We have a client that wants to use a Droid phone without the security risk of opening up OWA. They have a 2003 Exchange server. Can anyone tell me how to accomplish this? Is it possible to open some ports for Active Sync without opening ports 80 and 443 to the exchange server? OR, is there a component within the IIS website that we can disable/rename/alter so that the OWA site is not available while leaving ActiveSync working?