Exchange/ActiveSync Mandatory (?) Password Lock - Experiences?

Discussion in 'iPhone' started by JohnTree, Jul 13, 2008.

  1. JohnTree macrumors newbie

    Joined:
    Jul 13, 2008
    #1
    I've been searching for new posts on this, but have only seen sporadic comments here and there...some users have reported on the (apparent) mandatory password lock when the screen lock is activated, once Exchange / ActiveSync is set up with the 2.0 software.

    I was hoping to get some feedback from users who have lived with this for a few days - I'm on the fence about the 3G iPhone, with the Exchange interface/user experience being the item that will push me over to ether side. I'm curious to know if you see this as a major headache, and also to know a few key things:

    -- Is the password the same as your Exchange password, or is it a unique password to the iPhone (meaning, could I make a simpler password for the unlock)?
    -- Someone indicated that the password lock comes into play *every time* the screen is locked...would this mean that you can't regain control of the iPhone for any purpose (including actual phone functions) until the password is entered?
    -- Has anyone found a way to disable the password requirement, if you elected to do so?

    I appreciate any feedback. Thanks.
     
  2. aforty macrumors 65816

    Joined:
    Nov 27, 2007
    Location:
    Brooklyn, NY
    #2
    Not 100% what you're talking about.

    I have Exchange setup for work as well as my private gmail accounts and the passcode lock was certainly optional. I only set it up last night in fact so before then it was completely open.

    Hope that helps.

    [edit] Ok, I reread your post and I'm guessing if you're asking whether or not the passcode is somehow affiliated or has a relation to the Exchange setup. The answer is: No.
    The passcode that you'd enter every time your iPhone wakes from sleep or gets turned on is simply set by the phone is is only 4 digits. The Exchange account (and all mail) are setup and the password is saved in the phone and you never have to change it again.
     
  3. w4rmk macrumors regular

    Joined:
    Feb 13, 2006
    #3
    Employer/Administrator Security Requirement

    This is a feature that your Employer (or Exchange Administrator) sets up and not an out-of-the-box Exchange setting. Many employers add as much security as possible to their Exchange implementation and that includes forcing ActiveSync users to setup a 5 digit PIN. When you configure the iPhone for Exchange the phone will get the settings from the Exchange server and if the Administrator has required a PIN to be enforced you will be prompted to select a 5 digit PIN. There is a bug in Apple's implementation that allows you to use alpha characters (versus numbers), but never-the-less you must set a 5 character/digit PIN code. This is then stored on the phone with a 15min default setting. Meaning that after 15min of inactivity you will be prompted to enter the PIN to get into the phone. You can change the timeframe in Settings up to a maximum of 1 hour of inactivity. The iPhone will not allow you to remove the PIN requirement unless you delete the Exchange server account from the phone. PLEASE NOTE: This is NOT an iPhone issue, it is a standard feature for ALL ACTIVESYNC phones! If your Administrator has put the PIN requirement in place you have the exact same requirement on a windows phone. Employers choose this enhanced security for many reasons, including: If you lose your phone and someone finds it and isn't locked they can send out emails using your phone that would be traversing thru your employers Exchange server.

    Also as a side note: there is a registry hack available for Windows mobile phones that allows you to remove the PIN requirement. I highly doubt such a hack will become available for the iPhone given that editing a registry type of work-around is not available on the iPhone.
     
  4. JohnTree thread starter macrumors newbie

    Joined:
    Jul 13, 2008
    #4
    Thanks for your responses - that clears up my concerns.
     
  5. jim5280 macrumors newbie

    Joined:
    Jul 14, 2008
    #5
    Bad placement of required Exchanged passcode

    Being in the corporate IT world for 15 years, I understand the security aspect of corporate email. I fully embrace some sort of mail locking capability, but why does the iPhone have to have the ‘hook’ at the very first step to access the many great features of the iPhone. I configured my iPhone for Exchange. I was asked to set a passcode before the Exchange mail client would work. I found the location to extend the time interval for the passcode, however my options were, 1, 5, and 15 minutes.

    I thought about this. If I wanted to check stocks, or use the map, or SMS, or look up a contact, or any of the other useful features of the iPhone, I had to enter a 6 alpha-numeric character including special character passcode… A few seconds later Exchange client was removed. So unfortunate.

    Why couldn’t Apple code the location for the passcode closer to viewing the Exchange mail box? For instance, when you enter the Exchange Mail box area. Who will have the patience to enter a passcode every time you “slide to unlock”?
     
  6. redsoxunixgeek macrumors regular

    redsoxunixgeek

    Joined:
    Dec 1, 2006
    Location:
    Salt Lake City YOOTah
    #6
    In exchange 2003 this was an optional feature in exchange 2007 the exchange admin has to uncheck this option while setting up the server or create another active sync policy.

    If you are friends with your exchange admin. You can propably bribe them with beer to change the option in your user info panel in the exchange management console
     
  7. Baron58 macrumors 6502

    Joined:
    Feb 19, 2004
    #7
    Not beer. Trader Joe's Dark Chocolate Covered Coffee Beans.
     
  8. w4rmk macrumors regular

    Joined:
    Feb 13, 2006
    #8
    Jim5280, this is standard Exchange config, the phone is totally locked by the PIN. Apple was just following standard ActiveSync/Exchange security. Since you could not choose the 1 hour option, which I was able to choose, this must be something the Exchange server can control as well. Don't blame Apple, the choices were made by your Employer/Administrator.
     
  9. redsoxunixgeek macrumors regular

    redsoxunixgeek

    Joined:
    Dec 1, 2006
    Location:
    Salt Lake City YOOTah
    #9
    Oohhhh yea that is better than beer...

    Now i know how to bribe my 5 iPhone users tomrrow when they ask me to change their Exchange Policy
     
  10. smoked2na macrumors newbie

    Joined:
    Jul 15, 2008
    #10
    How to disable Exchange PIN requirement.

    a. Jailbreak.
    b. SSH into the phone as [ root ]
    c. Edit the following file [ "/var/Managed Preferences/mobile/com.apple.springboard.plist" ]
    d. Make the following change, setting to the key "minLength" to zero.

    <key>PolicyInformation</key>
    <dict>
    <key>maxFailedAttempts</key>
    <integer>10</integer>
    <key>maxInactivity</key>
    <integer>60</integer>
    <key>minLength</key>
    <integer>0</integer>
    </dict>

    e. Now go into preferences and turn autolock off.
     
  11. Luser macrumors newbie

    Joined:
    Feb 17, 2009
    #11
    Enter Wrong Pin

    What happens if someone gets a hold of your phone and enters an incorrect pin multiple times? Do you get locked out of your phone? Will you have to restore? Is the number of attempts set by your company?
     
  12. diamond.g macrumors 603

    diamond.g

    Joined:
    Mar 20, 2007
    Location:
    Virginia
    #12
    That is a good question. I know BB's zeroize themselves, doesn't MS Exchange have the same feature?
     
  13. O2-guy macrumors newbie

    Joined:
    Jan 24, 2009
    #13
    Yes the iPhone has the option to auto wipe the device after xx amount of incorrect Passcode entries. The setting can be controlled by the Exchange admin.
     
  14. Sonter macrumors newbie

    Joined:
    Jan 7, 2010
    #14
    How to disable iphone Passcode Lock used with MS Exchange

    Firstly, as an MS Exchange administrator, you can turn off Device Security in MS Exchange Server - refer http://technet.microsoft.com/en-us/magazine/2006.01.staybetterconnected.aspx - and the iphone will still have no option to disable the passcode lock from (Settings-> General -> Passcode Lock).

    The issue is with the iphone not MS Exchange, after your MS Exchange administator turns off the Device Security.

    Jailbreak device solutions in the corpoarte world is not acceptable!!!!

    THE SOLUTION IS SIMPLE:
    1. On your iphone go to Settings->Mail, Contacts, Calendars->Accounts (your MS Exchange account) and turn OFF your Exchange ActiveSync Mail, you will be askes to enter your passcode lock.
    2. Next go to Settings->General->Passcode Lock and Disable will be an option.
    3. Then go back to Mail, Contacts, Calendars->Accounts (your MS Exchange account) and turn ON your Exchange ActiveSync Mail.

    IT IS AS LOGICAL AS THAT!!!
     
  15. badgerman macrumors 6502a

    Joined:
    Jun 9, 2008
    #15
    Does this work for anyone else? Keen to find a solution.


    Thanks

     
  16. xcrunner macrumors regular

    Joined:
    Dec 17, 2007
    #16
    ^^ I'm sure that's actually what's happening, but I just downloaded a jailbreak "app" that does the same thing for me.

    I know I shouldn't disable the passcode, but it's just so annoying :)
     
  17. badgerman macrumors 6502a

    Joined:
    Jun 9, 2008
    #17
    Which app. And does it work perminately?
     
  18. xcrunner macrumors regular

    Joined:
    Dec 17, 2007
    #18
    Exchange Unlock from BigBoss Cydia repository. Yes, it will take effect as long as you're jailbroken and have that "app" installed (it doesn't ever actually have an icon on the homescreen).
     
  19. badgerman macrumors 6502a

    Joined:
    Jun 9, 2008
    #19
    Wicked. Ta mate. Just need sprint released and am sorted.
     
  20. Jay-Taicho macrumors newbie

    Joined:
    Jun 17, 2010
    #20
    Yes! This worked perfectly! Although, I had to also change 'forcePIN' to 0 also.
    Thanks heaps to whoever posted this!

    BTW, also tried the cydia app people were talking about, but didn't work...
     
  21. legacyb4 macrumors 6502

    Joined:
    Aug 13, 2002
    Location:
    Vancouver, BC
    #21
    Have to also disable Contacts & Calendars (if being synced so basically disabling your Exchange account without actually deleting it).

    Cheers.

     
  22. jonathanl1 macrumors newbie

    Joined:
    Feb 22, 2012
    #22
    passcode prompt re-appears

    sonter's steps worked. unfortunately a message came up stating: passcode requirement. the account "exchange" will not download new data until a new passcode is set. there is a later or continue option. so it appears there is not any procedure to remove the passcode with out jailbreaking the phone.
     
  23. clockrhymer macrumors newbie

    Joined:
    Jul 9, 2012
    #23
    iPad too?

    Looks like these instructions are for iPhone. Do they work for iPad too?

    Thanks.
     
  24. vishals macrumors newbie

    Joined:
    Jan 20, 2015
    #24
    Followup question to above thread, about Exchange/Active Sync eMail

    Does having Exchange/Active Sync eMail on my "personal phone" give access of any sort to the employer, for instance who I call, my location, what I browse on the internet, my app usage, my other email, chat, etc?? Just want to be sure the only thing my employer has access to is the "Exchange" email, want my privacy to be intact.

    I gave my employer's phone back because I couldn't stand the fact that they control the phone and have access to my call history and my privacy. So I got my own phone and installed my work Exchange email.

    Also, It's just frustrating that the exchange installation forces me to have a 6 digit passcode, which I understand we can't do any about based on the thread above.

    Anyway, please let me know if my privacy is intact on my personal phone at least, your response is greatly appreciated.
     
  25. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #25
    If all they are using is Exchange Activesync, then no, they cannot look at anything other than the e-mail account they provide you. They CAN however, enforce specific rules on your device, like whether or not a passcode is required, how long that passcode should be, if you need to change it after a while and how long that time period is, etc.

    They can also get restrictive with things like allowing Wifi connections, camera use, Siri, installing of apps, etc. So, they can get really strict if they want to. But actual call logs and other information are not shared. It's only policy enforcement.

    Full details on what can be done are here.

    Oh yeah: They do have the ability to remotely wipe your phone, too. This is there in case the phone is lost and or stolen and they don't want sensitive info being leaked out.

    Now, if the employer is using something more comprehensive like MobileIron, or some other system that requires an app be installed or a special certificate, then that's a different story. In that case, it is possible that monitoring could occur.

    Well again, they can still get pretty restrictive on your personal device if they apply the right policies, but call logs, text messages, photos not sent over e-mail, and social networking stuff are out of their reach unless something more complex than Exchange is being used here.

    That restriction is set by your IT department. And to be honest, if you're that concerned about the privacy of the data on your phone, then you should be using complex passcodes. It's a little silly to be worried your employer will see things, but then be blasé about any casual snoop or their gaining access with a simple passcode.
     

Share This Page