My company which uses lotus traveler to enable access to corporate mail and calendar on WM devices. I installed this on my HTC HD running WM6.5 (Dutty Leo ROM). The installation has forcing us to use strong alphanumeric passwords and also greyed out the "prompt if unused for" radio button where you would typically turn off the phone password locking. This has rendering the phone virtually unusable as it takes 3 mins to enter a strong alpha password each time you use the phone...brilliant!
Is there a hack/registry edit that I can use to un-grey this button so I can turn it off and start using my phone normally again.
Any suggestions would be appreciated...
It's probably not related to the Lotus Traveller itself, but with the company enforced policies included in the CAB file - I presume You got the CAB from the company, not the Lotus/IBM website. At least that was the case in our company, that they forced to use the simple PIN lock with Exchange sync - I was already bothered by the simple PIN, so I dropped the whole idea. But I suggest You take a look in the CAB file, if You can still get it and see what changes does it make in the registry. Or You can also ask from Your company IT guys about the WM policies they have to enforce, they should know.
Anyway, hope You have some directions to go now.
Thanks for the suggestions....
1) I tried removing the lotus traveler application - this had the effect of removing the security enforcement. I reinstalled it and it was enforced again.
2) The traveler application launches automatically when the phone boots up. So I removed it from the startup sequence. Unfortunately this did not solve the problem. So I think there must be a registry setting somewhere that is set and monitored by the application.
3) I also looked in the setup.xml file that was in the traveler.cab installation file. I could not find any registry mods that were related to security.
4) The traveler release notes say the following: Customizable device password strength enforcement rules!
Traveler provides a built-in set of default device preferences and security settings that an administrator can modify for use when a device initially registers with Lotus Notes Traveler. The default device settings for users come from the Traveler administration database default device settings document. Users can change their device preference settings from their devices, but only an Traveler administrator can change device security settings.
Suggestions?
In the last few days I have browsed the registry quite thoroughly and there doesn't appear to be key that controls whether radio buttons are active or not (greyed out). I was hoping to make the "prompt if unused for" radio button active again so I could manually switch it off.
I'm out of ideas....any suggestions pls
i have lotus traveler installed on my tp 2 i have flashed my phone many times and reinstalled lotus and have had no problems. can you post a screen shot.
Security Policy
Hi
I am a Notes admin and can confirm this is a polcy that has been set to secure company data on mobile devices. Most companies have a policy that requires company information/access be secured especially on things like mobile devices.
Think about it, your company email system would be available to anyone stealing or finding your phone. While this may not worry you, it could be a cause for concern for your company executives or auditors - and could be a compliance issue in many industries.
The policy is set on the email server itself and pushed down and enforced on the device so it cannot be bypassed.
To remove it or get a less secure PIN you will need to speak to your company Lotus Notes admin.
This is an issue I have seen before and can cause conflicts between employees who use their own phones and resent the way they use them being changed and those concerned with securing and protecting their company.
Hope that helps but the long and short is speak to your email admins. The security policy is not default so someone must have set it up that way for a reason.
MIUI used to have an option to disable the password option even when it is enabled/enforced by Notes Traveler. However the new versions of miui do not have this.
Check this link
http://miuiandroid.com/community/th...en-security-has-been-removed-fro-1-7-29.8941/
why not have the security measures focus on the app?
paulbenwell said:
Hi
I am a Notes admin and can confirm this is a polcy that has been set to secure company data on mobile devices. Most companies have a policy that requires company information/access be secured especially on things like mobile devices.
Think about it, your company email system would be available to anyone stealing or finding your phone. While this may not worry you, it could be a cause for concern for your company executives or auditors - and could be a compliance issue in many industries.
The policy is set on the email server itself and pushed down and enforced on the device so it cannot be bypassed.
To remove it or get a less secure PIN you will need to speak to your company Lotus Notes admin.
This is an issue I have seen before and can cause conflicts between employees who use their own phones and resent the way they use them being changed and those concerned with securing and protecting their company.
Hope that helps but the long and short is speak to your email admins. The security policy is not default so someone must have set it up that way for a reason.
Click to expand...
Click to collapse
so why not have the security measures focus on securing the app and the app data? personally, I don't mind the 24/7 emails...but making me lock my phone so the company can blow up my phone at 7pm on a sunday...LAME.
Are there any news? I would like to remove the LockScreen security and want to use ibm verse.
Related
When I set up an exchange account the phone ask me to set a password. Now every time I turn on my phone it or wake it up it asks me to enter the password. How do I remove the password???
If you were forced to set a password when you set up exchange activesync then the password is enforced, you can't remove the need for a password as long as you sync to that server.
The IT policy is set by whoever administers the server for all connected devices, most companies would use that setting for example to protect their data.
Who is hosting your exchange? Is it a work account?
It's 1&1. I really wish i knew that before i bought. Everytime I wake up the phone I have to put in a darn code. Is there any way around this? Very annoying.
Only way around it is to remove the exchange connection.
It's a server-wide policy - to cope for some users needing passwords, maybe even their own staff it will have been set up.
I'd stick with it personally, the device is more secure when lost with it enabled... I carry a wizard and Blackberry - both need password entry but I'm used to it
This week end I tried to sync my oulook mailbox and it asked me to accept new security policy.
It was in fact my company that upgraded to latest Outlook mail server with push functionality.
I was very happy and push is working fine.
But now I also have this annoying Pin code to enter every hour.
Also even when I entered the code and I am free to use my phone during one hour, I noticed that each time I turn it on I have a blank screen for 1 seconde before it loads the today page slowly.
This password feature is not nice at all and I really want to get rid of it.
I am pretty sure we will be able to find some regkey to unlock this stupid security policy like in HKLM\security\Policies\Policies.
It has to be a user choice in the end.
Do you know if I stop syncing with my server if i can remove it?
no, as I've said twice already, if you're using exchange activesync then this policy is enforced.
It's not user choice, if you're syncing your device with your employers equpment it's their data, they're legally entitled to protect it. If you're syncing with a third party server then the device will do as its told... the server is considered authorative - the same is true of Blackberry.
If you can find a way to alter the policy the checksum of your settings will differ to that stored on exchange, when the device next syncs it will see the change in policy and enforce the correct settings, turning the security back on.
Seriously guys, if you want exchange activesync then live with the policy , if you don't then disable the server connection.
remove the activesync service then yes you should be able to edit again to disable.
of course the thing mentioned above is not a solution...
i'm hal-way there and spoke with the rom makers to find a complete solution...this one is just temparary...
SeanH said:
I have been using a registry hack everyday to prevent my WM5 device from locking itself every 30 minutes. At around 7:00pm the company I work for forces a policy to my device using push email. At that time I open a registry editor and modify \hklm\security\policies\policies\00001023 from 0 to 1. That prevents the unit from asking for a password for 24 hours.
Click to expand...
Click to collapse
good luck
remen said:
of course the thing mentioned above is not a solution...
i'm hal-way there and spoke with the rom makers to find a complete solution...this one is just temparary...
good luck
Click to expand...
Click to collapse
I've decided I'm not going to be able to help on this one. It's your company's choice to enforce that security policy and not mine to help you get around it. I'm not being rude, I'm just not able to put time into research to do that at this moment.
Good luck.
I currently use my work exchange server to hold all my emails and contacts...but my sever requires that i have a password on my mogul.
Just wondering if anybody knows how to get around this and disable it? I hate having to type in a password every 15 minutes whenever i want to look at my phone...such a pain! I would much rather just have it whenever the phone starts...or maybe even like every 2 hours or so...not 15 minutes!!
Please helppppp!!!!
Thanks!
I'm attached to a Zimbra server for email/contacts. I just checked it's user options and did not see an option for that.
I do speculate that it's an option on the Exchange though. It's been a few years since I managed one. You'd probably be in good shape checking with your admin about this...
what I do
TripFlex said:
I currently use my work exchange server to hold all my emails and contacts...but my sever requires that i have a password on my mogul.
Just wondering if anybody knows how to get around this and disable it? I hate having to type in a password every 15 minutes whenever i want to look at my phone...such a pain! I would much rather just have it whenever the phone starts...or maybe even like every 2 hours or so...not 15 minutes!!
Please helppppp!!!!
Thanks!
Click to expand...
Click to collapse
I have my password saved under the phones activesync settings.
He's talking about the hardware security policies pushed to the handset by Exchange Server.
Yes - there are ways to disable and alter the effective policies on your handsets. However, they are in place because you are accessing your company server and any sensitive information on your phone should be protected from loss. (for this reason, I always strongly dissuede people from using personal handsets for company/government/official business) As a piece of IT/Communications gear, those phones are subject to the same security requirements enforced across the entire organization.
If you must be the weak link in your company's security, you can find hints to open a vulnerability here: http://forum.ppcgeeks.com/showthread.php?t=43428
Hi
I have a personal phone (Niki) on which i managed to get my company's OWA (outlook web access) emails onto my mobile outlook along withh all my calendar, task and so on. Quite interesting but, recently the company merged mine and all other mailboxes in the company to a different server and since then i get a message every time i need to set up another email (a private one for instance) to recieve my personal emails or even Windows Live functions like Messenger on my phone it comes up with the same error message.
The message says my company policy has blocked this program or that it does not allow me to configure any additional emails. I'm connecting via 3G or GPRS (whichever is available), so no company WIFI here or anything and the phone is my own too. Any suggestions?
PLEASE HELP!!!
Paul.
paulinhosoares said:
Hi
I have a personal phone (Niki) on which i managed to get my company's OWA (outlook web access) emails onto my mobile outlook along withh all my calendar, task and so on. Quite interesting but, recently the company merged mine and all other mailboxes in the company to a different server and since then i get a message every time i need to set up another email (a private one for instance) to recieve my personal emails or even Windows Live functions like Messenger on my phone it comes up with the same error message.
The message says my company policy has blocked this program or that it does not allow me to configure any additional emails. I'm connecting via 3G or GPRS (whichever is available), so no company WIFI here or anything and the phone is my own too. Any suggestions?
PLEASE HELP!!!
Paul.
Click to expand...
Click to collapse
This sounds like an Exchange ActiveSync policy being pushed down to the device? Are you sure you aren't using ActiveSync with your company Exchange server(s)?. The Exchange policy can be very restrictive if your company/admins want it to be - Strong alphanumeric passwords, forced password timeouts, you can also disable memory cards, cameras, WiFi, infrared, Internet Sharing, Desktop Synchronisation & Bluetooth. Plus as it looks like you have, you can disable consumer email, as well as web browsing, installation of unsigned applications and execution of unsigned applications. You can even specifically deny or allow certain applications to run.
If it is an Exchange ActiveSync policy then there are workarounds by editing the relevant registry entries that enforce the policies, however if the policy is configured to refresh at regular intervals then the workaround will only be effective until the next policy refresh. There are some tools available that will reset the policy for you instead of you manually changing the registry entries. There is also a tool (search Zenyee.com Stay Unlock.cab) that runs in the background and resets the policy each time it is enforced by the refresh. Be careful though as you could get yourself in hot water by bypassing your company security policy?
Fortunately the Exchange policy that is enforced on my device isn't as restrictive as yours and only enforces a password with an inactivity timer of an hour. This can still be a pain though when using TomTom or other applications where you physically don't touch the device for a period of time - Fumbling around whilst driving seems a much worse offence than not having a password to enter every hour
Andy
I've read a few threads after searchign on Android and Exchange but can't really find what I'm after.
I need to enforce a security policy if users want to sync their exchange account. There's a few people in the office who want Android devices (we provide them with a device) but until there's somethign which enforces something along the lines fo a PIN after 20 mins ala WinMo then we can't do it.
Anyone have any ideas if it's coming or if there's an app to do it? I've tried Touchdown but just seems the same as the Hero Exchange app to me.
I've not tried Touchdown, but they say they support PIN enforcement.
http://www.nitrodesk.com/dk_touchdownFeatures.aspx
Regards,
Dave
Yes, Touchdown and Roadsync both support the PIN function (they ignore it somehow, as android doesn't have a PIN function!)
although i do believe that it is technically possible to exclude individual accounts from the policy on the server (although not exactly the best idea in terms of security).
Alternatively, just do what we did at work and say 'No, you cannot have an Android Phone for your Work Phone'.
Since the ROM update on the HTC hero, I have been able to access my work email (a massive highly secured company who generally know what they are doing) and I know for a fact that they enforce this kind of security arangement on mobiles that want to connect - however android has somehow got around this and there is no remote enforcement and I can use my phone for these emails via PUSH. (I use the gesture lock as a password) You could get them to sign an agreement that they will apply this kind of thing to their phone manually. I don't know if there is an app for remote wipe.
Your company isn't allowing you in some backdoor or anything... depending on their version of exchange they are simply allowing you to use activesync through exchange.
What we all really need is an andriod client to take advantage of exchange 2007's exchange web services protocol, activesync is old technology and limited.
O.P. - You can limit users on a single user basis, if you're running windows active directory. Need a little more info on what you are trying to accomplish. If you're allowing them to use their mail client setup they are saving a password that is not clear text and is hashed... you can install a remote wipe on the phone and if they lose it, simply wipe it and forget it.
Hi,
I configured our exchange server for corporate push mail on my Galaxy Note with March 2012 firmware. There's "optional encryption" requirement in the policy, where Exchange server ask for encryption if the device supports it.
Since Galaxy Note supports encryption, it enabled the encryption and asked me for a password.
Now, each time the screen locks, I have to enter a complicated password (consisting of characters, digits & a special character!) to unlock it! The phone became very unusable!
I understood from the post of "Eviip" in the page below that this is actually a requirement from Samsung side when you enable encryption, since my Exchange policy definitely does not require this. All other colleagues with Androids that can't do encryption or using iPhone's can just type a 4-digit pin code and use their phones.
http://www.google.com/support/forum/p/Google+Mobile/thread?tid=6355566b726a0932&hl=en
Is there anything I can do for this, except buying a 3rd party mail application?
Weird, because as far add I understand it GB doesn't support device encryption, only ICS does...
What ROM are you running?
Also, did the exchange policy configure the encryption or did you do it? Because as I understand it the exchange policies don't demand device encryption, just mail stream encryption (but I'll look into that further) and that is pretty innocuous stuff...
Sent from my GT-N7000 using Tapatalk
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
thomas_d_j said:
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
Click to expand...
Click to collapse
touchdown is no option for me, because it supports 2 different exchange accounts at a time only with "profiles", which is unusable for me!
regarding your problem: i know for sure that there were some hacks for this (a modified apk which doesn't incorporate the lock requirements. the downside is: with every rom upgrade you would have to redo this hack, as the mentioned apk may change in the system itself to a newer version...
Yeah, same to me
I 've update to 4.0.3 ICS but now I want to no use password or PIN for unlock screen mean that can I not use my exchange policy? (cause my GN haven't any privacy data to secure
so can you show for me? thanks!
I finally gave up with this and used the patch that I found in the forums (for rooted phones). It works pretty well!
http://forum.xda-developers.com/showthread.php?t=1117452