Exchange Remote Wipe Disable

[wala0003]

Would there be a way to disable the Remote Wipe?

My Pre works great with my corporate email but my IT dept won't approve it for use. Thus every month they send down a remote wipe to all non-approved devices, deleting everything.

Also, if I could spoof a different device they wouldn't be able to determine that I am using a non-approved client. I did try the webbrowser User Agent spoof but it didn't do the trick. My pre with WebOS 1.1 showed in the active sync logs as Palm/1.0.1 The IPhone shows up as Apple-iPhone/703.144

Thanks if anyone has any ideas.

[diomark]

Search for how to disable updates..
The same file that's used for updates is used (If I recall correctly) for remote wipes...

-mark

[imtravis]

Unfortunately for you wala, they also show up with a unique ID, and iPhones start off with AppleID& or something like that (I implemented our ActiveSync at my place of employment). You'd have to spoof an Apple ID as well as the device.. kind of like they did for the USB itunes sync.

[ryleyinstl]

If you tried this crap on my network I would have you fired. Your IT people don't make these policies just to screw with you. Your only bolstering the case for why it's necessary.

Quote:

Originally Posted by wala0003

Would there be a way to disable the Remote Wipe?

My Pre works great with my corporate email but my IT dept won't approve it for use. Thus every month they send down a remote wipe to all non-approved devices, deleting everything.

Also, if I could spoof a different device they wouldn't be able to determine that I am using a non-approved client. I did try the webbrowser User Agent spoof but it didn't do the trick. My pre with WebOS 1.1 showed in the active sync logs as Palm/1.0.1 The IPhone shows up as Apple-iPhone/703.144

Thanks if anyone has any ideas.

[wala0003]

Thanks Ryley, that is very helpful. You're right, I should be fired for trying to access my email.

[ryleyinstl]

Glad to clear that up for you. I find that sometimes employees do not understand that their individual needs to override the security concerns of the entire corporation. However I find that after a brief meeting they usually see the light. I will only now allow the Pre if running 1.2.1 so that I can remote wipe if necessary (among other things).

Quote:

Originally Posted by wala0003

Thanks Ryley, that is very helpful. You're right, I should be fired for trying to access my email.

[mooshue]

Quote:

Originally Posted by ryleyinstl

Glad to clear that up for you. I find that sometimes employees do not understand that their individual needs to override the security concerns of the entire corporation. However I find that after a brief meeting they usually see the light. I will only now allow the Pre if running 1.2.1 so that I can remote wipe if necessary (among other things).

couldn't agree more!! damn thing ignored policy up until 1.2 didnt it?
I hate users most of the time, all they do is whine about being locked out of stuff.

BTW wala, you absolutely should be fired for trying to access system resources illegally. If you were told it is again the company IT policy, then you are breaking company policy, plain and simple.

[eddieroger]

Quote:

Originally Posted by wala0003

Thanks Ryley, that is very helpful. You're right, I should be fired for trying to access my email.

The funny part is that it isn't your email - its your employers. Sucks, but that's reality. At my office, unapproved devices on the network is a termable offense.

[ryleyinstl]

Only one out of every 1000 employees understand this.

Quote:

Originally Posted by eddieroger

The funny part is that it isn't your email - its your employers.

[rc46]

Quote:

Originally Posted by ryleyinstl

If you tried this crap on my network I would have you fired. Your IT people don't make these policies just to screw with you. Your only bolstering the case for why it's necessary.

If my IT people tried this crap at my business I would fire them.

[rc46]

Quote:

Originally Posted by mooshue

I hate users most of the time, all they do is whine about being locked out of stuff.

The problem with that attitude is that your company is probably not run by IT people. You will have a very short career with that attitude.

You need to remember that the IT department is an internal vendor and your users are your customers not your enemies. Usually they are the ones that make money for your company. If you worked for me you would be gone tomorrow.
There is more to business than computer geeks and their insecurity.

[ryleyinstl]

I think the problem with the OP was that wala0003 was asking for tips on how to circumvent his corporate IT policy to gain wrongful accsess to company data. This isn't the kind of thing we should be encouraging here.

Quote:

Originally Posted by rc46

If my IT people tried this crap at my business I would fire them.

If your IT people are going against your documented IT policy then I would hope you would fire them.

[imtravis]

Quote:

Originally Posted by ryleyinstl

I think the problem with the OP was that wala0003 was asking for tips on how to circumvent his corporate IT policy to gain wrongful accsess to company data. This isn't the kind of thing we should be encouraging here.



If your IT people are going against your documented IT policy then I would hope you would fire them.

And I'd hop you'd fire yourself, (rc46), if you also didn't follow your documented IT policy that you fire people for not following..

There's a few mindsets going on in this conversation...

OP is wanting to circumvent IT policy (which it appears they aren't in control of), which is a big No No.. I agree with the IT staff..

rc46 is apparently the owner, or someone high up, who can affect IT policies. With rc46's attitude though, I'd hate to work there as an IT person, as it seems that whatever rc46 wants, rc46 makes IT change policy to make rc46 happy.. just because rc46 is happy isn't always the best way. You hired IT people to run IT for a reason.. Most likely they (hopefully they are), follow best practices and have policies to promote best practices, and information security.

The IT staffer who hates their users (that's a *LOT* of IT staffers, and I can agree at times). It's understandable, since IT staff rely on technology and policies to keep the data safe, that's our job. IT staff don't always understand why some people have trouble with technology and it's frustrating to them (been there, done that).

The IT staffer who understands their users, they actually understand their users have a hard time with technology therefore don't care about IT/IT policies. In that case, I've learned you have to explain it to them in terms they'd understand. I've had the best luck once I've learned how a user relates, to getting them to understand why we have policies and why they need to follow them.

In our company, people have been terminated by not following IT policies, why? because it can cost the company lots of money, possible lawsuits, and lose state certifications, as well as federal certifications.

Wow, I was rambling soo much, forgot the point.. oh yeah.. Bascially some IT policies suck, but odds are they are there for a reason. If you don't understand, just ask, if you don't like it, then either don't work there, or just deal with it.

[mooshue]

Quote:

Originally Posted by rc46

The problem with that attitude is that your company is probably not run by IT people. You will have a very short career with that attitude.

You need to remember that the IT department is an internal vendor and your users are your customers not your enemies. Usually they are the ones that make money for your company. If you worked for me you would be gone tomorrow.
There is more to business than computer geeks and their insecurity.

yea, well when your company data is compromised because you or one of your baby employee's had to have something that we strongly are against, we will see who is whining and insecure. IT's job is to keep everything running 24/7 with the most secure atmosphere possible, period.
I'm 10 years into my short career and my mentality has not changed since day one.
If it makes business sense then i would do whatever they are requesting. The problem is, 99% of the time the user has another personal, not business, agenda that goes against the policy's.

Don't mistake logical thinking and understanding with "geek" as you put it.
I don't game, i hate star wars, and i am probably more athletic and in shape than most of your entire company
Everything just naturally makes logical sense to me and is easy, therefore i would be stupid not to make it a career.

[skthumperd]

Quote:

Originally Posted by mooshue

couldn't agree more!! damn thing ignored policy up until 1.2 didnt it?

I think it STILL ignores policy which makes me crazy. If the Exchange policy is "Require device encryption", the Pre shouldn't connect, right? If simple PIN password policy is set to 6, it shouldn't connect, right?

Come on Palm - Either support ActiveSync or DON'T support ActiveSync.

[batavia99]

First off, let me say, I run IT in our company, and agree that violations of the company IT policy are very, very serious.

However, I feel that the way that the ActiveSync Password/PIN is implemented is inappropriate.

To begin with, the password/pin is implemented on the *device*, not on the Exchange email account. Why do I have to unlock the device to access features that have nothing to do with my corporate email? I have to unlock the silly thing at 2AM to respond to an emergency text message? In fact, I have to keep unlocking the thing all day, even when I'm <gulp> driving?!?

Now, I agree that it's possible I *could* have corporate data on the device and one could use that as an argument to lock the entire device. But, I don't need Exchange to put that data on my device, do I? I could put it on there anyway, and you can't lock it then. And what if I leave my laptop unlocked? That has loads more data on it. Is IT also controlling the timeout period on every laptop in the company? If not, the policy is inconsistent.

So I feel this policy is over-reaching. It's especially over-reaching if it's my device and I paid for it. Now, the ActiveSync silliness is getting in the way of me accessing my own personal features on my own device.

This type of overly intrusive security feature is just asking to be hacked.

So I have to agree with end-users here. The password/pin feature is not implemented reasonably. It just gets in the way.

Anyone want to create an App to fake out the ActiveSync by making the device *think* you've used it in the last N minutes (where N is the timeout period)? Bet a lot of folks would buy that in a heartbeat.

[aramova]

Quote:

Originally Posted by ryleyinstl

If you tried this crap on my network I would have you fired. Your IT people don't make these policies just to screw with you. Your only bolstering the case for why it's necessary.

Let met preface this by saying I've worked in the technology field for 16 years now. I agree and understand the employer's ability -- and need to control and secure their data.

With that said, the methods used to implement the remote wipe on WebOS are obscene to say the least.

I own my Pre, I pay the $107 a month for the service.

My former employer required us to check email and respond to emergency messages (critical server outages, etc).

Option A) Take company phone, carry two around
Option B) Take $20 a month extra on your check and use your own phone

Problem I have with the WebOS Remote Wipe is the methods used. If it's an Exchange based wipe request, when the phone is added to Exchange it should adhere to security standards set, however it should NOT delete personal data from the USB portion.

The company did not pay for Ringtones, did not take photos of loved ones, did not take video of my best friends at the hospital when their baby was born.

Deletion of potential personal data on a corporate device should be handled via the Palm web interface for phones registered and owned by the company.

Deletion of company data stored in the Exchange store, Contacts, Calendar, etc should be deleted by and Exchange wipe request.

This is common sense. It's not unreasonable at all, and it is highly irresponsible for a company to base such a feature as broadly as it is currently implemented.

With this said, I am in full support of a customer override for the remote wipe function provided by Exchange.

Let the corporate IT community, as I've been doing since the Pre came out, appeal to Palm (now HP) to make the needed changes to the function so it makes sense. Not blindly kills people's irreplaceable personal files.

If I intended on stealing my companies mail, I would make a PST file of everything, not just the last month's thats on the Pre.

And nobody should try to argue the ignorant position that there is not an easier, more practical way to steal company secrets. This is nothing more than an invasion into people's personal property by their employer.

If the feature (EAS) is deemed insecure because of it, shut it off. Like many improperly implemented "features" before it. It'll get fixed, or replaced.

You can NOT pretend like the company is the only entity with rights here. The employee has the right to protect their own data on their own equipment.

If you want a reasonable corporate policy, get your employee a cell phone, or do not ask them to respond when not in the office and deal with it.