When you install the MSFP on your Treo 700w, you can use Exchange 2003 SP2 to
enforce security policies on the PDA functions. One policy includes an
access PIN, which locks the phone after a certain period of inactivity (5 min
doesn’t seem bad in testing, but you might want to make it longer in
real life). This policy seems to be a must for the remote wipe to work
correctly. Additionally, in case the phone is ever lost, you can send a
command from Exchange to the phone to wipe it clean of data the next time it
tries to sync.
As a proof of concept, my phone was wiped 7 or 8 times yesterday.
Here’s a short overview of what happens:
- The phone retains full functionality. Whomever finds the phone is
free to make all the calls they want if you don’t have a PIN policy.
This means that if you do get the phone back, you don’t need to go through
that Verizon configuration procedure again. - Even if you enforce a PIN policy on the PDA functions, the phone can still
recive calls. The ringing phone can be answered without entering the
PIN, but no caller ID information is displayed. Calls cannot be made
from the phone until the PIN is entered. You can set the PIN policy to
wipe a device after a certain number of failures, too. - The phone basically undergoes a hard reset. Any aftermarket software
that was installed is removed. Any data stored in system memory is
lost. All configured e-mail accounts (be they POP3 or Exchange) are
deleted, as is all the e-mail. All contacts, appointments, tasks, etc
are removed. Registry settings are removed. The MSFP is
retained. - Custom ringtones and other add-ons are also removed. I have to find
that WAV of the Monday Night Football theme again. - Data stored on a storage card is not lost. Don’t
put confidential/incriminating information on the storage card, or at least
don’t leave the cards in your phone all the time. There is an option to
store e-mail attachments on the card, and it appears these are removed when
the e-mail is wiped. - If you get the phone back, or get a new one, your contacts, tasks, etc.
will be restored with the next ActiveSync. You will probably have to
reinstall the software yourself. Make sure you keep good records of your
registration codes.
The Remote Wipe will not function if the device doesn’t have MSFP
installed. The Remote Wipe functionality is an Exchange plug-in,
apparently something you need to download separately from SP2, but I’m not the
Exchange admin.
The PIN policy (called the password policy in most of the forums) seems to be
key in getting the wipe to work. If you don’t set this policy, then the
user is prompted to apply a security setting when the wipe is triggered.
Choosing No means the device isn’t wiped, and this is a very common thing in the
forums. Also key is that the phone is sync’d directlty to a Windows
2003/Exchange 2003 SP2 server. Our bastion Windows 2000 server
doesn’t pass out the policies to the phone, but the phone can be sync’d against
the bastion server, and the wipe is passed through the server as well. But
we had to sync against the Win 2K3 server once (and probably every time we want
to upgrade the policies).