I was going to sync my phone with my company's exchange server the other day, but I stopped because after filling out my user name and domain and hitting next, it said "the exchange server will have to apply security policies on your device in order to continue" or something like that.
So I guess I was wondering if anyone knew what type of "security policies" these are. I mean maybe I am being an idiot, but can they restrict my ability to install/remove applications. I am enjoying messing around with my phone, and I really would not want something giving me limited access to my phone. My phone is a hermes100, but I am pretty sure this message will come up on any other winmobile phone too. So anyone have any idea what this does?
thanks for the help
My company's exchange server enforces a "LOCK" policy of 20 minutes. Every 20 mins the phone locks up and you have to enter a 4-digit pre-set number to unlock. Its very ANNOYING !!!!
I was able to bypass this policy using a software. Let me know if you need it.
Depending on your phone version and verison of Exchange, they have varying degrees of control, but none over software management (beyond device wipe with 2007). But that is also a standard message and I would bet the most they may have (but mostly likely don't) is a lock policy. Moving forward with Mobile Device Manager 2008, your administrators will have nearly as much control over the handheld device as they do the PC. As an IT administrator I see this as a blessing and a curse as a user wanting free-will. To strike the balance will be tough with these new found inroads into device control.
tmknight said:
Depending on your phone version and verison of Exchange, they have varying degrees of control, but none over software management (beyond device wipe with 2007). But that is also a standard message and I would bet the most they may have (but mostly likely don't) is a lock policy. Moving forward with Mobile Device Manager 2008, your administrators will have nearly as much control over the handheld device as they do the PC. As an IT administrator I see this as a blessing and a curse as a user wanting free-will. To strike the balance will be tough with these new found inroads into device control.
Click to expand...
Click to collapse
I have an ATT 8525 Herm100, and you were right, it was a lock policy. At least that's all I see so far....
Related
Hi there,
my company forces every WM user to activate the WM6 default Device Lock with a cab you have to install, which changes some registry parameters, I guess. But this cab also includes certificates (WLAN and VPN-access) that I really need, so I have to install it.
But I don't want to have my device locked every 15 minutes (especially if using Navigon...). If I try to disable Device Lock in the Settings menu, the field is greyed out. But is there any registry parameter which disables this device lock?!?
Is there another way to disable it?
Thanks in advance!
First enable the box again to untick it:
HKLM\Security\Policies\00001023
0 = Enabled; 1 = Disabled
Then install Zenyee.com Stay Unlock.cab and soft reset your device.
This program will prevent the lock to be activated again.
Great! Works just perfect for me!
This might just be what i'm after Last week I was using an ipaq on wm2003 but since the weekend I've bought myself a Sony E X1 and logged onto the works network this morning and it installed some security polices and then it started locking the phone every 5mins.
Quick search and I find this thread, hope it works, let you all know .
Ta
Update, it has given me the option and I have disabled it rather than setting it to say 24hours and also ran the keep unlocked cab file. See how it goes at work tomorrow.
well i can confirm that no further locks have appeared since logging back onto the work network can see i'm going to enjoy this forum. ta
phoenix3dfx225 said:
well i can confirm that no further locks have appeared since logging back onto the work network can see i'm going to enjoy this forum. ta
Click to expand...
Click to collapse
It works yes, but i found that the app absolutely wiped out my battery which ran very hot. I removed the app and this solved the problem, although unfortunetly device locked appeared once more. Does it wipe out yours?
WM 6.1 VPNLockingmy device
Thanks very much gang!!! I have installed Zenyee.com Unlock cab. It solved the goddamn issue, and allowed me to untick the password request in Setting, Lock.
before Icould not untick it.
now the device is not locking itself every time i turn the screen off
The manual registry cleaning worked very well. Thank you for the tip.
I haven't installed the .cab so we'll see how long it takes until it gets locked again...Maybe it won't I don't have much faith in our IT Group
Not wanting to spoil anyones fun, and i can see why periodic locking of the device is a pain, it is obviously being done for a reason. Bear in mind that it may well be considered a breach of employment contract to circumvent said security measure.
For information i am a BlackBerry Admin and so have a "vested" interest in device security. Just think what "sensitive" detail may be on the device and so open to anyone if it gets lost and this hack is running.
deedee said:
Not wanting to spoil anyones fun, and i can see why periodic locking of the device is a pain, it is obviously being done for a reason. Bear in mind that it may well be considered a breach of employment contract to circumvent said security measure.
For information i am a BlackBerry Admin and so have a "vested" interest in device security. Just think what "sensitive" detail may be on the device and so open to anyone if it gets lost and this hack is running.
Click to expand...
Click to collapse
Very true deedee,
Personally I dont use the hack on my company mobile, but on my personal one which i used to use via exchange, the policy lock is still enforced even after removing server details, which is a proper pain. The only real way is a hard reset in my experience. The app does work but wiped out my battery daily (and breaking the said security policies, which you are correct can end in your p45 in the post!!!)
Great words of wisdom as usual!
Been looking for a way to get ride of the pain in the ass device lock.... And this just made my day... thanks alot....
I agree as well. However, isn't there a possibility (via Mortscript or whatever) to disable the locking when running some application (a navigator as mentioned in this message) and to enable it again after quitting?
This way, you don't have the lock while navigating, and the policy is still upheld (unless of course, your mobile gets nicked out of the car while in navigation mode).
THANK YOU!
omg so nice to get rid of that damn phonelock thanks!!
Hi all... I have exchange set up with push mail at work (a few if us are testing it instead of using expensive Blackberry licences).
So far it works really well (if a little battery sucking!) apart form the annoying password that constantly pops up after a few minutes. Our IT guy has tried to lengthen this to no avail! None of the Blackberry's do it so why on earth do our WM devices have to do it? I can understand it happening once the phone had been switched off, as if it's knicked then when the thief switches it on they ned apassword, but every fgew minutes? Boy is that tedious!
Any help would be greatly appreciated!
adamelphick said:
Hi all... I have exchange set up with push mail at work (a few if us are testing it instead of using expensive Blackberry licences).
So far it works really well (if a little battery sucking!) apart form the annoying password that constantly pops up after a few minutes. Our IT guy has tried to lengthen this to no avail! None of the Blackberry's do it so why on earth do our WM devices have to do it? I can understand it happening once the phone had been switched off, as if it's knicked then when the thief switches it on they ned apassword, but every fgew minutes? Boy is that tedious!
Any help would be greatly appreciated!
Click to expand...
Click to collapse
I use Direct Push to connect to an Exchange account (both on a TP and on the Diamond). No Rom I have installed on them has had this problem - I only ever put in my password once and it remembers it and never asks for it again. I have also used Direct Push on several previous WM phones (5, 6 and 6.1) and have not had this problem on those, either!
This may be a silly question, but did you tick "save password" when setting up the exchange account on the phone?
The PIN requirements are set on the server side (i.e. Exchange) so you need to have your IT guys look there. It's easy enough to setup. Your 'blow away' device settings are also defined there.
We run about 600 WinMo devices with Direct Push on our private APN and have the password timeout set to 30mins accross the board (as defined by our security policy, auitors would really like 15 mins or less ). This has been running for several years and over many generations of device (inc. several Raphael's now) and the PIN timeout has always worked as expected.
Remember you CAN override the timeout on the device to lower the value (15min lock rather then 30 etc., the server just defines the MAXIMUM time that the device will remain unlocked without requireing the PIN and what the constraints of that PIN are). You configure that like you would expect from the Lock control panel.
You have to use SSL connection
Maybe you need more postage
Thanks, I will talk to IT again as they said 15 was maximum they could do! Even though it didn't seem to reset once set previously.... I think its a silly system anyway though. If I wanted a password I would set one up... if not then I should be able to have my phone set up so that only the email needs that lockout password added so sync not the whole blasted phone!
adamelphick said:
I think its a silly system anyway though. If I wanted a password I would set one up... if not then I should be able to have my phone set up so that only the email needs that lockout password added so sync not the whole blasted phone!
Click to expand...
Click to collapse
I'm sure your IT department have a totally different answer to that!
You're walking round with potentially confidential company information in your pocket. Personally I think it's perfectly reasonable that they insist that you have to password protect your device so that if it is lost or stolen, no-one can get at the sensitive company information that you may have on the device, even if it is only out of your sight for a couple of minutes!
As it is an Operating System on our phones there's no reason MS couldn't have passworded EMAIL separately from other functions - makes sense to me. They give you the option to PW your phone or not (personal choice) but I agree that company information should be safeguarded.
Do blackberry's have this same password stuff that locks the phone completely? I don't see my boss having to type in passwords to unlock his blackberry every five minutes!
adamelphick said:
As it is an Operating System on our phones there's no reason MS couldn't have passworded EMAIL separately from other functions - makes sense to me. They give you the option to PW your phone or not (personal choice) but I agree that company information should be safeguarded.
Do blackberry's have this same password stuff that locks the phone completely? I don't see my boss having to type in passwords to unlock his blackberry every five minutes!
Click to expand...
Click to collapse
Yes, Blackberries do this as well. It depends on your corporate security polcies. We cannot connect iPhones or Nokia mail for exchange phones, as our IT group cannot broadcast the security policy to the device. These security policies are the main reason why BB and WinMo own the enterprise market in the US.
What software security is available/recommended for the Windows Mobile devices like the Touch HD.
The built in password jobbie is naff.. I would like something that once password protected is hard wired into the system so that even if lost and found, no amount of hard resetting will bypass it without a complete ROM update..
At the moment, once set, I can still switch backon and "sometimes" it will ask for the password but if I ignore it, it will stay take me to the last app that was running before it hybernated... cheers.
Best I'm aware of is Sprite Terminator.
Thank you for that, do you know if there any facilities on that product that also work in a day to day basis.. that is something better than what is on the phone for locking down the phone when you are not using it but will fire back up upon passowrd entry.. something better than what the phone has already.. cheers..
Terminator does not. Absent info from someone else here, I think you just need to run a search for what you're looking for. For example, see http://www.freewareppc.com/utilities/utilities_security.shtml
I am getting a password requested when I boot up my phone.
This has been bothering me over the last several days.
It turns out it is forced by an exchange account I have set to synchronize with my phone.
Is there any way to force this password request to be ignored?
It is not the exchange ID password, rather it is a new password that exchange requires to be entered on phone boot-up in order to enforce security on my phone.
I already use pattern lock, so this is redundant... not to mention annoying.
I don't know if it can be bypassed. I'd like to know too, because although convenient for me, I will not put my work email on my device if I am forced to password protect my screen, as was the case with my Samsung Epix. I'd prefer to be forced to enter my credentials each time I were to check my work email than to enter a pass to unlock my screen.
a_fuegon said:
I don't know if it can be bypassed. I'd like to know too, because although convenient for me, I will not put my work email on my device if I am forced to password protect my screen, as was the case with my Samsung Epix. I'd prefer to be forced to enter my credentials each time I were to check my work email than to enter a pass to unlock my screen.
Click to expand...
Click to collapse
I would think that the pattern lock would satisfy any need for protecting my email from unauthorized use... a 4 digit numeric code is less secure than the pattern lock, which has 9 points and who knows how many possible combinations.
There have been quite a few discussions about this. Lockpicker seems to work but the developer states only for the HTC Sense.
I'm sure IT managers aren't going through any effort to change their security policies and endure all that's involved to change something they feel is currently effective, regardless of the users sentiments. It's up to us the users to find a way to circumvent or deal with it.
a_fuegon said:
There have been quite a few discussions about this. Lockpicker seems to work but the developer states only for the HTC Sense.
I'm sure IT managers aren't going through any effort to change their security policies and endure all that's involved to change something they feel is currently effective, regardless of the users sentiments. It's up to us the users to find a way to circumvent or deal with it.
Click to expand...
Click to collapse
It is frustrating, given the fact that this is a new change. For the longest time I thought it was something i did while modding my phone.
I will try the "get IT to fix it" route, but I have my doubts anything will come of it.
Otherwise, I will need to get someone to look at lockpicker.
Thanks.
joeybear23 said:
I would think that the pattern lock would satisfy any need for protecting my email from unauthorized use... a 4 digit numeric code is less secure than the pattern lock, which has 9 points and who knows how many possible combinations.
Click to expand...
Click to collapse
The problem with the pattern lock is you can almost always figure out the pattern based on the screen smudge left behind by it.
This could be overcome if the lock screen didn't show up the same way every time. Either larger / smaller scale or in a differnt orientation then the last previous time (sometime upside down and sometimes landscape). Then the smudges would overlap / confuse each other a little bit atleast.
If the e-mail account is a business account and is controlled by an IT group that isn't you, they're protecting their business. They don't want devices out there with no password and an open line to their systems. If you want your phone to sync with their e-mail account, then you have to accept their security requirements. I don't know why everyone thinks that they should be able to bypass an IT groups security requirements simply because they're inconvenienced by a passcode. A middle ground would be a passcode just to read that e-mail account, but I don't think any of the mobile devices offer such a feature. The simplest solution is still simply to not sync that e-mail account or check it as an IMAP account if you can.
Remove IT Security.
There is a way to get rid of this prompt but you will need a SQLDB editor like SQLite and Root explorer or something similar.
if you open up root explorer then go to DBDATA\DATABASES and then browse down to com.android.providers.settings then open settings.db
you will see a list of items, if you go under "system" then scroll 3/4 of the way down you will see the section for ITsecurity policy. [this is what the exchange services enforced on your phone.
if you change the section "devicelock_itpolicy_enabled" from a 1 to a 0 this will obviously disable this policy.
once the change is done you will need to restart your phone and you will notice upon the restart that it does not ask you for the password again.
problem with this is that its a remote policy however and the phone WILL be pushed this information again. [probably after only a day or two of use]
someone could probably write a MCR script to take care of this easily.
I've found the best way for me ot make the change is to copy the settings.db to another folder [like on my SD card] then make the change I need there.. and whenever there is a repush of the policy, I just overwrite the one settings.db with the other.
this is a temporary solution.. but it does get rid of the password policy.
another option maybe setting the timeout value listed below that.. some exchange policy will only check for the "password enabled" portion to be checked. but the default timeout maybe adjusted to something crazy..
default for my org is 40 minutes. [IE 2400 seconds] so adjusting it to 4000 minutes may just make me not worry about this value as much
l7777 said:
If the e-mail account is a business account and is controlled by an IT group that isn't you, they're protecting their business. They don't want devices out there with no password and an open line to their systems. If you want your phone to sync with their e-mail account, then you have to accept their security requirements. I don't know why everyone thinks that they should be able to bypass an IT groups security requirements simply because they're inconvenienced by a passcode. A middle ground would be a passcode just to read that e-mail account, but I don't think any of the mobile devices offer such a feature. The simplest solution is still simply to not sync that e-mail account or check it as an IMAP account if you can.
Click to expand...
Click to collapse
You are correct. They are protecting their interests and spend lots of money doing it.
Now, I did sense a bit of anger or frustration in your post. If so, calm down. These companies have every right to ensure that they deliver their info as securely as possible. Seeing as we do live in a free country, if somone decides they want to circumvent some established policies, then so be it. It'll be them that will have to suffer the consequences of their actions, not you. I for one am annoyed by those security features. Hence the absence of my company email from MY device.
If it bothers you, you do have the right to skip this thread and move on to the next one.
a_fuegon said:
You are correct. They are protecting their interests and spend lots of money doing it.
...
Click to expand...
Click to collapse
What is funny is the fact that requiring a 4-digit password at boot up does very little to keep unwanted eyes looking at email on a phone.
How often do thieves steal a powered-off phone... Plus it takes only seconds to hack through that anyway.
It's like gun laws: it only creates another hoop to jump through for the people playing by the rules.
joeybear23 said:
What is funny is the fact that requiring a 4-digit password at boot up does very little to keep unwanted eyes looking at email on a phone.
How often do thieves steal a powered-off phone... Plus it takes only seconds to hack through that anyway.
It's like gun laws: it only creates another hoop to jump through for the people playing by the rules.
Click to expand...
Click to collapse
I disagree - the idea here is to protect data for certain amount of time - it is a barrier, but not made to be foolproof.
Do you leave your house door unlocked? It takes seconds to smash a window or pry a door, so why lock it? You have an alarm? I can turn off the power and cut the phone line from outside - so i just easily circumvented this too. I can shoot or poison the dog, so that is not perfect either.
I like the PIN Lock, and I wish i could add one to my phone. If you lose your phone, you don't want people getting to your stuff before you can wipe it. The PIN does that it, gives you time.
And it is not that easy to bypass unless you keep your phone in USB Debug mode, and even then Android should prompt for the PIN before mounting drives or granting ADB access - if it doesn't then Android has a major security flaw.
The pattern lock is a joke - as mentioned, i can usually see someones pattern. That coupled with the idea, that although there are 9 starting points, the next point is only one of 3 adjacent points, and so on for the next. If it is really complex it becomes hard to remember - unlike numbers which can be many digits long and easy to remember.
I for one am happy to comply with a PIN lock - it keeps people i know from picking up my phone and rooting around.
alphadog00 said:
...
I for one am happy to comply with a PIN lock - it keeps people i know from picking up my phone and rooting around.
Click to expand...
Click to collapse
So you power down your phone after every use?
Because this PIN lock only comes up at boot up...
and the numbers are visible when you type them in.
a_fuegon said:
There have been quite a few discussions about this. Lockpicker seems to work but the developer states only for the HTC Sense.
Click to expand...
Click to collapse
Didn't work on my captivate, and as I understand it, it shouldn't work on any captivate because it changes Sense-specific settings.
I didn't really read through this thread, but if this is indeed a corporate exchange account, then there is no way around it.
joeybear23 said:
So you power down your phone after every use?
Because this PIN lock only comes up at boot up...
and the numbers are visible when you type them in.
Click to expand...
Click to collapse
On my Samsung Captivate it is requiring it everytime the screen goes blank. With HTC WM phone i was able to set this to 24 hours so it would only ask once a day or on power off then back on. If I could make it prompt just a little less I would be fine with it.
mreevimus said:
On my Samsung Captivate it is requiring it everytime the screen goes blank. With HTC WM phone i was able to set this to 24 hours so it would only ask once a day or on power off then back on. If I could make it prompt just a little less I would be fine with it.
Click to expand...
Click to collapse
Same here. Everytime the phone wakes is a big pain. I set my winmo phone for 2 hours.
I also work from a company that does this. Using the standard email app connection to exchange server, it requires the pin unlock when coming out of standby after a certain number of minutes. VERY annoying.
The best way around it will cost you $20. Using Touchdown, the pin unlock is in the app only. It will only prompt you for it when you actually use the app (again after a certain number of minutes).
My question or rather my pleed for answers does not just pertain to android os but I have relied on this site for many answers and have always found a solution just from searching around on here so I know there are very capable members on this site that can help. My problem began over 4 months ago when my home computers were compromised. I assumed it was just a simple virus but soon learned that someone had actually hacked into my home network for what I believe is or was an attempt to retrieve trade secrets. Shortly after i realized that data was being sent to someone through the fax system on my pc and data distribution software had been installed along with a large amount of .dll and legacy items, The admin rights were taken from me and the registry was completely modified which disabled me from having any permissions and kept me from doing anything on the pc. I went out and purchased a new router, got out an older pc, and I put a password of around 20 mixed numbers and letters. 5 minutes after I had set up the new router and pc I noticed through the network map that there was someone else on what I assumed was a secured network. The router was a netgear. First thing I done was change the default password and block any remote access in the network wizard. My next step was to pay the so-called experts (Geek Squad) to solve the security issue. I purchased their 1 month special that entitled me to 1 month of tech support and 3 free pc fixes. after purchasing a windows 7 restore disk I took 3 pc's to a local Geek Squad location to have them restore the Pc's and install what was suppose to be a hack proof software. They only fixed 1 pc, told me the software would keep the hacker out. 5 minutes after i logged into my network here comes all the windows updates (around 50) along with numerous programs. Needless to say I lost my admin rights within an hr. Here we are now, only using cell phones on my network and I am sure the hacker is retrieving my data off of my g vista d6301. My new email that I set up and have only used from the vista has been compromised and although no logins appear in the history but my vista, someone had enabled POP on Dec 28th. I have enabled the developer mode on my phone which allows me to view the process stats. It states that google play service runs 100% and Google Cloud Messaging runs 100%...I have never used any cloud service on this phone. Another thing is that certain system apps that I have never activated are accumulating a decent amount of data. This phone is used only for wifi and has no service plan attached. bluetooth, email, qrtunnel, near field communication all turn on from time to time. Google play also shows something called clearcutlogger running but was unable to find any info on that. I also installed a mic block that has a "spying app catcher" that logs when a app uses your phones mic while the phone is in sleep or idle mode. when the app is on block mic then there are no problems but when I unblock the mic I get countless log entries that an app with net access has gained access to my mic. Its always the same few apps that show up as a potential culprit so I cant pinpoint exactly what app is using the mic. not sure if any of this has anything to do with someone messing around with my phone, just trying to think of some of the things that could help. There is no doubt that this phone along with a pile of now useless computers have indeed been compromised. What I really need help with is how to get this bastard out of my life and secure my network before the new semester begans b/c there is no way I can have my daughter use her new pc on the network knowing its just going to end up like the rest of computers in my new pc graveyard. I know there are quite a few other sites I could have reached out to but there is something about the comradery on this site that has always drawn me to it. 1 more thing fellas, how bout that one touch root for the LG G Vista D6301's? that sure would come in handy right now lol. My apologies for the long read. Any details you need to know to try and help me figure things out, I would gladly assist as long as my knowledge permits.
I understand that the question or article that I posted is quite vast so I will start off with this simple question. Is there a server that I can disable in the LG hidden menu to stop unauthorized use of my GCM, or any other way than simply just disabling Google Play? I have read a couple of recent articles on how hackers are utilizing gcm to gain access to personal info. I just was curious about the server b/c I see many different server acc in the hidden menu such as ATTLABa, Cingular, Mformation, and Funambol. I wasnt sure if these servers or acc could possibly help or be a potential threat.
Sent from my LG-D631 using XDA Free mobile app
Pr1n6/of\Jerusalem said:
My question or rather my pleed for answers .........
Click to expand...
Click to collapse
Pr1n6/of\Jerusalem said:
I understand that the question or article ............
Click to expand...
Click to collapse
First thing you have to be sure that no one has physical access to your gadgets. Second, find a router suitable to be modified with new firmware from http://www.dd-wrt.com/site/index or https://openwrt.org/.
In case you can buy a hardware network firewall and with proper installation and settings you should be able to keep away any threat.
A good idea would be to use a good VPN service, that way you can add a layer of security on your networking habits.
Lastly, check this thread http://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077 and if you have any question, ask there.
Good luck