Thursday, July 07, 2005

Exchange 2003 Service Pack 2 (SP2) Remote Wipe functionality

Here is some fantastic information on SP2's Remote Wipe functionality from Salman Zafar

Remote Wipe is a new feature in E2K3 SP2 that will enable the Exchange admins to force a device to delete its contents remotely. This can come in very handy when an end user loses their device or if the device is stolen -- and there is a risk that someone could access personal or confidential data. I should point out that there are a number of other policy/security related features in E2K3 SP2 to help mitigate this risk. For example, an Exchange admin can also enforce the user to use a PIN, can enforce a length for the PIN, can enforce whether the PIN is numeric or alphanumeric, and can enforce a specific PIN timeout. This coupled with the local wipe capability -- which removes all data from the device when someone enters an incorrect PIN x number of times provides good risk mitigation when a device is lost of stolen. But, remote wipe is intended to provide an additional layer of security on top of all this.

Remote Wipe UI

There is an ASP.NET administration web page which will allow the admin to view the list of devices for a particular user at which point the admin can send wipe commands for a given user, delete old or unused partnership between devices and users or even cancel the wipe command issued for a particular device for that user.

The web page has a transaction log which can be viewed by any admin that accesses that webpage and it shows a list of all actions taken on a particular user and device partnership containing the Date and Time when the activity took place, the user name, the SMTP address, Device ID, Device Type and the action that was taken (e.g. Cancel Wipe, Delete).

The setup will only work for administrators. IIS6 is required for the install. With IIS5 we have an auth issue with the tool. The way we designed it is we wanted admins to be able to give permissions to other users to access the page if needed. For that requirement we had to use the System account the app pool runs under to do an admin logon to the BE. This works great in IIS 6 since the app pool runs as local system. However, in IIS 5 the settings are to run asp.net WP under IWAM_machinename which is a restricted account.

What gets installed when we run the setup

Once the setup is run, a vdir with the name "MobileAdmin" is created and only Network Service/ASP.NET or administrator have access to it. A directory called "Microsoft Exchange ActiveSync Administration" is also created under Program Files.

Using the MobileAdmin webpage

To view the website we require SSL. This might require a cert to be issued. If that is the case, it will be issued automatically. To view the webpage type

            https://<ServerName>/MobileAdmin

Note: since we require SSL you have to use HTTPS. If you use HTTP, you will get the following error message "The page must be viewed over a secure channel"

Once you enter the URL using https you might get the following security alert asking you if you want to install the cert if you don't have one already.

Note: You might or might not see this depending on if you need the cert to be installed or not.

At this time, either the admin or those users who have permission to view this page will be able to view the main page. The admin will be required to enter their credentials before proceeding.

To give a user permission to access this page you can either go to IIS Manager. Right click on MobileAdmin vdir and click on Permissions and add the user you want to give permissions to.

Alternatively, you can go to <installDrive>\Program Files. Right click on "Microsoft Exchange ActiveSync Administration". Select Sharing and Security and go to Security Tab and add the user here.

Click on Remote Wipe on main page to view partnerships for a particular user and to issue wipe, Cancel wipe and delete partnerships as shown:

The snapshot above shows all the partnerships for user Sync1. The admin issued a RemoteWipe for DeviceID=Device1 and DeviceType=PocketPC which was acknowledged by the device. The data shows when the Wipe was initiated, when it was sent to the device, when the device acknowledged it and the status of the wipe command which in this case is the wipe operation completed successfully.

Also note, that DeviceID=NSFJITNAA has not yet sent acknowledgement yet.

If a user does not exist or does not have any partnerships an error message will be displayed which will specify if user does not exist or mailbox is not enabled or no devices were found for that mailbox.

Using PROPPATCH to issue Remote Wipe

A remote wipe is requested by setting the "wipeinitiated" property on the mailbox of the user to a non-zero time value.  By "the mailbox", I really mean the folder where we store sync related stuff.  For a user of "salman", a device type of "smartphone", and a device id of "testdevice", that folder would be:

/exchange/salman/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/smartphone/testdevice

We can issue a PROPPATCH to set this property.

PROPPATCH /exchange/<mailbox>/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync<DeviceType>/<DeviceID>

Host: <Server>

Brief: t

Accept-Language: en

Content-Type: text/xml

Content-Length: 406

Connection: Keep-Alive

 

<?xml version="1.0" encoding="utf-8"?>

<propertyupdate xmlns="DAV:" xmlns:A="AirSyncCustom:">

 <set>

  <prop>

   <A:wipeinitiated>2005-03-22T00:00:30.078Z</A:wipeinitiated>

  </prop>

 </set>

</propertyupdate>

The specific time isn't important -- the only thing that matters is that it is non-zero when mapped to a FILETIME, where zero means something like January 1, 1601.

What Happens at Protocol layer

At protocol level, the server determines the admin has scheduled the device for remote wipe and sends back HTTP 449 in response. The device then provisions and acknowledges receipt of the remote wipe and subsequently executes the Remote Wipe command.

When the admin schedules the device for remote wipe, and the user issues a provision command, it sends down a Remote Wipe element indicating that the recipient is to initiate the remote wipe sequence.

In the 2nd phase or Acknowledgement part of provision command, an acknowledgement is provided that the remote Wipe directive has been received. Upon receiving the remote Wipe from the server via Provision response, the client issues an acknowledgement indicating its success or failure in receiving it. The status of remote wipe should only indicate success if device processed command correctly and intends to execute a wipe of local contents.

When we process a PROVISION command for a device that is to be remote wiped, we consider the following:

Timestamp Value

Remote Wipe bit True?

State Description

Action

Sent:<time>

Yes

Client didn’t ack last time and is re-sending PROVISION (i.e. if PROVISION response from server was lost last time)

Issue PROVISION response with remoteWipe element

Default

Yes

Expected case.  Device is connecting for the first time after admin specified remote wipe

Issue PROVISION response with remoteWipe element

Ack:<time>

Yes

Error – implies that device ack’d but did not carry out remote wipe command.

Issue PROVISION command with remoteWipe element



This shows up on the webpage as:

22 comments:

Anonymous said...

[url=http://seghan.ru/go.php?sid=35][img]http://i066.radikal.ru/1001/38/f22daff34e6d.jpg[/img][/url]












[url=http://qzexaua.flackert.de/sitemap.html]buying cigarettes online testimonial [/url]
buy gitanes cigarettes buy reservation cigarettes buy malibu cigarettes online
[url=http://uvfaquc.akzentuiert.de/]where to buy cigarettes wholesale [/url]
buy doral cigarettes online buy european cigarettes online buy cigarettes online native american
[url=http://tyouhca.xn--geglckt-q2a.de/]18 to buy cigarettes [/url]
buy camel blue cigarettes how many people buy cigaretts buy cheap cigarette store
[url=http://qzexaua.flackert.de/sitemap.html]buy duty free cigarettes online [/url]
buy empty cigarette packs on line where to buy dse901 electronic cigarette buying cigarettes indian reservations
[url=http://tioozua.connection24.de/sitemap.html]buy merit cigarettes online [/url]
buy cigarettes direct buy cigarettes paypal buy cigarette cartons online
[url=http://deuaexj.naheliegend.de/sitemap.html]buy native cigarettes [/url]
place to buy cigarettes ewoss search mail order cigarettes buy polish cigarettes
[url=http://vjzvmeu.il.gp/]buy cartons cigarettes [/url]
expense of buying cigarettes buy camel cigarette buying cigarettes over the enternet
[url=http://deuaexj.naheliegend.de/]where to buy cigarette tobacco [/url]
buying tax free native cigarettes on line buy cigarettes from an indian reservation buy pink elephant cigarettes
[url=http://mlwqdwu.xn--baldmglichst-8ib.de/sitemap.html]order cigarettes from delaware [/url]
buy cartier cigarettes american spirits cigarettes buy buy maverick cigarettes tucson
[url=http://vjzvmeu.il.gp/]buying cigarettes over the enternet [/url]
order cigarettes from egypt order cigarettes age to buy cigarettes in california

Anonymous said...

My friend and I were recently discussing about technology, and how integrated it has become to our daily lives. Reading this post makes me think back to that debate we had, and just how inseparable from electronics we have all become.


I don't mean this in a bad way, of course! Societal concerns aside... I just hope that as the price of memory decreases, the possibility of uploading our memories onto a digital medium becomes a true reality. It's a fantasy that I daydream about all the time.


(Posted on Nintendo DS running [url=http://www.leetboss.com/video-games/r4i-r4-sdhc-nintendo-ds]R4i[/url] DS ComP)

Anonymous said...

I would like to exchange links with your site nbe.blogspot.com
Is this possible?

Alex said...

My friend works with emails every weekend. But one day he applied for help to me and I quickly advised him tool which I found out on an one big soft blog. He was glad and thanked me a lot. Moreover it would be good choice in this condition - recovery edb.

Anonymous said...

[url=http://hoohi-mach.com/search/driver+update+pro+edition.html]driver update pro edition[/url]
[url=http://hoohi-mach.com/search/folder+icon+country.html]folder icon country[/url]
[url=http://hoohi-mach.com/search/bring+the+fish.html]bring the fish[/url]
[url=http://hoohi-mach.com/search/morphgear+mastersystem+gameboy+nes+emu.html]morphgear mastersystem gameboy nes emu[/url]
[url=http://hoohi-mach.com/search/ubdate+file+ivdf.html]ubdate file ivdf[/url]
[url=http://hoohi-mach.com/search/16+yo+lez.html]16 yo lez[/url]
[url=http://hoohi-mach.com/search/james+herbert+creed+unabridged+horror.html]james herbert creed unabridged horror[/url]
[url=http://hoohi-mach.com/search/para+m.html]para m[/url]
[url=http://hoohi-mach.com/search/ogc+prince2+manual+2009.html]ogc prince2 manual 2009[/url]
[url=http://hoohi-mach.com/search/mama+is+4th+grader.html]mama is 4th grader[/url]
[url=http://hoohi-mach.com/search/structural+sign.html]structural sign[/url]
[url=http://hoohi-mach.com/search/buffy+season+8+issue+34.html]buffy season 8 issue 34[/url]
[url=http://hoohi-mach.com/search/mms+hot+mms+clips.html]mms hot mms clips[/url]
[url=http://hoohi-mach.com/search/mom+dad+me+aprendemos+espanol.html]mom dad me aprendemos espanol[/url]
[url=http://hoohi-mach.com/search/downthemall+jdownloader.html]downthemall jdownloader[/url]
[url=http://hoohi-mach.com/search/dmxf+needless+02.html]dmxf needless 02[/url]
[url=http://hoohi-mach.com/search/vector+bullet.html]vector bullet[/url]
[url=http://hoohi-mach.com/search/clock+on+try.html]clock on try[/url]
[url=http://hoohi-mach.com/search/csi+flv.html]csi flv[/url]
[url=http://hoohi-mach.com/search/alan+swear+09.html]alan swear 09[/url]
[url=http://hoohi-mach.com/search/denisa+motru.html]denisa motru[/url]
[url=http://hoohi-mach.com/search/bad+manners+best+of.html]bad manners best of[/url]
[url=http://hoohi-mach.com/search/enjoy+your+life+dj+chemsou.html]enjoy your life dj chemsou[/url]
[url=http://hoohi-mach.com/search/dark+alliance.html]dark alliance[/url]
[url=http://hoohi-mach.com/search/rammstein+rosenrot+chipmunk+version.html]rammstein rosenrot chipmunk version[/url]
[url=http://hoohi-mach.com/search/chart+12+2009.html]chart 12 2009[/url]
[url=http://hoohi-mach.com/search/the+expendables+1080p+megaupload.html]the expendables 1080p megaupload[/url]
[url=http://hoohi-mach.com/search/vangelis+1492+conquest+of+paradise.html]vangelis 1492 conquest of paradise[/url]
[url=http://hoohi-mach.com/search/panorama+landscape.html]panorama landscape[/url]
[url=http://hoohi-mach.com/search/buzz+nl.html]buzz nl[/url]

Anonymous said...

Merry Christmas! Let the new year will bring a lot of money

Anonymous said...

ambien on line ambien side effects ear ringing - zolpidem 10mg pill identifier

Anonymous said...

Incredible! This blog looks just like my old one!
It's on a entirely different topic but it has pretty much the same layout and design. Wonderful choice of colors!
Also visit my site :: cheap cigarettes

Anonymous said...

Hi there are using Wordpress for your site platform?

I'm new to the blog world but I'm trying to get started and set up my own.
Do you need any html coding knowledge to make your own blog?
Any help would be greatly appreciated!
Visit my homepage :: direct download movies

Anonymous said...

It's the best time to make a few plans for the longer term and it's time to be happy.
I have learn this submit and if I may just I want to counsel you some fascinating things or advice.

Perhaps you can write subsequent articles regarding this article.
I want to read even more things approximately it!
Also visit my webpage - free iphone

Anonymous said...

Pretty nice post. I just stumbled upon your blog and wanted to say that I've truly enjoyed surfing around your blog posts. In any case I will be subscribing to your rss feed and I hope you write again soon!
My web-site ... clean my pc

Anonymous said...

I'm not sure why but this blog is loading extremely slow for me. Is anyone else having this issue or is it a issue on my end? I'll check back later and
see if the problem still exists.
Here is my blog Work From Home Jobs

Anonymous said...

Oh my goodness! Incredible article dude! Thank you so much, However I am going through problems with
your RSS. I don't know the reason why I cannot join it. Is there anyone else having the same RSS issues? Anybody who knows the solution can you kindly respond? Thanks!!
Review my website :: how to play piano

Anonymous said...

I leave a response when I like a article on a site or if I
have something to contribute to the discussion. It is caused by
the fire displayed in the post I looked at. And on this article
"Exchange 2003 Service Pack 2 (SP2) Remote Wipe functionality".

I was moved enough to drop a comment :-P I do have a few
questions for you if you don't mind. Is it simply me or do a few of these remarks appear as if they are left by brain dead individuals? :-P And, if you are writing at additional places, I would like to follow anything new you have to post. Would you make a list all of all your communal pages like your linkedin profile, Facebook page or twitter feed?
Also see my webpage :: buy cigarettes online

Anonymous said...

Hi there everyone, it's my first go to see at this website, and piece of writing is really fruitful in support of me, keep up posting these articles.
My blog post ; tattoo removal

Anonymous said...

Fantastic goods from you, man. I have understand your stuff previous to and you're just too excellent. I really like what you have acquired here, certainly like what you're stating and the way in
which you say it. You make it entertaining and you still care for to keep it sensible.
I can not wait to read far more from you. This is actually a
terrific web site.

Feel free to visit my web page; Elite Esig

Anonymous said...

Very good blog! Do you have any tips for aspiring
writers? I'm planning to start my own blog soon but I'm a little lost on everything.
Would you advise starting with a free platform like Wordpress or go for a paid option?

There are so many options out there that I'm totally overwhelmed .. Any suggestions? Many thanks!

my web page ... White Kidney Bean Extracts
Also see my page - White Kidney Bean Diets

Anonymous said...

Thank you for some other wonderful post. Where else may anybody get that type of info
in such an ideal manner of writing? I've a presentation next week, and I'm on the search for such information.


Feel free to visit my site Moises

Anonymous said...

Wonderful web site. Plenty of useful information here.

I'm sending it to several pals ans additionally sharing in delicious. And naturally, thank you in your sweat!

Also visit my blog ... white bean

Anonymous said...

Superb, what a web site it is! This weblog provides useful data to
us, keep it up.

Also visit my page :: white kidney

Anonymous said...

I seldom drop comments, but i did some searching and wound up here "Exchange 2003 Service Pack 2 (SP2) Remote Wipe functionality".
And I actually do have some questions for you if it's allright. Is it simply me or does it seem like some of these responses appear like they are written by brain dead folks? :-P And, if you are posting at other social sites, I'd like to follow everything fresh you have to post.
Could you make a list of every one of your communal pages
like your twitter feed, Facebook page or linkedin
profile?

Also visit my weblog; http://saphireecig.net

Anonymous said...

hello!,I love your writing so so much! share we keep in touch extra about your article on AOL?
I need an expert in this house to resolve my
problem. Maybe that is you! Looking forward to see you.



My page :: Power Ecig