Any way of disabling Exchange password lock requirement

Discussion in 'iOS Apps' started by Riemann Zeta, Jul 10, 2008.

  1. macrumors 6502a

    Joined:
    Feb 12, 2008
    #1
    One of the features of OS 2.0 that I have been waiting for is exchange support. However, now that it is here, it is more annoying than simply using Safari and webmail. That is, when I set up the Mail app for an exchange server, it requires that I have a passcode lock on my phone and this setting cannot be altered. Hence, every single time I turn the phone on--say, to skip to a particular track I want to hear--I have to fumble with numeric codes, instead of using the oh-so-useful "slide to unlock" feature. Anyone know of any way to (or an App that can) disable the forced password "feature."
     
  2. macrumors newbie

    Joined:
    Jul 11, 2008
    #2
    I too would love to find out if there is a way to do this.
     
  3. macrumors 6502

    Joined:
    May 6, 2004
    Location:
    Milwaukee, Wisconsin
    #3
    This is part of exchange policy features on the phone that makes it good for enterprise, there WILL BE NO way around this merely because if there was it wouldn't be a secure phone in the minds of corporations and wouldn't be adopted.

    To help solve your problem though, while it's off, can you double click the home button and bring up a small music controller?
     
  4. macrumors newbie

    Joined:
    Jul 11, 2008
    #4
    I too have the same issue, and it's pretty annoying, however there is a iPhone configuration utility(mac only) where you can setup a profile which you can install by emailling the profile to you phone, open the mail and install. It allows you to select that passcodes are not required....BUT after installing I still can't seem to switch it off.

    http://www.apple.com/support/iphone/enterprise/

    Anyone managed to get this to work? Or is it hardcoded that exchange == passcode.

    still love the phone though....
     
  5. macrumors 6502a

    Joined:
    Apr 3, 2006
    Location:
    Charlotte, NC
    #5
    This policy must be set by your enterprise IT administrator. Because I have exchange on my iphone and I swear that I have no password lock whatsoever. So I don't think it is the fault of the iphone more its probably the fault of some security setting in exchange. I wouldn't blame Apple on this one.
     
  6. macrumors newbie

    Joined:
    Jul 11, 2008
    #6
    I use 1&1 hosted exchange mail account, so they must have their policy set. Unlikey to change I would think :(
     
  7. macrumors regular

    Joined:
    Jul 19, 2004
    #7
    I'm sure this is true in many companies, but not all. My firm certainly doesn't make us enter passwords on our Blackberries every time we turn it on or unlock it. I hope I won't have to do the same when I use m iPhone.
     
  8. macrumors member

    Joined:
    Aug 7, 2003
    #8
    It is definately an Exchange setting.

    We have a 2003 exchange server and I have no lock (but I'm the admin ... so that helps)
     
  9. macrumors 6502a

    Joined:
    Apr 3, 2006
    Location:
    Charlotte, NC
    #9
    I found the place where you could disable it.(Provided that you are the exchange admin)

    http://technet.microsoft.com/en-us/magazine/cc161030(TechNet.10).aspx

    Look under Device Password Policies header.

    "Many administrators want to know how they can enforce a PIN on the device. In the past, there wasn’t a solution built into Exchange (though there are third-party products that provide this capability). But Exchange Server 2003 SP2 now enables you to configure a central policy that requires all mobile device users to protect their device with a password in order to access the Exchange Server.

    To specify security settings for mobile devices using Exchange System Manager, right-click Mobile Services and then click Properties. On the Mobile Services Properties dialog box, click the Device Security button. You’ll see the Device Security Settings dialog box shown in Figure 2. To enable password policy for devices, make sure the Enforce password on device option is checked."
     
  10. macrumors newbie

    Joined:
    Jul 15, 2008
    #10
    The "Enforce password on device" option is set True "out of the box", so it's probably not really a corporate policy issue so much as just the default behavior.

    A slightly better way to "fix" the problem is to add your domain account to the list of Exceptions. To do this, click the "Exceptions" button on the "Device Security Settings" panel. Then add your account to the list. Now you won't be required to have a passcode on your iPhone, even if the "Enforce password on device" option is set to True.
     
  11. macrumors regular

    bdorpetzl

    Joined:
    Jul 13, 2007
    Location:
    Port Washington, Wisconsin - Boats and Beer . . .
    #11
    This is in fact a setting on the Exchange server. It is part of the active sync mailbox policy. Your IT department has set this as a requirement. I had this set I my phone, however, since I administer my exchange box I removed it from my mailbox policies.
     
  12. macrumors regular

    Joined:
    Jul 14, 2008
    Location:
    Santa Monica, CA
    #12
    Not only does it seem to be an exchange issue, it seems that at the exchange level you can allow some iPhones (users) to operate without the passcode requirement and other are subject to the passcode requirement.

    My colleague's iPhone out of the box did not require the passcode whereas mine did. I'm in touch with IT to let this brother in without a passcode.
     
  13. macrumors regular

    Joined:
    Oct 3, 2007
    #13
    This isn't an iphone issue its an exchange security policy setting. It needs to be set on the exchange server.

    Just get your network administrator to add you to the exclusions list of the policy. Thats all I did.

    There is no way to turn this off from the iphone though.
     
  14. macrumors newbie

    Joined:
    Jul 15, 2008
    #14
    I disabled the Exchange PIN this way.

    How to disable Exchange PIN requirement.

    a. Jailbreak.
    b. SSH into the phone as [ root ]
    c. Edit the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
    d. Make the following change, setting of the key "minLength" to zero.

    <key>PolicyInformation</key>
    <dict>
    <key>maxFailedAttempts</key>
    <integer>10</integer>
    <key>maxInactivity</key>
    <integer>60</integer>
    <key>minLength</key>
    <integer>0</integer>
    </dict>

    e. Now go into preferences and turn autolock off.

    At first I upped the "maxInactivity" to "6000" and "minLength" to "0". Then I just set the "maxInactivity" back to "60". Either way, I don't have to use the PIN anymore because the the lock is now off. Whooohooo! :)

    Just be aware that the actual mail is not encrypted so anyone that steals your phone can read the Exchange email. Wonder why they didn't encrypt it like the Blackberry does. Maybe iPhone v6.0 in 2010.
     
  15. macrumors regular

    Joined:
    Dec 4, 2007
    #15
    There must be a way to turn it off from the iphone via a hack or program. WM users developed a way around this same feature using mortscript, I think.
     
  16. macrumors newbie

    Joined:
    Aug 29, 2007
    #16
    I just ran through an Exchange setup on the iPhone and ran into the passcode problem. My account is hosted with 1&1 and after some give-and-take with them, they assured me the passcode was not a requirement on the server side.

    Apple's MobileMe service doesn't require a passcode. I understand why any given company would want to protect their Exchange server with a passcode, so why wouldn't Apple want to protect the MobileMe system with a passcode?

    Point being, if Apple doesn't require a passcode and 1&1 doesn't require a passcode, where's it coming from? Exchange is an easier solution for us than MobileMe, but not at the expense of having to enter a passcode every time you pick up the phone.

    I would be very interested if someone uncovers the silver bullet to shut this off.
     
  17. macrumors newbie

    Joined:
    Jul 15, 2008
    #17
    Despite the assurances you received from 1&1, I think the problem is still with them. The reason is that when you install Exchange server, the mobile device password requirement is on by default. So if nobody ever makes a decision about it, it's just on.

    I found this out when I installed my own Exchange 2003 Server and tried to connect both a Windows Smartphone and an iPhone 3G to it. I had to add myself to the exceptions list to fix it.

    Alternately, you can follow the instructions another user left above for the Jailbreak solution, which doesn't require you to convince someone that the Exchange Server is indeed the source of the requirement.
     
  18. macrumors newbie

    Joined:
    Aug 4, 2008
    #18
    i know how to stop it

    a. Jailbreak.
    b. SSH into the phone as [ root ]
    c. delete the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ] and you are done go ack to password lock and disable it by entering your password
     
  19. thread starter macrumors 6502a

    Joined:
    Feb 12, 2008
    #19
    Wow, thanks guys. I knew some l33t iPhone hackers would eventually find a way to do it on a JB phone. Now I just have to wait until the JB process actually works (Pwnage never worked for me w/ OS 2.0.0) and is updated for 2.0.1.

    Once again, props for discovering this--it will make email 100% less annoying (and it's not like I work for the bloody CIA).
     
  20. macrumors 68000

    NightFox

    Joined:
    May 10, 2005
    Location:
    Shropshire, UK
    #20
    Been there, done that, worn the T-shirt etc etc

    I can assure you that this is set by 1and1. I've been using their hosted Exchange account for years and had exactly the same problem with my Windows Mobile phones. And I know that they've told an earlier poster that this isn't the case, but I've had acknowledgement from their admins (rather than just cust servs) that they do, and they won't take it off. Basically, because they're running a hosted business service and could be liable if your Exchange account is hacked, they're trying to protect themselves against their customers having their phones lost or stolen and therefore their Exchange accounts compromised.

    You can't actually turn this setting off from a client (e.g. iPhone), but there was a hack for Windows Mobile. From what I remember, you could temporarily change the policy on the phone, but once a day the Exchange server would re-enforce it. The hack was basically just a script that kept checking the registry to see if the policy had been re-enforced on the phone, and if it had it just turned it off again. So basically you couldn't stop Exchange enforcing the policy, but you could just turn it off automatically every time it did.

    From what I can see on my iPhone, it doesn't give you the option of manually overriding the policy between enforcements though, at least not through the UI. So I'm not sure how viable it would be a write a similar hack.
     
  21. macrumors newbie

    Joined:
    Aug 7, 2008
    #21
    Done that

    Did unlock iphone 3G and disabled policy in "com.apple.springboard.plist" file but no luck.
    Exchange client enforces policy almost every time it tries to sync. Policy kicks back in few minutes.

    It is interesting to note that only windows mobile and iphones have this policy enforcement, blackberrys don't enforce the policy.
     
  22. macrumors newbie

    Joined:
    Jan 13, 2009
    #22
    iPhone Exchange Forced Password Lock: Steps to Disable by Hacking

    I have successfully disabled the email exchange policy based forced password-lock on my iPhone 3G.

    This disables the forced and seemingly irreversible auto password lock feature required to synch an iPhone with certain exchange email servers.

    I followed the instructions laid out by smart 2 below (thanks!) - but had to a bit of fiddling along the way so here is a bit more detail.

    a. Jailbreak.
    - I followed the steps described here:

    b. SSH into the phone as [ root ]
    - Ensure iPhone and Computer are both connected to your WiFi Network
    - Install the "OpenSSH" Application via cydia on my Jailbroken Phone
    - I have also installed "BossPrefs" Application and use to enable/disable SSH - this may not be necessary.
    - Install WinSCP on your PC.
    - Open WinSCP & Enter SSH Parameters along the lines of:

    - Host Name: IP Address of iPhone (e.g. 192.168.1.XX)
    - User Name: Root
    - Password: Alpine
    - Port: 22

    - Ensure iPhone is not hibernating and click Login.

    c. delete the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
    - On deleting this file, password settings can immediately be changed/disabled within the "Settings>General" menu - be warned you will need to enter the password before you can disable it.
    - Once the password is disabled, no reset appears to be required.
    - I have rebooted for good measure, no awkward password is required (as it happens I have now applied the 4 char pin on initial phone access, but certainly no 15 min auto-lock!) and email synch still works.
     
  23. macrumors 6502

    Joined:
    Dec 28, 2007
    #23
    Note: If your iPhone is company issued, then DON'T JAILBREAK, it might violate the company policy on hacking your electronics. No, this is not at&t killing your phone, it might be your company's iPhone management tool thinking that jailbreak = stolen phone = all your data erased!

    If it's not company issued phone, go ahead, it's yours! Jailbreak your phone!

    PS: Had similar issue, jailbreak my phone to fix the issue, sent Apple the code on how to fix the issue, and your issue might be addressed on iPhone 2.3 update.
     
  24. macrumors newbie

    Joined:
    Jan 13, 2009
    #24
    I spoke too soon...

    Re the solution steps I outlined in previous post - It's been about 6 hours and Exchange has just disconnected further synchronisation and forced me to re-enable the password lock, which I have begrudgingly done.

    Hmph - Guess I'll try the other methods identified.
     
  25. macrumors newbie

    travelerM5

    Joined:
    Jan 16, 2009
    Location:
    Germany
    #25
    Any updates?

    SuperStyler,

    Did you ever manage how to disable the passcode or tweak it. I have heard of killexchage but I thing editing config files is a much cleaner solution.​
     

Share This Page