jhunter9999
asked on
Restricting Blackberry Access to Exchange 2003
I have some staff who use blackberries to access company e-mail. We do not have a BES server. Staff simply point their e-mail configuration on the BB to the https website that is our OWA "portal". I thought if I went into a person's Exchange account, and disabled the OWA Protocol under Exchange features it would stop the BB from syncing e-mail. It does stop the person from connecting via the Internet browser to OWA, but my test person is still getting her BB synced. In frustration, I also disabled POP3 and IMAP4 protocols without success. I have been able to control Apple devices and Androids via the Mobile Services setting. That was easy. Anyone know how to shutdown a BB sync?
ASKER
Negative
Hello,
Basically, there are only four ways the mail could get on the device:
1. OWA directly or through a BIS account that connects to OWA. If you have disabled OWA for this user, that shouldn't be a possibility
2. Email forwarding/redirection. This could be done by using the Desktop Redirector or by setting up Outlook rules.
3. ActiveSync. BlackBerries don't have ActiveSync built-in but there are 3rd part apps that add ActiveSync to BB devices.
4. Through a POP/IMAP account setup on the BB.
If you have disabled OWA, ActiveSync, POP, and IMAP on the account, the user must be forwarding the emails.
JJ
Basically, there are only four ways the mail could get on the device:
1. OWA directly or through a BIS account that connects to OWA. If you have disabled OWA for this user, that shouldn't be a possibility
2. Email forwarding/redirection. This could be done by using the Desktop Redirector or by setting up Outlook rules.
3. ActiveSync. BlackBerries don't have ActiveSync built-in but there are 3rd part apps that add ActiveSync to BB devices.
4. Through a POP/IMAP account setup on the BB.
If you have disabled OWA, ActiveSync, POP, and IMAP on the account, the user must be forwarding the emails.
JJ
ASKER
Thanks for the feedback.
Since all else has failed, I've again visted her desktop. She has no Outlook rules at all, and she does not use her Blackberry Manager as it crashes her desktop. She does not appear to have a program called Desktop Redirector. Normally found in start/programs? Also she shuts her computer off before leaving work, but still get e-mails on her BB at night and weekends.
I'm going to find another victim to test with.....
Since all else has failed, I've again visted her desktop. She has no Outlook rules at all, and she does not use her Blackberry Manager as it crashes her desktop. She does not appear to have a program called Desktop Redirector. Normally found in start/programs? Also she shuts her computer off before leaving work, but still get e-mails on her BB at night and weekends.
I'm going to find another victim to test with.....
ASKER
Any possiblity it takes more than an hour for the setting change in her exchange account to propogate and become active? I've tested her ability to get to OWA via http/Internet so I would assume the AD and Exchange have updated the setting.
If she is using BIS, it is possible that the connection remains open even though you disabled the protocol. Are you able to ask her how she setup her BB to receive company email?
JJ
JJ
ASKER
Yes, I walked through the settings on the BB with her. Standard stuff to our OWA link, login, password, etc. I did have her do a power cycle of the BB at one point thinking along the lines of your open connection idea. I used to have a BB myself getting corporate e-mail (before Android) so I'm pretty familiar with the setup.
Ask her if setup BIS with her telcom provider. You could try do an IIS reset on your Exchange server to kill any open connections.
JJ
JJ
Oh, one other thing to check. Check her mailbox in ADUC to make sure it isn't set to forward copies to another mailbox.
JJ
JJ
ASKER
She has left for the day, so I'll have to followup on Monday. I could restart IIS on Monday morning. Probably wouldn't hurt to bouce the service now, but she is gone, it's almost go-home time for me, AND ,my head hurts from working 4 hours on something that should take 5 minutes!! I did check the ADUC for copy forwarding = Nope.
More than grateful, will follow-up on Monday.
More than grateful, will follow-up on Monday.
ASKER
Testing continues...
Restrarted IIS - Still getting e-mails on her BB. Yes, did setup with Verizon Wireless website to originally setup the BB account.
Hooked up with a second BB person this morning: Same thing, disabled everything, checked back an hour later and she was still getting BB sync.
Restrarted IIS - Still getting e-mails on her BB. Yes, did setup with Verizon Wireless website to originally setup the BB account.
Hooked up with a second BB person this morning: Same thing, disabled everything, checked back an hour later and she was still getting BB sync.
Just to clarify, these users cannot access OWA currently?
JJ
JJ
ASKER
Correct, the IE Webpage is blocked for these users that I disable in Exchange. - I just went to her office and tried/confirmed it again.
How did you block it?
JJ
JJ
ASKER
Just by disabling OWA in Exchange Features / Protocols / Outlook Web Access within her specific account. Doing so blocks the user from access OWA from a webpage, but NOT from their BB.
OK, I'm at a loss to explain this. If OWA is disabled, they shouldn't be able to use BIS. The only other way would be the desktop redirector, which you say they aren't using. What happens if you power down the user's PC? Does email still sync?
JJ
JJ
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not resolved, but I'm finding other tech sites indicating the same problem. Nobody seems to have a great answer.
http://docs.blackberry.com/en/smartphone_users/deliverables/12617/About_deskop_redirector_28449_11.jsp