Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 1 Part 1: Introduction to Microsoft's DirectPush technology
Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 2 Part 2: Discover security policies

In this article, I will show you how to install and configure the Exchange Server ActiveSync Web Administration tool and how to use this tool to perform remote data deletion, check transaction logs. , .

In the previous part of this series, we learned about device security settings, which mention that the device can self-erase (like deleting local data) when the user enters the wrong entry. PIN or password with a limited number of times. However, in some cases you want to delete data on your mobile device immediately after discovering the loss of the device to ensure confidentiality and privacy. This is the important reason that the Exchange Server ActiveSync Web Administration tool was born. This tool is designed for administrators who want to administer the process of deleting data remotely when the device is lost or stolen.

With the Exchange Server ActiveSync Web Administration tool, administrators can perform the following actions:

1. See the list of devices being used by users
2. Select or cancel the device to be able to delete remote data
3. View the status of remote data removal requests for each device
4. See the transaction log indicating which administrator has issued remote deletion commands, in addition to the commands attached to it.

Exchange Server ActiveSync Web Administration tool is specially designed for Exchange Server 2003 SP2 and Windows mobile 5.0 devices. However, this tool is also supported on SBS 2003.

Install the Exchange Server ActiveSync Web Administration tool

There is no difficulty in installing this tool, once you have downloaded the copy here, you just need to unplug the MobileAdmin.exe file and then run the MobileAdmin.msi package on the Exchange 2003 SP2 front-end server (or the server back-end if there is only one Exchange server in the organization).

When the installation screen appears, click Next (see Figure 1 below).

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 3
Figure 1: Screen of installing Microsoft Exchange Server ActiveSync Web Administration Tool

Accept the EULA and then click Next again. When the installation is complete, click Finish to exit the installation.

Use the Exchange Server ActiveSync Web Administration tool

Once the Exchange Server ActiveSync Web Administration is installed, you can access this mobile administration tool from the remote computer by going to https: // server / mobileadmin on the browser window. Soon you will be asked for an account to confirm, you want to access the tool you need to use an Exchange admin member account or internal admin member on the server (another group or other account is given in MobileAdmin virtual directory, see the introduction to how to do it later in this article).

Once you have verified with an account and have the appropriate permissions, you will enter the Mobile Admin Web Form page as shown in Figure 2.

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 4
Figure 2: Mobile Admin Web Form

Here you can choose between two administrator options that are Remote Wipe and Transaction Log . Let's start with the option Remote Wipe. From this option you can manage user devices, perform remote wipe of specific devices (Figure 3).

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 5
Figure 3: Screen to delete the device remotely

To see which device is associated with someone's mailbox, you need to enter the user's mailbox name or SMTP address. You will then get a list as shown in Figure 3, a list of 5 columns described below:

1. Device Id: Device ID
2. Type: device type, it may be a SmartPhone or PocketPC
3. Last Sync: the time and data of the last synchronization made
4. Status: The status of the device, which can be OK, Wipe switch (Perform delete), Sent to device , Device acknowledged and Wipe completed successfully operation (The deletion process has become public)
5. Action: where you can choose to delete a device or delete a collaboration group

As seen in Figure 3, one of the listed groups has not been synchronized since November 2005. Therefore, it should be deleted safely. Click Delete and see what happens. First you will be asked if you really want to delete this collaboration group (Figure 4).

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 6
Figure 4: Dialog box confirming the deletion of the collaboration group

When you click OK , the collaboration group will be deleted and a few seconds later it will not appear on the list of related collaboration groups. When a collaboration group is deleted, it will be written to the Transaction log transaction log (you can see in Figure 5). Deleting a collaboration group will delete all status information related to someone's mobile device on the server, and this is also useful for privacy purposes. If a device that its collaborative group has deleted is connected again, it will be required to reset the deleted collaboration group with the server through the recovery process. However, this is nothing to worry about, the process is easy for you (as an Exchange administrator) as well as users.

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 7
Figure 5: Record of deleting the group collaborating in Transaction log

When executing a remote delete operation, it will remain active until you cancel it via the Cancel Wipe option button (see Figure 6), which means that the server will continuously send remote delete commands. to the device (although the device is ready for remote wipe), so be sure to cancel the remote wipe when a lost or stolen device has been recovered.

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 8
Figure 6: Execute remote data removal

As you can see in Figure 7 below, this remote wipe action will be recorded in Transaction log.

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 9
Figure 7: Action logs deleted in Transaction log

Control allows access

As mentioned in this section, only Exchange administrators and internal administrators on Exchange servers are allowed to use the Microsoft Exchange Server ActiveSync Web Administration tool, but you can also allow employees Help or individual individuals in the IT room can access this tool. To do so without adding them to the corresponding group, you can allow them to access by changing permissions in the Microsoft Exchange ActiveSync Administration installation directory, usually when the default installation is available. found in C: Program Files , Figure 8 below shows you more specifically.

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 10
Figure 8: Microsoft Exchange ActiveSync Administration installation directory

Here you just need to right-click the installation folder, then select Properties . On the properties page, click the Security tab and then add groups or users who need access to this tool (Figure 9).

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 11
Figure 9: Adding groups or users to access the tool

Some additional problems

If you receive a 401 error message when you delete a collaboration group or perform remote deletion, this may be due to the authentication of Integrated Integrated Windows authentication not enabled in the Exadmin virtual directory or maybe because MobileAdmin virtual directory does not run under ExchangeApplicationPool application. Also you can refer here.

As mentioned in the first part of this part 3, there may also be problems running this tool on SBS 2003. To resolve these issues, you can see the Deploying Windows Mobile 5.0 with Windows SBS section.

Conclude

In this article, I have shown you how to install, configure, and use the Exchange Server ActiveSync Web Administration tool. The features of this tool help you manage and protect mobile devices in the organization better.

In Part 4, we will continue the discussion of the new GAL lookup feature, which is also a new feature in Exchange 2003 SP2 and Messaging and Security Feature Pack (MSFP).

Mobile messaging in Exchange 2003 - Part 3: Installation, administration, and use of Microsoft Exchange Server ActiveSync Web Administration tool Picture 12 Part 4: Access group GALs from mobile devices with GAL Lookup