Remotely Wiping Lost PDAs with MobileAdmin
As mobile computing becomes ever so prevalent, the probability of these mobile devices being lost or stolen also increases several folds. For IT managers and system administrators out there, what do you do when a field salesperson or your CEO calls you in the middle of the night and says he or she got a smartphone/PDA stolen at the airport? Microsoft Exchange 2003 Service Pack 2 includes a free utility to remotely wipe and/or delete sync partnership with an Active-Sync based device with the press of a button. The Name is Mobile Admin..
Downloading and Installing the Free Utility
The MobileAdmin tool requires Exchange 2003 service pack 2 and SSL enabled. Make sure you have both prior to downloading. Here are the URLs for the Web Admin Tool and the Service Pack.
To install this free utility, log onto your front-end Exchange server. The front-end server is the one that runs Outlook Web Access, so it has IIS 6 to drive the admin portal. Next, right click on the MobileAdmin.msi file and select Install. The wizard is very straight forward with no options available. This installation process basically creates a directory called "Microsoft Exchange ActiveSync Administration" under Program Files, adds a virtual directory called "MobileAdmin" to the front-end server's IIS, assigns basic permission, and runs the MobileAdmin portal. This tool is largely plug-and-play; no custmization is needed to get it going.
MobileAdmin Portal URL
To access the MobileAdmin portal, go to https://<ServerName>/MobileAdmin, where <ServerName> is your Exchange server's (where MobileAdmin was installed) domain name, i.e. https://email.mydomain.com/MobileAdmin. You will be prompted to log in and you can use the account that has administrative access to this virtual directory, typically accounts in the local Administrators group.
Upon login, you will be presented with two options: Remote Wipe and Transaction Log.
Transaction Log -- As the name suggests, it just shows you what actions have been taken, i.e. attempt to wipe a device, cancellation of the wipe, deletion of partnership etc., with timestamps, user records etc. - an audit trail so-to-speak.
Remote Wipe -- To perform a Remote Device Wipe, put in the mailbox/user name which you want to wipe, i.e. if CEO Charles E. Owen's account is "ceowen", enter "ceowen" in the given field, and click the green arrow to the right. The server will look up the account and return with a list of devices that have been synchronized with this mailbox. There could be multiple devices listed if the user has sync'd with several. If you cannot tell by the "Type" which one is the lost device, the column "Last Sync" provides you a clue as to which one was the most recent one sync'd with the server. Click on [Wipe] or [Delete] as appropriate to either purge all data on the device, or just delete the existing sync partnership (existing data on the device remains).
Fine-tuning
You may grant access to additional users by going to IIS manager, right click on MobileAdmin, select permission and grant user rights to the file area accordingly. This might be useful for teams with multiple email administrators.