role based role for activesync exchagne 2010 for helpdesk
what is the best way to create RBAC for activesync for helpdesk so they cna manage user's device for remote wipe etc for all users
June 15th, 2011 8:37pm
You can follow Anil’s suggestion to create RBAC for helpdesk.
When you perform a remote wipe on a Mobile Phone, here are some related document for you:
Perform a Remote Wipe on a Mobile Phone
http://technet.microsoft.com/en-us/library/aa998614.aspx
Client Access Permissions
http://technet.microsoft.com/en-us/library/dd638131.aspx
Thanks,
Evan
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2011 3:58am
Any update ??Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com
June 19th, 2011 12:01am
Ok so i did following
1) created a role "Activesync Wipe" based on "Mail Recipients
2)removed all the unnecessary role entires except "clear-activesyncdevice" from ActiveSync wipe
3)created a "Scope" allowing only targeted ou where i want to have helpdesk access to
new-ManagementScope -Name "Scope" -RecipientRoot "Domain/OU" -RecipientRestrictionFilter {RecipientType -eq "UserMailbox"}
4)then linked the rolegroup to the role
New-RoleGroup -Name "ActiveSyncRolegroup" -Roles "ActiveSync Wipe" -CustomRecipientWriteScope "Scope"
5) added a testuser to activesyncrolegroup
when i login to owa/ecp website with testuser's credential and clicked on phone. i do not see any other users, i only see testuser's phone on activesync. do i need to anything else to see all the users
thx
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2011 7:11pm
do i need to give access to ecp directory?
June 26th, 2011 2:07pm
Hi eth123,
Maybe you need add “User Options” role to ActiveSyncRolegroup. Per my test, after I add this role to the ActiveSyncRole group, I can follow this way to
remote wipe for other users:
Under ECP->Choose “Another User” under
Mail>Options:->Then choose which mailbox you want to check ->Phone-> Then you can remote wipe for the user
User Options Role
http://technet.microsoft.com/en-us/library/dd876960.aspx
Thanks,
Evan
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2011 2:57am
that gives them (helpdesk) more access than they need to. i only need them to have activesync wipe out
July 17th, 2011 4:58pm