Microsoft Exchange ActiveSync Mobile Administration Web Tool

  • Article

The Microsoft® Exchange ActiveSync® Mobile Administration Web tool enables administrators to manage remotely erasing lost, stolen, or otherwise compromised mobile devices.

By using the Exchange ActiveSync Mobile Administration Web tool, administrators can perform the following actions:

  • View a list of all devices that are being used by any enterprise user.
  • Select/de-select devices to be remotely erased.
  • View the status of pending remote erase requests for each device.
  • View a transaction log that indicates which administrators have issued remote erase commands, in addition to the devices those commands pertained to.

Installing the Exchange ActiveSync Mobile Administration Web Tool

Install the tool on an Exchange Server 2003 with Service Pack 2 (SP2) front-end server.

Notes

Exchange ActiveSync Mobile Administration Web tool works with the device password policy enforcement logic in Exchange Server 2003 SP2. To use the tool without enforcing a device password policy for the users, create an empty policy by selecting require password, but leave all sub-fields unselected.

To install the Exchange ActiveSync Mobile Administration Web tool, run the MobileAdmin.msi package on the front-end server.

Notes

When installed as described, the tool will be available from any remote computer that has a browser that can access the virtual directory associated with the tool. However, to access the tool from the same computer that it is installed on, you must use one of the following approaches:
•   Add the server name to the Local intranet list for Internet Explorer (In Internet Explorer, click Tools, click Internet Options, click Security, click Local intranet, and then click Sites)
•   Use ‘localhost’ as the server name when specifying the mobileAdmin URL in the browser

Adding Administrators

By default, access to the Exchange ActiveSync Mobile Administration Web tool is restricted to Exchange administrators and local administrators. A user from either of these groups can enable additional users to access the tool by modifying the security settings on the MobileAdmin tool installation folder. You do this by right-clicking the folder, and then selecting sharing & security, which displays the Insert Folder Security properties dialog box.

By using this user interface, an administrator can add a user or group by clicking Add and then entering the name of the user or group to which they want to grant access.

Similarly, a user or group can be removed by selecting that user or group, and then clicking Remove.

Using the Exchange ActiveSync Mobile Administration Web Tool

The Welcome Screen presents an administrator with a list of administrative options. Select one of these options to start the associated Web page. The options displayed on the Welcome Screen are as follows:

  • Remote Wipe   Run a remote wipe command for a lost or stolen mobile device.
  • Transaction Log   View a log of administrative actions, noting time/action/user.

Running and Monitoring a Remote Device Wipe

The Remote Device Wipe administrator console provides the following functions:

  • Issue a remote wipe command for a lost or stolen mobile device.
  • View the status on a pending remote wipe command.
  • Undo (cancel) a remote wipe command if a lost or stolen mobile device is recovered.
  • Delete a device partnership.

To issue a remote wipe command, search for a user’s mobile devices by specifying the user’s name, locate the device that you want based on device type and time of last synchronization, and then click Wipe.

You can search for a user by specifying either their e-mail name or full SMTP address, for example, "user1" or "user1@contoso.com."

The status is indicated under Status for each mobile device and may contain one or more of the following values:

  • OK   device can synchronize.
  • Wipe Initiated   Administrator has chosen the wipe action but the directive has not yet been sent to the mobile device.
  • Sent To Device   The remote wipe directive has been sent to the mobile device and we are waiting for confirmation.
  • Device Acknowledged   The device has acknowledged receipt of the remote device wipe directive and its intent to run the wipe.
  • Wipe operation completed successfully   All bookkeeping and so on has been completed and the remote wipe has been performed.

When a Wipe action is specified for a mobile device, it remains active until the administrator specifies otherwise. This means that after the initial remote wipe has been completed, the server continues to send a remote wipe directive if the same mobile device ever tries to reconnect. If a lost device is recovered, the administrator will have to cancel this directive so that the mobile device can successfully connect again. You do this by locating the mobile device that has the remote wipe action set, and then clicking Cancel Wipe.

Finally, the administrator can use the remote wipe console to delete a device partnership from the server. This has the effect of cleaning up all state information associated with a specified mobile device on the server and is primarily useful for housekeeping purposes. If a mobile device tries to connect after its partnership has been deleted, it will be forced to reestablish that partnership with the server through a recovery process that is transparent to both the IT administrator and the end-user.

Deleting a Partnership

To delete a partnership, locate the device that you want in the device list, and then click Delete.

Viewing a Log of Remote Wipe Transactions

The Transaction Log displays the following information for all critical administrative actions that are performed with the Exchange ActiveSync Mobile Administration Web tool:

  • Date Time   Date and time when the action was executed.
  • User   The user who executed the action.
  • Mailbox   The mailbox that the action pertained to.
  • Device Id   The device that the action pertained to.
  • Type   The type of device that the action pertained to.
  • Action   The action taken by the administrator.

There are also Refresh and Clear buttons for administrative actions. When the administrator clicks Clear, a prompt is issued verifying that this action is to be performed. Click OK or Cancel. When a "clear" action has been performed, an event is logged that indicates this.