ActiveSynch Security for Exchange 2003 SP2 and Smartphones

We've just discovered that some staff have been connecting their personal smartphones to our Ex2003 SP2 server using ActiveSynch, we'd like to stop this.  We've disabled Mobile Services" for the specific users accounts in AD but what's the best way to do this at an enterprise level?

Note, we do have 2 users that we allow to use ActiveSynch.

And finally, we run a BES and Blackberries so the solution shouldn't imapct these.  

What's best practise for this situation?

Thanks
kswan_expertAsked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Activesync can either be disabled globally or individually as you have done, there is no other way to manage it on an Exchange server.

BES uses a different method of communication, so anything you do to disable activesync will have no impact on BES and your blackberries.
0
 
MegaNuk3Commented:
Blackberries have nothing to do with ActiveSync so whatever solution you put in to do with ActiveSync won't affect your BES users.
0
 
synetronCommented:
you can disable OMA access for the individuals or globally however many configuration still offer the option using OWA access. This increases your difficulty in the matter as i'm sure you'll want OWA available for some users and also keeping the functionality open for your blackberry users etc.

is there any reason that the users you wish to restrict need OWA? if not and you wish to restrict them to Outlook only, then you might consider individual permissions in AD per user or create security groups which grant or deny mobile / remote access.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Rob KnightConsultantCommented:
Hi,

Why don't you switch off ActiveSync altogether and provide an alternative enterprise email solution that you can control?

www.good.com - works like BlackBerry.

Regards,


RobMobility.
0
 
Alan HardistyCo-OwnerCommented:
@RobMobility - do you work for Good?
0
 
Rob KnightConsultantCommented:
Nope,

Just used it and it worked very well for a global, 19000 user deployment using 3 different SmartPhone OS and 6 different SmartPhones. Apart from Apriva Sensa (which is a Military/Government grade solution), it's the only other NOC based email solution I am aware of apart from BlackBerry.

It then provides centralised control over the email and other functionality you provide on the client and since it has it's own proprietary client, as an administrator, you're not having to provide different capabilities/experiences on SmartPhones depending on the bundled client.

Whilst there is a cost assoicated with it (as is the case with BlackBerry), it provides a consistency of experience that isn't available when using the inbuilt or third-party clients available across multiple platforms - the training and support costs associated with that to some extent make it more cost effective.

I've also used Trust Digital's Enterprise Mobility Management solution (now part of McAfee) which is very good fro controlling Windows Mobile, iPhone and to a lesser extent, Android security policies.

Regards,


RobMobility.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.