Comments for MobilityDojo.net

Comment on Update – DojoCrypt goes 1.0 by Andreas

Andreas — Fri, 26 Feb 2010 11:18:02 +0000

Well, I was looking at porting it to WM Standard. But I ran into another issue holding me back (on both Pro and Std). I wanted to include encryption of memory cards as well, but the provisioning I use isn’t working on removable media (a limitation of the file system). Haven’t quite figured out how to get past that.
Other than that there never really was a great demand for a Standard version (the Pro version gets a download every now and then but nothing spectacular in those numbers either).
If I don’t include encryption of memory cards a port could probably be done in a short amount of time.

Comment on Setting Email Signatures From Your MDM Platform by SebastienG

SebastienG — Wed, 24 Feb 2010 10:10:00 +0000

I’m using your tool for the first time and it works great !!!!
It will help me to manage the signature on all my devices.

Thanks a lot Andreas to take some time in order to create this kind of application !

Comment on Update – DojoCrypt goes 1.0 by James M

James M — Wed, 24 Feb 2010 00:47:42 +0000

*bump*
Any news on a version for WM6.1 Standard?

Comment on System Center Mobile Device Manager 2008 – Installing a Gateway Server by goDog

goDog — Wed, 27 Jan 2010 07:17:50 +0000

Hey Andreas,

I really need you opinion about a case, can you write to me? I will explain it all, please write to godog@supercable.net.ve. It about SCMDM, just an opinion.

Thanks a lot!

Comment on Personal Certificates and Exchange ActiveSync by Andreas

Andreas — Fri, 15 Jan 2010 19:23:49 +0000

Not to my knowledge. ActiveSync can only handle one authentication type. Part of the point in moving to certificates is getting rid of the password which in addition to the security perspective also is annoying from a user perspective The certificate is separate from the password attribute so when using a certificate ActiveSync will not have any knowledge of expiration dates on the password.

If you want to handle certificates in a more strict manner you can edit the template and set the validity to less than 1 year (which is the default). You can also look into enrolling separate certificates for the device and have this checked/verified at the edge (on something like ISA server) although this requires some extra work (read: coding or buying third-party apps). You can also put the Exchange server behind a VPN tunnel that requires username/password, but I would discourage you from doing this. (It’s not a good user experience if you experience drops in connections, and it will consume extra battery.)

Combining some of the above you could go for SCMDM as a device management solution, but that’s a lot of extra work if you do not need an MDM solution

Comment on Personal Certificates and Exchange ActiveSync by Prashant Singh

Prashant Singh — Fri, 15 Jan 2010 08:16:41 +0000

Hi, Is there a way to have both password and client certificate enabled so as to double up the security. I would like to have the password re-entered on device if the AD password changes.

Comment on Restricting Exchange ActiveSync Access – Redux by Andreas

Andreas — Fri, 08 Jan 2010 09:41:52 +0000

I’ll admit that I haven’t doublechecked, but I believe the DeviceID Windows Mobile presents to Exchange is the GUID of the device. Each WM device has an id (probably derived from the IMEI and some extra variable), and it makes sense to use this for ActiveSync as well. I have not found a good solution for managing this without an MDM solution.

Comment on Restricting Exchange ActiveSync Access – Redux by bernhard

bernhard — Thu, 07 Jan 2010 11:14:03 +0000

You write:
So, what does the DeviceIDs and Type look like? Ah, here’s where the detective work comes into play. What I have found so far:
Windows Mobile –> DeviceID = long hex value (called ExchangeID), DeviceType = PPC/SmartPhone/variation of this
Do you have any idea, what the ExchangeID means? We habe hundreds of Mobiles, and I would like to find out, who has which device. The iPhone is easy, since the ExchangeID is the serial number of the device, however with Windows Mobile this long hex value does not make any sense.

Thank you Bernhard

Comment on Restricting Exchange ActiveSync Access by Andreas

Andreas — Sat, 26 Dec 2009 12:47:11 +0000

I just tested with an HTC HD2 and it synced fine with the non-provisionable setting checked and unchecked.

I have however seen the same issue on an HTC Touch Pro running WM 6.1. It wasn’t with my user account, and I do not know if it is reproducible on the same device with another user account. I have however seen other strange effects regarding the EAS policies, (encryption being enforced even though it’s not checked for instance), so I believe there might be a bug or two. If the bugs are server side or client side I do not know.

Comment on Restricting Exchange ActiveSync Access by Ratish

Ratish — Wed, 23 Dec 2009 10:30:19 +0000

Hi,

This is indeed a great post.
Are you aware of the compatibility issues with Win mobile 6.5 and the setting “Allow non-provisionable devices” ??

If we check that box – Allow non-provisionable devices, Mobile will sync fine… wont if we dont…