Exchange 2007 - Active Sync - Block Devices
I have Exchange 2007 and use ISA 2006 to publish Active Sync. I found the article below that talks about how to block specific device from connection to Active sync. http://blogs.technet.com/b/exchange/archive/2008/09/05/3406212.aspx I want to use the block at the firewall method. But, I am not clear on how to determine the User-agent string to block? The devices I want to block are Andriod devices. Our Active Sync policy requires encryption, and the users are getting around the policy by installing the touchdown application on their device.
June 29th, 2011 10:54am

HI, I can find this link for you, If still it does not help then you may need to posta question in ISA forum. http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/7271bbb4-2946-45e9-8e94-9926ccf579bdAnil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2011 11:43am

Hi, From the problem description, I understand that you would like to block mobile device from taking data out of your Exchange server. And there you have it; how you can block by device type (User-agent string) and how you can block by server (IP address). New devices and services come online all the time so it's tough to have a comprehensive list but some of the more common User-Agents are: Symbian devices: "Symbian" http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader Motorola: "mot-" http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader Samsung: "sec-" or "samsung" http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader LG: "lg-" http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader Siemens: "sie-" http://www.developershome.com/wap/detection/detection.asp?page=userAgentHeader Nokia Devices: "Nokia" http://discussion.forum.nokia.com/forum/showthread.php?t=83267 BlackBerry Devices: "BlackBerry" http://na.blackberry.com/eng/developers/resources/journals/mar_2007/profile.jsp Apple Devices: "Appl" (no e on this one as Device ID starts with Appl so this covers all cases) Note: if you just want to block only the iPod Touch, or only the iPhone, you can just block on "iPod" or just "iPhone". http://forums.macrumors.com/showthread.php?t=361166 Some of the common Servers that try and access Exchange Server are below (with links to their docs that list their server IP address ranges): BlackBerry Internet Service: http://www.blackberry.com/btsc/articles/644/KB11036_f.SAL_Public.html Good Mobile Messaging (GoodLink): http://www.goodlink.com/documentation/GoodAdminGuide_exchange.pdf And you would like to block the Andriod Devices. So if you don’t know the User-agent string. I suggest that you could contact the Mobile Device Manufacture to get the User-agent string. It’s for the Exchange server 2007. BTW, there is a new feature in the Exchange server 2010. Just for your reference: Title: Controlling Exchange ActiveSync device access using the Allow/Block/Quarantine list URL: http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx If there is any question about the ISA server, I suggest that you could ask a question in the ISA forum. Title: Forefront TMG and ISA Server URL: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads Thx, James Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 30th, 2011 4:47am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics