Or a membership list is compromised.
If you lose a device that's connected to your network, the burden of proof
becomes what was on that device. Since you're no longer in possession of
said device, one can only assume that any information that your organization
has at its disposal may be on the device. Do you have names of members,
addresses of members? Are these members younger than 18? Could a predator
get ahold of a list and use it for his own twisted desires?
It is a very tough battle to fight. It's taken two years of me extolling
the risks of thumb drives to our organization. The light went off when a
combination of events took place. The first event is that a local
competitor had a notebook stolen out of their car, which contained social
security numbers of thousands of state employees. Their assurance is that
the notebook was password protected. I and my supervising partner both knew
that was useless in the hands of a semi-knowledgable and motivated
individual (Nordahl's password reset anyone?). We used this loss by our
competitor to push the adoption of whole disk encryption. Now that we have
our hard drives encrypted and the partners understand the risks, banning
flash drives is beginning to make some sense.
IF what you're doing can capitalize on current events, you'll find that a
lot of your education problems will diminish.
On Wed, Sep 30, 2009 at 1:50 PM, Senter, John <john.sen...@etrade.com>wrote:
> This is a Powershell command, I pieced together. If you know PS I am
> sure there is a better way:
>
>
>
> ++++ Create a report of ActiveSync devices
>
> Get-Mailbox -ResultSize:Unlimited | ForEach {Get-ActiveSyncDeviceStatistics
> -Mailbox:$_.Identity} | Sort-Object -Property DeviceType,Identity |
> Select-Object
> @{name="EmailAddress";expression={$_.Identity.ToString().Split("\")[0]}},DeviceType,DeviceUserAgent
> | Export-Csv -Path:"C:\Temp\MobileDevices.csv"
>
>
>
> Well when it comes to management and lock down policies I am sure it will
> stay that way until a device is stolen and someone get confidential data
> leaked or they send a series of virus’ or vulgar e-mail to the company.
>
>
>
> Geez how bad would it look for the Girlscouts if a exec’s device is lost
> and someone was to send out a picture of child porn from that device to the
> employees or worse a news company. That would be a huge black eye for the
> organization. And that is what I would pose the management. I use to work
> for a very large children’s hospital and those kind of scare tactics would
> really open their eyes.
>
>
>
> *From:* Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org]
> *Sent:* Wednesday, September 30, 2009 11:52 AM
>
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> John, I would agree with you on the entire statement, but at the org I work
> at they do as they please. I have tried numerous times on writing several
> policies and explaining the importance of utilizing these policies from hand
> held to network protocols.
>
>
>
> Then I receive that deer in the headlight look and they say ok, but it’s
> been 3 years and till this day not one of those policies has been presented
> to the directors or the board for approval. Yes the policies have been
> submitted to HR but they do not conform or even read them. The primary
> mission at the org is MEMBERSHIP. (vent!!!!)
>
>
>
> Also, you stated you run a device report; which report is that? A custom
> report or some type of third party?
>
>
>
>
>
>
>
> Thanks
>
>
>
> Thomas
>
> *From:* Don Andrews [mailto:don.andr...@safeway.com]
> *Sent:* Wednesday, September 30, 2009 10:41 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> +1
>
>
> ------------------------------
>
> *From:* Senter, John [mailto:john.sen...@etrade.com]
> *Sent:* Wednesday, September 30, 2009 8:38 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> Well the only thing with ActiveSync is you cannot restrict what devices
> connect. So say you supply a employee with a iphone or windows mobile
> device. You enable ActiveySync for them, then they can go out and connect
> as many devices they want and you have no control. We have had users break
> or lose the device and they get it replace and reconnect without telling
> us. So when I run the device report I see they have multiple devices.
>
>
>
> This is why I like the Blackberry or Good approach to device. You must
> have the company add you and then only 1 device per person. ActiveSync is
> free so it is limited to what it can and can’t do. If MS really wants this
> to be a way to take Blackberry or Good out, they need to put a lot more
> control on the interface. The other thing that really sucks is ActiveSync
> is enabled, by default, for every Exchange user. There is no way to change
> the default setting so we run script every few days to change anyone that
> has the default setting of “not set” to disable. If a user wants to use
> ActiveSync they have to get approval then we enable the account.
>
>
>
> *From:* Ellis, John P. [mailto:johnel...@wirral.gov.uk]
> *Sent:* Wednesday, September 30, 2009 11:29 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> The other alternative is to not allow non company supplied hardware to
> connect to the corporate network.
>
>
> ------------------------------
>
> *From:* Senter, John [mailto:john.sen...@etrade.com]
> *Sent:* 30 September 2009 16:26
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
> If a user leaves the company I would hope you disable the account if not
> delete it. If the account is disabled it will not sync. If I remember
> correctly on the restore, it does not restore the data just the setup
> information so if a device is wiped and a user does a restore, if the
> account is disabled/deleted, it will error on the connection and there will
> be nothing on the device.
>
>
>
> *From:* Kat Collins [mailto:messagel...@gmail.com]
> *Sent:* Wednesday, September 30, 2009 11:19 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* Re: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> However, the other reason for a wipe is when a user leaves a company, has a
> personal iPhone that has been connected to corporate resources, and you now
> want to wipe and clear the device. I don't want that user to EVER be able
> to reconnect and resync that device, thus the change of the password on AD
> and some other steps that can be taken to block reconnection to Exchange...
>
> On Wed, Sep 30, 2009 at 8:12 AM, Thomas Gonzalez <
> tgonza...@girlscouts-swtx.org> wrote:
>
> So John, if I interpret your comment, the THIEF would have to be on the
> mac/pc that has the backup for the iPhone device to be succesful? I ask
> since I’m not a fan of Apple and I have very little time to test this out,
> since I’m a one person IT shop.
>
>
>
>
>
>
>
> *From:* Senter, John [mailto:john.sen...@etrade.com]
> *Sent:* Wednesday, September 30, 2009 10:06 AM
>
>
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> This is why you force a password lock on the device, with a bad password
> attempt limit so the device will auto erase after x attempts. If a device
> is locked, iTunes will not back it up, unless the system they are running
> iTunes on has already backed up the device before. You have to put in the
> password then iTunes will recognize it. So I guess if they get the iphone
> and the mac/pc that is used to sync with then you are SOL.
>
>
>
> *From:* Sobey, Richard A [mailto:r.so...@imperial.ac.uk]
> *Sent:* Wednesday, September 30, 2009 10:49 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> I know it’s not an ideal answer, but assuming you’re wiping because of a
> stolen device, the thief will hopefully not have had time to make a backup –
> and probably never would have anyway – so the “iPhone” will not try to
> resync with the same credentials and, by all accounts, succeed.
>
>
>
> Richard
>
>
>
> *From:* bounce-8672283-8066...@lyris.sunbelt-software.com [mailto:
> bounce-8672283-8066...@lyris.sunbelt-software.com] *On Behalf Of *Thomas
> Gonzalez
> *Sent:* 30 September 2009 15:43
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> So if I read the thread correctly and according to THX1138 ;)
>
>
>
> On a serious note: if a iPhone has been wiped and deleted and after a
> restore of the device, the credentials will reappear? I hope that’s not the
> case. I think I need to test this out now.
>
>
>
> At our organization (Girl Scouts) we looked at BBs (too expensive for us)
> so we allowed WinMobile and the iPhone…but I never tested the wipe / delete
> on the iPhone.
>
>
>
> Great, now this adds another issue to my current standings…...@!!!!
>
>
>
> Thomas
>
>
>
> *From:* Kim Longenbaugh [mailto:k...@colonialsavings.com]
> *Sent:* Wednesday, September 30, 2009 9:32 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> I’m guessing that there were 2 “yankers”, Ben, and then Dave.
>
>
> ------------------------------
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Wednesday, September 30, 2009 9:20 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* Re: uuh... iPhone + EAS + wipe + remove partnership = ?
>
>
>
> I do believe that Ben is yanking your chain.
>
> THX1138 is almost certainly a reference to the George Lucas film. He's
> indicating that these steps are not documented on Apple's support
> knowledgebase.
>
>
>
> I could be wrong, it's been a while since I've seen the movie so I might be
> missing the allusion.
>
> On Wed, Sep 30, 2009 at 10:02 AM, Dave Vantine <dvant...@gmail.com> wrote:
>
> After seeing this info yesterday, I tried to Bing & Google it based upon
> THX1138 and Apple Support + THX1138 and I get no hits. Would someone have a
> URL for this article as I would like to read it.
>
>
>
> Thanks in Advance
>
> -Dave Vantine
>
> On Wed, Sep 30, 2009 at 8:38 AM, Steven M. Caesare <scaes...@caesare.com>
> wrote:
>
> I use that support article ALL THE TIME for not-so-mainstream stuff.
> Amazing how every vendor seems to have that KB ID #.
>
> -sc
>
>
> > -----Original Message-----
> > From: Ben Scott [mailto:mailvor...@gmail.com]
> > Sent: Monday, September 28, 2009 9:51 PM
> > To: MS-Exchange Admin Issues
>
> > Subject: Re: uuh... iPhone + EAS + wipe + remove partnership = ?
> >
> > On Mon, Sep 28, 2009 at 9:26 PM, Kurt Buff <kurt.b...@gmail.com>
> wrote:
> > > Turn off ActiveSync?
> >
> > Turn off Activesync, delete the user account, uninstall iTunes,
> > smash up the iPhone with a hammer, reformat the server hard drives,
> > and have the Exchange administrator shot.
> >
> > It's all documented in Apple Support Article THX1138.
> >
> > ;-)
> >
> > -- Ben
>
>
>
>
>
> --
> Thanks
> Dave Vantine
>
>
>
>
>
> *GSSWT's Vision Statement: Our vision is to be a high performing,
> girl-focused staff with the desire and skill set to provide the highest
> standard of support that enriches, empowers and energizes the local Girl
> Scout Movement. In doing so, we create a lifetime of inspiration through
> Girl Scout experiences that are so relevant and inclusive every girl will
> want to be a part.*
>
>
>
> *GSSWT's Vision Statement: Our vision is to be a high performing,
> girl-focused staff with the desire and skill set to provide the highest
> standard of support that enriches, empowers and energizes the local Girl
> Scout Movement. In doing so, we create a lifetime of inspiration through
> Girl Scout experiences that are so relevant and inclusive every girl will
> want to be a part.*
>
>
>
>
> --
> Kat Collins -
>
> "Yesterday is history, tomorrow is a mystery, and today is a gift - that's
> why they call it the present."
>
> I enjoy the massacre of ads. This sentence will slaughter ads without a
> messy bloodbath."
>
> "The Email of the species is more powerful than the Mail!"
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
>
> intended solely for the use of the individual or entity to whom they
>
> are addressed. If you have received this email in error please notify
>
> the system manager.
>
> This footnote also confirms that this email message has been swept by
>
> MIMEsweeper for the presence of computer viruses.
>
> www.clearswift.com
>
> **********************************************************************
>
>
>
> *GSSWT's Vision Statement: Our vision is to be a high performing,
> girl-focused staff with the desire and skill set to provide the highest
> standard of support that enriches, empowers and energizes the local Girl
> Scout Movement. In doing so, we create a lifetime of inspiration through
> Girl Scout experiences that are so relevant and inclusive every girl will
> want to be a part.*
>
