I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
Click to expand...
Click to collapse
Ok, so to do this they need to install an MDM agent (Mobile Iron, AirWatch, etc.), a piece of software/application which is granted device administrator rights on your phone. These agents usually manage the security certificates and all the other things needed to authenticate the device with their systems and create a secure connection. If they configured their environment correctly, devices without this agent shouldn't be allowed to connect, which essentially makes the agent required. This is good as only secured and managed devices can connect.
However, as this is a personally owned device, you're allowing them a metric crap ton of access to your personal phone. As a device administrator, the agent can be used to:
* Browse / view / edit files on your phone
* View messages sent or received
* Use GPS to determine the device's location, or even map where the device goes 24/7.
* Change the lock code / pin for the device.
* Lock the device at will.
* Detect rooted devices and disallow service.
* All kinds of other Big Brother-ish type of things.
Your company should have some kind of mobile device policy. Ask to view it. This policy should define acceptable use of mobile devices for employees, and it should also define the acceptable use of the MDM solution for IT staff and management. It should define specifically what steps they will take if the device is lost/stolen, if you get terminated, or any other circumstance where they would want to wipe the device. If they don't have a mobile device policy, or if it does not clearly define these things, demand they provide you with a mobile device and do not grant them permission to use your personal devices. Why? If they don't have their **** together enough to have a policy protecting both them and you, it's just not worth giving them access to your phone.
Furthermore - They should have the ability to perform 2 types of wipes. An enterprise wipe, and a device wipe. The enterprise wipe will remove email, corporate data, corporate applications pushed through the MDM, and finally the MDM agent itself. It shouldn't remove any personal files or wipe the OS. It is often the practice to do an enterprise wipe for personally owned devices in a BYOD environment, but you should check.
So, is all of this MDM stuff bad? No. Your business has a right to protect their systems, networks, and information. MDMs allow them to do this. That being said, if they are making it a job requirement for you to access email 24/7 (or even for just a limited window of time which is outside of your normal shift hours) then the burden of providing you with the appropriate means of doing so rests with them as well. This often means they have to provide you with a mobile phone. If accessing email outside of your working hours is NOT a requirement - then don't! For goodness sake, take a break from the job man!
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
I know this didn't specifically address the OP, but I've had a fair bit of experience with this (both good and bad) and thought I'd chime in. I hope it helped.
how about the reverse, what can a person do to prevent them from wiping your phone?
Elnrik said:
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
Click to expand...
Click to collapse
Nice write-up!! I totally agree with you, 2 phones is the way to go.
https://play.google.com/store/apps/details?id=com.cloudmagic.mail
Access your exchange email without changing security settings on your phone.
ycats said:
how about the reverse, what can a person do to prevent them from wiping your phone?
Click to expand...
Click to collapse
Once their agent is installed and made a device administrator... Nothing.
Ergo - to prevent it, don't install the MDM agent.
---------- Post added at 07:00 AM ---------- Previous post was at 06:46 AM ----------
mikexda said:
Nice write-up!! I totally agree with you, 2 phones is the way to go.
Click to expand...
Click to collapse
Thanks.
I've had some companies tell me "hey, we will pay for your service" and what they wanted was to transfer my line into their business account. Great, I don't have to pay the bill anymore, but I just lost control over when I upgrade (or am eligible for upgrades, as business accounts are still largely based on 2 year contracts), what device I can upgrade to, what plan I get, etc. And here is the scary part of that scenario... Legally the phone number is theirs from that point on. They don't have to release it back to me if either one of use terminates employment. Damn slippery slope, that.
So, unless they are going to cut you a check for your service every month, and you are ensured to retain ownership of the account, best to avoid that altogether.
In fact, any company high on BYOD is doing it wrong IMO. It sounds good, but it can be a nightmare.
Do you actually have to have work email on your phone?
Firms usually offer a corporate device, you can have your email on that, should be a cheap month to month contract.
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. There's a short FAQ with details on how to connect to their Exchange server, but that's when my phone pops up that the server wants access to wipe the phone. I haven't written down the details of the message, though. It could be just the Exchange part, which would be ok. Last thing I want is another party to have any form of control over my personal phone after my assignment ends.
Bluemail looks cool, I'll try it out. I'm curious to see how it reacts to the demands of the Exchange server. In any case, I still have my old phone which will do to stay in the loop when off-site and access my calendar. I might want to have an app that actually copies the calendar to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
ycats said:
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Click to expand...
Click to collapse
Depends on your workplace. Some are more relaxed about it. Personally I avoid it and use a dedicated device.
---------- Post added at 04:49 PM ---------- Previous post was at 04:46 PM ----------
PeterJP said:
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
Click to expand...
Click to collapse
I know a firm who does exactly that, iphones. If it were me I'd avoid it and get out your s2. But that's me. Are you rooted? How does the MDM play with root? If reported would that provoke a wipe? Surely that can be blocked.
What about the exchange hack? Would that be of any use?
Touchdown in the store.
tech_head said:
Touchdown in the store.
Click to expand...
Click to collapse
Was just about to say it has its own secure app container so wiping only wipes company info. Used it for years.

Categories

Resources