Discussion:
Best Practise for lost device
(too old to reply)
Chris
2009-06-16 17:04:01 UTC
Permalink
I am running Exchange 2007 using ActiveSync to a Motorola Q smartphone and
I'm trying to understand my exposure when a device is lost. If I'm using an
Active Sync policy that requires a strong password, encrypts storage cards
and enable remote wiping of the device, is that all I can do? If so, there
is a gap when a device is lost while logged in, and not reported immediately,
is that right?

In other words, the data (mail, contacts, etc) on the smartphone itself, not
on a storage card, is not encrypted and therefore accessible, is that right?
pugwash
2009-06-16 22:09:37 UTC
Permalink
Post by Chris
I am running Exchange 2007 using ActiveSync to a Motorola Q smartphone and
I'm trying to understand my exposure when a device is lost. If I'm using an
Active Sync policy that requires a strong password, encrypts storage cards
and enable remote wiping of the device, is that all I can do? If so, there
is a gap when a device is lost while logged in, and not reported immediately,
is that right?
In other words, the data (mail, contacts, etc) on the smartphone itself, not
on a storage card, is not encrypted and therefore accessible, is that right?
I think it's worse than that. If the device is lost/stolen whilst unlocked
everything is accessible.
Although it doesn't help in that case, I use a registry modification to
store mail on the encrypted storage card.
Chris
2009-06-16 22:18:01 UTC
Permalink
Can you share with me the registry modification to make that happen? Were
you working off a Microsoft article by chance?

In your case then, the data is encrypted, but would still be accessible if
the device was not locked with a password.
Post by pugwash
Post by Chris
I am running Exchange 2007 using ActiveSync to a Motorola Q smartphone and
I'm trying to understand my exposure when a device is lost. If I'm using an
Active Sync policy that requires a strong password, encrypts storage cards
and enable remote wiping of the device, is that all I can do? If so, there
is a gap when a device is lost while logged in, and not reported immediately,
is that right?
In other words, the data (mail, contacts, etc) on the smartphone itself, not
on a storage card, is not encrypted and therefore accessible, is that right?
I think it's worse than that. If the device is lost/stolen whilst unlocked
everything is accessible.
Although it doesn't help in that case, I use a registry modification to
store mail on the encrypted storage card.
pugwash
2009-06-17 17:09:00 UTC
Permalink
Post by Chris
Can you share with me the registry modification to make that happen? Were
you working off a Microsoft article by chance?
In your case then, the data is encrypted, but would still be accessible if
the device was not locked with a password.
Post by pugwash
Post by Chris
I am running Exchange 2007 using ActiveSync to a Motorola Q smartphone and
I'm trying to understand my exposure when a device is lost. If I'm
using
an
Active Sync policy that requires a strong password, encrypts storage cards
and enable remote wiping of the device, is that all I can do? If so, there
is a gap when a device is lost while logged in, and not reported immediately,
is that right?
In other words, the data (mail, contacts, etc) on the smartphone
itself,
not
on a storage card, is not encrypted and therefore accessible, is that right?
I think it's worse than that. If the device is lost/stolen whilst unlocked
everything is accessible.
Although it doesn't help in that case, I use a registry modification to
store mail on the encrypted storage card.
I found the method somewhere on the web, can't remember where. Works fine
on my 6.1 devices.

Edit registry as follows:

HKLM\\System\Inbox\Settings\PropertyPath Value \Storage
Card\Messaging
HKLM\\System\Inbox\Settings\AttachPath Value \Storage
Card\Messaging\Attachments

then MOVE the entire Messaging folder under \Windows to \Storage Card and do
a SOFT RESET

I use SmartReg to edit the registry.

Beware: if you remove the storage card and run messaging the device will
recreate the Messaging folder back under \Windows and undo the registry
changes.
pugwash
2009-06-17 17:09:00 UTC
Permalink
Post by Chris
Can you share with me the registry modification to make that happen? Were
you working off a Microsoft article by chance?
In your case then, the data is encrypted, but would still be accessible if
the device was not locked with a password.
Post by pugwash
Post by Chris
I am running Exchange 2007 using ActiveSync to a Motorola Q smartphone and
I'm trying to understand my exposure when a device is lost. If I'm
using
an
Active Sync policy that requires a strong password, encrypts storage cards
and enable remote wiping of the device, is that all I can do? If so, there
is a gap when a device is lost while logged in, and not reported immediately,
is that right?
In other words, the data (mail, contacts, etc) on the smartphone
itself,
not
on a storage card, is not encrypted and therefore accessible, is that right?
I think it's worse than that. If the device is lost/stolen whilst unlocked
everything is accessible.
Although it doesn't help in that case, I use a registry modification to
store mail on the encrypted storage card.
I found the method somewhere on the web, can't remember where. Works fine
on my 6.1 devices.

Edit registry as follows:

HKLM\\System\Inbox\Settings\PropertyPath Value \Storage
Card\Messaging
HKLM\\System\Inbox\Settings\AttachPath Value \Storage
Card\Messaging\Attachments

then MOVE the entire Messaging folder under \Windows to \Storage Card and do
a SOFT RESET

I use SmartReg to edit the registry.

Beware: if you remove the storage card and run messaging the device will
recreate the Messaging folder back under \Windows and undo the registry
changes.
Chris
2009-06-16 22:18:01 UTC
Permalink
Can you share with me the registry modification to make that happen? Were
you working off a Microsoft article by chance?

In your case then, the data is encrypted, but would still be accessible if
the device was not locked with a password.
Post by pugwash
Post by Chris
I am running Exchange 2007 using ActiveSync to a Motorola Q smartphone and
I'm trying to understand my exposure when a device is lost. If I'm using an
Active Sync policy that requires a strong password, encrypts storage cards
and enable remote wiping of the device, is that all I can do? If so, there
is a gap when a device is lost while logged in, and not reported immediately,
is that right?
In other words, the data (mail, contacts, etc) on the smartphone itself, not
on a storage card, is not encrypted and therefore accessible, is that right?
I think it's worse than that. If the device is lost/stolen whilst unlocked
everything is accessible.
Although it doesn't help in that case, I use a registry modification to
store mail on the encrypted storage card.
Loading...