Google
 
Web www.howardforums.com
Pages: 1

8525: how to remove require password feature after idle?

(Click here to view the original thread with full colors/images)

Posted by: displacedtexan

Experts,

So my wife has an 8525 and is annoyed about having to enter her password when using her phone after its been idle for more than 15 minutes.

Under Settings -> Password, the check box that says "Prompt if device unused for 15 minutes" is greyed out and can't be changed.

This is really annoying her. Any way around it? We tried a factory reset and no go...

Thanks!!


Posted by: Foxbat121

Sounds like a Exchange server group policy being enforced. Hard reset should take care of it but as soon as you connects to the company exchange server, it will push down and enforce the policy again. Your choices are:

(1) Not use that exchange server for push email.

or

(2) Talk to your IT to see if they can change the policy so that you get a longer timeout (like 1 hour).

Other than that, there is no way around. It's called group security policy for a reason.


Posted by: displacedtexan

Quote:
Originally Posted by Foxbat121
Sounds like a Exchange server group policy being enforced. Hard reset should take care of it but as soon as you connects to the company exchange server, it will push down and enforce the policy again. Your choices are:

(1) Not use that exchange server for push email.

or

(2) Talk to your IT to see if they can change the policy so that you get a longer timeout (like 1 hour).

Other than that, there is no way around. It's called group security policy for a reason.


I am pretty sure Foxbat121 is correct. There isn't any other way around it? No hex edits or hacks?

Thanks!!


Posted by: madgalaxy

There is no way around it that I know of; it is a policy enforced by your company's IT department. Personally I like the feature; if my phone is stolen and locked the bad guy can not get into my company email/calendar!


Posted by: Foxbat121

Quote:
Originally Posted by displacedtexan
I am pretty sure Foxbat121 is correct. There isn't any other way around it? No hex edits or hacks?

Thanks!!


There IS a registry edit to temporary allow you to change the time out value (up to 24-hour). However, the minute your sync with the exchange server again, the group policy is pushed down and enforced again. So, it is useless.

If the security policy is so easily get circumvented, you can be sure Windows Mobile will never be allowed to be used in corporate environment by any reputable corporate IT departments.


Posted by: SeanH

Yes there is a registry value you can change to allow you to change it from 15 minutes to 24 hours.

No it will not change the next time push email is synced. It seems that the policy is forced once a day from the Exchange server. Once a day you have to modify that registry value.

Yes there are ways around all of this with a special app. Search for it.

SeanH


Posted by: displacedtexan

Quote:
Originally Posted by SeanH
Yes there is a registry value you can change to allow you to change it from 15 minutes to 24 hours.

No it will not change the next time push email is synced. It seems that the policy is forced once a day from the Exchange server. Once a day you have to modify that registry value.

Yes there are ways around all of this with a special app. Search for it.

SeanH


Any hints on what to search for? Some sort of password manager? Please PM me if you feel its inappropriate to post.

I am all for security but every 15 minutes is unreasonable. You can always answer the phone w/o entering a password, but let's say you want to save the contact info. If you have entered your password recently (within 15 minutes), you just hit a button. If not, you have to enter it again, and then search through recent calls, and then save it.

I have read that DoD is having the same issues between security and useability. You can have the most secure system in world but it's uselss if it keeps people from using it to do what it's designed to do.

Thanks!!


Posted by: SHoTTa35

well the best is to talk to your IT peoples and see if they can change it to 1hr. As for that program, it prolly only works because the group policy update policy is set to 1 day. This tells the machines to check the server for new policies every day instead of every couple hrs or whatever. You can set that to whatever you like. So with that program if your server says every 20mins it would be no good just the same because it would be reinforced after 20mins.

Actually - here:
http://support.microsoft.com/kb/203607

that would be managed on the server tho and a user wouldn't have permissions to change that.


Posted by: Foxbat121

I agree 15 minutes is really an anoynce. 1 hour is a reasonable balance between security and convenience. Unfortunately, that's the decision to be made by IT admin, not you. And just you know that those IT admins are also the ones that can decide to wipe your phone clean anytime they want remotely if they don't like what you're doing on your phone.




vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Limited.
vB Easy Archive Final ©2000 - 2008 - Created by Stefan "Xenon" Kaeser