Hi, does anyone know if it is possible to turn off the 'Wipe" functionality in Exchange 2007 (manage mobile device in the Exchange Console)? This option has appeared since our installation of Outlook Anywhere but management are unhappy about the feature (despite its obvious advantages). Thanks for any thoughts or suggestions.

What's their underlying reasons for wishing it to be disabled?Steve Goodman Check out my Blog for more Exchange info or find me on Twitter

Yea, Im with Steve. I dont get that. You dont want to be able to wipe a lost or stolen device or when employee suddenly quits, etc....? Yowza.

On Fri, 26 Nov 2010 14:15:45 +0000, AndyD_ wrote: > > >Yea, Im with Steve. I dont get that. You dont want to be able to wipe a lost or stolen device or when employee suddenly quits, etc....? > >Yowza. Wanna bet everyone has access to everybody else's mailbox? Or some admin's been wiping devices for sport? :-) --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Sounds like someone read this via Lifehacker .Steve Goodman Check out my Blog for more Exchange info or find me on Twitter

On Fri, 26 Nov 2010 15:39:56 +0000, Steve Goodman wrote: >Sounds like someone read this via Lifehacker . I hadn't, but after I did all I can say is "I didn't just read it, I live it". BTW, if the phone's so "precious" howcum its contents hadn't been backed up? :-) --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

lol ;-) I meant OP's management, Rich!Steve Goodman Check out my Blog for more Exchange info or find me on Twitter

Dear all, I did not read this on life hacker. The reason is extremely simple. I support over 170 schools in the UK all of which connect to a central email syste. They want access to the email (outlook anywhere) using their own iPhones etc. So the equipment connecting to exchange is personal. The organisation has informed them of their responsibilities for email use. So we would like to disable the option due to a large support team and we don't want the option to wipe someones personal mobile phone. If its a corporate device we have seperate measures in place for dealing with those. Hope this clears that up. Thanks to all so far, but question still stands, can I disable remote wipr from the exchange console? I don't mind if a user wishes to wipe their own.

I would think the only way to do that would be to remove users from the permissions groups that can run that command. That may be a little difficult since the support team undoubtably already needs those same permissions to do their other tasks. Otherwise, I dont think there is a way to disable except using RBAC in Exchange 2010 and removing access to the command.

Hi BWilk, Agree with AndyD, I also think the RBAC the only way, that means, you must create a new role which could not run the cmdlet Get-ActiveSyncDeviceStatistics, and remove the default role for all the users, and then add the new role for them. Or new a roleassignmentpolicy for the users. In my opinion, it is not security, if someone want to remote wipe their own device if it is lost. Regards! GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.