Link to home
Start Free TrialLog in
Avatar of kswan_expert
kswan_expert

asked on

ActiveSynch Security for Exchange 2003 SP2 and Smartphones

We've just discovered that some staff have been connecting their personal smartphones to our Ex2003 SP2 server using ActiveSynch, we'd like to stop this.  We've disabled Mobile Services" for the specific users accounts in AD but what's the best way to do this at an enterprise level?

Note, we do have 2 users that we allow to use ActiveSynch.

And finally, we run a BES and Blackberries so the solution shouldn't imapct these.  

What's best practise for this situation?

Thanks
Avatar of MegaNuk3
MegaNuk3
Flag of United Kingdom of Great Britain and Northern Ireland image

Blackberries have nothing to do with ActiveSync so whatever solution you put in to do with ActiveSync won't affect your BES users.
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
you can disable OMA access for the individuals or globally however many configuration still offer the option using OWA access. This increases your difficulty in the matter as i'm sure you'll want OWA available for some users and also keeping the functionality open for your blackberry users etc.

is there any reason that the users you wish to restrict need OWA? if not and you wish to restrict them to Outlook only, then you might consider individual permissions in AD per user or create security groups which grant or deny mobile / remote access.
Hi,

Why don't you switch off ActiveSync altogether and provide an alternative enterprise email solution that you can control?

www.good.com - works like BlackBerry.

Regards,


RobMobility.
@RobMobility - do you work for Good?
Nope,

Just used it and it worked very well for a global, 19000 user deployment using 3 different SmartPhone OS and 6 different SmartPhones. Apart from Apriva Sensa (which is a Military/Government grade solution), it's the only other NOC based email solution I am aware of apart from BlackBerry.

It then provides centralised control over the email and other functionality you provide on the client and since it has it's own proprietary client, as an administrator, you're not having to provide different capabilities/experiences on SmartPhones depending on the bundled client.

Whilst there is a cost assoicated with it (as is the case with BlackBerry), it provides a consistency of experience that isn't available when using the inbuilt or third-party clients available across multiple platforms - the training and support costs associated with that to some extent make it more cost effective.

I've also used Trust Digital's Enterprise Mobility Management solution (now part of McAfee) which is very good fro controlling Windows Mobile, iPhone and to a lesser extent, Android security policies.

Regards,


RobMobility.