Exchange 2007 - Active Sync - Block Devices
I have Exchange 2007 and use ISA 2006 to publish Active Sync. I found the article below that talks about how to block specific device from connection to Active sync.
http://blogs.technet.com/b/exchange/archive/2008/09/05/3406212.aspx
I want to use the block at the firewall method. But, I am not clear on how to determine the User-agent string to block? The devices I want to block are Andriod devices. Our Active Sync policy requires encryption, and the users are getting around
the policy by installing the touchdown application on their device.
June 29th, 2011 5:44pm
HI,
I can find this link for you, If still it does not help then you may need to posta question in ISA forum.
http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/7271bbb4-2946-45e9-8e94-9926ccf579bdAnil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2011 6:33pm
Hi,
From the problem description, I understand that you would like to block mobile device from taking data out of your Exchange server.
And there you have it; how you can block by device type (User-agent string) and how you can block by server
(IP address). New devices and services come online all the time so it's tough to have a comprehensive list but some of the more common User-Agents are:
Symbian
devices: "Symbian"
http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader
Motorola:
"mot-"
http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader
Samsung:
"sec-" or "samsung"
http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader
LG: "lg-"
http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader
Siemens:
"sie-"
http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader
Nokia Devices:
"Nokia"
http://discussion.forum.nokia.com/forum/showthread.php?t=83267
BlackBerry
Devices: "BlackBerry"
http://na.blackberry.com/eng/developers/resources/journals/mar_2007/profile.jsp
Apple Devices:
"Appl" (no e on this one as Device ID starts with Appl so this covers all cases) Note: if you just want to block only the iPod Touch, or only the iPhone, you can just block on "iPod" or just "iPhone".
http://forums.macrumors.com/showthread.php?t=361166
Some of the common Servers that try and access Exchange Server are below (with links to their docs that list
their server IP address ranges):
BlackBerry Internet Service:
http://www.blackberry.com/btsc/articles/644/KB11036_f.SAL_Public.html
Good Mobile Messaging (GoodLink):
http://www.goodlink.com/documentation/GoodAdminGuide_exchange.pdf
And you would like to block the Andriod Devices. So if you don’t know the User-agent string. I suggest that you could contact the Mobile Device Manufacture to
get the User-agent string. It’s for the Exchange server 2007.
BTW, there is a new feature in the Exchange server 2010. Just for your reference:
Title: Controlling Exchange ActiveSync device access using the Allow/Block/Quarantine list
URL:
http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx
If there is any question about the ISA server, I suggest that you could ask a question in the ISA forum.
Title: Forefront TMG and ISA Server
URL: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads
Thx,
James
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 30th, 2011 11:36am