how to disable remote wipe for Exchange 2010 ActiveSync?

email exchange-2010 activesync android smartphone

294

Solution 1

UPDATED (again)

The short answer to your question is NO.

Outlook/Exchange clients either are capable or aren't capable of Remote-wipe. The Exchange policy simply expects that they support that feature.. If the phone supports Remote-wipe and you've accepted the policy (by being a so-called "Provisional Device"), then Exchange may send a request to wipe the phone (on behalf of the Admin or the user may request it from their web/PC logged in account.)

If your users want to be sure their email won't get wiped then they need to find an Exchange client that doesn't support remote-wipe and convince you to drop that as a requirement from your policy (By turning on AllowNonProvisionalDevices). Period. There is no other way to "turn it off".

Features of the client can't be disabled by the server, they can just be required by it. And in this case it seems the requirement is part of Exchange Sync in general. :-( I don't see anyway out of it.

The policy on Exchange says "if you don't agree with these settings, you don't get email" and then has a list of settings. You can also set "AllowNonProvisionalDevices" to ON which will allow devices that reject the policy to still get email.

As other have said, the message from the client to the user on the phone isn't configurable so you never know if it will STILL scare them even though you've turned that request off.

http://technet.microsoft.com/en-us/library/bb123484.aspx

and here is the link to how to create a new policy and apply it to users: http://technet.microsoft.com/en-us/library/bb124120.aspx

Solution 2

I think your biggest issue is not going to be disabling your ability to remotely wipe from the server, but the permissions the Active Sync app requests on Android. From my understanding, many of the apps request that permission whether the policy is enabled on the server or not - because the policy can be changed after the Sync is established.

So I think you're running into a political/PR issue more than a technical one.

294

Author by

Axxoul

Updated on September 18, 2022

Comments

Axxoul over 1 year
I am having trouble getting my head around optimistic locking. The framework I am using is Play 1.2.5.

Say I am selling concert tickets. I currently have the following:
```
if (concert.ticketsSold < concert.tickets) {
    concert.ticketsSold ++;
    concert.save();
}
```
However, when several people book at the same time, the ticketsSold counter "lags" behind the real sold value. Eg it will say 2500 when i fact I sold 2700.

This is when I started reading about OptimisticLockException. In all the examples I found on the interweb, people tend to catch the OptimisticLockException, and show an error to the user.

What I want, is for the system to retry a certain number of times, before showing the user an error. The code I wrote is as follows:
```
boolean saved = false;
int tries = 0;
while (!saved) {
    try {
        if (concert.ticketsSold < concert.tickets) {
            concert.ticketsSold ++;
            concert.save();
            saved = true;
        } else break;
    } catch (OptimisticLockException e) {
        // reload concert object from the database
        concert.refresh();
    }
    if (tries > 9) break;
    tries++;
}
```
As you see above, I try to reload the object from the database, to get the "updated" object, with the correct number of tickets sold, but whatever I try (refresh, reload, commit and begin new transaction), the object is not refreshed, and I still get the normal "cached" version of the object.

Any ideas on what I am doing wrong?

Many thanks!

Axel

PS: I am not using any caching system, like memchached or other.
Rory over 12 years

How can you create a policy that disables the "Initiate a remote device wipe"? The technet article has no information on this though there is mention of additional security options for Windows® phone users.
Rory over 12 years

That's interesting DriftPeasant but I think it is a moot point unless remote wipe functionality can actually be disabled within a policy.
Driftpeasant over 12 years

The way you phrased your question suggested that your users were freaked out that they had to grant permission to ActiveSync to wipe their device. My contention is that you can disable your ability to do that remote wipe, but the app will still request that permission. So regardless of your technical ability to wipe, your users will still have the concern that you can wipe. So I don't think it's a technical issue so much as a PR one.
Rory over 12 years

Sure Driftpeasant, I understand. And my users are getting freaked out. But my question is how can you "disable your ability to do that remote wipe"?
Rory over 12 years

Ok Mark, but the problem is that it is impossible (for me, for now) to create an ActiveSync policy that does not include Remote Wipe. How can I create such a policy? If I could create such a policy without Remote Wipe then great but leaving it out simply doesn't appear to be an option available within ActiveSync policies.
Mark over 12 years

You are correct. I misread a document. It appears that Remote-wipe is a required element of "Provisional Device". I'll update again.