3. ActiveSync Remote Wipe
The
ActiveSync Remote Wipe function deletes the data off the device.
Applications and other program data remain on the system, only the data
is removed. To administratively remote wipe a device:
1. | Expand the Recipient Configuration folder.
|
2. | Select the Mailbox folder.
|
3. | Select the mailbox.
|
4. | In the mailbox actions pane, click Manage Mobile Device.
|
5. | Select the appropriate device from the list of user devices.
|
6. | Select the Clear option button in the Action pane.
|
7. | Click Clear.
|
8. | Click Yes in the pop-up message box to confirm the remote wipe.
|
9. | Click Finish to close the window.
|
The
device will be wiped the next time it synchronizes. There might be an
ActiveSync warning dialog box on the mobile device saying "Exchange Server must enforce security policies on your device to continue synchronizing. Do you want to continue?"
The user must select OK or Cancel. If the user selects OK, the device
restarts and comes up in a clean default Windows Mobile 5.0 state. If
the user selects Cancel, the device does not synchronize any new data.
However, the user can still continue to look at the information already
there.
Note
After
the wipe is successful, the device needs to be removed from the list of
user devices. If this is not done, the device continues to wipe every
time it synchronizes.
The user can also wipe their device remotely, using OWA. To wipe the device from OWA, complete the following steps:
1. | In OWA, select Options.
|
2. | From the Options menu, select Mobile Devices.
|
3. | Select the device, and then click Wipe All Data from Device. |
4. | Click OK to wipe.
|
Note
that the status changes to pending wipe. After the device synchronizes,
the status changes to wipe successful. Once again, the device needs to
be removed from the users list if it will be used again.
Note
It
can be hard to find a free Windows Mobile Device 5.0 device to test
with because it requires the purchase of hardware and a connection
plan. An alternative is the Standalone Device Emulator 1.0 with Windows
Mobile OS Images. This emulates both the Pocket PC and Smartphone
devices for ActiveSync, remote wipe, and other functions.
4. Outlook Anywhere
Outlook
Anywhere is the new Exchange 2007 name for the original RPC over HTTP
feature in Exchange Server 2003. It essentially allows remote procedure
calls (RPC) clients such as Outlook 2003 and Outlook 2007 to traverse
firewalls by wrapping the RPC traffic in HTTP. This allows traveling or
home users to use the full Outlook client without the need for a
dedicated virtual private network (VPN) connection, which is frequently
blocked by firewalls.
For security, the
Outlook Anywhere protocol is always implemented with Secure Sockets
Layer (SSL) to secure the transport, so it is really RPC over HTTPS.
This ensures that the confidentiality and integrity of the Outlook
Anywhere traffic is protected.
Note
The
idea of allowing RPC over the Internet is anathema to many
organization’s security groups. In the past decade, a number of
well-publicized vulnerabilities have occurred in the native RPC
protocol, which gave it a bad reputation.
With
the evolution of the RPC protocol and the securing of the transport
with SSL, the Outlook Anywhere feature provides as much security as
Outlook Web Access (OWA) or ActiveSync. Outdated security concerns
should not prevent an organization from deploying Outlook Anywhere.
Outlook
Anywhere is not enabled by default. Two tasks need to be accomplished
to enable Outlook Anywhere on the CAS: Install the RPC over HTTP
networking component and enable Outlook Anywhere in the Exchange
Management Console.
To install the networking component:
1. | Launch Control Panel and select Add or Remove Programs.
|
2. | Click Add/Remove Windows Components.
|
3. | Select Networking Services and click Details.
|
4. | Check the RPC over HTTP Proxy check box.
|
5. | Click OK.
|
6. | Click Next.
|
7. | Click Finish to close the wizard.
|
To enable Outlook Anywhere in the Exchange Management Console:
1. | Expand the Server Configuration tree.
|
2. | Select the Client Access folder.
|
3. | Select the CAS on which you want to enable Outlook Anywhere.
|
4. | Click Enable Outlook Anywhere in the actions pane.
|
5. | Enter the External Host Name and the appropriate authentication options.
|
6. | Click Next to enable Outlook Anywhere on the CAS.
|
7. | Click Finish to close the wizard.
|
Outlook
Anywhere will now be enabled on the CAS. This must be repeated for each
CAS and the additional steps to provide external access through the
firewall must be completed.
