I've setup a couple of Hermes handsets this past week, one on Cingular (US) and one on Vodafone (UK).
Our Exchange server is hosted in the UK.
I have a problem whereby the password you are forced to set when setting up the push/sync is prompting the user for entry almost every 5 minutes (ie. when the phone requires interaction from 'power save mode')
Entering the password 'settings' screen is no use as the option to change the 5 minute period is greyed out.
Is there a fix to this? Is this handset related or server related?
Surely I'm not alone with this problem?
Hermes (WM5) (1x Cingular US, 1x Vodafone UK)
Vini said:
I've setup a couple of Hermes handsets this past week, one on Cingular (US) and one on Vodafone (UK).
Our Exchange server is hosted in the UK.
I have a problem whereby the password you are forced to set when setting up the push/sync is prompting the user for entry almost every 5 minutes (ie. when the phone requires interaction from 'power save mode')
Entering the password 'settings' screen is no use as the option to change the 5 minute period is greyed out.
Is there a fix to this? Is this handset related or server related?
Surely I'm not alone with this problem?
Hermes (WM5) (1x Cingular US, 1x Vodafone UK)
Click to expand...
Click to collapse
This is server related. Technically you do not need a fix because everything is working as intended. What's happening is the exchange admin is enforcing a security certificate on your phone with the idea being that if you lose your phone, strangers cannot access your data. Further more they can trigger a remote wipe of your device after a set number of failed password attempts. This is pretty much standard in any corporation as they don't want outsiders getting access to their information. That being said there are ways to get around it. Just bear in mind that if you lose your phone, whoever picks it up will have full access to it and all information it contains. If you're willing to accept the potential implications then it's very simple. Google "zenyee.com stay unlock" and read through that thread on Mobility Today. There's a cab on the second page you need to install that will "un-grey" that box so you can set it to something more reasonable, like 24 hours.
Excellent, thanks for the info!
Is there anyway the server can be changed to avoid having to install this Zenyee.com Stay Unlock.zip on each unit?
Yes the exchange server administrator can change the certificate requirements (password requirements as well as idle time requirement).
I am the admin, any idea where this option is?
I was going to sync my phone with my company's exchange server the other day, but I stopped because after filling out my user name and domain and hitting next, it said "the exchange server will have to apply security policies on your device in order to continue" or something like that.
So I guess I was wondering if anyone knew what type of "security policies" these are. I mean maybe I am being an idiot, but can they restrict my ability to install/remove applications. I am enjoying messing around with my phone, and I really would not want something giving me limited access to my phone. My phone is a hermes100, but I am pretty sure this message will come up on any other winmobile phone too. So anyone have any idea what this does?
thanks for the help
My company's exchange server enforces a "LOCK" policy of 20 minutes. Every 20 mins the phone locks up and you have to enter a 4-digit pre-set number to unlock. Its very ANNOYING !!!!
I was able to bypass this policy using a software. Let me know if you need it.
Depending on your phone version and verison of Exchange, they have varying degrees of control, but none over software management (beyond device wipe with 2007). But that is also a standard message and I would bet the most they may have (but mostly likely don't) is a lock policy. Moving forward with Mobile Device Manager 2008, your administrators will have nearly as much control over the handheld device as they do the PC. As an IT administrator I see this as a blessing and a curse as a user wanting free-will. To strike the balance will be tough with these new found inroads into device control.
tmknight said:
Depending on your phone version and verison of Exchange, they have varying degrees of control, but none over software management (beyond device wipe with 2007). But that is also a standard message and I would bet the most they may have (but mostly likely don't) is a lock policy. Moving forward with Mobile Device Manager 2008, your administrators will have nearly as much control over the handheld device as they do the PC. As an IT administrator I see this as a blessing and a curse as a user wanting free-will. To strike the balance will be tough with these new found inroads into device control.
Click to expand...
Click to collapse
I have an ATT 8525 Herm100, and you were right, it was a lock policy. At least that's all I see so far....
First off, no I'm not trying to find out other peoples passwords.
We have, at work, a shedload of Smartphones of different types. Nokia E71's/E72's, Treo Pro's, HTC Touch Pro's, Touch Pro 2's and HD2's. I'm the lucky guy who gets to support them and help users set them up to connect to the exchange server.
Here's the thing. The Nokias are great in that when typing in their password for Mail for Exchange, i rarely have to get them to try more than once, because the password is briefly visible letter by letter as they type it in before it ****. As you know thats not the case for winmo Outlook. They only see **********.
So I'm handing most users a device they have never seen, with an unfamiliar keyboard, and the first thing they type is a complicated password that they can't see. Makes my life he11. And for an added bonus, Active Directory policy requires a password change every 60 days, which means they have to change the password on the phone too.
In addition, as you know, if Outlook gets messed up during setup/editing, its often a hard reset to fix. Great fun, especially on a Treo.
So, i am wondering if there an app/option/regfix to make the password visible while typing it in. Even briefly, like the Nokia's.
Any advice, suggestions would be great. Thanks.
So that'll be a no then?
Doesn't make passwords visible but if you can connect to the PPC via ActiveSync/WMDC then you could use MyMobiler which would enable you to use your PC keyboard to type the passwords.
I am getting a password requested when I boot up my phone.
This has been bothering me over the last several days.
It turns out it is forced by an exchange account I have set to synchronize with my phone.
Is there any way to force this password request to be ignored?
It is not the exchange ID password, rather it is a new password that exchange requires to be entered on phone boot-up in order to enforce security on my phone.
I already use pattern lock, so this is redundant... not to mention annoying.
I don't know if it can be bypassed. I'd like to know too, because although convenient for me, I will not put my work email on my device if I am forced to password protect my screen, as was the case with my Samsung Epix. I'd prefer to be forced to enter my credentials each time I were to check my work email than to enter a pass to unlock my screen.
a_fuegon said:
I don't know if it can be bypassed. I'd like to know too, because although convenient for me, I will not put my work email on my device if I am forced to password protect my screen, as was the case with my Samsung Epix. I'd prefer to be forced to enter my credentials each time I were to check my work email than to enter a pass to unlock my screen.
Click to expand...
Click to collapse
I would think that the pattern lock would satisfy any need for protecting my email from unauthorized use... a 4 digit numeric code is less secure than the pattern lock, which has 9 points and who knows how many possible combinations.
There have been quite a few discussions about this. Lockpicker seems to work but the developer states only for the HTC Sense.
I'm sure IT managers aren't going through any effort to change their security policies and endure all that's involved to change something they feel is currently effective, regardless of the users sentiments. It's up to us the users to find a way to circumvent or deal with it.
a_fuegon said:
There have been quite a few discussions about this. Lockpicker seems to work but the developer states only for the HTC Sense.
I'm sure IT managers aren't going through any effort to change their security policies and endure all that's involved to change something they feel is currently effective, regardless of the users sentiments. It's up to us the users to find a way to circumvent or deal with it.
Click to expand...
Click to collapse
It is frustrating, given the fact that this is a new change. For the longest time I thought it was something i did while modding my phone.
I will try the "get IT to fix it" route, but I have my doubts anything will come of it.
Otherwise, I will need to get someone to look at lockpicker.
Thanks.
joeybear23 said:
I would think that the pattern lock would satisfy any need for protecting my email from unauthorized use... a 4 digit numeric code is less secure than the pattern lock, which has 9 points and who knows how many possible combinations.
Click to expand...
Click to collapse
The problem with the pattern lock is you can almost always figure out the pattern based on the screen smudge left behind by it.
This could be overcome if the lock screen didn't show up the same way every time. Either larger / smaller scale or in a differnt orientation then the last previous time (sometime upside down and sometimes landscape). Then the smudges would overlap / confuse each other a little bit atleast.
If the e-mail account is a business account and is controlled by an IT group that isn't you, they're protecting their business. They don't want devices out there with no password and an open line to their systems. If you want your phone to sync with their e-mail account, then you have to accept their security requirements. I don't know why everyone thinks that they should be able to bypass an IT groups security requirements simply because they're inconvenienced by a passcode. A middle ground would be a passcode just to read that e-mail account, but I don't think any of the mobile devices offer such a feature. The simplest solution is still simply to not sync that e-mail account or check it as an IMAP account if you can.
Remove IT Security.
There is a way to get rid of this prompt but you will need a SQLDB editor like SQLite and Root explorer or something similar.
if you open up root explorer then go to DBDATA\DATABASES and then browse down to com.android.providers.settings then open settings.db
you will see a list of items, if you go under "system" then scroll 3/4 of the way down you will see the section for ITsecurity policy. [this is what the exchange services enforced on your phone.
if you change the section "devicelock_itpolicy_enabled" from a 1 to a 0 this will obviously disable this policy.
once the change is done you will need to restart your phone and you will notice upon the restart that it does not ask you for the password again.
problem with this is that its a remote policy however and the phone WILL be pushed this information again. [probably after only a day or two of use]
someone could probably write a MCR script to take care of this easily.
I've found the best way for me ot make the change is to copy the settings.db to another folder [like on my SD card] then make the change I need there.. and whenever there is a repush of the policy, I just overwrite the one settings.db with the other.
this is a temporary solution.. but it does get rid of the password policy.
another option maybe setting the timeout value listed below that.. some exchange policy will only check for the "password enabled" portion to be checked. but the default timeout maybe adjusted to something crazy..
default for my org is 40 minutes. [IE 2400 seconds] so adjusting it to 4000 minutes may just make me not worry about this value as much
l7777 said:
If the e-mail account is a business account and is controlled by an IT group that isn't you, they're protecting their business. They don't want devices out there with no password and an open line to their systems. If you want your phone to sync with their e-mail account, then you have to accept their security requirements. I don't know why everyone thinks that they should be able to bypass an IT groups security requirements simply because they're inconvenienced by a passcode. A middle ground would be a passcode just to read that e-mail account, but I don't think any of the mobile devices offer such a feature. The simplest solution is still simply to not sync that e-mail account or check it as an IMAP account if you can.
Click to expand...
Click to collapse
You are correct. They are protecting their interests and spend lots of money doing it.
Now, I did sense a bit of anger or frustration in your post. If so, calm down. These companies have every right to ensure that they deliver their info as securely as possible. Seeing as we do live in a free country, if somone decides they want to circumvent some established policies, then so be it. It'll be them that will have to suffer the consequences of their actions, not you. I for one am annoyed by those security features. Hence the absence of my company email from MY device.
If it bothers you, you do have the right to skip this thread and move on to the next one.
a_fuegon said:
You are correct. They are protecting their interests and spend lots of money doing it.
...
Click to expand...
Click to collapse
What is funny is the fact that requiring a 4-digit password at boot up does very little to keep unwanted eyes looking at email on a phone.
How often do thieves steal a powered-off phone... Plus it takes only seconds to hack through that anyway.
It's like gun laws: it only creates another hoop to jump through for the people playing by the rules.
joeybear23 said:
What is funny is the fact that requiring a 4-digit password at boot up does very little to keep unwanted eyes looking at email on a phone.
How often do thieves steal a powered-off phone... Plus it takes only seconds to hack through that anyway.
It's like gun laws: it only creates another hoop to jump through for the people playing by the rules.
Click to expand...
Click to collapse
I disagree - the idea here is to protect data for certain amount of time - it is a barrier, but not made to be foolproof.
Do you leave your house door unlocked? It takes seconds to smash a window or pry a door, so why lock it? You have an alarm? I can turn off the power and cut the phone line from outside - so i just easily circumvented this too. I can shoot or poison the dog, so that is not perfect either.
I like the PIN Lock, and I wish i could add one to my phone. If you lose your phone, you don't want people getting to your stuff before you can wipe it. The PIN does that it, gives you time.
And it is not that easy to bypass unless you keep your phone in USB Debug mode, and even then Android should prompt for the PIN before mounting drives or granting ADB access - if it doesn't then Android has a major security flaw.
The pattern lock is a joke - as mentioned, i can usually see someones pattern. That coupled with the idea, that although there are 9 starting points, the next point is only one of 3 adjacent points, and so on for the next. If it is really complex it becomes hard to remember - unlike numbers which can be many digits long and easy to remember.
I for one am happy to comply with a PIN lock - it keeps people i know from picking up my phone and rooting around.
alphadog00 said:
...
I for one am happy to comply with a PIN lock - it keeps people i know from picking up my phone and rooting around.
Click to expand...
Click to collapse
So you power down your phone after every use?
Because this PIN lock only comes up at boot up...
and the numbers are visible when you type them in.
a_fuegon said:
There have been quite a few discussions about this. Lockpicker seems to work but the developer states only for the HTC Sense.
Click to expand...
Click to collapse
Didn't work on my captivate, and as I understand it, it shouldn't work on any captivate because it changes Sense-specific settings.
I didn't really read through this thread, but if this is indeed a corporate exchange account, then there is no way around it.
joeybear23 said:
So you power down your phone after every use?
Because this PIN lock only comes up at boot up...
and the numbers are visible when you type them in.
Click to expand...
Click to collapse
On my Samsung Captivate it is requiring it everytime the screen goes blank. With HTC WM phone i was able to set this to 24 hours so it would only ask once a day or on power off then back on. If I could make it prompt just a little less I would be fine with it.
mreevimus said:
On my Samsung Captivate it is requiring it everytime the screen goes blank. With HTC WM phone i was able to set this to 24 hours so it would only ask once a day or on power off then back on. If I could make it prompt just a little less I would be fine with it.
Click to expand...
Click to collapse
Same here. Everytime the phone wakes is a big pain. I set my winmo phone for 2 hours.
I also work from a company that does this. Using the standard email app connection to exchange server, it requires the pin unlock when coming out of standby after a certain number of minutes. VERY annoying.
The best way around it will cost you $20. Using Touchdown, the pin unlock is in the app only. It will only prompt you for it when you actually use the app (again after a certain number of minutes).
Maybe I am just missing something very obvious but it seems like there is no option to wipe the phone after misentering the password multiple times (BB or iphone style)?
I know it can be done with Exchange policies but it will be a cold day in hell before I go THAT route...
nupi said:
Maybe I am just missing something very obvious but it seems like there is no option to wipe the phone after misentering the password multiple times (BB or iphone style)?
I know it can be done with Exchange policies but it will be a cold day in hell before I go THAT route...
Click to expand...
Click to collapse
It's not a standard option in Android (I for one am glad - I've accidentally wiped my work Blackberry more than once when inebriated). Android Device Manager (or the Motorola equivalent) both allow a manual remote wipe from a PC or another Android Device.
It's possible for apps to monitor incorrect password entries (no root required just a Device Administrator Permission), although I'm not sure if an automated wipe is possible without root. Take a look around the play store to see if anything meets your needs.
I use the automation app MacroDroid along with Secure Settings (both in the playstore) on my unrooted MotoG. The way I've got it set up is that 3 failures to enter correct PIN changes it to Password mode, a further 3 failures will prevent the phone from waking up (by automating a screen lock associated with the screen coming on). As-well as that it will automatically take and email to me front and rear camera photos, and the phones location on the change from Pin to Password, and again on the change to 'Lockdown' mode. I can send it an SMS with a special message in the text to get it to repeat this. I'm toying with the idea of setting it to shout 'Thief!' repeatedly at full volume when someone tries to turn on the screen when it's locked down
It is not exactly that what you were asking for. But i just wanted to mention also Cerberus here.
It brings a lot of nice features to control your phone remote.