[commits] [Wiki] changed: ActiveSync

[Michael Rubinsky]

mrubinsk  Fri, 09 Nov 2012 16:16:23 +0000

Modified page: http://wiki.horde.org/ActiveSync
New Revision:  162
Change log:  Add blurb about where provisioning permissions are found

@@ -96,9 +96,11 @@

  ++ Provisioning/!RemoteWipe
  Provisioning allows devices to be more tightly registered with a  
particular server. It enables the server to be able to send policy  
settings to the device. These policy settings include things like  
requiring a PIN to unlock the device, the complexity of the PIN  
required, the number of failed login attempts allowed etc...  
Additionally, it enables devices to be remotely wiped so that if a  
device is lost or stolen, the user or administrator can request the  
device to be wiped.

-As of Horde 5, provisioning is enabled via the permissions interface.  
In order to enforce any security policies on a device, it most be  
provisioned. However, not all devices support this and some will  
downright refuse to work if it's enabled. There are three choices for  
provisioning support. //None//, //Force//, and //Allow//. Choosing  
//None// will disable provisioning and any enforcement of security  
polices or remote wipe. //Force// will only allow devices that are  
successfully provisioned to connect to the server. This means devices  
that don't properly support provisioning, such as some older Android  
versions, will simply not work. The third choice, //Allow// will  
enforce provisioning on the devices that support it, but will also  
allow devices that don't support it to connect to the server. Once  
provisioning support is added, security policies can also be added via  
the permissions interface.
+As of Horde 5, provisioning is enabled via the permissions interface.  
You must first add the //!ActiveSync// permission as a child of the  
//Horde// permission. The //Provisioning// permission is a child of  
//!ActiveSync// and all policies are children of //Provisioning//.
+
+In order to enforce any security policies on a device, it most be  
provisioned. However, not all devices support this and some will  
downright refuse to work if it's enabled. There are three choices for  
provisioning support. //None//, //Force//, and //Allow//. Choosing  
//None// will disable provisioning and any enforcement of security  
polices or remote wipe. //Force// will only allow devices that are  
successfully provisioned to connect to the server. This means devices  
that don't properly support provisioning, such as some older Android  
versions, will simply not work. The third choice, //Allow// will  
enforce provisioning on the devices that support it, but will also  
allow devices that don't support it to connect to the server. Once  
provisioning support is added, security policies can also be added via  
the permissions interface.

  Users can initiate a remote wipe, as well as view/manage their  
partnered devices in the !ActiveSync user preference.

  Clicking //Wipe// in the Horde interfaces for device management  
flags the server to send the wipe command to the device the next time  
it synchronizes. The next time the device attempts to request a  
command other then PING or OPTIONS, it will be wiped. The !ActiveSync  
preference page shows the status of all the user's devices. If the  
status is listed as //Pending//, and you wish to cancel the wipe  
request, you may do this by clicking the //Cancel Wipe// button. You  
should see the status be reset to //Provisioned//. After it is wiped,  
the status will be shown as //Wiped//, if you wish to allow the device  
to connect to your server again, you need to explicitly remove the  
device as a sync partner by clicking the //Remove// button. If you do  
not remove this entry, the device will continue to be wiped each time  
it reconnects to the server.