Sorry Don, meant Profiles... But again, once you setup Exchange the EAS is basically done and you can have a WM device setup in minutes. Not saying Blackberry is bad, I like the BES...however it takes a little time to setup and then again you need to visit it again each time to add a user.
On Tue, Sep 23, 2008 at 5:07 PM, Don Andrews <[EMAIL PROTECTED]>wrote: > We have a couple thousand BBs and a couple of dozen test EAS WM devices > (despite policies to the contrary - guess some management folks are more > equal than others). > > We find (possibly due to lack of familiarity) just the opposite. Lots of > tech and handholding to get EAS working (non-technical user community) and > our user admins have the BES user admin role and can simply point and click > to add users and set activation password. (No idea what profile Steve is > referring to) > > Unless you are wide open as far as exchange server access and globally > allow ANY user to attempt to connect their personal phone, you will have to > specifically allow (or stop disallowing) each new user. > > The EAS comments are second hand so they may be a bit overstated. > > --------------------------------- > Sent from my BlackBerry Wireless Handheld > > ----- Original Message ----- > From: Steve Ens <[EMAIL PROTECTED]> > To: MS-Exchange Admin Issues <[email protected]> > Sent: Tue Sep 23 15:30:12 2008 > Subject: Re: ActiveSync Set Up Veterans-GOING OT > > I use them both too...less admin with the EAS...no adding users, assigning > profiles, etc... > > > On Tue, Sep 23, 2008 at 4:26 PM, Sherry Abercrombie <[EMAIL PROTECTED]> > wrote: > > > I have both ActiveSync & BES, personally, I prefer BES, but have no > real issues w/EAS. > > > On Tue, Sep 23, 2008 at 4:16 PM, wjh <[EMAIL PROTECTED]> wrote: > > > So, do people really like Activesync? Or is that free beats > clunky? Connectivity and management through BB or Good seems so much > easier. We use Good on our WM devices and the interface is so much better. > Tasks and notes work fine, plus no certificate hoops to jump through. > > Bill > > mqcarp wrote: > > I think I have it. I do note that the server setting > is very misleading. I ended up using the direct server address ie > mail.domain.com instead of the direct OMA address like many documents > online suggest ie mail.domain.com/oma > > I never could get it to work manually configuring > the device, but did get it to work with the config utility (I use the web > version). I think that portion is due to the certificate validation being > included in the config. > > That said so far only portions of the contacts, no > calendar, and only folder structure is coming across at this point. At least > we are getting somewhere! > > > On Tue, Sep 23, 2008 at 1:44 PM, mqcarp < > [EMAIL PROTECTED]> wrote: > > > Thank you for sharing Sherry. I still have a > few quirks going on so I will keep testing. A dumb mistake was not including > the domain name ahead of the user name! I have a feeling this may not suit > our CEO either, as I keep reading about some limitations. Will see. > > > On Tue, Sep 23, 2008 at 11:58 AM, Sherry > Abercrombie <[EMAIL PROTECTED]> wrote: > > > > http://www.techsack.com/2008/08/19/getting-your-iphone-to-work-with-exchange-active-sync-ssl-certificate/ > > > On 9/23/08, mqcarp < > [EMAIL PROTECTED]> wrote: > > Interesting, well OMA works fine now > both internally and externally, however ActiveSync will not. This is on an > iPhone. Still reviewing > > > > On Tue, Sep 23, 2008 at 10:53 AM, > mqcarp <[EMAIL PROTECTED]> wrote: > > > I got it worked out but it is > excruciatingly slow. Very odd. I will have to look at this. Thanks all > > > On Tue, Sep 23, 2008 at 9:05 AM, > Michael B. Smith <[EMAIL PROTECTED]> wrote: > > > I did this the first time, long ago > and far away. It's just part of the process now…here were my comments the > first time I had to do it: > > > > > http://theessentialexchange.com/blogs/michael/archive/2007/11/13/oma-amp-activesync-after-configuring-rpc-https-and-forms-based-authentication.aspx > > > > Regards, > > > > Michael B. Smith, > MCITP:SA,EMA/MCSE/Exchange MVP > > My blog: > http://TheEssentialExchange.com/blogs/michael<http://theessentialexchange.com/blogs/michael> > > Link with me at: > http://www.linkedin.com/in/theessentialexchange > > > > From: mqcarp [mailto: > [EMAIL PROTECTED] > Sent: Tuesday, September 23, 2008 > 8:48 AM > > To: MS-Exchange Admin Issues > Subject: Re: ActiveSync Set Up > Veterans > > > > Do you happen to use a front end > Exchange server? We do not, and have come across a problem. In reading about > the solution on MS site, this seems odd and insecure. Has anyone had to > implement this fix? > > > http://support.microsoft.com/kb/817379/EN-US/ > > > > > On Mon, Sep 22, 2008 at 2:03 PM, > Sherry Abercrombie <[EMAIL PROTECTED]> wrote: > > I have ISA in my environment, but it > is not a part of the OWA/ActiveSync setup. I have a reverse proxy setup at > my colo that is used for both OWA and ActiveSync. > > > > On 9/22/08, mqcarp < > [EMAIL PROTECTED]> wrote: > > Sherry are you using ISA in your > environment? > > > > On Mon, Sep 22, 2008 at 12:15 PM, > Michael B. Smith <[EMAIL PROTECTED]> wrote: > > The below was current as of the > release of Exchange Server 2003 sp2. Not sure if the attribute has > additional documented values in Exchange 2007. > > > > You can also make the change > globally easily using PowerShell or a tool like ADModify.Net. > > > > The final Exchange specific tab is > Exchange Features, shown in Figure 9-9. The Mobile Services entries allow > you to control, on a per-user basis, the mobile capabilities of Exchange. If > you, by default, enable mobile services at the global level (Global > Settings(R)Mobile Services(R)Properties(R)General) then this window allows > you to > disable the capabilities at the per-user level. Using the script made > available in Microsoft KB 830188 (How to grant permission to use Outlook > Mobile Access to specific users of Exchange Server 2003), you can globally > disable all users and then pick and choose which specific users are to be > allowed access to mobile service capabilities. > > > > The per-user AD attribute that > controls these functions is named msExchOmaAdminWirelessEnable. If this > attribute has a value of zero or the attribute is not present, then all > mobile services are enabled. If Outlook Mobile Access (OMA) is disabled, but > the other two features are enabled, then the attribute has a value of two > (2). The other two items control specific features associated with Exchange > ActiveSync (EAS). "User Initiated Synchronization" must be enabled for > Up-to-date Notifications to be enabled; however Up-to-date Notifications may > be disabled on its own. If only Up-to-date Notifications is disabled, then > msExchOmaAdminWirelessEnable has a value of one (1). If both User Initiated > Synchronization and Up-to-date Notifications are disabled, then > msExchOmaAdminWirelessEnable has a value of five (5). If all three Mobile > Services are disabled, then msExchOmaAdminWirelessEnable has a value of > seven (7). > > > > If you search the Internet, you will > find that other values can be specified for this attribute. However, the > values described in the prior paragraph are the only values which Microsoft > has documented. You are better off only using these values. > > > > > > Regards, > > > > Michael B. Smith, > MCITP:SA,EMA/MCSE/Exchange MVP > > My blog: > http://TheEssentialExchange.com/blogs/michael<http://theessentialexchange.com/blogs/michael> > > Link with me at: > http://www.linkedin.com/in/theessentialexchange > > > > From: Sherry Abercrombie [mailto: > [EMAIL PROTECTED] > Sent: Monday, September 22, 2008 > 12:55 PM > To: MS-Exchange Admin Issues > Subject: Re: ActiveSync Set Up > Veterans > > > > The Exchange Features tab in AD for > each account is the place to enable or disable additional Exchange features > such as mobile and OWA. All these features are enabled by default and you > will have to disable them. When we recently went through the process to > setup OWA and ActiveSync, I had to manually disable everyone except those > that had the proper approval for mobile and/or OWA. Check with your HR > department because there are legal things to consider with employees > checking or receiving email during non-business hours. > > In your IIS settings for ActiveSync > you can set it to require SSL and I wouldn't recommend setting it up any > other way. No SSL means that you're network credentials are being sent > clear text.......very bad idea. > > Haven't had need to do any looking > at logging for auditing at this point so I can't address that. > > On 9/22/08, mqcarp < > [EMAIL PROTECTED]> wrote: > > Just have a few questions if some of > you are using this feature. It seems frighteningly easy to set up on the > server side and I want to ensure that the settings are secure. Here are a > few observations for you vets on this: > > * The settings are activated for ALL > users when it is enabled. Is it possible to disable it by default and enable > specific users in AD? > * Is there a log setting to enable > for reviewing audit processes for pushes and troubleshooting in Exchange? > * For iPhones, I have noticed that > the config utility can require a certificate for the server side push set > up, but if you set up a device manually, it will accept the connection > without this validation. Can this be set to be required to avoid connections > this way? > > This is on Exch 2003. > > TIA > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced > technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced > technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced > technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from > magic." > Arthur C. Clarke > > > > > > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
