How to disable Exchange Security Policy for Windows Mobile Devices

28 בדצמבר 2007

תגיות: , , , ,
29 תגובות

[This blog was migrated. You will not be able to comment here.
The new URL of this post is http://khason.net/blog/how-to-disable-exchange-security-policy-for-windows-mobile-devices/]


Direct Push pushes email into your Windows Mobile device and it's good. However it pushes you security policy as well, that sometimes make you unable to set password that you want and sometimes, lock your device after one minute of inactivity. How to disable this useful feature? How to cancel autolock feature of your WM machine, connected to Microsoft Exchange server?

As everything in WM, you should patch registry, but what to patch? Well, it's simple

  • Enable/Disable the Exchange security policy – HKLM\Security\Policies\00001023: 0 = Enabled; 1 = Disabled
  • Inactivity time
    • HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\AEFrequencyType: 0 = No inactivity time; 1 = Activity time enable
    • HKLM\Comm\Security\Policy\LASSD\AE\{50C13377-C66D-400C-889E-C316FC4AB374}\AEFrequencyValue: number of minutes before timeout
  • Password strength
    • Minimum number of characters: HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw\MinimumPasswordLength
    • Password complexity: HKLM\Comm\Security\Policy\LASSD\LAP\lap_pw\PasswordComplexity: 0 = Require Alphanumeric; 1 = Require numeric (PIN); 2 = No restriction
  • Wipe settings
    • Number of failed attempts before all your information will go: HKLM\Comm\Security\Policy\LASSD\DeviceWipeThreshold: -1 = disabled; other failed attempts
    • Number of failed attempts before displaying codeoword: HKLM\Comm\Security\Policy\LASSD\CodewordFrequency: number of failed attempts

Well, that all. After you'll fix it, just go to Lock settings in your device manager and you'll be able to unmark and change whatever you want. I hate, when program denies me from doing anything in my device.

If you are not feeling comfortable with changing registry settings, I create simple program, that do it instead of you. You can download and use it for free, but notice, I'm not responsible if it will brick your device (this is system hack)

image

Download Exchange Police Patch >>

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. (*) שדות חובה מסומנים

29 תגובות

  1. Jim Forman (jforman@microsoft.com)10 בינואר 2008 ב 21:02

    First, thanks for this very useful code and solution to a very agonizing problem. But, 2 thing are unclear to me. First, to run your wizard, am I supposed to copy it onto my WM5 Smartphone, tethered to my PC? Second, I don't see any Device Manager icon on my Smartphone screen. When you refer to 'lock settings' in Device Mgr above, to what are you pointing?

    Jim

    להגיב
  2. Tamir Khason10 בינואר 2008 ב 21:11

    you should not install anything. all you have to do is to copy this file somewhere to your device, run, uncheck what you want ab hit apply or left hardware button. then go to lock setting and you will be able to uncheck lock request checkbox

    להגיב
  3. ben20 בפברואר 2008 ב 23:19

    i completed all the required steps and all was fine for a day; no pin, no hassle. but today it seems the exchange server repushed the security settings to my phone and all went back to its default setting. Any comments on how i can prevent this or someway to overcome this (other than to change the settings everyday)

    להגיב
  4. jim hoffman20 בפברואר 2008 ב 23:29

    i did all these steps and it worked great; no pin, no hassle. but today, it seems like the exchange server repushed the security policy to my blackjack II (on windows mobile 6). all the security settings went back to their default settings… any way to overcome this? Also, the program of yours dosent run, it throws up an error about an incorrect version of microsoft .net compact framework. what version do i need?

    להגיב
  5. Tamir Khason21 בפברואר 2008 ב 9:17

    Ben, Jim. Just run the program again.
    I'll see if I'll have time to make it possible to run the program in startup to prevent such things.

    להגיב
  6. Simon21 בפברואר 2008 ב 18:22

    Is this working OK on WM6? Thanks.

    להגיב
  7. bhushan21 בפברואר 2008 ב 21:56

    what version of microsoft .net compact framework does your program require? i got an error initially saying i needed a newer version. after installing ver 3.5, the program throws up an exception not found error!! anything i m doing wrong. FYI, i have a BJ II with WM 6.

    להגיב
  8. Tamir Khason22 בפברואר 2008 ב 9:51

    Simon, yes it works in WM6
    bhushan, 2.0 (it should work with 3.5 too)

    להגיב
  9. Josh5 במרץ 2008 ב 23:59

    this works for about a day and then the security policy gets re-pushed and then has to be redone

    להגיב
  10. Chris6 במרץ 2008 ב 3:17

    On my WM6 device, the exchange policy registry is located at HKLM\Security\Policies\Policies\00001023 . I think that might be the reason the program crashed on some devicesm since it was not able to find the registry.

    להגיב
  11. Chris6 במרץ 2008 ב 3:17

    On my WM6 device, the exchange policy registry is located at HKLM\Security\Policies\Policies\00001023 . I think that might be the reason the program crashed on some devicesm since it was not able to find the registry.

    להגיב
  12. Jeremy6 במרץ 2008 ב 15:45

    An easy extension to your app would be to have it always running on a background thread. Allow it to wake up every 5 minutes for a moment to check the registry settings. If they have changed, overwrite them again. My company refreshes the policy on my smartphone every 2 weeks.

    להגיב
  13. Greg Watson27 במרץ 2008 ב 18:01

    I just want is to be able to turn off the autolock before using the GPS. I find it annoying to have to stop the car every half hour to re-enter the unlock code. A toggle button would suffice.

    להגיב
  14. D6 במאי 2008 ב 19:47

    I had teh saem problem another user had. I had .Net CF 2 installed and it said I needed a newer version. Installed 3.5 and now i get NotSupportedExceptions

    להגיב
  15. john30 ביוני 2008 ב 23:18

    I change registry, it does not work.
    I tried to use this small, it says" this app reqires a newer version of Microsoft .net compact framework than the version installed in the device.
    I need install new .net compact framework!
    Sigh!

    להגיב
  16. Tamir Khason1 ביולי 2008 ב 13:35

    john, you should install CF3.5

    להגיב
  17. Hans25 ביולי 2008 ב 5:58

    Thank you for this!
    I can use my phone again the way I like it…

    להגיב
  18. Manoj Rathour27 באוגוסט 2008 ב 4:21

    Hi All,
    I forgot security code of E51, now i want to format for viruses but i cant beacause of security code, just help me out.
    i m tired of searching & searching
    thanks
    manojrathour@yahoo.com
    rathour.manoj@gmail.com

    להגיב
  19. John Christensen3 בספטמבר 2008 ב 22:17

    Just applied your registry changes to my AT&T Tilt (HTC)

    Yesterday is when Exchange pushed the crummy security policy to me.

    Worked like a charm! Thanks for your help.

    JCC

    להגיב
  20. Edwin17 בספטמבר 2008 ב 10:46

    I'm having the same problem too, "This application requires a newer version of the Microsoft(R) .NET Compact Framework than the version installed on this device".

    I reomoved activesync for the exchange and the pin is still required. How frustratin.

    להגיב
  21. E.Swart22 בספטמבר 2008 ב 5:54

    How do I disable the file coding option (also enabled during exchange mail push)
    It now shows enabled and greyed out "company policy)

    להגיב
  22. Chris24 בספטמבר 2008 ב 0:24

    Thanks!

    Setting HKLM\Security\Policies\Policies\00001023 to 1 fixed the problem for me.

    Note the path is different from what you have in your post (two Policies).

    להגיב
  23. Ted2 באוקטובר 2008 ב 9:36

    I have a Dash running WM6. I tried to run the patch and I too get the error about needing a new version of .Net, so I installed 3.5 and now when I try to run the patch I get "Error. An unexpected error has occurred in ExchangePolicyPatch.exe. Select Quit and then restart this program, or select Details for mor information." Under details, it says "Error. EchangePolicyPatch.exe NotSupportedException" and then a bunch of locations. I can provide the info, but it will take a lot of typing, or I can post the error as screen shots if that will help.
    Thanks,
    Ted

    להגיב
  24. Tamir Khason3 באוקטובר 2008 ב 15:46

    Hi, Ted
    Please assure, that CF 3.5 in actually installed and soft reset your phone after the installation of Cf and running this patch

    להגיב
  25. Nick4 באוקטובר 2008 ב 6:50

    I altered the registry ((changed 0001023 from 0 into 1) and it worked. Just when I reconnect to the exchange server, it is set back to 0.
    This means after every connection to the exchange server I have to alter the registry.
    Isn't there a more definite sollution?

    להגיב
  26. Tony13 בנובמבר 2008 ב 22:11

    There's a lot of write ups that exchanges pushes the security back on the device. Does anyone…anyone have an answer to make this permeant.. WB

    להגיב
  27. Tony13 בנובמבר 2008 ב 22:16

    Also when I try to modify the reg settings I get access denied..Anyone have any tips on this?

    להגיב
  28. tommy 10 בדצמבר 2008 ב 17:37

    … um … how about just contact your exchange admin … have him/her remove the policy PER ACCOUNT … um … yeah … dumbasses …

    להגיב
  29. martin19 בדצמבר 2008 ב 10:37

    I've run the program, but now I cannot connect to the Exchange server or the internet at all. A connection to GPRS is set, but their seems to be no data traffic. Any suggestions on how to fix this?

    להגיב