When I installed the MSFP/AKU2 upgrade on my SP5 over the weekend then tried to connect to my Exchange server for the first time, it enforced a mandatory security policy of having my device automatically lock out every hour (and must be unlocked with a PIN at the very least). I find this terribly annoying! When I go into the security control panel, I cannot uncheck "Prompt if device unused for".
Is there a hack to remove this security restriction?
this policy is server based, but i'm not very familiar with the new Exchange 2003 SP2 features yet.
This is on the Exchange Server @ Global Settings --> Mobile Device Properties -- Device Security Settings.
If this is "your" Exchange server then you go there and disable all that stuff.
This isn't set by default however. So it may be that it isn't your "own" server. If so then the Exchange Admin has to disable that. I have messed with this on my device a bit. Not very extensively. I more wanted to see what happens when setting these polices rather than to see if I can bypass them.
So if it is your own server then just go to above under Exchange System Administrator and disable the device security or leave what you need and take the innactivity setting out.
Hope this helps[/img]
jminiman said:
Is there a hack to remove this security restriction?
Click to expand...
Click to collapse
Isn't this the point of the MSFP? Allow the exchange administrator to set security policies?
Well, so this isn't my Exchange server. And so I respect that if I connect to someone else's Exchange server, they can lock down my device. Well, I kind of respect that.
But the point is now I have removed the Exchange profile from my device completely--but the security policy remains. Is this a bug in MSFP?
Offtopic, but has anyone tried the remote hard reset thing? I would like to know how (or where?) it's implemented so I can reverse engineer it into a generic solution. Any clues as to use or implementation would be appreciated (I'm not using an exchange server so can't test).
V
MSFP security profile remains after wipe
This is actually standard practice in the B*)&#berry world. The reason is that they figure that if it's the company's device, security should be enforced whether you (the user) want to skip it or not. I.e. you don't it to be easy for the end-user to simply bypass all that hard work you did setting up the security. So while I don't know for a fact, I am guessing this is by design.
Related
so i set up an exchange email that required the lock on my phone.
but i deleted the server
but the lock wont let me uncheck the box to have it set
and 20 mins is longest it can be
any fixes?
Add server>Uncheck box>Remove server
Kraize said:
Add server>Uncheck box>Remove server
Click to expand...
Click to collapse
doesnt work. even with the server added again the box stays grayed out
EDIT
found a registry hack in the hklm/securities/policies that worked
but apparently after 24 hours or so it changes itself from 1 to 2 and reverts to wanting a password
guess i will find out
but if anyone knows that would be great
I use an exchange server that requires a PIN, to disable it i set the reg key 00001023 to 1 which is located at HKLM\Security\Policies\Policies
Then go to Start>Settings>System>Lock and remove the lock.
Mine does not reset after 24 hours, but this is prob because the exchange server i connect to only enforces security policy on first connection. May be different for other exchange servers.
Dils said:
I use an exchange server that requires a PIN, to disable it i set the reg key 00001023 to 1 which is located at HKLM\Security\Policies\Policies
Then go to Start>Settings>System>Lock and remove the lock.
Mine does not reset after 24 hours, but this is prob because the exchange server i connect to only enforces security policy on first connection. May be different for other exchange servers.
Click to expand...
Click to collapse
ok yeah thats what i changed
good to know it works for you.
thanks
Thanks!!!!
It worked for me let's see if it lasts.
If not, let me know I have a CAB in the office removing this lock.
I did this and it worked. If your server updates everytime it might not work. Or if you delete the server the security setting may not go back to default automatically, so you will still need to change the registry key
There is a simple workaround on rooted phones for the Exchange security policy without having to replace the original mail app. I also posted this in the Android 2.2 Email.apk - Bypassing Exchange security policy - APK Attached thread but am making a new thread in case people have missed this very simple workaround. I am using it on an account on a Exchange 2007 server and I believe Exchange 2003 works as well. I heard from one person who did not have good results with Exchange 2010. All exchange functions work fine without any issues. I am using the stock email app so this only applies to the stock email app that forces a password security policy.
I am using an app called Autostarts found in the market (less than a dollar - I am not the developer) that allows disabling the exchange policy on restart. The setting can be found under Device Admin Enabled. Make sure you are in USB Debugging Mode before disabling the policy.
If you already have an Exchange account set up yet:
Install Autostarts from the Android Market and run. Find and click the Device Admin Enabled entry and press Mail (Exchange security policies) and select Disable (acknowledge the warning about disabling a system component). Close Autostarts and reboot the phone. After restart, change your screen lock under security to whatever you want (None, Pattern, or PIN).
If you don't have an Exchange account set up yet:
Install Autostarts from the Android Market then set up your Exchange account and let Exchange force the password policy. After the exchange setup is completed, run Autostarts and find and click the Device Admin Enabled entry and press Mail (Exchange security policies) and select Disable (acknowledge the warning about disabling a system component). Close Autostarts and reboot the phone. After restart, change your screen lock under security to whatever you want (None, Pattern, or PIN).
Hmm, this doesn't seem to wok. After disabling in autostarts, I reboot, and the mail app tells me (paraphrased) "You must have security policies enabled blah blah blah".
This worked perfect for me on a 2.2 Sense rom on Evo. Good find & thanks !
EDIT: So after trying this on a newer build like the Desire Z port to Evo.. it will let you bypass it, but only until you go to sync your mail. After that fact it will re-enforce your mail security. But, it is still another workaround for 2.2 builds.!
Great method! Very simple!
Has someone any idea how to disable this PIN screen lock when use the exchange sync??? Just tried to find out how to, but so far I did not find any way...
Your corporate IT Admin won't be too thrilled to hear you ask this question. It is after all an exchange security policy enforced by your exchange admin to protect sensitive information in case you lost your phone or get stollen.
Depending on which ROM (2.1 or 2.2) you're running, the PIN is handled differently. On 2.1, the PIN policy is part of the email app and the PIN can't even be changed after you set it. In 2.2, the PIN policy is natively supported by Android OS and you can change the PIN but not disable it. But I have yet to see any hacks to disable it on Android. I know how to do it in Windows Mobile
try a search on the forums for "lockpicker". It works for some, some it doesnt. Check this thread for more info...
http://forum.xda-developers.com/showthread.php?t=655061
My exchange server require tablet encryption.I am trying to do encryption, but after few hours nothings happened and I can not synchronize email.
1. Does sombebody know how to pass this ?
2. Is there an issue on encryption ?
Please help. Thanks
heba said:
My exchange server require tablet encryption.I am trying to do encryption, but after few hours nothings happened and I can not synchronize email.
1. Does sombebody know how to pass this ?
2. Is there an issue on encryption ?
Please help. Thanks
Click to expand...
Click to collapse
Is it your exchange server or is it a work one?. The admins of the servers need to either enable or disable Android device syncing.
I haven't been able to get device encryption to work. I have seen several inquiries related to the same thing where you full charge and then when you begin to encrypt it never proceeds. I attempted to encrypt both factory and rooted neither of which completed even after prolonged runtimes of 12 to 24 hours. My non-encrypted device experience has not been enjoyable. My corporate mail will sync to the point (encrypted or not) and then die off after the last day that I had encrypted Xoom.
As for Exchange configuration just need to update the EAS policy. In the policy I also found that needed to select "Allow infrared". Exchange EAS policy is very simple to setup and should not be complicated unless corporate politics come into play. If personal Exchange then you make your own rules.
So you see it as an issue with encryption,right? And it is not related to device but Honeycomb.
Unfortunately is it corporate mail,so I have to check with admin about security rules.
Thanks
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
straight thought is wht u said
thr is extra policy for ur device.
remove the exchange server and check wht happen...
if nothing changed go to security setting and clear credentials and remove all admins app
:good:
I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.
m3xiz said:
I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.
Click to expand...
Click to collapse
+1 for this suggestion. I'm a big fan of My Knox. It sets Samsung apart in this area.
Sent from my SM-G930V using XDA Premium HD app
stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
Some third party email apps are capable of applying Exchange policies on the application level instead of device level. Thus leaving the rest of the device under your control. Try an app like Nine which can do just that. The are other apps too but I like this one.
Thanks Everyone. I'll try those. It sounds like myknox might help if this is it. On my Moto X I was using before, I used Touchdown for exchange (cause the ootb mail client sucked) and it similarly kept the admin policies to the app.
hmm, removed the exchange account. now things aren't greyed out anymore. I could go into trust agents and Smart Lock (Google) is enabled. I go into phone administrators and there are two: "Android Device Manager" and Support & Protection". I turned them both off (I don't know how to REMOVE them). Restarted phone. No change in behavior. My screen still locks when, for example, connected to my Gear S2 watch though that's one of the trusted devices for smart lock..
nevermind, it's working. I was just expecting different behavior. I still have to 'swype to unlock' but I'm not hit up for credentials anymore. I was expecting that when I woke the phone it would go to the last screen it was on. I don't know why, my Moto didn't do that. I think it was having the fingerprint sensor now that just messed up my mental processing.
A very simple alternative to the same effect is offered by the Exchained app. No root required.
I found if you go to lock screen (in setting: device) and create and lock screen pattern. Trust agents becomes available (in security settings: advanced), you can then turn it on and smart lock becomes available (in security settings: advanced).
There is a youtube video about it: How To Enable Smart Lock On Any Device
Unrelated to smart lock: As user "Avah" said, I highly recommend Nine email for connecting to your exchange server. It does not force the administration policies on your device (or at least, it may ask you, and you can decline). Better than the built-in clients and way better than the old Touchdown app.