We already have OWA using Safeword for authentication. I am setting up Activesync for devices, so yes.
On Tue, Sep 23, 2008 at 7:51 AM, Sherry Abercrombie <[EMAIL PROTECTED]>wrote: > Are you trying to do both OWA and ActiveSync? > > > On 9/23/08, mqcarp <[EMAIL PROTECTED]> wrote: >> >> Do you happen to use a front end Exchange server? We do not, and have come >> across a problem. In reading about the solution on MS site, this seems odd >> and insecure. Has anyone had to implement this fix? >> >> http://support.microsoft.com/kb/817379/EN-US/ >> >> >> >> On Mon, Sep 22, 2008 at 2:03 PM, Sherry Abercrombie <[EMAIL PROTECTED]>wrote: >> >>> I have ISA in my environment, but it is not a part of the OWA/ActiveSync >>> setup. I have a reverse proxy setup at my colo that is used for both OWA >>> and ActiveSync. >>> >>> >>> On 9/22/08, mqcarp <[EMAIL PROTECTED]> wrote: >>>> >>>> Sherry are you using ISA in your environment? >>>> >>>> On Mon, Sep 22, 2008 at 12:15 PM, Michael B. Smith < >>>> [EMAIL PROTECTED]> wrote: >>>> >>>>> The below was current as of the release of Exchange Server 2003 sp2. >>>>> Not sure if the attribute has additional documented values in Exchange >>>>> 2007. >>>>> >>>>> >>>>> >>>>> You can also make the change globally easily using PowerShell or a tool >>>>> like ADModify.Net. >>>>> >>>>> >>>>> >>>>> The final Exchange specific tab is Exchange Features, shown in Figure >>>>> 9-9. The Mobile Services entries allow you to control, on a per-user >>>>> basis, >>>>> the mobile capabilities of Exchange. If you, by default, enable mobile >>>>> services at the global level (Global Settings(R)Mobile Services(R) >>>>> Properties(R)General) then this window allows you to disable the >>>>> capabilities at the per-user level. Using the script made available in >>>>> Microsoft KB 830188 (How to grant permission to use Outlook Mobile Access >>>>> to >>>>> specific users of Exchange Server 2003), you can globally disable all >>>>> users >>>>> and then pick and choose which specific users are to be allowed access to >>>>> mobile service capabilities. >>>>> >>>>> >>>>> >>>>> The per-user AD attribute that controls these functions is named >>>>> msExchOmaAdminWirelessEnable. If this attribute has a value of zero or >>>>> the attribute is not present, then all mobile services are enabled. If >>>>> Outlook Mobile Access (OMA) is disabled, but the other two features are >>>>> enabled, then the attribute has a value of two (2). The other two items >>>>> control specific features associated with Exchange ActiveSync (EAS). >>>>> "User >>>>> Initiated Synchronization" must be enabled for Up-to-date Notifications to >>>>> be enabled; however Up-to-date Notifications may be disabled on its own. >>>>> If >>>>> only Up-to-date Notifications is disabled, then >>>>> msExchOmaAdminWirelessEnable has a value of one (1). If both User >>>>> Initiated Synchronization and Up-to-date Notifications are disabled, then >>>>> msExchOmaAdminWirelessEnable has a value of five (5). If all three >>>>> Mobile Services are disabled, then msExchOmaAdminWirelessEnable has a >>>>> value of seven (7). >>>>> >>>>> >>>>> >>>>> If you search the Internet, you will find that other values can be >>>>> specified for this attribute. However, the values described in the prior >>>>> paragraph are the only values which Microsoft has documented. You are >>>>> better >>>>> off only using these values. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Regards, >>>>> >>>>> >>>>> >>>>> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP >>>>> >>>>> My blog: http://TheEssentialExchange.com/blogs/michael >>>>> >>>>> Link with me at: http://www.linkedin.com/in/theessentialexchange >>>>> >>>>> >>>>> >>>>> *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] >>>>> *Sent:* Monday, September 22, 2008 12:55 PM >>>>> *To:* MS-Exchange Admin Issues >>>>> *Subject:* Re: ActiveSync Set Up Veterans >>>>> >>>>> >>>>> >>>>> The Exchange Features tab in AD for each account is the place to enable >>>>> or disable additional Exchange features such as mobile and OWA. All these >>>>> features are enabled by default and you will have to disable them. When >>>>> we >>>>> recently went through the process to setup OWA and ActiveSync, I had to >>>>> manually disable everyone except those that had the proper approval for >>>>> mobile and/or OWA. Check with your HR department because there are legal >>>>> things to consider with employees checking or receiving email during >>>>> non-business hours. >>>>> >>>>> In your IIS settings for ActiveSync you can set it to require SSL and I >>>>> wouldn't recommend setting it up any other way. No SSL means that you're >>>>> network credentials are being sent clear text.......very bad idea. >>>>> >>>>> Haven't had need to do any looking at logging for auditing at this >>>>> point so I can't address that. >>>>> >>>>> On 9/22/08, *mqcarp* <[EMAIL PROTECTED]> wrote: >>>>> >>>>> Just have a few questions if some of you are using this feature. It >>>>> seems frighteningly easy to set up on the server side and I want to ensure >>>>> that the settings are secure. Here are a few observations for you vets on >>>>> this: >>>>> >>>>> * The settings are activated for ALL users when it is enabled. Is it >>>>> possible to disable it by default and enable specific users in AD? >>>>> * Is there a log setting to enable for reviewing audit processes for >>>>> pushes and troubleshooting in Exchange? >>>>> * For iPhones, I have noticed that the config utility can require a >>>>> certificate for the server side push set up, but if you set up a device >>>>> manually, it will accept the connection without this validation. Can this >>>>> be >>>>> set to be required to avoid connections this way? >>>>> >>>>> This is on Exch 2003. >>>>> >>>>> TIA >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Sherry Abercrombie >>>>> >>>>> "Any sufficiently advanced technology is indistinguishable from magic." >>>>> >>>>> Arthur C. Clarke >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>> >>> >>> >>> -- >>> Sherry Abercrombie >>> >>> "Any sufficiently advanced technology is indistinguishable from magic." >>> Arthur C. Clarke >>> >>> >>> >> >> >> > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
