Prevent installation of activesync policy during CAS install
- I all,
I have an 8 server CAS Farm that I have recently started to manage and I need to add another 2 CAS boxes into it. I know from my predecessor that they removed the Default ActiveSync policy from the organisation and do not use any activesync policies as it is not that type of managed environment. From what I can understand, when I install my CAS SP1 servers it will automatically install the default ActiveSync policy again within the organisation and I want to prevent this from happening.
The reason being that we are a 50 000 user environment and when they previously installed their CAS boxes and enabled ActiveSync it caused problems with a lot of moble devices which stopped working or alerted users that a policy was being applied to their handheld (Many of them had to recreate their activesync profiles)? I really want to prevent any interruption of service for my userbase so am in need of some advise if possible please.
I appreciate that you can "remove-activesyncpolicy -identity default" after it appears but would the presence of the policy even if only for a few minutes not cause a problem for mobile users that it tries to apply to?
By all means educate me or point me to a resource if I have got this entirely wrong ;-)
Tom
Answers
Your activesync users have default settings assigned to them now even if there is no policy. Yes, when you install SP2 ( Why not instead of SP1?), a new policy will be created.
Why not simply create one now as the default, and then assign that to all the devices before you install the SP?
Without a policy, those devices are essentially wide-open and a security risk. I would get management and your security team on board and explain to them that without a policy, company assets are at risk. Once you get those groups on board, the user's will have to go along.
http://technet.microsoft.com/en-us/library/bb123484.aspx
Understanding Exchange ActiveSync Mailbox Policies- Marked As Answer byXiu Zhang - MSFTMSFT, ModeratorFriday, November 06, 2009 7:46 AM
- Proposed As Answer byXiu Zhang - MSFTMSFT, ModeratorWednesday, October 28, 2009 7:53 AM
- Hi,
Prevent to create Exchange ActiveSync policy when we install CAS seems impossible.
From the policy,we can define which device can sync with Exchange Server.Thus I think you can un-tick all the device there from the default policy.
Managing Exchange ActiveSync with Policieshttp://technet.microsoft.com/en-us/library/bb123783.aspx
Regards,
Xiu- Marked As Answer byXiu Zhang - MSFTMSFT, ModeratorFriday, November 06, 2009 7:46 AM
All Replies
Your activesync users have default settings assigned to them now even if there is no policy. Yes, when you install SP2 ( Why not instead of SP1?), a new policy will be created.
Why not simply create one now as the default, and then assign that to all the devices before you install the SP?
Without a policy, those devices are essentially wide-open and a security risk. I would get management and your security team on board and explain to them that without a policy, company assets are at risk. Once you get those groups on board, the user's will have to go along.
http://technet.microsoft.com/en-us/library/bb123484.aspx
Understanding Exchange ActiveSync Mailbox Policies- Marked As Answer byXiu Zhang - MSFTMSFT, ModeratorFriday, November 06, 2009 7:46 AM
- Proposed As Answer byXiu Zhang - MSFTMSFT, ModeratorWednesday, October 28, 2009 7:53 AM
- Hi Andy
Unfortunately we do not work in a particularly corporate environment so it is very very difficult to get central administration over users handhelds approved, there are many such things we soo far have had to work around.
I have considered the option of creating a different default policy which effectively has "nothing" configured so first I would need to see what the default ActiveSync policy actually does.
Effectively we work in an environment where privacy of data is considered paramount and if users receive a prompt on their phone saying "would you like to implement this policy" they are notoriously troublesome about these. We are provided a service that we want people to opt into as opposed to decide not to use. Our new Collaboration environment provides a great deal of incentives and we want to keep it that way.
from my understanding Blackberry BES works with an IT policy for smartphones but by default this policy does "nothing", I struggle to understand why ActiveSync policies can't work in a similiar manner. - Hi,
Prevent to create Exchange ActiveSync policy when we install CAS seems impossible.
From the policy,we can define which device can sync with Exchange Server.Thus I think you can un-tick all the device there from the default policy.
Managing Exchange ActiveSync with Policieshttp://technet.microsoft.com/en-us/library/bb123783.aspx
Regards,
Xiu- Marked As Answer byXiu Zhang - MSFTMSFT, ModeratorFriday, November 06, 2009 7:46 AM
