+ Reply to Thread
Results 1 to 7 of 7
  1. #1
    Greed is good ... wallst's Avatar
    Join Date
    03-17-2005
    Posts
    757

    1&1 Exchange Activesync Security Policies

    I need some assistance with changing the security policies automatically applied to my phone when leveraging exchange activesync with 1&1 exchange hosting. I use 1&1 for my personal hosting needs, not corporate.

    The 1&1 help desk is almost useless and I have issues escalating with them. Before I cancel my services with them ($6.99/month), I would like to see if I can fix this myself.

    Here are the security settings I believed are applied to my phone:
    • Forcing PIN lock (definate on this one)
    • Disabling Remove Programs in settings
    • Disabling installation of any new programs
    • Wiping out activesync exchange settings when connectiving a PC Activesync

    The PIN lock is not a big deal as 1&1 left the 24 hour timeout value. But not being able to install or remove programs sux. And when I try to connect it to my PC activesync as a guest, it eventually wipes out the activesync settings on the phone. Now I have no email inbox anymore.

    I have found a web sites refering to registry settings under \\HKLM\Security\Policies\Policies\ to allow unsigned applications, but nothing has worked so far.
    • 00001001 change from 2 to 1
    • 00001004 change from 16 to 40
    • 00001017 change from 128 to 144

    BTW, all exchange hosting companies push down security settings to your phone. The common one is PIN. However, they can push down alot more, including a remote wipe. Also, their security pushes can be every 24 hours (typical) or every 15-60 minutes. Expect enterprises to lock down the phones even more.

    I plan on hard-resetting my phone soon in order to start installing some new applications, but I am worried about running into the same issue again.

    Any assistance will be greatly appreciated.
    i760 VZW

  2. #2
    Registered User
    Join Date
    06-24-2006
    Location
    IL
    Posts
    2,290
    It's easy enough to prove that they have policies being pushed to your phone. Hard reset, then do nothing but configure the Exchange server. If the policies show up, you've got your answer.

    Personally, I'd hope that they allowed you to configure your own policies, and I'd move away from a company that didn't. Since the only thing you can't configure on your own is remote wipe (and there are apps you can buy to do that), they shouldn't be forcing anything on you.

  3. #3
    I know i am but what are you?
    Join Date
    05-20-2005
    Location
    Cave Creek, AZ
    Posts
    1,445
    Quote Originally Posted by wallst View Post
    I need some assistance with changing the security policies automatically applied to my phone when leveraging exchange activesync with 1&1 exchange hosting. I use 1&1 for my personal hosting needs, not corporate.

    The 1&1 help desk is almost useless and I have issues escalating with them. Before I cancel my services with them ($6.99/month), I would like to see if I can fix this myself.

    Here are the security settings I believed are applied to my phone:
    • Forcing PIN lock (definate on this one)
    • Disabling Remove Programs in settings
    • Disabling installation of any new programs
    • Wiping out activesync exchange settings when connectiving a PC Activesync

    The PIN lock is not a big deal as 1&1 left the 24 hour timeout value. But not being able to install or remove programs sux. And when I try to connect it to my PC activesync as a guest, it eventually wipes out the activesync settings on the phone. Now I have no email inbox anymore.

    I have found a web sites refering to registry settings under \\HKLM\Security\Policies\Policies\ to allow unsigned applications, but nothing has worked so far.
    • 00001001 change from 2 to 1
    • 00001004 change from 16 to 40
    • 00001017 change from 128 to 144

    BTW, all exchange hosting companies push down security settings to your phone. The common one is PIN. However, they can push down alot more, including a remote wipe. Also, their security pushes can be every 24 hours (typical) or every 15-60 minutes. Expect enterprises to lock down the phones even more.

    I plan on hard-resetting my phone soon in order to start installing some new applications, but I am worried about running into the same issue again.

    Any assistance will be greatly appreciated.

    I run my own Exchange Server, and have setup the security policies.
    one way around not having any policies installed is to NOT ACCEPT THEM.
    so, when you do a Hard reset and setup your phone with 1&1, they will try and push the security setting, simply Cancel it when you phone prompts you, and don't install the settings

  4. #4
    I know i am but what are you?
    Join Date
    05-20-2005
    Location
    Cave Creek, AZ
    Posts
    1,445
    also, Of the items you listed below that you thought were being installed. I can only install the first one.

    * Forcing PIN lock (definate on this one)
    * Disabling Remove Programs in settings
    * Disabling installation of any new programs
    * Wiping out activesync exchange settings when connectiving a PC Activesync

  5. #5
    I know i am but what are you?
    Join Date
    05-20-2005
    Location
    Cave Creek, AZ
    Posts
    1,445
    Wallst,
    does this link provide info for you?
    Exchange 2003 Mobile Messaging Part 2 - Uncovering the Device Security Policies

    I'm still reading it, but seems to have some good info

  6. #6
    Registered User
    Join Date
    07-15-2005
    Location
    Murfreesboro, TN
    Posts
    131
    I am also running 1and1 for my small business. while they do force the pin, I am still able to add/remove programs at will. think u might have something else going on.

  7. #7
    I know i am but what are you?
    Join Date
    05-20-2005
    Location
    Cave Creek, AZ
    Posts
    1,445
    Quote Originally Posted by iceclimber1973 View Post
    I am also running 1and1 for my small business. while they do force the pin, I am still able to add/remove programs at will. think u might have something else going on.
    I read a lot of documents on the exchange stuff. seems the real thing that can be installed is the PIN requirements, Remote Wipe, and Update timing..
    something else is going on thats kind of "funky".

    1&1 can exempt indvidual from policies, just a simple entry. I think the PIN enforcement should be a user specfic policy not a Global policy. it might be tough to manage from 1&1's standpoint however.


    I would just cancel the POLICY request notification when you initially setup the phone to connect with their server. They probably have the 24 hr notification setup that will annoy you if you don't accept the "policy"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts