One of the features of OS 2.0 that I have been waiting for is exchange support. However, now that it is here, it is more annoying than simply using Safari and webmail. That is, when I set up the Mail app for an exchange server, it requires that I have a passcode lock on my phone and this setting cannot be altered. Hence, every single time I turn the phone on--say, to skip to a particular track I want to hear--I have to fumble with numeric codes, instead of using the oh-so-useful "slide to unlock" feature. Anyone know of any way to (or an App that can) disable the forced password "feature."
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Any way of disabling Exchange password lock requirement
- Thread starter Riemann Zeta
- Start date
- Sort by reaction score
This is part of exchange policy features on the phone that makes it good for enterprise, there WILL BE NO way around this merely because if there was it wouldn't be a secure phone in the minds of corporations and wouldn't be adopted.
To help solve your problem though, while it's off, can you double click the home button and bring up a small music controller?
I too have the same issue, and it's pretty annoying, however there is a iPhone configuration utility(mac only) where you can setup a profile which you can install by emailling the profile to you phone, open the mail and install. It allows you to select that passcodes are not required....BUT after installing I still can't seem to switch it off.
http://www.apple.com/support/iphone/enterprise/
Anyone managed to get this to work? Or is it hardcoded that exchange == passcode.
still love the phone though....
http://www.apple.com/support/iphone/enterprise/
Anyone managed to get this to work? Or is it hardcoded that exchange == passcode.
still love the phone though....
This policy must be set by your enterprise IT administrator. Because I have exchange on my iphone and I swear that I have no password lock whatsoever. So I don't think it is the fault of the iphone more its probably the fault of some security setting in exchange. I wouldn't blame Apple on this one.
I found the place where you could disable it.(Provided that you are the exchange admin)
http://technet.microsoft.com/en-us/magazine/cc161030(TechNet.10).aspx
Look under Device Password Policies header.
"Many administrators want to know how they can enforce a PIN on the device. In the past, there wasnt a solution built into Exchange (though there are third-party products that provide this capability). But Exchange Server 2003 SP2 now enables you to configure a central policy that requires all mobile device users to protect their device with a password in order to access the Exchange Server.
To specify security settings for mobile devices using Exchange System Manager, right-click Mobile Services and then click Properties. On the Mobile Services Properties dialog box, click the Device Security button. Youll see the Device Security Settings dialog box shown in Figure 2. To enable password policy for devices, make sure the Enforce password on device option is checked."
http://technet.microsoft.com/en-us/magazine/cc161030(TechNet.10).aspx
Look under Device Password Policies header.
"Many administrators want to know how they can enforce a PIN on the device. In the past, there wasnt a solution built into Exchange (though there are third-party products that provide this capability). But Exchange Server 2003 SP2 now enables you to configure a central policy that requires all mobile device users to protect their device with a password in order to access the Exchange Server.
To specify security settings for mobile devices using Exchange System Manager, right-click Mobile Services and then click Properties. On the Mobile Services Properties dialog box, click the Device Security button. Youll see the Device Security Settings dialog box shown in Figure 2. To enable password policy for devices, make sure the Enforce password on device option is checked."
The "Enforce password on device" option is set True "out of the box", so it's probably not really a corporate policy issue so much as just the default behavior.
A slightly better way to "fix" the problem is to add your domain account to the list of Exceptions. To do this, click the "Exceptions" button on the "Device Security Settings" panel. Then add your account to the list. Now you won't be required to have a passcode on your iPhone, even if the "Enforce password on device" option is set to True.
A slightly better way to "fix" the problem is to add your domain account to the list of Exceptions. To do this, click the "Exceptions" button on the "Device Security Settings" panel. Then add your account to the list. Now you won't be required to have a passcode on your iPhone, even if the "Enforce password on device" option is set to True.
This is in fact a setting on the Exchange server. It is part of the active sync mailbox policy. Your IT department has set this as a requirement. I had this set I my phone, however, since I administer my exchange box I removed it from my mailbox policies.
Not only does it seem to be an exchange issue, it seems that at the exchange level you can allow some iPhones (users) to operate without the passcode requirement and other are subject to the passcode requirement.
My colleague's iPhone out of the box did not require the passcode whereas mine did. I'm in touch with IT to let this brother in without a passcode.
My colleague's iPhone out of the box did not require the passcode whereas mine did. I'm in touch with IT to let this brother in without a passcode.
This isn't an iphone issue its an exchange security policy setting. It needs to be set on the exchange server.
Just get your network administrator to add you to the exclusions list of the policy. Thats all I did.
There is no way to turn this off from the iphone though.
Just get your network administrator to add you to the exclusions list of the policy. Thats all I did.
There is no way to turn this off from the iphone though.
I disabled the Exchange PIN this way.
How to disable Exchange PIN requirement.
a. Jailbreak.
b. SSH into the phone as [ root ]
c. Edit the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
d. Make the following change, setting of the key "minLength" to zero.
<key>PolicyInformation</key>
<dict>
<key>maxFailedAttempts</key>
<integer>10</integer>
<key>maxInactivity</key>
<integer>60</integer>
<key>minLength</key>
<integer>0</integer>
</dict>
e. Now go into preferences and turn autolock off.
At first I upped the "maxInactivity" to "6000" and "minLength" to "0". Then I just set the "maxInactivity" back to "60". Either way, I don't have to use the PIN anymore because the the lock is now off. Whooohooo!
Just be aware that the actual mail is not encrypted so anyone that steals your phone can read the Exchange email. Wonder why they didn't encrypt it like the Blackberry does. Maybe iPhone v6.0 in 2010.
How to disable Exchange PIN requirement.
a. Jailbreak.
b. SSH into the phone as [ root ]
c. Edit the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
d. Make the following change, setting of the key "minLength" to zero.
<key>PolicyInformation</key>
<dict>
<key>maxFailedAttempts</key>
<integer>10</integer>
<key>maxInactivity</key>
<integer>60</integer>
<key>minLength</key>
<integer>0</integer>
</dict>
e. Now go into preferences and turn autolock off.
At first I upped the "maxInactivity" to "6000" and "minLength" to "0". Then I just set the "maxInactivity" back to "60". Either way, I don't have to use the PIN anymore because the the lock is now off. Whooohooo!
Just be aware that the actual mail is not encrypted so anyone that steals your phone can read the Exchange email. Wonder why they didn't encrypt it like the Blackberry does. Maybe iPhone v6.0 in 2010.
There must be a way to turn it off from the iphone via a hack or program. WM users developed a way around this same feature using mortscript, I think.
I just ran through an Exchange setup on the iPhone and ran into the passcode problem. My account is hosted with 1&1 and after some give-and-take with them, they assured me the passcode was not a requirement on the server side.
Apple's MobileMe service doesn't require a passcode. I understand why any given company would want to protect their Exchange server with a passcode, so why wouldn't Apple want to protect the MobileMe system with a passcode?
Point being, if Apple doesn't require a passcode and 1&1 doesn't require a passcode, where's it coming from? Exchange is an easier solution for us than MobileMe, but not at the expense of having to enter a passcode every time you pick up the phone.
I would be very interested if someone uncovers the silver bullet to shut this off.
Apple's MobileMe service doesn't require a passcode. I understand why any given company would want to protect their Exchange server with a passcode, so why wouldn't Apple want to protect the MobileMe system with a passcode?
Point being, if Apple doesn't require a passcode and 1&1 doesn't require a passcode, where's it coming from? Exchange is an easier solution for us than MobileMe, but not at the expense of having to enter a passcode every time you pick up the phone.
I would be very interested if someone uncovers the silver bullet to shut this off.
Despite the assurances you received from 1&1, I think the problem is still with them. The reason is that when you install Exchange server, the mobile device password requirement is on by default. So if nobody ever makes a decision about it, it's just on.
I found this out when I installed my own Exchange 2003 Server and tried to connect both a Windows Smartphone and an iPhone 3G to it. I had to add myself to the exceptions list to fix it.
Alternately, you can follow the instructions another user left above for the Jailbreak solution, which doesn't require you to convince someone that the Exchange Server is indeed the source of the requirement.
Wow, thanks guys. I knew some l33t iPhone hackers would eventually find a way to do it on a JB phone. Now I just have to wait until the JB process actually works (Pwnage never worked for me w/ OS 2.0.0) and is updated for 2.0.1.
Once again, props for discovering this--it will make email 100% less annoying (and it's not like I work for the bloody CIA).
Once again, props for discovering this--it will make email 100% less annoying (and it's not like I work for the bloody CIA).
Been there, done that, worn the T-shirt etc etc
I can assure you that this is set by 1and1. I've been using their hosted Exchange account for years and had exactly the same problem with my Windows Mobile phones. And I know that they've told an earlier poster that this isn't the case, but I've had acknowledgement from their admins (rather than just cust servs) that they do, and they won't take it off. Basically, because they're running a hosted business service and could be liable if your Exchange account is hacked, they're trying to protect themselves against their customers having their phones lost or stolen and therefore their Exchange accounts compromised.
You can't actually turn this setting off from a client (e.g. iPhone), but there was a hack for Windows Mobile. From what I remember, you could temporarily change the policy on the phone, but once a day the Exchange server would re-enforce it. The hack was basically just a script that kept checking the registry to see if the policy had been re-enforced on the phone, and if it had it just turned it off again. So basically you couldn't stop Exchange enforcing the policy, but you could just turn it off automatically every time it did.
From what I can see on my iPhone, it doesn't give you the option of manually overriding the policy between enforcements though, at least not through the UI. So I'm not sure how viable it would be a write a similar hack.
I can assure you that this is set by 1and1. I've been using their hosted Exchange account for years and had exactly the same problem with my Windows Mobile phones. And I know that they've told an earlier poster that this isn't the case, but I've had acknowledgement from their admins (rather than just cust servs) that they do, and they won't take it off. Basically, because they're running a hosted business service and could be liable if your Exchange account is hacked, they're trying to protect themselves against their customers having their phones lost or stolen and therefore their Exchange accounts compromised.
You can't actually turn this setting off from a client (e.g. iPhone), but there was a hack for Windows Mobile. From what I remember, you could temporarily change the policy on the phone, but once a day the Exchange server would re-enforce it. The hack was basically just a script that kept checking the registry to see if the policy had been re-enforced on the phone, and if it had it just turned it off again. So basically you couldn't stop Exchange enforcing the policy, but you could just turn it off automatically every time it did.
From what I can see on my iPhone, it doesn't give you the option of manually overriding the policy between enforcements though, at least not through the UI. So I'm not sure how viable it would be a write a similar hack.
Done that
Did unlock iphone 3G and disabled policy in "com.apple.springboard.plist" file but no luck.
Exchange client enforces policy almost every time it tries to sync. Policy kicks back in few minutes.
It is interesting to note that only windows mobile and iphones have this policy enforcement, blackberrys don't enforce the policy.
Did unlock iphone 3G and disabled policy in "com.apple.springboard.plist" file but no luck.
Exchange client enforces policy almost every time it tries to sync. Policy kicks back in few minutes.
It is interesting to note that only windows mobile and iphones have this policy enforcement, blackberrys don't enforce the policy.
iPhone Exchange Forced Password Lock: Steps to Disable by Hacking
I have successfully disabled the email exchange policy based forced password-lock on my iPhone 3G.
This disables the forced and seemingly irreversible auto password lock feature required to synch an iPhone with certain exchange email servers.
I followed the instructions laid out by smart 2 below (thanks!) - but had to a bit of fiddling along the way so here is a bit more detail.
a. Jailbreak.
- I followed the steps described here:
b. SSH into the phone as [ root ]
- Ensure iPhone and Computer are both connected to your WiFi Network
- Install the "OpenSSH" Application via cydia on my Jailbroken Phone
- I have also installed "BossPrefs" Application and use to enable/disable SSH - this may not be necessary.
- Install WinSCP on your PC.
- Open WinSCP & Enter SSH Parameters along the lines of:
- Host Name: IP Address of iPhone (e.g. 192.168.1.XX)
- User Name: Root
- Password: Alpine
- Port: 22
- Ensure iPhone is not hibernating and click Login.
c. delete the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
- On deleting this file, password settings can immediately be changed/disabled within the "Settings>General" menu - be warned you will need to enter the password before you can disable it.
- Once the password is disabled, no reset appears to be required.
- I have rebooted for good measure, no awkward password is required (as it happens I have now applied the 4 char pin on initial phone access, but certainly no 15 min auto-lock!) and email synch still works.
I have successfully disabled the email exchange policy based forced password-lock on my iPhone 3G.
This disables the forced and seemingly irreversible auto password lock feature required to synch an iPhone with certain exchange email servers.
I followed the instructions laid out by smart 2 below (thanks!) - but had to a bit of fiddling along the way so here is a bit more detail.
a. Jailbreak.
- I followed the steps described here:
b. SSH into the phone as [ root ]
- Ensure iPhone and Computer are both connected to your WiFi Network
- Install the "OpenSSH" Application via cydia on my Jailbroken Phone
- I have also installed "BossPrefs" Application and use to enable/disable SSH - this may not be necessary.
- Install WinSCP on your PC.
- Open WinSCP & Enter SSH Parameters along the lines of:
- Host Name: IP Address of iPhone (e.g. 192.168.1.XX)
- User Name: Root
- Password: Alpine
- Port: 22
- Ensure iPhone is not hibernating and click Login.
c. delete the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
- On deleting this file, password settings can immediately be changed/disabled within the "Settings>General" menu - be warned you will need to enter the password before you can disable it.
- Once the password is disabled, no reset appears to be required.
- I have rebooted for good measure, no awkward password is required (as it happens I have now applied the 4 char pin on initial phone access, but certainly no 15 min auto-lock!) and email synch still works.
Note: If your iPhone is company issued, then DON'T JAILBREAK, it might violate the company policy on hacking your electronics. No, this is not at&t killing your phone, it might be your company's iPhone management tool thinking that jailbreak = stolen phone = all your data erased!
If it's not company issued phone, go ahead, it's yours! Jailbreak your phone!
PS: Had similar issue, jailbreak my phone to fix the issue, sent Apple the code on how to fix the issue, and your issue might be addressed on iPhone 2.3 update.
If it's not company issued phone, go ahead, it's yours! Jailbreak your phone!
PS: Had similar issue, jailbreak my phone to fix the issue, sent Apple the code on how to fix the issue, and your issue might be addressed on iPhone 2.3 update.
I spoke too soon...
Re the solution steps I outlined in previous post - It's been about 6 hours and Exchange has just disconnected further synchronisation and forced me to re-enable the password lock, which I have begrudgingly done.
Hmph - Guess I'll try the other methods identified.
Re the solution steps I outlined in previous post - It's been about 6 hours and Exchange has just disconnected further synchronisation and forced me to re-enable the password lock, which I have begrudgingly done.
Hmph - Guess I'll try the other methods identified.
Any updates?
SuperStyler,
Did you ever manage how to disable the passcode or tweak it. I have heard of killexchage but I thing editing config files is a much cleaner solution.
Did you ever manage how to disable the passcode or tweak it. I have heard of killexchage but I thing editing config files is a much cleaner solution.