[commits] [Wiki] changed: ActiveSync

Michael Rubinsky mrubinsk at horde.org
Thu Jan 30 23:26:54 UTC 2014 

mrubinsk  Thu, 30 Jan 2014 23:26:54 +0000

Modified page: http://wiki.horde.org/ActiveSync
New Revision:  247
Change log:  This has nothing to do with ActiveSync, is basic  
administration, and might not even be appropriate to add "All  
permissions" to "All users".

@@ -190,9 +190,8 @@
  ++ Provisioning/!RemoteWipe
  Provisioning allows devices to be more tightly registered with a  
particular server. It enables the server to be able to send policy  
settings to the device. These policy settings include things like  
requiring a PIN to unlock the device, the complexity of the PIN  
required, the number of failed login attempts allowed etc...  
Additionally, it enables devices to be remotely wiped so that if a  
device is lost or stolen, the user or administrator can request the  
device to be wiped.

  As of Horde 5, provisioning is enabled via the permissions  
interface. You must first add the //!ActiveSync// permission as a  
child of the //Horde// permission. The //Provisioning// permission is  
a child of //!ActiveSync// and all policies are children of  
//Provisioning//.
-If the //Horde// permission doesn't exist, create it and add all  
permissions to "All Authenticated users". You may also need to add the  
same permissions to the (timeobjects) element or your users may not be  
able to access Horde/Imp past the login page.

  In order to enforce any security policies on a device, it must be  
provisioned. However, not all devices support this and some will  
downright refuse to work if it's enabled. There are three choices for  
provisioning support. //None//, //Force//, and //Allow//. Choosing  
//None// will disable provisioning and any enforcement of security  
polices or remote wipe. //Force// will only allow devices that are  
successfully provisioned to connect to the server. This means devices  
that don't properly support provisioning, such as some older Android  
versions, will simply not work. The third choice, //Allow// will  
enforce provisioning on the devices that support it, but will also  
allow devices that don't support it to connect to the server. Once  
provisioning support is added, security policies can also be added via  
the permissions interface.

  Users can initiate a remote wipe, as well as view/manage their  
partnered devices in the !ActiveSync user preference.

More information about the commits mailing list