Remote Wiping a Device With No User Input

[Today’s tip comes to us from Peter Gallagher.  Yes that Peter.]


If you have installed the Exchange 2003 ActiveSync Web Administration Tool (also known as MobileAdmin) you probably played with the Remote Wipe feature. You may have noticed that the user must click “OK” to wipe the device. Well, that may not fit your customer’s needs. They may need to wipe the device NOW. You can do this however you have to be proactive about it. In order for Remote Wipe to hard reset the device without user input, the device has to have accepted *any* Exchange Server Security Policy. What this means is that you have to check the box for “Enforce password on device” and let that policy sync to the device.

When the device syncs, the user will get the following prompt:

If the user clicks “OK”, a policy is then applied to the device. This policy requires a PIN to be entered on the device before the device can be used.

C:\Users\petergal.NORTHAMERICA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\8S8IIK9V\SnipImage (5).JPG

Notice the “Prompt if device is unused for” is enabled and grayed out (i.e. it can’t be changed).

Now, since a policy is applied to the device, you can remotely wipe this device without user intervention.

The challenge is that now the user has to enter a PIN in the device to unlock (use) the device.

If you want to be really sneaky, you can then go back to Exchange and uncheck “Enforce password on device” and then have the user sync.

The new settings are pushed to the device and now “Prompt if device unused for” is able to be unchecked. Uncheck “Prompt if device is unused for” and now the user’s phone is back to a default state and you can remotely wipe it without user intervention. Be careful here as now new devices cannot be wiped without user intervention, thus the “you have to be proactive” statement at the beginning of this post.