Solved

ActiveSynch Security for Exchange 2003 SP2 and Smartphones

Posted on 2011-02-20
6
342 Views
Last Modified: 2012-06-21
We've just discovered that some staff have been connecting their personal smartphones to our Ex2003 SP2 server using ActiveSynch, we'd like to stop this.  We've disabled Mobile Services" for the specific users accounts in AD but what's the best way to do this at an enterprise level?

Note, we do have 2 users that we allow to use ActiveSynch.

And finally, we run a BES and Blackberries so the solution shouldn't imapct these.  

What's best practise for this situation?

Thanks
0
Comment
Question by:kswan_expert
6 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34940856
Blackberries have nothing to do with ActiveSync so whatever solution you put in to do with ActiveSync won't affect your BES users.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34940942
Activesync can either be disabled globally or individually as you have done, there is no other way to manage it on an Exchange server.

BES uses a different method of communication, so anything you do to disable activesync will have no impact on BES and your blackberries.
0
 
LVL 2

Expert Comment

by:synetron
ID: 34940964
you can disable OMA access for the individuals or globally however many configuration still offer the option using OWA access. This increases your difficulty in the matter as i'm sure you'll want OWA available for some users and also keeping the functionality open for your blackberry users etc.

is there any reason that the users you wish to restrict need OWA? if not and you wish to restrict them to Outlook only, then you might consider individual permissions in AD per user or create security groups which grant or deny mobile / remote access.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 25

Expert Comment

by:RobMobility
ID: 34941667
Hi,

Why don't you switch off ActiveSync altogether and provide an alternative enterprise email solution that you can control?

www.good.com - works like BlackBerry.

Regards,


RobMobility.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34941703
@RobMobility - do you work for Good?
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 34941777
Nope,

Just used it and it worked very well for a global, 19000 user deployment using 3 different SmartPhone OS and 6 different SmartPhones. Apart from Apriva Sensa (which is a Military/Government grade solution), it's the only other NOC based email solution I am aware of apart from BlackBerry.

It then provides centralised control over the email and other functionality you provide on the client and since it has it's own proprietary client, as an administrator, you're not having to provide different capabilities/experiences on SmartPhones depending on the bundled client.

Whilst there is a cost assoicated with it (as is the case with BlackBerry), it provides a consistency of experience that isn't available when using the inbuilt or third-party clients available across multiple platforms - the training and support costs associated with that to some extent make it more cost effective.

I've also used Trust Digital's Enterprise Mobility Management solution (now part of McAfee) which is very good fro controlling Windows Mobile, iPhone and to a lesser extent, Android security policies.

Regards,


RobMobility.

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now