Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Exchange/ActiveSync Mandatory (?) Password Lock - Experiences?

J

JohnTree

macrumors newbie
Original poster
Jul 13, 2008
8
0
I've been searching for new posts on this, but have only seen sporadic comments here and there...some users have reported on the (apparent) mandatory password lock when the screen lock is activated, once Exchange / ActiveSync is set up with the 2.0 software.

I was hoping to get some feedback from users who have lived with this for a few days - I'm on the fence about the 3G iPhone, with the Exchange interface/user experience being the item that will push me over to ether side. I'm curious to know if you see this as a major headache, and also to know a few key things:

-- Is the password the same as your Exchange password, or is it a unique password to the iPhone (meaning, could I make a simpler password for the unlock)?
-- Someone indicated that the password lock comes into play *every time* the screen is locked...would this mean that you can't regain control of the iPhone for any purpose (including actual phone functions) until the password is entered?
-- Has anyone found a way to disable the password requirement, if you elected to do so?

I appreciate any feedback. Thanks.
 
Not 100% what you're talking about.

I have Exchange setup for work as well as my private gmail accounts and the passcode lock was certainly optional. I only set it up last night in fact so before then it was completely open.

Hope that helps.

[edit] Ok, I reread your post and I'm guessing if you're asking whether or not the passcode is somehow affiliated or has a relation to the Exchange setup. The answer is: No.
The passcode that you'd enter every time your iPhone wakes from sleep or gets turned on is simply set by the phone is is only 4 digits. The Exchange account (and all mail) are setup and the password is saved in the phone and you never have to change it again.
 
Employer/Administrator Security Requirement

This is a feature that your Employer (or Exchange Administrator) sets up and not an out-of-the-box Exchange setting. Many employers add as much security as possible to their Exchange implementation and that includes forcing ActiveSync users to setup a 5 digit PIN. When you configure the iPhone for Exchange the phone will get the settings from the Exchange server and if the Administrator has required a PIN to be enforced you will be prompted to select a 5 digit PIN. There is a bug in Apple's implementation that allows you to use alpha characters (versus numbers), but never-the-less you must set a 5 character/digit PIN code. This is then stored on the phone with a 15min default setting. Meaning that after 15min of inactivity you will be prompted to enter the PIN to get into the phone. You can change the timeframe in Settings up to a maximum of 1 hour of inactivity. The iPhone will not allow you to remove the PIN requirement unless you delete the Exchange server account from the phone. PLEASE NOTE: This is NOT an iPhone issue, it is a standard feature for ALL ACTIVESYNC phones! If your Administrator has put the PIN requirement in place you have the exact same requirement on a windows phone. Employers choose this enhanced security for many reasons, including: If you lose your phone and someone finds it and isn't locked they can send out emails using your phone that would be traversing thru your employers Exchange server.

Also as a side note: there is a registry hack available for Windows mobile phones that allows you to remove the PIN requirement. I highly doubt such a hack will become available for the iPhone given that editing a registry type of work-around is not available on the iPhone.
 
Bad placement of required Exchanged passcode

Being in the corporate IT world for 15 years, I understand the security aspect of corporate email. I fully embrace some sort of mail locking capability, but why does the iPhone have to have the ‘hook’ at the very first step to access the many great features of the iPhone. I configured my iPhone for Exchange. I was asked to set a passcode before the Exchange mail client would work. I found the location to extend the time interval for the passcode, however my options were, 1, 5, and 15 minutes.

I thought about this. If I wanted to check stocks, or use the map, or SMS, or look up a contact, or any of the other useful features of the iPhone, I had to enter a 6 alpha-numeric character including special character passcode… A few seconds later Exchange client was removed. So unfortunate.

Why couldn’t Apple code the location for the passcode closer to viewing the Exchange mail box? For instance, when you enter the Exchange Mail box area. Who will have the patience to enter a passcode every time you “slide to unlock”?
 
In exchange 2003 this was an optional feature in exchange 2007 the exchange admin has to uncheck this option while setting up the server or create another active sync policy.

If you are friends with your exchange admin. You can propably bribe them with beer to change the option in your user info panel in the exchange management console
 
Jim5280, this is standard Exchange config, the phone is totally locked by the PIN. Apple was just following standard ActiveSync/Exchange security. Since you could not choose the 1 hour option, which I was able to choose, this must be something the Exchange server can control as well. Don't blame Apple, the choices were made by your Employer/Administrator.
 
How to disable Exchange PIN requirement.

a. Jailbreak.
b. SSH into the phone as [ root ]
c. Edit the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
d. Make the following change, setting to the key "minLength" to zero.

<key>PolicyInformation</key>
<dict>
<key>maxFailedAttempts</key>
<integer>10</integer>
<key>maxInactivity</key>
<integer>60</integer>
<key>minLength</key>
<integer>0</integer>
</dict>

e. Now go into preferences and turn autolock off.
 
Enter Wrong Pin

What happens if someone gets a hold of your phone and enters an incorrect pin multiple times? Do you get locked out of your phone? Will you have to restore? Is the number of attempts set by your company?
 
Luser said:
What happens if someone gets a hold of your phone and enters an incorrect pin multiple times? Do you get locked out of your phone? Will you have to restore? Is the number of attempts set by your company?
Click to expand...

That is a good question. I know BB's zeroize themselves, doesn't MS Exchange have the same feature?
 
diamond.g said:
That is a good question. I know BB's zeroize themselves, doesn't MS Exchange have the same feature?
Click to expand...

Yes the iPhone has the option to auto wipe the device after xx amount of incorrect Passcode entries. The setting can be controlled by the Exchange admin.
 
How to disable iphone Passcode Lock used with MS Exchange

Firstly, as an MS Exchange administrator, you can turn off Device Security in MS Exchange Server - refer http://technet.microsoft.com/en-us/magazine/2006.01.staybetterconnected.aspx - and the iphone will still have no option to disable the passcode lock from (Settings-> General -> Passcode Lock).

The issue is with the iphone not MS Exchange, after your MS Exchange administator turns off the Device Security.

Jailbreak device solutions in the corpoarte world is not acceptable!!!!

THE SOLUTION IS SIMPLE:
1. On your iphone go to Settings->Mail, Contacts, Calendars->Accounts (your MS Exchange account) and turn OFF your Exchange ActiveSync Mail, you will be askes to enter your passcode lock.
2. Next go to Settings->General->Passcode Lock and Disable will be an option.
3. Then go back to Mail, Contacts, Calendars->Accounts (your MS Exchange account) and turn ON your Exchange ActiveSync Mail.

IT IS AS LOGICAL AS THAT!!!
 
Does this work for anyone else? Keen to find a solution.


Thanks

smoked2na said:
a. Jailbreak.
b. SSH into the phone as [ root ]
c. Edit the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
d. Make the following change, setting to the key "minLength" to zero.

<key>PolicyInformation</key>
<dict>
<key>maxFailedAttempts</key>
<integer>10</integer>
<key>maxInactivity</key>
<integer>60</integer>
<key>minLength</key>
<integer>0</integer>
</dict>

e. Now go into preferences and turn autolock off.
Click to expand...
 
^^ I'm sure that's actually what's happening, but I just downloaded a jailbreak "app" that does the same thing for me.

I know I shouldn't disable the passcode, but it's just so annoying :)
 
xcrunner said:
^^ I'm sure that's actually what's happening, but I just downloaded a jailbreak "app" that does the same thing for me.

I know I shouldn't disable the passcode, but it's just so annoying :)
Click to expand...

Which app. And does it work perminately?
 
Exchange Unlock from BigBoss Cydia repository. Yes, it will take effect as long as you're jailbroken and have that "app" installed (it doesn't ever actually have an icon on the homescreen).
 
xcrunner said:
Exchange Unlock from BigBoss Cydia repository. Yes, it will take effect as long as you're jailbroken and have that "app" installed (it doesn't ever actually have an icon on the homescreen).
Click to expand...

Wicked. Ta mate. Just need sprint released and am sorted.
 
badgerman said:
Does this work for anyone else? Keen to find a solution.


Thanks
Click to expand...

Yes! This worked perfectly! Although, I had to also change 'forcePIN' to 0 also.
Thanks heaps to whoever posted this!

BTW, also tried the cydia app people were talking about, but didn't work...
 
Have to also disable Contacts & Calendars (if being synced so basically disabling your Exchange account without actually deleting it).

Cheers.

Sonter said:
Firstly, as an MS Exchange administrator, you can turn off Device Security in MS Exchange Server - refer http://technet.microsoft.com/en-us/magazine/2006.01.staybetterconnected.aspx - and the iphone will still have no option to disable the passcode lock from (Settings-> General -> Passcode Lock).

The issue is with the iphone not MS Exchange, after your MS Exchange administator turns off the Device Security.

Jailbreak device solutions in the corpoarte world is not acceptable!!!!

THE SOLUTION IS SIMPLE:
1. On your iphone go to Settings->Mail, Contacts, Calendars->Accounts (your MS Exchange account) and turn OFF your Exchange ActiveSync Mail, you will be askes to enter your passcode lock.
2. Next go to Settings->General->Passcode Lock and Disable will be an option.
3. Then go back to Mail, Contacts, Calendars->Accounts (your MS Exchange account) and turn ON your Exchange ActiveSync Mail.

IT IS AS LOGICAL AS THAT!!!
Click to expand...
 
passcode prompt re-appears

sonter's steps worked. unfortunately a message came up stating: passcode requirement. the account "exchange" will not download new data until a new passcode is set. there is a later or continue option. so it appears there is not any procedure to remove the passcode with out jailbreaking the phone.
 
iPad too?

smoked2na said:
a. Jailbreak.
b. SSH into the phone as [ root ]
c. Edit the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
d. Make the following change, setting to the key "minLength" to zero.

<key>PolicyInformation</key>
<dict>
<key>maxFailedAttempts</key>
<integer>10</integer>
<key>maxInactivity</key>
<integer>60</integer>
<key>minLength</key>
<integer>0</integer>
</dict>

e. Now go into preferences and turn autolock off.
Click to expand...

Looks like these instructions are for iPhone. Do they work for iPad too?

Thanks.
 
Followup question to above thread, about Exchange/Active Sync eMail

Does having Exchange/Active Sync eMail on my "personal phone" give access of any sort to the employer, for instance who I call, my location, what I browse on the internet, my app usage, my other email, chat, etc?? Just want to be sure the only thing my employer has access to is the "Exchange" email, want my privacy to be intact.

I gave my employer's phone back because I couldn't stand the fact that they control the phone and have access to my call history and my privacy. So I got my own phone and installed my work Exchange email.

Also, It's just frustrating that the exchange installation forces me to have a 6 digit passcode, which I understand we can't do any about based on the thread above.

Anyway, please let me know if my privacy is intact on my personal phone at least, your response is greatly appreciated.
 
vishals said:
Does having Exchange/Active Sync eMail on my "personal phone" give access of any sort to the employer, for instance who I call, my location, what I browse on the internet, my app usage, my other email, chat, etc?? Just want to be sure the only thing my employer has access to is the "Exchange" email, want my privacy to be intact.
Click to expand...

If all they are using is Exchange Activesync, then no, they cannot look at anything other than the e-mail account they provide you. They CAN however, enforce specific rules on your device, like whether or not a passcode is required, how long that passcode should be, if you need to change it after a while and how long that time period is, etc.

They can also get restrictive with things like allowing Wifi connections, camera use, Siri, installing of apps, etc. So, they can get really strict if they want to. But actual call logs and other information are not shared. It's only policy enforcement.

Full details on what can be done are here.

Oh yeah: They do have the ability to remotely wipe your phone, too. This is there in case the phone is lost and or stolen and they don't want sensitive info being leaked out.

Now, if the employer is using something more comprehensive like MobileIron, or some other system that requires an app be installed or a special certificate, then that's a different story. In that case, it is possible that monitoring could occur.

I gave my employer's phone back because I couldn't stand the fact that they control the phone and have access to my call history and my privacy. So I got my own phone and installed my work Exchange email.
Click to expand...

Well again, they can still get pretty restrictive on your personal device if they apply the right policies, but call logs, text messages, photos not sent over e-mail, and social networking stuff are out of their reach unless something more complex than Exchange is being used here.

Also, It's just frustrating that the exchange installation forces me to have a 6 digit passcode, which I understand we can't do any about based on the thread above.
Click to expand...

That restriction is set by your IT department. And to be honest, if you're that concerned about the privacy of the data on your phone, then you should be using complex passcodes. It's a little silly to be worried your employer will see things, but then be blasé about any casual snoop or their gaining access with a simple passcode.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back