Solved

Turn Off PIN# requirement in Exchange 2003 Mobility Services.

Posted on 2007-04-05
4
926 Views
Last Modified: 2008-02-01
I have an exchange 2003 SP2 with Mobility device security enabled. The handhelds are mostly Windows Mobile Treo 650's with the direct push firmware upgrade. I have a policy that requires the handheld user to enter a 4 digit pin number after 15 minutes of idle time; and they 8 oppurtunites to get it right.

The principals in the firm now want to turn off the requirement to enter a 4 digit pin number.

I've unchecked that property in the Global Mobility Services Area of ESM. and rebooted the server.  The handhelds are still asking for a password. Do I need to wipe the devices and have them re-sync now that ere is no PIN requirement to disable that policy?

Thanks in advance, Geoff
0
Comment
Question by:SYNERGYTECH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18859949
If you turn that feature off then the remote wipe feature is effectively disabled.
Remote wipe requires a password on the device. If you do not require a password and it is removed, then when you try to remote wipe, the device comes up with a prompt about enforcing a password. All the thief has to do is click no, and they have access to the device.

To answer your specific question, turning off the option on the device simply stops the requirement being enforced, it does not turn off the setting on the device. The user of the device now needs to go in to the password setting and disable the password requirement.

However this does mean there is no protection of the device and I would find that unacceptable.

Simon.
0
 
LVL 1

Author Comment

by:SYNERGYTECH
ID: 18860072
I agree that it's unacceptable, I've argued hard to keep it in place. even increasing the idle period and # of oppurtunities. Unfortunately, I'm not the ultimate decision maker on this one, it's very probably though that when one is stolen, the user will want assurances from me that their data is secure.

<The user of the device now needs to go in to the password setting and disable the password requirement. . > 

We're not talking about the Activesync properties on the handheld here right? Does the exchange server policy enable a password setting on the handheld?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 125 total points
ID: 18860116
All that the setting on the device does is force the handset to enable the password options. If you go in to the password control on the handset (I haven't got my PDA in this location so I cannot check exactly where it is) you should find that certain options to disable the password are no longer greyed out.

It is not ActiveSync, this is a setting on the device itself.

I hope you aren't in any of the sensitive business types such as health or finance. I would expect that by removing the password protection you may well have broken the law, or will at least fail an audit.

Simon.
0
 
LVL 1

Author Comment

by:SYNERGYTECH
ID: 18877178
Thanks for the quick response Simon.

They are a big iron technology sales company, the worst thing that can happen is that one of them loses their phone at a trade show and their competitor gets a hold of their contacts, pricing methods and short/long term strategy.

cheers,  geoff
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
In-place Upgrading Dirsync to Azure AD Connect
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question