Disable remote wipe capability
Hello,
I'm wondering if there is a toggle so to speak to disable the option of remote wipe even at the exchange admin level. Basically, the organization does not want this to be envoked be it client or admin at all.
Thank you in advance.
September 7th, 2010 7:34pm
All Exchange ActiveSync features are enabled during a default installation of Microsoft Exchange Server 2010. You can modify the feature settings at the Exchange server level with Exchange Management Console, and enable or disable Exchange ActiveSync features
for individual users or groups of users with Active Directory.
You can create policy for disable "Initiate a remote device wipe" for users
http://technet.microsoft.com/en-us/library/ff459605.aspx
Anil
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 8:29pm
Thank you Anil,
I should have been more specific, we are on Exchange 2007 SP1 3.2X build. The option to manage wireless devices/phones is already hidden from users via OWA. I guess I'm looking for a way that even admins cannot initiate a wipe on a users phone, to basically
disable the feature for now.
Is this possible?
Thanks.
September 7th, 2010 9:02pm
As far as I am aware, this is not possible.
You haven't said which version of Exchange you are using, but with Exchange 2007 and 2010 where the users have control you should be able to turn it off. However it is not possible for the user to stop the procedure from happening - that would rather defeat
the point of the feature. It can be stopped from taking place in other ways, such as pulling the SIM out of the device and disabling all wireless so it doesn't make a connection, but it is a function of the protocol.
Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 9:03pm
Use only old pre-Windows 5 devices or those that cant be provisioned or BES.
Otherwise, I dont think there is a way to disable short of maybe using RBAC in 2010 and removing access to the command.
September 7th, 2010 9:08pm
Thanks all for your responses.
So is it fair to assume with Exchange 2007, and even utilizing RBAC via 2010, that attempting to disable this feature for even an Exchange admin group/role is not reccomended , and could even cause unintended issues within the Exchange Org?
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 9:18pm
I dont think it would cause any problems, but if you did need to wipe a device quickly, it would obviously make things a little harder. It also means that users themselves cant trouble shoot their own problems if they arent allowed to remote wipe a device
that isnt syncing correctly or disappears. You do want to wipe a stolen or lost device, yes?
September 7th, 2010 9:24pm
Yes, but in that instance we would then need to be able to flip the option back on. Of course this would be more cumbersome as you mentioned earlier.
So for Exchange 2007, this is probably not doable then? At the moment, I don't see an upgrade to 2010 as an option.
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 9:28pm
The problem you are going to have is that for a device to be wiped it would have to call in, the new policy be applied, which I am pretty sure will require a reboot, then the wipe command is sent. I someone has got hold of the device, then it is very likely
the remote wipe will fail because they will see what is happening.
Why do you want to stop the admins from wiping a device? That is part of an admin's job.
As an aside, I would also be recommending an upgrade to at least Exchange 2007 Sp2, preferably SP3.
Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
September 7th, 2010 9:54pm
Sembee those are very valid points and concerns., It's just what I have been tasked with I suppose.
I appreciate everyones help so far,
Thank you.
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 10:31pm
Ok, I'll bite. :)
Why the need to do this?
September 7th, 2010 10:45pm
Ok I guess it's sounding fishy now looking at it from your guys perspective, but honestly, its a valid request tasked to me. :) I am an admin here, but I do see how this could appear like a sneaky user request looking back over the post.
Either way I think I have my answers, and obviously this isn't a feature that normally has a toggle for a reason, I get that believe me. I do appreciate everyones help.
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 10:57pm
Ok I guess it's sounding fishy now looking at it from your guys perspective, but honestly, its a valid request tasked to me. :) I am an admin here, but I do see how this could appear like a sneaky user request looking back over the post.
Either way I think I have my answers, and obviously this isn't a feature that normally has a toggle for a reason, I get that believe me. I do appreciate everyones help.
No, not at all! I was just curious is all :)
September 7th, 2010 11:03pm
Hello,
this is an older thread but there is not much written about disabling the remote wipe capability, we all don't know or accept blindly.
As an administrator of many small networks I detest the fact that I cannot disable this functionality, at least wipe just the mailbox or specify on a user level.
In the responses where people cannot imagine you want to disable this I see the tunnel vision of MS, large company networks where you manage the phones. Great, fully understandable. However there is more in the world.
As an example I have the stand-alone professional who works for many different companies. He has no business phone but his own, with his data, his photos. Several of the companies he works for want him to read a mailbox/calendar. His phone supports many
Exchange accounts. Now he has to accept that any of those companies can reset HIS PHONE, with his data, etc.....????????
No way.
When we have phones with enable us to sync many Exchange accounts there must be an option that not ANY Exchange admin can reset that phone.
Thanks.
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 11:56am