locked
Device Wipe Endrun RRS feed

  • Question

  • I work for a sales company that likes to guard it's contact lists rather closely.  Therefore we want to be able to perform remote wipes on someones phone when they leave the company, but this has to be fail proof.  Here is the problem.  If a user sets his phone to sync only when he manually syncs it or changes his password on his phone so the sync will fail, then he can avoid a device wipe indefinitely since the wipe will only occur when his phone is told to sync.  One way of fixing this problem would be to give the Administrator the abililty in the policy to force the device to attempt to sync if the user is is about to change his settings (after the sync attempt the user could change his settings).  Additionally, the administrator ought to be able to disable the device from being set to manual or manual could mean no data sync but every hour or so check for a wipe command.  Otherwise the whole system is pretty useless.

    If there is a fix for this that I haven't seen I'd greatly appreciate you making me aware of it.

    Adrian
    Tuesday, March 24, 2009 8:26 PM

Answers

  • Hi,
    In reality there are no fail proof wipes. 

    Why?  Because the depend on the following conditions in order to wipe the device:

    1. The phone must be charged and turned on.
    2. The phone must have cellular coverage (and the phone enabled with the carrier for data) or internet access.
    3. The device must be managed via Exchange or SCMDM.
    4. The user must have automatic sync enabled or manually request to sync and still be configured to sync with the server.

    When all of these prerequsites then a device can be wiped.  If any one of these items fail then the wipe will not occur.

    A workaround that would meet your needs would be to look ath the Intellectual Rights Management Service from Microsoft.  With this service and Windows Mobile, each time the user opens the document, the system checks with the IRM service to confirm they are still authorized to view the document.

    So when a user is terminated, all you need to do is terminate them out of the IRM service and the documents can no longer be read on any device.  Of course the company can still read the documents just fine because they are authorized by the IRM service if they need to.

    Chris De Herrera, http://www.pocketpcfaq.com, http://www.pocketpctalk.com
    Wednesday, May 6, 2009 9:38 PM
    Moderator

All replies

  • Thanks for the feedback Adrian. Much appreciated for sharing your suggestions.
    • Marked as answer by MaryAliceC Wednesday, May 6, 2009 4:48 PM
    • Unmarked as answer by MaryAliceC Wednesday, May 6, 2009 9:48 PM
    Wednesday, May 6, 2009 4:47 PM
  • Hi,
    In reality there are no fail proof wipes. 

    Why?  Because the depend on the following conditions in order to wipe the device:

    1. The phone must be charged and turned on.
    2. The phone must have cellular coverage (and the phone enabled with the carrier for data) or internet access.
    3. The device must be managed via Exchange or SCMDM.
    4. The user must have automatic sync enabled or manually request to sync and still be configured to sync with the server.

    When all of these prerequsites then a device can be wiped.  If any one of these items fail then the wipe will not occur.

    A workaround that would meet your needs would be to look ath the Intellectual Rights Management Service from Microsoft.  With this service and Windows Mobile, each time the user opens the document, the system checks with the IRM service to confirm they are still authorized to view the document.

    So when a user is terminated, all you need to do is terminate them out of the IRM service and the documents can no longer be read on any device.  Of course the company can still read the documents just fine because they are authorized by the IRM service if they need to.

    Chris De Herrera, http://www.pocketpcfaq.com, http://www.pocketpctalk.com
    Wednesday, May 6, 2009 9:38 PM
    Moderator
  • Thanks Chris!
    http://experiencemobility.net http://mobilitysite.com
    Thursday, May 7, 2009 12:57 AM
    Moderator
  • aharris7,

    Good suggestions - I'll capture these for Exchange, and SCMDM.

    Thank you.
    • Proposed as answer by 2GrokMobile Friday, May 29, 2009 6:36 PM
    Friday, May 29, 2009 6:36 PM