Device Lock and Device Wipe (Windows Embedded Compact 7)
Windows Embedded Compact 7 provides device lock functionality to enhance security on devices that connect to a Microsoft Exchange Server mail server. It accomplishes this by using Exchange Server Group Policy.
The device lock feature prevents unauthorized access to a device if a device is lost or stolen. Device lock requires a user to enter a custom personal identification number (PIN) or password to “wake up” the device if it is idle for a specified period of time. In addition, if a device is lost or stolen, a company’s IT administrator can wirelessly lock the device and erase all data on it to protect sensitive data. This feature is called device wipe.
Windows Embedded Compact 7 supports the following Exchange Server Group Policy settings.
| Policy | Description |
|---|---|
|
Allow Simple Password |
Allows the device to use a simple device lock password, such as 1234. |
|
Alphanumeric Password Required |
Requires the device to use a device lock password that contains both letters and numbers. |
|
Password Enabled |
Enables the device lock feature. |
|
Password Expiration |
Enables the administrator to configure a length of time after which a device lock password must be changed. |
|
Password History |
Specifies the number of past passwords that can be stored in a user's mailbox. When a user changes a device lock password, the new password cannot match any of the stored passwords. |
|
Password Recovery |
Enables a device to generate a recovery password that is sent to the server. If the user forgets the device lock password, the user can use the recovery password to unlock the device and create a new device lock password. |
|
Maximum Failed Password Attempts |
Specifies the number of times a user can type an incorrect password before the device triggers a local device wipe. |
|
Maximum Inactivity Time Lock |
Specifies the length of time that a device can remain unlocked without user input before it automatically activates device lock. |
|
Minimum Password Length |
Specifies the minimum device lock password length. |
|
Minimum Device Password Complex Characters |
Specifies the minimum number of complex characters that a device lock password requires for security. A complex character is any character that is not a letter. |
When a device is lost or stolen, the security risk can be significant. Devices often contain sensitive business data, such as personal data about employees and customers. Microsoft Exchange ActiveSync helps you address this risk with device wipe capability.
Wiping the device performs a factory reset, which is also called a hard reset. This reset returns the device to the state it was in when it shipped from the factory; all user-specific data and settings are removed, including programs and private keys. To protect against data retrieval by someone who should not have access to it, the device wipe operation overwrites the device memory with a fixed bit pattern. Exchange ActiveSync provides functionality that allows device wipes to be performed on a local or remote device.
Local Device Wipe
When a user enters an incorrect PIN more than a specified number of times on a device that enforces device lock, the device triggers the first level of protection, local device wipe. The policy settings default for which a user can incorrectly type a PIN is eight times; however, the Exchange Server administrator can adjust this value. After every two missed attempts, the device displays a prompt that requires the user to type a confirmation string (usually “1a2b3c”) to continue. This prompt prevents the device from triggering a local device wipe because of accidental key presses. The device immediately wipes itself when it reaches the PIN retry limit.
Remote Device Wipe
A remote device wipe is initiated when the Exchange Server administrator issues an explicit wipe command by using the Exchange ActiveSync management interface. If users lose a device, they can also initiate a remote wipe by using Exchange Server 2007 or Outlook Web Access 2007. Local device wipes are enforced by Exchange ActiveSync security policies. Remote wipe operations are different because they can be performed even if Exchange ActiveSync security policies are not enforced on the device. The device receives the out-of-band remote device wipe command when it next synchronizes with the Exchange Server mail server. The device sends an acknowledgment message to the server administrator when it receives the wipe command and the wipe is eminent. Notification cannot be sent after the wipe is completed because at that point, all data relating to the server has been removed from the device. Regardless, the administrator can be assured that the wipe has occurred because the device user cannot prevent a remote wipe.
