Solved

ActiveSynch Security for Exchange 2003 SP2 and Smartphones

Posted on 2011-02-20
6
344 Views
Last Modified: 2012-06-21
We've just discovered that some staff have been connecting their personal smartphones to our Ex2003 SP2 server using ActiveSynch, we'd like to stop this.  We've disabled Mobile Services" for the specific users accounts in AD but what's the best way to do this at an enterprise level?

Note, we do have 2 users that we allow to use ActiveSynch.

And finally, we run a BES and Blackberries so the solution shouldn't imapct these.  

What's best practise for this situation?

Thanks
0
Comment
Question by:kswan_expert
6 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34940856
Blackberries have nothing to do with ActiveSync so whatever solution you put in to do with ActiveSync won't affect your BES users.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34940942
Activesync can either be disabled globally or individually as you have done, there is no other way to manage it on an Exchange server.

BES uses a different method of communication, so anything you do to disable activesync will have no impact on BES and your blackberries.
0
 
LVL 2

Expert Comment

by:synetron
ID: 34940964
you can disable OMA access for the individuals or globally however many configuration still offer the option using OWA access. This increases your difficulty in the matter as i'm sure you'll want OWA available for some users and also keeping the functionality open for your blackberry users etc.

is there any reason that the users you wish to restrict need OWA? if not and you wish to restrict them to Outlook only, then you might consider individual permissions in AD per user or create security groups which grant or deny mobile / remote access.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 25

Expert Comment

by:RobMobility
ID: 34941667
Hi,

Why don't you switch off ActiveSync altogether and provide an alternative enterprise email solution that you can control?

www.good.com - works like BlackBerry.

Regards,


RobMobility.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34941703
@RobMobility - do you work for Good?
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 34941777
Nope,

Just used it and it worked very well for a global, 19000 user deployment using 3 different SmartPhone OS and 6 different SmartPhones. Apart from Apriva Sensa (which is a Military/Government grade solution), it's the only other NOC based email solution I am aware of apart from BlackBerry.

It then provides centralised control over the email and other functionality you provide on the client and since it has it's own proprietary client, as an administrator, you're not having to provide different capabilities/experiences on SmartPhones depending on the bundled client.

Whilst there is a cost assoicated with it (as is the case with BlackBerry), it provides a consistency of experience that isn't available when using the inbuilt or third-party clients available across multiple platforms - the training and support costs associated with that to some extent make it more cost effective.

I've also used Trust Digital's Enterprise Mobility Management solution (now part of McAfee) which is very good fro controlling Windows Mobile, iPhone and to a lesser extent, Android security policies.

Regards,


RobMobility.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question