I connect to my companies exchange server and get my company email on my Mogul. I was also able to do this on my 6700. The problem I have always had was the annoying password policies that are forced onto your phone. The policy seems to do nothing more than force your device to use a strong password and locks itself (after every soft reset and if idle for longer than 1 hour). I found a way to override the password policy and still be able to connect to my companies exchange server and get mail.
The following registry entry must be changed back:
HKLM\security\policies\policies\00001023
value before policy = 0x1(1)
This key is used to tell the device to require a strong password. Just thought I would put the info out there incase anyone else was beating their head up against a wall....like me....over a way to get around this.
Not that I want to be a total dick or anything but I think a mod needs to remove this thread. As an admin I would come unglued if I found out that my users were bypassing the policies that I force upon them.
By working for that company you agree to their policies. If you don't like it quit your job or deal with it. You are lucky they even LET you get your work email on a personal device. The least you could do is follow their security procedures in exchange... (no pun intended )
I agree... If each reg hack post was removed, then half of the threads on PDAPhoneHome would be removed. lol
We are always coming up with ways to avoid be charged for tethering and all sorts of things that are "forced". lol
Im glad he shared the knowledge. That way if another is running into the same problem, this thread can help. Instead of him quiting his job for finding a way around the policy, how about YOU stop visiting PDAPhoneHome. lol
Not that I want to be a total dick or anything but I think a mod needs to remove this thread. As an admin I would come unglued if I found out that my users were bypassing the policies that I force upon them.
By working for that company you agree to their policies. If you don't like it quit your job or deal with it. You are lucky they even LET you get your work email on a personal device. The least you could do is follow their security procedures in exchange... (no pun intended )
Alex
As a Network and Security Engineer myself, it is my responsibility to keep the network secure among other things. If a user can bypass a policy that I have "enforced," then its up to me to tighten up the security measure I have implemented. If that's not an option, I would use the 'acceptable use policy' that users at my company are required to sign, prove they are in breach, then take action accordingly.
@PROXCEE_06:
Great find! I will use this to test my own exchange admins at work! We use a 3rd party security packages for WM devices, and registry monitoring is supposedly a function of it. This will be a great way to test.
@92GTA:
The bottom line is that administration is YOUR job. If the end user can defeat your security measures, time to sharpen the skill set, or look for a new line of work if this sort of thing will make you come 'unglued.' There are few professions that change at the rate that technology does- you just have to stay on top of it. A thread like this helps far more than it hurts!
As a Network and Security Engineer myself, it is my responsibility to keep the network secure among other things. If a user can bypass a policy that I have "enforced," then its up to me to tighten up the security measure I have implemented. If that's not an option, I would use the 'acceptable use policy' that users at my company are required to sign, prove they are in breach, then take action accordingly.
@PROXCEE_06:
Great find! I will use this to test my own exchange admins at work! We use a 3rd party security packages for WM devices, and registry monitoring is supposedly a function of it. This will be a great way to test.
@92GTA:
The bottom line is that administration is YOUR job. If the end user can defeat your security measures, time to sharpen the skill set, or look for a new line of work if this sort of thing will make you come 'unglued.' There are few professions that change at the rate that technology does- you just have to stay on top of it. A thread like this helps far more than it hurts!
I agree... If each reg hack post was removed, then half of the threads on pdaphonehome would be removed. lol
We are always coming up with ways to avoid be charged for tethering and all sorts of things that are "forced". lol
Im glad he shared the knowledge. That way if another is running into the same problem, this thread can help. Instead of him quiting his job for finding a way around the policy, how about YOU stop visiting pdaphonehome. lol
nuprotocol - I couldn't agree more or have said it better myself. Its a shame that not everyone can appreciate knowledge sharing...even if that knowledge could be used for evil. I'm a developer...but i can still remember my days as a network admin and being the one responsible for "forcing" policies...so I can respect both view points. BUT...as a user if I can undermine your security in whatever way then you need head back to the drawing board and step your game up. Don't hate the player...
i cant be corrected on the exchange server end, I tried when I first heard about it. I am not mad at all. I am glad that you posted it. LOL i cant believe that someone actually asked for that to be removed.
The bottom line is that administration is YOUR job. If the end user can defeat your security measures, time to sharpen the skill set, or look for a new line of work if this sort of thing will make you come 'unglued.' There are few professions that change at the rate that technology does- you just have to stay on top of it. A thread like this helps far more than it hurts!
I agree that a thread like this helps and that you shouldn't hide information. However, if end users are looking for ways to defeat your security policies then it is time to modify them to work more inline with the user.
I don't work in the IT support field (I am a programmer) but I always find IT staff to be over zealous and often less-knowledgeable in their field than I expect them to be. PROXCEE_06's IT policy should be changed so he doesn't need to find a loophole. I suggest they set the policy to require at least a 4 digit password which wipes the device after 3 or 4 incorrect tries. Windows Mobile 6 will not let you select "0000" or "1234" as a password and PINs are a lot more efficient for entering quickly.
Exactly. It got to be too much to enter a strong password every hour....or after every soft reset...and those of us with mogul's should understand how the lack of memory can spur the frequency of soft resets. It was just a pain...wan't trying to be malicious.
Exactly. It got to be too much to enter a strong password every hour....or after every soft reset...and those of us with mogul's should understand how the lack of memory can spur the frequency of soft resets. It was just a pain...wan't trying to be malicious.
Great Quote, check out my Avatar
__________________
Check out my iAdviseMe (IT Advisories), i9erNews (49er news), iGreen (Green News) or my iGossip (celeb News) Apps at: http://www.iadvise.me/
Look guys, not that I disagree with you but there MUST be a reason they enforced a strong password over the standard. Security namely. The company I work for is Nazi about security because we deal with nothing but other peoples confidential data and our own. We have straight up fired people on a whim for knowingly bypassing our security measures. If we didn't, no one would ever trust us and we would be liable for the data leak which could cost someone quite literally millions of dollars.
For these reasons we are still testing and have dediced not to rollout our new handsets with exchange until WM6.1 & MDM08 are released. MS already handed us a beta of MDM08 and it's VERY impressive but we need 6.1 units for it to work.
In the name of security I agree. And not that it would matter to the security admins BUT I dont send nor do I receive the kinds of sensitive data you may be refering to (ssn's , credit card nums, company trade secrets, who killed JFK, or where Hoffa's body was stashed). In this case the cons of the policies out weighed the pro's...for me.
BTW - I'm not too fond of confirming my email address either...but I'm known to do it from time to time.
Well if there is no chance of anyone in your company ever exchanging confidential data like that on the device then you guys should bring it to the attention of your I.T. department and have it toned down a bit. Even we only require the standard 4-6 digit passkey because we don't deal with anything that could be deemed national security or deal with the military or government.
Plain and simple its not to protect nothing but the end-user. I am positive that either of these companies including the one I work for does not care. The whole password thing is that if someone loses their device, they can either erase it through activesync OTA or the finder will not be able to get info. Therefore, if you cant manage to keep up with your personal belongings ie: sensitive keys, keycards, CELLPHONES, you should not have the responsibility.
__________________
Treo 600 -> Treo 650 -> Treo 700p -Treo 700wx -> Mogul -> Touch Pro
-You may like to flash, but your phone shouldn't LED Killer
- It's Totally Tabular - HTC 5 & 6-Tab Home Plugins
Location: Alcatraz Island, San Francisco, California
Posts:
305
Regulatory Compliance
Considering that there are or will be federal regulations regarding security and data at companies, this should always be taken in to account. HIPAA and other regulatory compliance laws don't descriminate between a secretary in the hr department or the CIO when it comes to things like this.
Not following the security policy, editing the registry could very well be grounds for termination. Thanks for the registry entry. I can now watch for it and remote wipe any devices that check in with it.
Exchange Server policies
)
Login
Panel
