Starting as regular user - Samsung Galaxy Tab S5e Questions & Answers

I'm struggling with the multi user system... the usage scenario is as follows:
I want to remain the admin of the tablet and need full access to it. However the main user of the S5e is someone else, who occasionally is on the other side of the world, i.e. far away. She should not have full admin access to the device. However, she needs to be able to start the tablet after it was turned off/restarted. Right now, it seems to require my PIN - switching the user account to hers is useless at this point, the tablet needs my PIN. I do not want to give it to her.
What can I do? It seems like I need to empty the admin account completely, so that it is at least sort of safe for her, and reinstall my own account as a regular user? That's stupid. Windows has absolutely no issues starting with a user account, and AFAIK the same is true for Linux.

Related

I Need Heeeeellllpppppp !!!

i have my cingular 8125 for about 4 months now, one day i set a password... i guess the password was SO safe that now i cant even access my phone anymore.... what can i do ? i need my phone please somebody help ME !!!
is there anything i can do !!?? is there like a special password that works in every phone PLEASE HELP!!!
First try this: Meckaleckahi Makahineyho.
You didn't exactly say it , but I am assuming that you have forgotten your password.
I'm not an expert in PPC security but I think you will need to do a hard reset , unless you can find a program that can access the ppc from a computer without needing your pw and adds a program to your startup menu that removes the option for password protection. I doubt that such software exists, but hey, you never know. Search around on yahoo about ppc passwords and security. I beleive Microsoft even once provided a program for unlocking passwords on Windows 98 computers.
Nicnatros said:
You didn't exactly say it , but I am assuming that you have forgotten your password.
I'm not an expert in PPC security but I think you will need to do a hard reset , unless you can find a program that can access the ppc from a computer without needing your pw and adds a program to your startup menu that removes the option for password protection. I doubt that such software exists, but hey, you never know. Search around on yahoo about ppc passwords and security. I beleive Microsoft even once provided a program for unlocking passwords on Windows 98 computers.
Click to expand...
Click to collapse
The fix around Windows 9x passwords were even simplier than that, you could simply delete them...... but unfortunately Windows Mobile has moved on since then.
Unless you have security software built into the ROM like the anti-theft software available, a hard reset will clear the password.
I, like most, won't explaining ways around passwords on a forumn like this, as you may not have stolen the device... but there may be other people out there looking for ways into theirs that haven't come across them innocently...
In future I suggest you do often syncs with a PC to back up contacts/calender etc, and save your important data to memory card, that way if you do need to reset you won't lose much.
jmdrizen said:
The fix around Windows 9x passwords were even simplier than that, you could simply delete them...... but unfortunately Windows Mobile has moved on since then.
Unless you have security software built into the ROM like the anti-theft software available, a hard reset will clear the password.
I, like most, won't explaining ways around passwords on a forumn like this, as you may not have stolen the device... but there may be other people out there looking for ways into theirs that haven't come across them innocently...
In future I suggest you do often syncs with a PC to back up contacts/calender etc, and save your important data to memory card, that way if you do need to reset you won't lose much.
Click to expand...
Click to collapse
ok and how do i do a master reset on my phone... because it doesnt want to acces anything ... it goes straight to the password screen ..... excuse my english i'm spanish !!
i dont really care about losing my contacts/messages etc... i just want to be able of use my phone again how do i do a Hard Reset ? remember my phone goes straight to the password screen
just press the voice button and the comm button at the same time while doing a "soft" reset.
keep both buttons pushed till you get the question if you want to reset the whole thing. you must confirm this by pussing the dial button.
succes
THNAKS IT DID WORK !!! i love you guys !!!

[GUIDE] Using KeePass and Dropbox to manage passwords

I had a situation where a friend's PASSWORD (singular) was hacked. He lost control of his email accounts, facebook, and several other things (luckily not his bank accounts). I wanted to share with you all, in case it is helpful for someone out there, how I manage my passwords in a secure way.
I use KeePass and Dropbox to manage my passwords.
I chose to do it this was because 1) Its free 2) I get multi-platform support 3) I control the encryption without having any other outside company holding the 'key' to my encryption [I'm not that paranoid, but it is an additional benefit worth noting].
I have a KeePass database (my 'password vault' as I call it) with a very strong password. I then have that database file on Dropbox (and in fact, I have the entire KeePass application in Dropbox as well as a Portable app so I can have my configuration settings, etc. synced as well.) This covers syncing my passwords in a secure and encrypted way to my PCs.
Then, I use KeePassDroid on my Android devices. I use DropSync (which acts like the 2-way syncing of the desktop Dropbox app) to sync the 'password vault' to my device. Whenever I update a password and save the password database, it then gets synced to my other PCs and my Android devices. The database is there but encrypted so I just have to enter my strong password each time I need one and then I get access to all of my passwords. On some of my devices that I don't use as regularly for things where I'll need passwords, I just use the Dropbox app to open the password database on an as-needed basis.
One of the nice features of KeePass, which I'm pretty sure some of the others have as well, is the ability to generate a random password for me. I can specify how 'complex' I want it to be, etc and it makes it for me. This way I don't ever have to remember my password and it makes it nearly impossible to guess what the password actually is.
You can also accomplish basically the same setup using Google Drive or Copy.com.
There are other companies out there, like LastPass, mSecure, etc, which offer great products as well (some of which cost money though). This is simply the route I chose to go. Like I said - a little more complex to get set up, but I'm very happy with the setup now that I've done the initial legwork.
The point of all of this is though - KEEP YOURSELF SAFE! Have STRONG passwords and NEVER, NEVER, NEVER use the SAME password for multiple things!
I use the same setup and it works perfectly. Using keys, Oauth and Keepass where possible/appropriate sure simplifies and secures the daily life.
A bit in the wrong forum (it doesn't really have anything to do with this device) though.
Can use keepass2android and skip the dropsync step.
kodochax said:
Can use keepass2android and skip the dropsync step.
Click to expand...
Click to collapse
Exactly. This is what I've been using for a long time, works perfectly and has built-in Dropbox support.
Stopped reading after the first Dropbox... Nice gift for the US government!
Astagar said:
Stopped reading after the first Dropbox... Nice gift for the US government!
Click to expand...
Click to collapse
1. I think they will find you out anyway, using Android, iPhone or any hardware, 2. It's pretty well encrypted just use a good key ?
Good guide. I wish guides like these weren't buried in device specific forums though. this is a general technique that any user can use and deserves more visibility.

[Q] How to Find/Delete all data create by App?

Hi Guys (and Girls),
I'm trying to help a friend with a specific problem. She has an account (Badoo) which was blocked by Badoo; a friend used her account and abused it, and the result is that her account is blocked. Badoo refuses to unblock it. Even worse, when she creates a new account it is also blocked almost immediately, effectively making it impossible for her to use Badoo.
So, I try to help her with this - also because I like the technical challenge here. I've found out that if I create a new account, it stays active; but the moments she starts using it, it is blocked quite rapidly. Reason: they recognise her from before. It is not related to userid, name, email adress or any of the data uploaded. So, my only conclusion is that there must be *something* on her phone that is found; and the help file they have online suggest they install 'persistant tracking cookies' on mobiles.
Uninstalling the App does not work. So, there must be SOME files somewhere that are NOT deleted after uninstalling; and the moment you reinstall, they are found and the account is blocked (at least, that is my reasoning).
I've tried writing a small App to find something, but cannot find any way to do this. The way I understand it, all files created on Android should be linked to the App (so should have owner/groupid linked to the App). I therefore think it should be possible to find any files installed by an App, and just remove them. I was afraid they would be in the /data/data/... folder, but it looks like that folder is cleaned after uninstalling, so they are probably somewhere on the SD-card.
I expect a wipe of the phone will sort everything out, but unfortunately that is not an option.
Anybody has any idea how to proceed with this?
I would be interested to know the answer to this also!

Company wants to wipe my phone

I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
If you want to pay for it; use Nine mail application.
You can set a full device wipe or just application wipe.
So if your company decides to wipe it, only the mail gets wiped.
what kind of wipe? if your mean is factory reset or something like that. therefore yes. I mean factory reset wipe just own partition and won't touch of other partitions(I'm sorry for my bad English language. I hope you got what I mean) so, obviously you should sync your info between all roms yourself before wipe.
but if your mean is kind of wipe from recovery or flash with Windows P.C or something like that, don't count on multirom or anything else! ?
فرستاده شده از Nexus 6Pِ من با Tapatalk
Personally, if a company would remote wipe my phone if it gets lost or stolen because it contains company related info in it, I don't see the problem of letting them do so. I would even thank them for having my personal info wiped along with it. If I have issues with the company's terms regarding wiping data on MY phone (maybe like remote wiping without letting me know beforehand, even when my phone is not lost), I would use a secondary phone as a work phone.
The company should provide a work ? for you to use.
stankyou said:
I would use a secondary phone as a work phone.
Click to expand...
Click to collapse
I just realised the Samsung Galaxy S2 with its broken screen that my Nexus 6p will replace, will be perfect for this. No SIM card, just sync everything over Wi-Fi, done. Thanks for the creative thinking, all!
dratsablive said:
The company should provide a work for you to use.
Click to expand...
Click to collapse
I agree. If they want permission, they should provide the device.
Generally, companies that want your phone wiped any second are against rooting, unlocked bootloaders and custom roms. The best thing to do is to ask them about it first, so that you won't end up getting fired or sued.
Bluemail
PeterJP said:
I currently have an assignment at a company that takes security seriously, and rightfully so. One of the disadvantages is that, to access the Exchange server to sync my calendar & read my mail, I need to give them the rights to wipe my phone from a distance and such niceties.
I was wondering if something like MultiROM could be helpful in this case? Set up one ROM for limited use that they can wipe if necessary, and another ROM for real use. The question now is: is the data partition shared? If yes and they wipe my data, then I still lose everything.
What would you advise? I'm currently doing a "manual sync" but that's no fun & very error prone.
Click to expand...
Click to collapse
Ok, so to do this they need to install an MDM agent (Mobile Iron, AirWatch, etc.), a piece of software/application which is granted device administrator rights on your phone. These agents usually manage the security certificates and all the other things needed to authenticate the device with their systems and create a secure connection. If they configured their environment correctly, devices without this agent shouldn't be allowed to connect, which essentially makes the agent required. This is good as only secured and managed devices can connect.
However, as this is a personally owned device, you're allowing them a metric crap ton of access to your personal phone. As a device administrator, the agent can be used to:
* Browse / view / edit files on your phone
* View messages sent or received
* Use GPS to determine the device's location, or even map where the device goes 24/7.
* Change the lock code / pin for the device.
* Lock the device at will.
* Detect rooted devices and disallow service.
* All kinds of other Big Brother-ish type of things.
Your company should have some kind of mobile device policy. Ask to view it. This policy should define acceptable use of mobile devices for employees, and it should also define the acceptable use of the MDM solution for IT staff and management. It should define specifically what steps they will take if the device is lost/stolen, if you get terminated, or any other circumstance where they would want to wipe the device. If they don't have a mobile device policy, or if it does not clearly define these things, demand they provide you with a mobile device and do not grant them permission to use your personal devices. Why? If they don't have their **** together enough to have a policy protecting both them and you, it's just not worth giving them access to your phone.
Furthermore - They should have the ability to perform 2 types of wipes. An enterprise wipe, and a device wipe. The enterprise wipe will remove email, corporate data, corporate applications pushed through the MDM, and finally the MDM agent itself. It shouldn't remove any personal files or wipe the OS. It is often the practice to do an enterprise wipe for personally owned devices in a BYOD environment, but you should check.
So, is all of this MDM stuff bad? No. Your business has a right to protect their systems, networks, and information. MDMs allow them to do this. That being said, if they are making it a job requirement for you to access email 24/7 (or even for just a limited window of time which is outside of your normal shift hours) then the burden of providing you with the appropriate means of doing so rests with them as well. This often means they have to provide you with a mobile phone. If accessing email outside of your working hours is NOT a requirement - then don't! For goodness sake, take a break from the job man!
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
I know this didn't specifically address the OP, but I've had a fair bit of experience with this (both good and bad) and thought I'd chime in. I hope it helped.
how about the reverse, what can a person do to prevent them from wiping your phone?
Elnrik said:
So... it is often better to carry 2 phones than to put a corporate MDM on your personal device. That's my opinion.
Click to expand...
Click to collapse
Nice write-up!! I totally agree with you, 2 phones is the way to go.
https://play.google.com/store/apps/details?id=com.cloudmagic.mail
Access your exchange email without changing security settings on your phone.
ycats said:
how about the reverse, what can a person do to prevent them from wiping your phone?
Click to expand...
Click to collapse
Once their agent is installed and made a device administrator... Nothing.
Ergo - to prevent it, don't install the MDM agent.
---------- Post added at 07:00 AM ---------- Previous post was at 06:46 AM ----------
mikexda said:
Nice write-up!! I totally agree with you, 2 phones is the way to go.
Click to expand...
Click to collapse
Thanks.
I've had some companies tell me "hey, we will pay for your service" and what they wanted was to transfer my line into their business account. Great, I don't have to pay the bill anymore, but I just lost control over when I upgrade (or am eligible for upgrades, as business accounts are still largely based on 2 year contracts), what device I can upgrade to, what plan I get, etc. And here is the scary part of that scenario... Legally the phone number is theirs from that point on. They don't have to release it back to me if either one of use terminates employment. Damn slippery slope, that.
So, unless they are going to cut you a check for your service every month, and you are ensured to retain ownership of the account, best to avoid that altogether.
In fact, any company high on BYOD is doing it wrong IMO. It sounds good, but it can be a nightmare.
Do you actually have to have work email on your phone?
Firms usually offer a corporate device, you can have your email on that, should be a cheap month to month contract.
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. There's a short FAQ with details on how to connect to their Exchange server, but that's when my phone pops up that the server wants access to wipe the phone. I haven't written down the details of the message, though. It could be just the Exchange part, which would be ok. Last thing I want is another party to have any form of control over my personal phone after my assignment ends.
Bluemail looks cool, I'll try it out. I'm curious to see how it reacts to the demands of the Exchange server. In any case, I still have my old phone which will do to stay in the loop when off-site and access my calendar. I might want to have an app that actually copies the calendar to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
ycats said:
my personal android phone has 9 email for receiving work email..........MDM agent isn't installed. I believe my coworkers who have iphones do have that installed.
Click to expand...
Click to collapse
Depends on your workplace. Some are more relaxed about it. Personally I avoid it and use a dedicated device.
---------- Post added at 04:49 PM ---------- Previous post was at 04:46 PM ----------
PeterJP said:
Interesting discussion. Let me first point out that I am not an employee there. I'm an external contractor. So they won't provide me with a phone.
Second, their company policy is to provide iPhones for employees who need it. Not Android. to a Google calendar, but I'll look for that when I get my new Nexus 6P & start setting up my Galaxy Sii for the plain purpose of accessing that wretched Exchange server.
Click to expand...
Click to collapse
I know a firm who does exactly that, iphones. If it were me I'd avoid it and get out your s2. But that's me. Are you rooted? How does the MDM play with root? If reported would that provoke a wipe? Surely that can be blocked.
What about the exchange hack? Would that be of any use?
Touchdown in the store.
tech_head said:
Touchdown in the store.
Click to expand...
Click to collapse
Was just about to say it has its own secure app container so wiping only wipes company info. Used it for years.

Will installing Outlook in Secure Folder prevent IT admin from remote wiping my S8?

I'm currently using my private Note Edge also for work. I'm using Outlook from within KNOX and am under the (possibly false) impression that my company's IT admin won't be able to wipe my entire phone, only the KNOX container. This is obviously a very unlikely scenario, but still one that concerns me enough to use KNOX.
In a couple of weeks my employer will give me an S8, which lacks KNOX. The question is -
will I be able to achieve the same protection against remote wipe if I insist that IT will install Outlook within Secure Folder?
No. Remote wipe wipes everything on the device, especially the secure folder, as in almost all cases that is the most sensitive information on the device which would be the most damaging if attackers got ahold of it.
That's disappointing. Not much of a sandbox if applications can reach outside from within it...
OH! I apologize, I missunderstood your question!
I thought you were asking if data inside secure folder was safe from erasure by factory reset, which the answer is most definitely no. But you have outlock installed inside the container, and want to know if your device can be factory reset through the Outlook connection via the secure container, correct?
I suppose that would depend on what access you gave Outlook to communicate with the rest of your phone. For example, without administrative access, even a natively installed app can't factory reset. I don't know much about Outlook or exchange, but do you have the exchange account added as an account on your device, or is it just setup inside Outlook?
Yes, I'm talking about Exchange configuration of Outlook installed in Secure Folder. Specifically the screen linked below*. I don't think when I did it in KNOX there where any additional steps required outside the container, but I haven't used Secure Folder yet so don't know how similar it is.
* http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152588344
Edit: should have read original question more carefully.
No idea what will happen, sorry. But ultimately it's their phone.
The question you should be asking is why they'd choose to deliberately disable the only bit of the phone that makes it genuinely valuable for an employer with confidential data stored on it.
Taking a step back, why are you trying to prevent the remote-wipe by the IT folks? Is it that you think they may go rogue? If not, the reason to initiate a remote wipe would be if your device is tagged as lost, etc, right? You did state that they are providing you the new S8, so it is really their phone isn't it? In many companies, if you try to circumvent IT policies, it can be accounted as wilful misconduct and termination of your employment. Is losing your job and paychecks that you get from it worth the risk?
My two cents:
1. Let them do their part the way they want to. If you are allowed and also using the phone for personal use, then have backup mechanisms to backup your "personal" photos, etc (aka in-home wifi sync with MyPhoneExplorer, automatic backups to Samsung Cloud, camera upload to OneDrive, etc.). Make sure any backup/cloud syncs of your personal data are allowed by IT policies, and is only limited to your own personal files (aka excludes company Outlook/Exchange data).
2. See if they have instructions or if they would be OK with using a non-native containerized Exchange client. With those apps, a remote-wipe is received by the containerized app and only wipes the app's encrypted datastore. TouchDown used to be the one to use years ago, but I have heard they got acquired by Norton, it has been put to rest by the new owner. However I suspect there are other apps that may have filled the gap.
It's actually not specific only to remote wipe, but to the extensive permissions my employer has over my phone (see the link I posted below). Even if they provided the phone, I expect them to have control only on what's related to my work, which is basically only work email.
It's similar situation to a company provided car. I wouldn't want my company to install a tracking device and have visibility into where I am at with the car at any time of the day.
In any case, thanks for the notes about backup. I definitely should do more to make sure my files and data are not gone if my phone gets stolen or wiped.
oren_b said:
Admin Note: This is a special Q&A-formatted thread. Please follow this link to view it in your browser: http://xda.tv/post75004977
Click to expand...
Click to collapse
Depends on whether the MDM/EMM thinks your device is Personal or Corporate.
If Personal, you're at risk of an "Enterprise Wipe" (of just corporate content, possibly including corporate contacts/calendar/email).
If Corporate, they can wipe the device, like a factory reset.
Do you know which MDM/EMM is to be used?
Might make more sense to have the corporate content in the Secure Folder.

Categories

Resources