7 replies to this topic

[w4rmk]

When I setup my connection to my corporate exchange they forced a security policy on my phone that it locks automatically after 1 hour.  So if I go into Start>Settings>Lock I cannot uncheck the "prompt if device unused" box.  I know my company is crazy about security but I hate this being forced on me.  Does anyone know a way to get rid of this (and still keep exchange connectivity working)?  Perhaps a registry change?

[chucky.egg]

Nope, no way that I know of.

The only way to uncheck the box would be to break the link between ActiveSync and the Exchange server (but then you wouldn't be able to sync.

Bear in mind that their policy (which is what sets the password controls) also gives them the ability to remotely wipe your device, without you having the option to stop it.

[2dawgz]

w4rmk, on Sep 12 2007, 01:14, said:

When I setup my connection to my corporate exchange they forced a security policy on my phone that it locks automatically after 1 hour. So if I go into Start>Settings>Lock I cannot uncheck the "prompt if device unused" box. I know my company is crazy about security but I hate this being forced on me. Does anyone know a way to get rid of this (and still keep exchange connectivity working)? Perhaps a registry change?

Here's a solution I use from dedjo.blogspot - works great. When I have the registry the way I want it I use the editor to back it up to one of the folders on the phone. Every once and a while it reverts back (haven't figured out why yet) all I do is open the editor and restore the backup registry file I preveously created. Presto Changeo!

How to disable Exchange Security Policy for Windows Mobile Devices

Direct pushes email into your Windows Mobile device and it's good. However it pushes your security policy as well & that sometimes makes it unable to set passwords that you want and sometimes locks your device after one minute or more of inactivity. How to disable this useful feature? How to cancel the autolock feature of your WM machine when connected to Microsoft Exchange server?

As everything in WM, you should patch the registry, but what to patch? Well, it's simple

• Enable/Disable the Exchange security policy - HKLM\Security\Policies0001023: 0 = Enabled; 1 = Disabled
  
• Inactivity time
  • HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\AEFrequencyType: 0 = No inactivity time; 1 = Activity time enable
    
  • HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\AEFrequencyValue: number of minutes before timeout
• Password strength
  • Minimum number of characters: HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw\MinimumPasswordLength
    
  • Password complexity: HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw\PasswordComplexity: 0 = Require Alphanumeric; 1 = Require numeric (PIN); 2 = No restriction
• Wipe settings
  • Number of failed attempts before all your information will go: HKLM\Comm\Security\Policy\LASSD\DeviceWipeThreshold: 1 = disabled; other failed attempts
    
  • Number of failed attempts before displaying codeoword: HKLM\Comm\Security\Policy\LASSD\CodewordFrequency: number of failed attempts

Well, that all. After you'll fix it, just go to Settings/Security/Device Lock and you'll be able to unmark and change whatever you want. I hate when programs denie me from doing anything in my device.

[Mr.Clark]

Of course, the Exchange Administrator has set these policies for a reason; since your device has company information on, they're in charge of keeping that information safe. You want to use the facilities, you've got to play by their rules.


/Postmaster

Edited by Mr.Clark, 22 October 2008 - 09:37 PM.

[andybarker]

Mr.Clark, on Oct 22 2008, 22:36, said:

Of course, the Exchange Administrator has set these policies for a reason; since your device has company information on, they're in charge of keeping that information safe. You want to use the facilities, you've got to play by their rules.
/Postmaster

I agree - whilst it is a pain, there is a pretty good reason why they do this.  Might even be a sackable offence to override their settings in some companies - breach of security, etc.

I have rather a lot of sensitive info on my device on occasion, and really ought to do something about it.

[asrrin29]

If they want to lock a device then they can purchase the device for him to use.  If it's his personal device then they shouldn't be allowing an exchange sync anyways.  No way I'd let any company touch my personal stuff unless they've at least partially paid for it.

However, if it is company property, then they can pretty much do whatever the heck they want to it.

[Mr.Clark]

asrrin29, on Oct 26 2008, 03:54, said:

If it's his personal device then they shouldn't be allowing an exchange sync anyways.

That's the deal though. If you want access to the company's Exchange server, you play by their rules.

If not, look at something like Mail2Web which offers free Exchange email (with an @mail2web.com address) and, more usefully, Calendar and Contacts syncing. That's what I've got for my personal phone, so whenever I hard reset, or change ROMs, I get all my contacts back.

[TerriblePerson]

The tool you need is Stay Unlock, which you can find at http://www.zenyee.co...fter-two-years/. There is some discussion at http://mobilitytoday...ead.php?t=13030.

I use my own phone for company business, and this makes it useable again.