Zdroje informací pro profesionály v oboru IT >
Domovská stránka fór
>
Mobility
>
Allow non-provisionable devices setting
Allow non-provisionable devices setting
Hi All
We are currently running Exchange 2003 SP2 and Exchange 2007 SP1 in mixed mode in our domain.
I need to make a change so that users connecting via ActiveSync (to either 2003 or 2007 mailbox servers) already need a password set on their device before they can activate wirelessly.
I see the "Allow non-provisionable devices setting" in the Exchange Management Console for 2007 and also the "Allow access to devices that do not fully support password settings" in ESM for 2003, do I need to set these both to "no" in order to achieve my aim, or is there another setting I should be looking for?
Many thanks in advance.
Odpovědi
- Yes, please set both settings to "no" and that will do the trick.
- Označen jako odpověďElvis Wei -MSFTMSFT, Moderátor24. listopadu 2009 8:51
- It allows older devices that dont support the MSFP ( and newer devices that dont correctly support your security policies) to connect and sync with your servers.
http://msexchangeteam.com/archive/2007/05/23/439541.aspx
Exchange 2007 ActiveSync policies
http://msexchangeteam.com/archive/2009/09/22/452592.aspx
There are even newer devices like like the Droid that may not correctly honor the security policies and cant sync until you allow non-provisionable devices to connect:
https://supportforums.motorola.com/thread/16549;jsessionid=9D2630177143554C69D0FE62216F3EEF.node0
http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/79019a0e-23d5-44f7-a600-6a9040c9e6d9
So you are lowering your security screens to allow thse devices to connect.- Označen jako odpověďElvis Wei -MSFTMSFT, Moderátor24. listopadu 2009 8:51
- Yes.
http://technet.microsoft.com/en-us/library/cc182235.aspx
If the Allow access to devices that do not fully support password settings option is not selected, users that use mobile devices that do not fully support device security settings (for example, devices that do not support provisioning) will receive a 403 error message when they attempt to synchronize their mobile devices with Exchange.- Označen jako odpověďElvis Wei -MSFTMSFT, Moderátor24. listopadu 2009 8:51
Všechny reakce
- Yes, please set both settings to "no" and that will do the trick.
- Označen jako odpověďElvis Wei -MSFTMSFT, Moderátor24. listopadu 2009 8:51
- Thanks..
Could you expand on exactly what "Allow non-provisionable devices setting" does in Exchange 2007? Apart from a fairly non-descript mention in a Technet article, I can't see much. - It allows older devices that dont support the MSFP ( and newer devices that dont correctly support your security policies) to connect and sync with your servers.
http://msexchangeteam.com/archive/2007/05/23/439541.aspx
Exchange 2007 ActiveSync policies
http://msexchangeteam.com/archive/2009/09/22/452592.aspx
There are even newer devices like like the Droid that may not correctly honor the security policies and cant sync until you allow non-provisionable devices to connect:
https://supportforums.motorola.com/thread/16549;jsessionid=9D2630177143554C69D0FE62216F3EEF.node0
http://social.technet.microsoft.com/Forums/en/exchangesvrmobility/thread/79019a0e-23d5-44f7-a600-6a9040c9e6d9
So you are lowering your security screens to allow thse devices to connect.- Označen jako odpověďElvis Wei -MSFTMSFT, Moderátor24. listopadu 2009 8:51
- Thanks Andy..
Just one final question :).. does the "Allow access to devices that do not fully support password settings" setting in the 2003 ESM equate to the "Allow non-provisionable devices setting" in the 2007 EMC?
Thanks again guys. - Yes.
http://technet.microsoft.com/en-us/library/cc182235.aspx
If the Allow access to devices that do not fully support password settings option is not selected, users that use mobile devices that do not fully support device security settings (for example, devices that do not support provisioning) will receive a 403 error message when they attempt to synchronize their mobile devices with Exchange.- Označen jako odpověďElvis Wei -MSFTMSFT, Moderátor24. listopadu 2009 8:51
- Thanks guys.
So just to confirm, if I set the following to NO:
"Allow non-provisionable devices setting" in the Exchange Management Console for 2007
"Allow access to devices that do not fully support password settings" in Exchange System Manager in 2003
Then each device that attempts to connect to the Exchange service via ActiveSync *must* have a device passcode already set?
Thanks for confirming. - If you do not enable those settings, then the devices that connect must abide by the security settings you have set.
In the case of a device password, the user will be prompted to enter a valid one for the device, if one doesnt exist, before they can sync when the partnership is created.
