There is a simple workaround on rooted phones for the Exchange security policy without having to replace the original mail app. I also posted this in the Android 2.2 Email.apk - Bypassing Exchange security policy - APK Attached thread but am making a new thread in case people have missed this very simple workaround. I am using it on an account on a Exchange 2007 server and I believe Exchange 2003 works as well. I heard from one person who did not have good results with Exchange 2010. All exchange functions work fine without any issues. I am using the stock email app so this only applies to the stock email app that forces a password security policy.
I am using an app called Autostarts found in the market (less than a dollar - I am not the developer) that allows disabling the exchange policy on restart. The setting can be found under Device Admin Enabled. Make sure you are in USB Debugging Mode before disabling the policy.
If you already have an Exchange account set up yet:
Install Autostarts from the Android Market and run. Find and click the Device Admin Enabled entry and press Mail (Exchange security policies) and select Disable (acknowledge the warning about disabling a system component). Close Autostarts and reboot the phone. After restart, change your screen lock under security to whatever you want (None, Pattern, or PIN).
If you don't have an Exchange account set up yet:
Install Autostarts from the Android Market then set up your Exchange account and let Exchange force the password policy. After the exchange setup is completed, run Autostarts and find and click the Device Admin Enabled entry and press Mail (Exchange security policies) and select Disable (acknowledge the warning about disabling a system component). Close Autostarts and reboot the phone. After restart, change your screen lock under security to whatever you want (None, Pattern, or PIN).
Hmm, this doesn't seem to wok. After disabling in autostarts, I reboot, and the mail app tells me (paraphrased) "You must have security policies enabled blah blah blah".
This worked perfect for me on a 2.2 Sense rom on Evo. Good find & thanks !
EDIT: So after trying this on a newer build like the Desire Z port to Evo.. it will let you bypass it, but only until you go to sync your mail. After that fact it will re-enforce your mail security. But, it is still another workaround for 2.2 builds.!
Great method! Very simple!
Related
When I installed the MSFP/AKU2 upgrade on my SP5 over the weekend then tried to connect to my Exchange server for the first time, it enforced a mandatory security policy of having my device automatically lock out every hour (and must be unlocked with a PIN at the very least). I find this terribly annoying! When I go into the security control panel, I cannot uncheck "Prompt if device unused for".
Is there a hack to remove this security restriction?
this policy is server based, but i'm not very familiar with the new Exchange 2003 SP2 features yet.
This is on the Exchange Server @ Global Settings --> Mobile Device Properties -- Device Security Settings.
If this is "your" Exchange server then you go there and disable all that stuff.
This isn't set by default however. So it may be that it isn't your "own" server. If so then the Exchange Admin has to disable that. I have messed with this on my device a bit. Not very extensively. I more wanted to see what happens when setting these polices rather than to see if I can bypass them.
So if it is your own server then just go to above under Exchange System Administrator and disable the device security or leave what you need and take the innactivity setting out.
Hope this helps[/img]
jminiman said:
Is there a hack to remove this security restriction?
Click to expand...
Click to collapse
Isn't this the point of the MSFP? Allow the exchange administrator to set security policies?
Well, so this isn't my Exchange server. And so I respect that if I connect to someone else's Exchange server, they can lock down my device. Well, I kind of respect that.
But the point is now I have removed the Exchange profile from my device completely--but the security policy remains. Is this a bug in MSFP?
Offtopic, but has anyone tried the remote hard reset thing? I would like to know how (or where?) it's implemented so I can reverse engineer it into a generic solution. Any clues as to use or implementation would be appreciated (I'm not using an exchange server so can't test).
V
MSFP security profile remains after wipe
This is actually standard practice in the B*)&#berry world. The reason is that they figure that if it's the company's device, security should be enforced whether you (the user) want to skip it or not. I.e. you don't it to be easy for the end-user to simply bypass all that hard work you did setting up the security. So while I don't know for a fact, I am guessing this is by design.
Has someone any idea how to disable this PIN screen lock when use the exchange sync??? Just tried to find out how to, but so far I did not find any way...
Your corporate IT Admin won't be too thrilled to hear you ask this question. It is after all an exchange security policy enforced by your exchange admin to protect sensitive information in case you lost your phone or get stollen.
Depending on which ROM (2.1 or 2.2) you're running, the PIN is handled differently. On 2.1, the PIN policy is part of the email app and the PIN can't even be changed after you set it. In 2.2, the PIN policy is natively supported by Android OS and you can change the PIN but not disable it. But I have yet to see any hacks to disable it on Android. I know how to do it in Windows Mobile
try a search on the forums for "lockpicker". It works for some, some it doesnt. Check this thread for more info...
http://forum.xda-developers.com/showthread.php?t=655061
I recently had to add my corporate email account to my S3. I was required to add a PIN or password, which I wasn't real fond of, but I understood why so I did it.
Now, having been issued a work phone, I do not need my email on my personal device anymore so I removed it. However, I cannot remove the need for a PIN/password.
If I go into my lock screen settings and attempt to change to a different unlock type it notes that they are disabled by administrator, encryption policy or credential storage.
As a result I have removed all applicable device administrators (minus Tasker and Cerberus), cleared device credentials and removed my SD card as it notes that it is encrypted.
All of this has been to no avail as I still cannot change my lock screen type. Any suggestions on what is causing this issue? I asked our IT company and they said "Call Verizon." Um.... thanks?
Thanks for the input guys!
Bump. I would hate to have to wipe my phone to fix such a silly issue.
Halp.
Did you install something called device policy? We had to do this through our school email in order to be able to get our email on our devices. I also had the problem of not liking a security lock screen so I removed it. I don't know if this helps or not, but here are the steps, according to my school ITS website.
On your device, go to Settings > Security
Press Select device administrators
Uncheck Google Apps Device Policy
Press Deactivate.
Go to Settings > Applications and click the Google Apps Device Policy app
Press Uninstall to remove the application
sth84478 said:
Did you install something called device policy? We had to do this through our school email in order to be able to get our email on our devices. I also had the problem of not liking a security lock screen so I removed it. I don't know if this helps or not, but here are the steps, according to my school ITS website.
On your device, go to Settings > Security
Press Select device administrators
Uncheck Google Apps Device Policy
Press Deactivate.
Go to Settings > Applications and click the Google Apps Device Policy app
Press Uninstall to remove the application
Click to expand...
Click to collapse
I appreciate the input by unfortunately did not have Google Apps device policy under my device administrators or installed applications.
I was however able to fix this by going to Settings > Security > Encrypt external SD card and unchecking encrypt. I was only allowed to uncheck this value after creating a 6 digit password though.
Hope this helps somebody. Thanks!
I have been using the Gmail Exchange Account for a few days happily (Android L stock). But now I constantly get the option to update my security which is basically encrypting my phone. But after the restart this message comes up again with only option to update again. In the meantime no mail is synced. I have already removed and re-installed my echange account numerous times but not helping. Alternative app Mail Wise is giving the same problem. With Touchdown everything is working but I don't like the battery usage and most import the seperate password entry when entering the app. Did anybody else experience this security update loop?
Maybe I have solved the problem myself. What seemed to happen is that my companies security policy demands a certain type of password. Since I already had installed an exchange account before my password on my phone was already compliant. Therefore I did not need to change anything on my security after I setup my Exchange account on my phone. So what I did is disable password lock on my phone, setup my exchange account and entered a compliant password.
1979Sentinel said:
I have been using the Gmail Exchange Account for a few days happily (Android L stock). But now I constantly get the option to update my security which is basically encrypting my phone. But after the restart this message comes up again with only option to update again. In the meantime no mail is synced. I have already removed and re-installed my echange account numerous times but not helping. Alternative app Mail Wise is giving the same problem. With Touchdown everything is working but I don't like the battery usage and most import the seperate password entry when entering the app. Did anybody else experience this security update loop?
Click to expand...
Click to collapse
Every two or three days same problem returns. Gmail tells me to do a security update. After a lot of trying I get it working again but if this returns constantly it is quite frustrating. Anybody else with same experiences?
Solution given
Somebody on another site pointed me to the solution which can be found at:
https://code.google.com/p/android/issues/detail?id=79342#c18
As it seems a pin/password is required for startup as well, not only for unlocking the device.
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
straight thought is wht u said
thr is extra policy for ur device.
remove the exchange server and check wht happen...
if nothing changed go to security setting and clear credentials and remove all admins app
:good:
I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.
m3xiz said:
I would suggest to put your company email in the myknox app. This isolates any compny policies for accessing your device.
Click to expand...
Click to collapse
+1 for this suggestion. I'm a big fan of My Knox. It sets Samsung apart in this area.
Sent from my SM-G930V using XDA Premium HD app
stevevetter said:
I'm new to the S7, though drove a Moto X Pure on Marshmallow for a while and am familiar with my way around settings. I've only had the S7 a couple of days and hadn't gotten any trusted devices to keep it unlocked reliably. I recently had several apps update and then now when I go look, The Smart Lock (Google) Trust agent is 'disabled by administrator' and it is now greyed-out and I can't turn it on. Similarly all my trusted devices are greyed-out.
Any ideas here. The one thing I CAN think of is that I'm using built-in mail to connect to my company's exchange server, so they do have the ability to push admin rules. I had the account connected before I saw this behavior, however I suppose they might push out polices only once every week or so and I just hit the day.
Any other thoughts?
- Steve
Click to expand...
Click to collapse
Some third party email apps are capable of applying Exchange policies on the application level instead of device level. Thus leaving the rest of the device under your control. Try an app like Nine which can do just that. The are other apps too but I like this one.
Thanks Everyone. I'll try those. It sounds like myknox might help if this is it. On my Moto X I was using before, I used Touchdown for exchange (cause the ootb mail client sucked) and it similarly kept the admin policies to the app.
hmm, removed the exchange account. now things aren't greyed out anymore. I could go into trust agents and Smart Lock (Google) is enabled. I go into phone administrators and there are two: "Android Device Manager" and Support & Protection". I turned them both off (I don't know how to REMOVE them). Restarted phone. No change in behavior. My screen still locks when, for example, connected to my Gear S2 watch though that's one of the trusted devices for smart lock..
nevermind, it's working. I was just expecting different behavior. I still have to 'swype to unlock' but I'm not hit up for credentials anymore. I was expecting that when I woke the phone it would go to the last screen it was on. I don't know why, my Moto didn't do that. I think it was having the fingerprint sensor now that just messed up my mental processing.
A very simple alternative to the same effect is offered by the Exchained app. No root required.
I found if you go to lock screen (in setting: device) and create and lock screen pattern. Trust agents becomes available (in security settings: advanced), you can then turn it on and smart lock becomes available (in security settings: advanced).
There is a youtube video about it: How To Enable Smart Lock On Any Device
Unrelated to smart lock: As user "Avah" said, I highly recommend Nine email for connecting to your exchange server. It does not force the administration policies on your device (or at least, it may ask you, and you can decline). Better than the built-in clients and way better than the old Touchdown app.