How to restrict active sync policy to download attachment in mobile on selected user in Exchnage 2010

Similar Messages

• How to shorten active sync process

  Hello, I am trying to setup IDM to use Database Table active sync to read SQL table then update couple IDM user's attributes. I used "used wizard generated input form" setting. Once it runs, IDM connects all the resources and fetches all the information of res account that each user has. We have over 6000 user. The active sync took over 10 hours to finish. Where and how can I let active sync not to connect other resource?

  I identify that the query allowing take a while.
  Periodicly, MGP send from 2 to 8 process which execute the query that takes all the processor. Even there are nothing to update.
  How to acelerate it? or how to avoid it?.
  UPDATE mobileadmin.cmp$wtgpi_10055 m
  SET dmltype$$ = 'D',
  seqno$$ = NULL,
  dtype$$ = NULL
  WHERE clid$$cs = 'XNC04615'
  AND nvl(dtype$$, 'N') <> 'D'
  AND (seqno$$ IS NOT NULL
  OR nvl(dmltype$$, 'N') <> 'D')
  AND NOT EXISTS (SELECT 'A'
  FROM (SELECT t1.*
  FROM shmk.designs_data t1, shmk.userdatakey t2
  WHERE t2.user_id = 'XNC04615'
  AND t1.ref = t2.ref) s
  WHERE s.ref = m.ref) ;

• Active sync policy - device encryption

  Hi
  We have a exchange 2007 server with active sync. We have enabled the actrive sync policy device encryption. But when i try to sync with my android HTC desire who dosent have device encryption support it works anyway and i can sync emails etc. Must I
  do someting else to enforce that active sync policy? Allow non-provisonable devices is not checkt.

  “The iPhone 3GS supports device encryption, and is the first version to do so. Previous iPhone models, including the iPhone 3G, do not
  support device encryption. Additionally,
  before iPhone OS 3.1, these devices did not communicate their policy status correctly, resulting in the devices being able to connect to Exchange Server, even if your Exchange ActiveSync policy required device encryption and did not allow non-provisionable
  devices”
  ---------Refer to <Exchange
  ActiveSync and iPhone OS 3.1>
  According to the article above, if the device doesn’t support encryption, it would not apply the policy correctly. Also, the non-allowed
  device can’t be prevented from accessing the mailbox
  “Device encryption enabled: This setting enables encryption on the device.
  Not all devices can enforce encryption. For more information, see the device and mobile operating system documentation”
  ---------Refer to <Understanding
  Exchange ActiveSync Mailbox Policies>
  So, you need to contact the manufacturer of the mobiles, and confirm if the device support device encryption
  Workaround: Add the allowed device ID to all current phone users so that they can only synchronize the mailbox with specific devices. For all other users who don’t have the device
  currently, you can add a fake device ID to prevent the initial synchronization, and add the correct ID when you confirm that the phone supports device encryption (Reference)
  Notes: If you have exchange 2010, you can set quarantine for all the devices that
  try to synchronize as Rich said. Then, approval message can be sent to you. if you confirm that the device support device encryption, a simple click on approval message will allow the synchronization to proceed again
   “Currently, only the storage card can be encrypted on devices running Windows Mobile 6.0. We recommend that you don't
  use this setting and use the RequireStorageCardEncryption parameter instead”
  ---------Refer to <New-ActiveSyncMailboxPolicy>
  James Luo
  TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
  If you have any feedback on our support, please contact
  [email protected]

• How do i not sync my music downloads with my other devices

  I want to download "adult" music to my iphone, but I don't want it to automatically go to my kids' devices (we are all on my iTunes ID/Password.)

  You can disable automatic downloads on your kids devices. Also, there is parental control on all the devices. So you can set that up and put a password. This has to be setup on each device.

• How to fix an active sync problem

  All,
  I came across some issues with active sync that I could not find reference to in Sun documentation that we found a fix for. Read and enjoy.
  Problem: Active sync stopped working for no reason
  Reason: Too many users were attempting to be updated at the same time. SARunner was not running.
  Fix: Manually delete the invalid TaskInstances from the database.
  Process:
  Stop active sync
  Find the invaild task instances
  Oracle SQL Code to find errors:
  SELECT * from object where type='TaskInstance' and ATTR1='EXECUTING';
  Delete invalid task instances
  Oracle SQL to delete invalid TaskInstances:
  DELETE from object where type='TaskInstance' and ATTR1='EXECUTING';
  After this is done commit the changes to the DB.
  Active Sync can now be re-started.
  It should start functioning properly at this point.

  There were no problems what so ever. The integrity of the repository was not affected. I did this as a last resort because nothing else I tried worked.
  One of the other side issues we were having was viewing tasks. When all tasks was clicked on I was getting invailid Object references. The Object reference ended up being the ID of a task that failed to update users because of an invalid character that IdM can not apparently parse. We had about 16 of these entries in the table. Active Sync no longer worked. We made the decision to delete the records from the table, we backed up the DB, then deleted the invalid records. I also checked in the other tables and could not find reference to the invalid objects anywhere. Once I deleted the records active sync began to function again after is was cycled and the system was brought back to full operational status.
  Apparently someone created a new security group in AD but when it was created they did not use a normal "-" in the name. I think the person used MS Word to type the name, in some cases word then substitutes a special character in for the dash that looks longer. This character was the root of my problem. I had someone go back and change the name of the security group and changed the dash to the right dash and that solved the root of my problem.

• Active Sync error

  Hi,
  When i change any attribute of a user in the Authoritative Directory the Active Sync configured senses this chnage and calls the Update User Workflow and the chnages get refelcted in Identity Manager.
  But when the user to be updated has some capability and controlled organisation then the Active Sync is not callling the Update User Workflow. In the Active Sync logs i can see the error as "Since you have directly assigned one or more capabilities to testuser, you must also directly assign at least one Contolled Organistaion.
  Can anyone tell me where am i goin wrong and what changes i would need to make for this?
  Thanks in advance,
  deep

  my suggestion was based on the error message you got.... and i use the strategy.. using adminRoles usually, instead of assigning directly ... but wont be feasible in all cases.
  from the error message, its clear that some how the forms/ process involved does not find the controlled organization.
  try adding to the following to form....
  <Field name='waveset.controlledOrganizations'>
       <Default>
            <ref>waveset.controlledOrganizations</ref>
       </Default>
  </Field>
  <Field name='waveset.capabilities'>
       <Default>
            <filterdup>
                 <appendAll>
                      <ref>waveset.capabilities</ref>
                      <!-- if u need to add any more capabilities, add the capability here and  use the appendAll, and filterdup, else you can neglect those -->
                 </appendAll>
            </filterdup>
       </Default>
  </Field>and these fileds should have a disable like the following..... in case yoou want these fields to be processed during an update only.
  <Disable>
     <neq>
        <ref>feedOp</ref>
        <s>update</s>
     </neq>
  </Disable>Make sure u r using the same type - default / derivation / expansion for both the capability and controlled organizations in your Active Sync forms / rules etc....
  that's all what i could suggest....
  Thanks
  Nishad

• How to restrict the display of report variants

  Hello All,
  I want t know how to restrict the display of report variants.
  I mean, when a user saves a variant for his/her purpuse on some report program, only he/she can refer the variant while other users cannot.
  I know that by setting the attribute of the variant ("Protect Variant ", "Only Display in Catalog"), this would be possible, but I want to know another way, without this setting.
  Thank you for your help in advance.
  Regards,

  Hi,
  Can you just try this
  DATA:it_varid TYPE TABLE OF varid.
  DATA:wa_varid TYPE varid.
  INITIALIZATION.
    SELECT * FROM varid INTO TABLE it_varid
        WHERE report = sy-repid
        and ename = sy-uname.
    IF sy-subrc = 0.
      LOOP AT it_varid INTO wa_varid .
        CALL FUNCTION 'RS_SUPPORT_SELECTIONS'
          EXPORTING
            report               = sy-repid
            variant              = wa_varid-variant
          EXCEPTIONS
            variant_not_existent = 1
            variant_obsolete     = 2
            OTHERS               = 3.
        IF sy-subrc <> 0.
          MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
                  WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
        ENDIF.
      ENDLOOP.
    ENDIF.

• Active sync treo 750

  My treo is recognized by my computer when I connect the USB. It tries to connect for a while and then says it can't connect?
  Does Active Sync work with Outlook Express? That is what I have.
  Help would be greatly appreciated.
  Post relates to: Treo 750 (AT&T)

  Hi..  Welcome to the Palm forums.   Your 750 is a windows mobile device that on winXP users active sync and on vista uses windows mobile device center to sync.  It only syncs to Outlook, will not sync to outlook express.  Therefore it sounds like you do not have outlook on the computer.  To be able to sync you will need to purchase and install outlook 2003 or above. 

• How to get the name of the selected user in Active Directory.

  Hi,
  I have added an vbs script to the Active Directory GUI, to do some actions on a selected user.
  When I right-click on a AD user, I choose my custom option, and a vbs script starts.
  So far so good, but in the script i would like to know the account (logonname) for that user.
  I can find many examples to do that with a script and a given parameter, but the parameter is in my case, the selected user in AD.
  Who can help ?
  Luc

  You just need to take the arguments and echo out the samaccountname (or do something else with it) - 
  Set wshArgs=WScript.Arguments
  Set adsUser=GetObject(wshArgs(0))
  MsgBox adsUser.samaccountname

• How do I use Active Sync to view SharePoint Lists (Contacts and Calendars) on a Mobile Phone?

  We are attempting to use SharePoint 2010 in combination with Exchange 2010 to implement shared calendars and contact lists throughout our organization.  We are able to connect the lists to Outlook 2010, but have been unsuccessful in viewing
  the calendars and contact lists from our mobile phones.  How do we use Active Sync to view SharePoint Lists (Contacts and Calendars) on a Mobile Phone?
  In trying to answer this question, we have come across a few different possibilities, all of them falling just short of a long term solution for us.  After doing research, we found that Active Sync will only show the default folders of the account.  To
  solve this, we downloaded an Add-In for Outlook (CodeTwo FolderSync) to synchronize folders and synchronized our SharePoint list with a new Contact list in the default folder.  The issue we came across with this method is that the Add-In we are using
  is not capable of automatic synchronization.  There is a button and it must be clicked after every update is made, which is not ideal for our solution.  We then went to the company (CodeTwo) and found server side software (Exchange Sync) that they
  offer which will automatically synchronize the folders.  After installing that on the Exchange Server, we now are running into the issue of not being able to locate the SharePoint lists on the Exchange Server.
  Does anyone happen to know how we can get to the SharePoint lists from the Exchange Server?  Has anyone else been able to use shared contacts lists and calendars from SharePoint on their mobile phones using Active Sync?  If so, are we in the right
  direction with what we have found so far?
  Thanks,
  Brad

  You cannot use ActiveSync for that, but there are SharePoint clients for the iPhone. Windows Mobile 7 natively supports SharePoint with SharePoint Workspace Mobile, part of Microsoft Office Mobile. Android and BlackBerry might also have some apps.
  Use Microsoft SharePoint Workspace Mobile
  http://www.microsoft.com/windowsphone/en-us/howto/wp7/office/use-office-sharepoint-workspace-mobile.aspx
  iPhone SharePoint Apps Shootout
  http://www.codeproject.com/KB/iPhone/iPhoneSharePointApps.aspx 
  Comparing SharePoint iPhone Apps
  http://blog.praecipio.com/2010/11/02/comparing-sharepoint-iphone-apps/
  MCTS: Messaging | MCSE: S+M

• "This message has not been downloaded from the server" - Multiple devices all using Exchange Active Sync

  We are having this issue across multiple IOS devices ranging from IOS version 5.x up to the latest 6.1.2. Many (not all) emails sent to the devices are unreadable and simply state: "This message has not been downloaded from the server". Microsoft believes this to be some sort of bug with the IOS devices in the way they are handling the SSL encryption.
  Facts:
  - Devices are connected to an Exchange 2010 SP1 Rollup 6 via Active Sync (No POP3, IMAP or SMTP)
  - issue occurs on multiple IOS devices within the organization ranging from IOS 5.x up to the latest 6.1.2
  - Issue occurs on both external cellular data and internal wireless networks
  - Not all emails sent to the devices result in the error, but issue does tend to occur more frequently from certain senders/domains
  - Using the same user account on an android phone does not result in an issue (even when receiving the exactly same email that has been sent to the IOS devices)
  - Closing mail app / rebooting device does not resolve the issue
  - Doesn't appear to matter what the mesage format is (can be html, plaintext, etc)
  - Spent nearly 7 hours with Microsoft going through the Exchange server configuration and looking for possible causes. None have been found and all testing indicates things are setup correctly.
  - This is not a case of Issue 2.3 listed here: http://support.microsoft.com/kb/2563324 (verified by Microsoft Support)
  - If we disable SSL on the IOS device and connect via plain HTTP the messages are displayed correctly!
  - If we use a different SSL certificate, the issue still occurs - so not a problem with the original cert.
  Does anyone have any suggestions on what would cause this? Does the ISO devices have any sort of log that would indicate why it's reporting this error? The current error is pretty unhelpful.

  GFI Have a solution for this problem. It is to do with iOS implementation of reading the message headers when SPF compliance modifications are made by GFI.
  http://kb.gfi.com/articles/SkyNet_Article/Error-This-message-has-not-been-downlo aded-from-the-server-when-downloading-messages-to-an-iOS-device?retURL=%2Fapex%2 FSupportHome&popup=true

• Can i restrict apple mail client from downloading all emails...and allow it to pick a start date for gmail mail to sync? i am flooded with old emails, thousands on them ...eating hard drive space of my macbook pro and un necessary overhead

  can i restrict apple mail client from downloading all emails...and allow it to pick a start date for gmail mail to sync? i am flooded with old emails, thousands on them ...eating hard drive space of my macbook pro and un necessary overhead

  The genius bar technicians can check your MBP for possible hardware problems and specific software issues that you may have.  The diagnosis will be free.  Any extensive repairs will not be free.
  If you have minor software problems, you essentially will have to deal with them yourself.  Examine these two comprehensive documents for possible problem definition and solutions.  If you encounter problems that you are unable to cope with, start a new discussion and there will be persons willing to assist you in solving them.
  https://discussions.apple.com/docs/DOC-3521
  https://discussions.apple.com/docs/DOC-3353
  Ciao.

• How to catch error in the Active Sync process

  Hi, we are using Flat File active sync to update IDM user attribute. Once IDM found matched record, it builts view. However, during this period, the the matched user is locked, for example. Then IDM stop processing this record then go to next record. How can I catch this error? In log file I saw error message but how can use workflow or other way to know the error? How can get ResultItem that contains error message during AS?

  Hi,
  I am doing the following....
  Assume a main workflow which calls many sub workflows ...
  1. Define two global variables as follows
  <Variable name='anyErrorOccured'><Boolean>false</Boolean></Variable>
  <Variable name='allErrorMsg'><s>Error..</s></Variable>
  2. In the all main and sub workflows, add an special 'Action' to check the errors after each Action
  <Action id='1' name='doSomething'>
  </Action>
  <Action id='2' name='checkForErrors'>
  <cond>
  <isTrue><ref>WF_ACTION_ERROR</ref></isTrue>
  set the anyErrorOccured variable to true
  Append a custom error message(hard coded) to allErrorMsg variable - error message may contain workflow name and in which action error occured
  </cond>
  </Action>
  3. Before ending the main workflow, if anyErrorOccured is true, then send an email to IDM administartor with allErrorMsg
  <Activity id='3' name='CheckOverallError'>
  <Transition to='SendOverallErrorNotificationToIDM'>
  <ref>anyErrorOccured</ref>
  </Transition>
  <Transition to='end'/>
  </Activity>
  Hope, this helps.
  Furthermore, I tried to catch the actual error trace from IDM using the following in each 'checkForErrors' Action and append all IDM error messages for email notification.
  <invoke name='getMessage'>
  <get>
  <invoke name='getErrorMessages'>
  <ref>WF_CASE_RESULT</ref>
  </invoke>
  <i>1</i> ???????
  </get>
  </invoke>
  But , it was not successful, as I could not extract the right error mesage at the right place from WF_CASE_RESULT

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Ive had my iPod classic for some time now, and up to now have been using my laptop to sync songs from iTunes.  Unfortunatley, the laptop has died and I'm thinking of buying a iPad.....but how do i now get any songs downloaded from iTunes to my iPod?

  I've had my iPod classic for some time now, and up to now have been connecting it to my laptop to sync any downloaded tunes from iTunes.  Unfortunately, the laptop has died and I'm thinking of buying a iPad.....but how do I now get any songs downloaded from iTunes to my iPod?

  If an iPod is set to update automatically it will be associated with a particular library. If you connect that iPod to a different computer or a different library on the same computer you get the the message you are referring to. "The iPod "iPod Name"is linked to another another iTunes music library. Do you want to change the link to this iTunes music library and replace all existing songs and playlists on this iPod with those from this library". To use an iPod on multiple computers you change the update method to "manually manage songs and playlists". You can also use multiple iPods on a single computer so you will be able to connect both of your iPods to your existing iTunes. Connect the new iPod and follow the on screen instructions, iTunes will open and update your iPod.
  For info:
  The iPod offers three ways to transfer music from your computer. You can select one of the following update modes from the iPod Preferences menu in iTunes (Edit=>Preferences=>'iPod' tab):
  1) Automatically update all songs and playlists. This is the default mode, in which your entire music library, including playlists, is automatically synced to your iPod. If the music library on your computer exceeds the iPod storage capacity, you are prompted to select a different update method.
  2) Automatically update selected playlists only. With this option, iTunes automatically copies the playlists you have selected to the iPod when you connect it to the computer.
  3) Manually manage songs and playlists. You can also choose to transfer music to the iPod manually. This allows you to drag and drop individual songs and playlists from iTunes to the iPod.