Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Mobile Device Policies
  •  
cookiestore99

Messages: 19
Karma: 1
Send a private message to this user
Hi,

we have ~100 Users, connected to our Kerio Connect Server via ActiveSync.
If a device gets stolen or lost, we can start a remote wipe.
This works fine.

Now we would like to have some additional policies on the phones.
For example, all users should be required to have a unlock pin with at least 6 digits.

We are now looking for a way to implement this.
For example, there is the software Mobile Iron, but we are looking for a smaller and simpler solution.

- Is there a way to do something like this with Kerio Connect?
- Maybe we could use a proxy server to add some of this features?
- Has anyone already deployed something like this?

Any suggestions are greatly appreciated.
  •  
trifecta

Messages: 87
Karma: -2
Send a private message to this user
itmp wrote on Mon, 27 August 2012 07:47

- Has anyone already deployed something like this?


Microsoft Exchange Smile

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
If you edit the mailserver.cfg file and set following values (while the server is stopped):

<variable name="PolicyKey">2</variable>
<variable name="EnforcePassword">1</variable>
<variable name="MinimumPasswordLength">6</variable>
<variable name="DeviceWipeTreshold">8</variable>

then all devices will be forced to the new policy of 6-letter password requirement and the device will be wiped out after 8 failed login attempts.

[Updated on: Tue, 07 May 2013 21:06]

  •  
Ben K

Messages: 13
Karma: -1
Send a private message to this user
Hi There,

Can you give us some details on what the variables are intended to do? We attempted to do some testing on mobile device password policy enforcement and while it does work, we have some unanswered questions.
Specifically, we're interested in the following:

<variable name="UseInactivityTime">1</variable>
<variable name="InactivityTimeValue">2</variable>


Is the value for InactivityTimeValue in seconds, minutes...? We're not sure because the hearbeat and SyncFolderTimeout variables appear to be in milliseconds.

Thanks!
  •  
MultiCam

Messages: 22
Karma: 0
Send a private message to this user
Check out Meraki System Manager, Works wonders and is free to use.
  •  
Ben K

Messages: 13
Karma: -1
Send a private message to this user
Thanks - We might give Meraki System Manager a go. It seems to be getting decent reviews for a free MDM.
We would still like to know what those variables are for.
  •  
ORM

Messages: 140

Karma: 13
Send a private message to this user
Pavel Dobry (Kerio) wrote on Mon, 27 August 2012 15:30
If you edit the mailserver.cfg file and set following values (while the server is stopped):

<variable name="MinimumPasswordLength">6</variable>


then all devices will be forced to the new policy of 6-letter password requirement and the device will be wiped out after 8 failed login attempts.


Hi Pavel

Is this MinimumPasswordLength variable option documented anywhere?
If this is changed will it apply to imap/EAS/webmail clients or just mobile devices?
Will you ever implement it in the GUI removing the need to stop the server & edit the config file?
Will you ever implement a reset my forgotten password option?

TIA
  •  
Ben K

Messages: 13
Karma: -1
Send a private message to this user
Bump

Quote:
Hi There,

Can you give us some details on what the variables are intended to do? We attempted to do some testing on mobile device password policy enforcement and while it does work, we have some unanswered questions.
Specifically, we're interested in the following:

<variable name="UseInactivityTime">1</variable>
<variable name="InactivityTimeValue">2</variable>


Is the value for InactivityTimeValue in seconds, minutes...? We're not sure because the hearbeat and SyncFolderTimeout variables appear to be in milliseconds.

Thanks!

[Updated on: Mon, 27 May 2013 23:23]

  •  
generic_penguin

Messages: 45
Karma: 10
Send a private message to this user
Wow Kerio... I did not know that you could manage Activesync policies from the command line in Kerio.

This is great..

Can you put a nice GUI around this, nice simple thing to do for a feature you already support

Activesync can push lots of polices out http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSy nc_clients

thanks
  •  
ORM

Messages: 140

Karma: 13
Send a private message to this user
Guys

You really are missing a trick here...

Just needs a gui to implement what you already have Laughing
  •  
simplify

Messages: 2
Karma: 0
Send a private message to this user
Pavel,

It's great that we can define the policy through the mailserver.cfg file, but are there any plans on bringing this to the admin interface ? If possible even Policy Groups so we can tag certain domains or users to certain policies we have created.

Thanks
Previous Topic: upgrade Kerio 7.1.4 to 8.2
Next Topic: Restore Archive file problems
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Aug 19 11:09:25 CEST 2017

Total time taken to generate the page: 0.00473 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.