Managing the Client Access Server • Chapter 5 297 Figure 5.48 The Password Tab on the Properties Page of an Exchange ActiveSync Mailbox Policy NOTE Notice that mobile device users, by default, are allowed access to any Windows File Shares and Windows SharePoint Service Servers you may have confi gured. Again, this feature is only supported from a Crossbow device. 298 Chapter 5 • Managing the Client Access Server Assigning an Exchange ActiveSync Policy to a User So how do we assign an Exchange ActiveSync (EAS) policy to one or more users once it’s created? This can be done using either the Exchange Management Console or the Exchange Management Shell. To assign an EAS policy to a user, perform the following steps: 1. Open the Excha.nge Management Console, and then expand the Recipient Confi guration work center node. 2. Select the Mailbox subnode and highlight the user mailbox to which you want to assign the EAS policy. 3. Click Properties in the Action pane. 4. Click the Mailbox Features tab, as shown in Figure 5.49. Figure 5.49 Enabling/Disabling Exchange ActiveSync on a Per User Basis Managing the Client Access Server • Chapter 5 299 5. Select Exchange ActiveSync, and then click the Properties button. 6. Check Apply an Exchange ActiveSync mailbox policy, and then click Browse, as shown in Figure 5.50. Figure 5.50 Assigning an Exchange ActiveSync Mailbox Policy to a User Mailbox 7. In the Select ActiveSync Mailbox Policy window (Figure 5.51), choose the respective EAS mailbox policy and then click OK three times. Figure 5.51 Selecting an Exchange ActiveSync Mailbox Policy 300 Chapter 5 • Managing the Client Access Server Managing Mobile Devices Now that we have fi nished our mobile deployment, how do we go about managing the mobile devices in our organization? Well, unlike Exchange Server 2003 SP2, which required you to download a separate Web administration tool (called the Mobile Administration Web tool) that among other things allowed you to delete device partnerships and remote wipe stolen or lost devices from a central location, these features and more are an integral part of the Exchange Management Console. To manage the mobile device(s) for a specifi c user, you must perform the following steps: 1. Open the Exchange Management Console. 2. Expand the Recipient Confi guration work center and click Mailbox. 3. Select the user mailbox for which you want to manage a mobile device. 4. Click Manage Mobile Device. 5. The Manage Mobile Device wizard now appears (Figure 5.52). Here you can see the mobile devices that have an established partnership with the respective user mailbox. Under Additional device information, you can see when the fi rst synchronization occurred, when the last device wipe command was issued, the acknowledge time for the device wipe, when the device was last updated with a policy, as well as the last ping heartbeat in seconds (this should be between 15 and 30 minutes, depending on how keep alive sessions have been confi gured with your mobile service provider and on your fi rewall). Finally, you can see the recovery password here (if enabled by policy). Under Action, you have the option of either removing (a.k.a., deleting) a mobile device partnership, as well as performing a remote wipe of a mobile device. Performing a remote wipe of a mobile device will delete any data held in memory as well as on the storage card. In other words, the device will be reset to its factory defaults. TIP To assign an EAS mailbox policy to a mailbox using the Exchange Management Shell, use the Set-CASMailbox cmdlet. For example, if you want to assign an EAS mailbox policy named Exchange Dogfood – All EAS users to a user alias called HWK, type the following command: Set-CASMailbox HWK –ActiveSyncMailboxPolicy “Exchangedogfood – All EAS Users” Managing the Client Access Server • Chapter 5 301 Figure 5.52 Managing Mobile Devices NOTE Removing a mobile device partnership will not delete any data on the mobile device. In order to reduce the load on IT staff (primarily the Helpdesk), the Exchange Product group also implemented these mobile device management features into OWA 2007. This means users can manage their own devices, as shown in Figure 5.53. . steps: 1. Open the Excha.nge Management Console, and then expand the Recipient Confi guration work center node. 2. Select the Mailbox subnode and highlight the user mailbox to which you want. Server • Chapter 5 299 5. Select Exchange ActiveSync, and then click the Properties button. 6. Check Apply an Exchange ActiveSync mailbox policy, and then click Browse, as shown in Figure 5.50. Figure. other things allowed you to delete device partnerships and remote wipe stolen or lost devices from a central location, these features and more are an integral part of the Exchange Management