Exchange ActiveSync Stats Update December 2012

Below are the statistics of the types of unique mobile devices have connected to the on-premises and Office365 Exchange servers for email and calendaring.

There have been 9834 unique mobile devices connected between 01/12/2012 and 17/12/2012.  Well over 9000 unique devices connect on any one day.

Of the 9834 devices, 3707 devices belong to staff and research postgraduate students connecting to the on-premises Exchange servers.  6127 devices belong to undergraduate and taught postgraduate students connecting to the Office365 Exchange servers.

Once again, we have seen a significant increase from previous statistics gathered.

Share an Internet connection and turn a Windows 7 or 8 PC in to a Wireless Hotspot (even on a VPN)!

I recently needed to connect my phone to a wireless network and the only connectivity available was a wired VPN on my notebook. It turns out that in Windows 7 and Windows 8 it is possible to turn a wireless enabled machine into a hotspot that any device can use!

Instructions

1) Run an elevated command prompt (Right Click > Run as administrator) and run the command:

netsh wlan set hostednetwork mode=allow ssid=<networkname> key=<password>

Where  <networkname> is your choice of name for your Hotspot and <password>is a strong secure password.

For example

netsh wlan set hostednetwork mode=allow ssid="James WiFi" key="G0dBl3ssTheIntern3t"

2) This will create a connection called ‘Wireless Network Connection 2’ which is a Microsoft Virtual WiFi miniport adapter. Rename the connection as ‘Wifi Hotspot’

3) Browse to the properties of the adapter and uncheck all of the options apart from Internet Protocol Version 4 (TCP/IPv4)

4) Browse to the properties of the Internet connected adapter or VPN connection and select the sharing tab. Tick the first box as below and select Wifi Hotspot as the Home n.

5) Create a shortcut on the Desktop called ‘Start WiFi Hotspot. This will let you switch on the hotspot on without having to type the commands. In the location box type:

netsh wlan start hostednetwork

6) Create another shortcut on the Desktop called ‘Stop WiFi Hotspot. This will let you switch off the hotspot on without having to type the commands. In the location box type:

 netsh wlan stop hostednetwork

7) Note: The shortcuts must be run as an Administrator (Right Click > Run as administrator)

8) And that’s it! You should now be able to connect to your hotspot and use the internet wit other wireless enabled devices such as your Phone, Console or other laptops

To remove the settings run the command below and do change the WiFi Hotspot name or password just run the first command again with the new details.

netsh wlan set hostednetwork mode=disallow ssid=<networkname> key=<password>

Update – Exchange Activesync Stats

Activesync Logo

As it has been roughly a year since we last published some Activesync stats on our blog, we thought it was about time to give an update.

There are 1003 users using the mobile service, which is made up of 551 Staff and 452 Students.

The statistics detail the number of different devices that sync with the Exchange servers for email / calendaring / etc.

Activesync Stats Pie Chart

A full list of device types:

Android 1
HTC Hero 17
HTC Sapphire 1
HTC Tattoo 2
Apple iPhone 493
Apple iPod Touch 96
kila 1
LGMCGD900 1
LGMCKM900 2
MOTOBLUR 2
Nokia5530 1
Nokia5800XpressMusic 6
Nokia6220c1 1
NokiaE51 2
NokiaE61 4
NokiaE63 2
NokiaE65 2
NokiaE71 34
NokiaE751 6
NokiaN78 1
NokiaN818GB 1
NokiaN82 1
NokiaN868MP 2
NokiaN95 2
NokiaN958GB 8
NokiaN96 1
NokiaN97 8
NokiaS60 1
Palm 1
PalmOneTreoAce 1
Windows PocketPC 218
Pulse 1
RoadSyncClient 1
RoadSyncClientV3 4
Windows SmartPhone 78

OWA 2007 Document Access

As discussed at our OU Admin Day event, OWA 2007 has the ability to offer read-only access to campus Windows file-servers from a web browser. This is a handy alternative to Webfolders, FTP and RAS and of course is accessible from anywhere.

This feature is only available with OWA 2007 Premium and subsequently Internet Explorer is the only supported browser. Hopefully Microsoft will remedy this with the next version of Exchange Server.

We need to enable any file-servers in an ‘allow list’ on the Exchange Client Access servers before users can access them. We can add school file-servers within reason. Please speak to your School Computing Officer and get them to contact helpline with a request.

At present the following servers are enabled:

All Tower servers
All Turret servers
crag.ncl.ac.uk
campus.ncl.ac.uk – This is a DFS name space allowing access to towers/turrets/software and high availability servers.

To access:

Log on to OWA 2007 as normal

From the left hand menu buttons, Select ‘Documents’:

Select ‘Open Location’ from the left hand menu:

A Box will appear where you can enter a path to a file server. As an example I have included the correct format for access to your home directory. Replace the ‘X’ with whichever tower and home share that your home directory resides.

Example: \\tower3.ncl.ac.uk\home17\njwd

It is important that the location you want to open is prefixed with the two forward slashes in standard UNC format and the server name is fully qualified with .ncl.ac.uk

If you have the appropriate permissions to open that location, you should be presented with the contents of that file-share in the right hand pane:

Item 1: ‘Open in Windows Explorer’ will only work whilst on campus, but will open a Windows Explorer window to the directory that you currently have selected.
Item 2: Lets you go up the directory structure, if you have permission to do so.
Item 3: Adds the current location to the ‘Favorites Menu’ as depicted in item 5.
Item 4: Is a breadcrumb style link to your current location. Click on any of the parts separated by slashes to go to that level, if you have permission to do so.
Item 5: Lists ‘favorite” places that you have added.

Double clicking on a folder will take you to the contents of that folder.

Double clicking on a file will try to open that file natively on your computer, should you have the application that can open it.

If you right click a file a context sensitive menu will appear:

Selecting ‘Open’ will try and open the file as if you have double clicked it.

If you select ‘Open as Web Page’, OWA will try and interpret the contents of that file and display it in a web-page. This is particularly handy if you are on a computer without Microsoft Office, but need to read an Office Document. The supported file types include (doc, pdf, pps, ppt, rtf and xls).

Selecting ‘Send by E-Mail’ opens a new mail message in OWA and automatically includes the file as an attachment.

‘Copy Shortcut’, copies the UNC path of the file to the computer clipboard.

IT Pro Event 14th May: Unified Communications with Eileen Brown

For the second VBUG Newcastle IT Pro event, we’re fortunate to have a great speaker. Eileen Brown is the manager of Microsoft’s TechNet UK IT Professional Evangelist Team, and writes a hugely popular blog on Management, Messaging, Mobility and Real Time Collaboration.

Here’s the overview of Eileen’s talk:

“If the PCs on our desks do much more than they did 10 years ago, why don’t our phones ?

On a Mobile phone calls are dialled from your phone book – UC allows your PC contacts to be used to place calls rather than re-keying the number into a desk, and identifies your contacts by name when they call you and routes your calls to the best phone. Unified communications is bringing together Voice, Fax, Video, Email and Instant messaging, into one system. So Voice mail which arrives in your mailbox And e-mail which can be read to you over the phone. With UC you can see if someone is around to take a call or answer a message before you contact them – and choose the best medium. And a conversation can move seamlessly from email, to instant message, to data sharing and video conference. Harnessing UC can mean less travel, less frustration and greater productivity.”

This presentation is particularly timely in the University, since this year we’ll be looking at adding some unified messaging features to our existing Exchange infrastructure. This is a great opportunity to hear about what the future might look like, from a real expert in this area.

The presentation will take place in Room 118 of Claremont Tower on Thursday 14th May, 18:30 (for a 19:00 start). If you plan to attend, please could you sign up at the VBUG site (just so we have numbers for refreshments, etc): http://www.vbug.co.uk/Events/May-2009/VBUG-Newcastle-Unified-Communications-with-Eileen-Brown.aspx

You don’t have to be a VBUG member and the event is free to attend.

If you’re on Twitter, you might like to follow Eileen.

Configure Bitlocker on a TPM Enabled Machine

Introduction:

This guide is based on a detailed article from the Vista TechCenter tested and modified for use on CAMPUS.

BitLocker Drive Encryption is an integral new security feature in the Windows Vista operating system that provides considerable protection for the operating system on your computer and data stored on the operating system volume. BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against “offline attacks,” attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.

This guide demonstrates how to configure a basic installation of Bitlocker with a TPM Enabled machine and assumes you are performing a clean build on a new machine using a network based WDS build.

Important thinks to remember before you begin

  • Bitlocker is particularly reccomended to users of Laptops within the University.
  • Backups are more important than ever on enrypted disks as recovery will be all but impossible if the disks hardware fails.
  • Changing a systems hardware will cause the TPM to react and have the system lock down. This can easily be fixed by using the Bitlocker recovery key but only if you sill have it!

Prerequisites

A Machine with a TPM chip
Windows Vista DVD
Windows Vista Business, Enterprise or Ultimate Editions
A USB Key, preferably one you can dedicate to use with Bitlocker.
Access to a Printer

1. Copy the contents of

\\campus\software\ucs\SystemSW\Bitlocker to your USB Key.

2. Boot the new machine from the Windows Vista DVD. It is necessary to do this as the WDS build on the Campus Network will not allow access to the command prompt.

3. Select the locale; accept the license and call-up a command prompt by selecting SHIFT + F10.

4. At this point you can either manually run the DISKPART tool or use the script you copied on to the USB Key in Step 1.

For BitLocker to work, you must have at least two partitions on your hard disk. The first partition is the system volume and labeled S in this document. This volume contains the boot information in an unencrypted space. The second partition is the operating system volume and labelled C in this document. This volume is encrypted and contains the operating system and user data.

The script you copied to your USB key will automatically:

Select the first disk in the system (Disk 0)
Clean the partition table.
Create a 1.5GB System Partition, sets it as active and assign it the letters S.
Partition the rest of the disk and assigns it the letter C
Quick Format both volumes with the NTFS file system.

IMPORTANT: Running this script will destroy all data on the system.

To run the script, change drive to your USB Key and run bitprep.bat

5. When the script has completed, restart your machine and build the machine using WDS as normal installing Windows on drive C

6. Now would be a good time to enable your TPM in the BIOS if it is not already.. There does not seem to be any convention on how the TPM is referred to but with HP machines it is so as the ‘Embedded Security Device’

7. When your machine has finished building, installing software and is fully patched you can start to configure Bitlocker. Click Start > Control Panel > Security > BitLocker Drive Encryption.

8. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume. If your TPM is not initialised, you will see the Initialize TPM Security Hardware wizard. Follow the directions to initialize the TPM and restart your computer.

9. On the Set BitLocker start-up preferences page, select the start-up option you want. You can choose only one of these options:

  • No additional security.
  • Require PIN at every start-up . You will see the Set the startup PIN page. Enter your PIN, confirm it, and then click Set PIN.
  • Require Startup USB key at every start-up . You will see the Save your start-up Key page. Insert your USB flash drive, choose the drive location, and then click Save.

In this scenario Bitlocker supports the following security permutations.

TPM only
TPM + PIN
TPM + PIN + USB Key
TPM + USB Key

BL0

BL1

10. On the Save the recovery password page, you will see the following options:

  • Save the password on a USB drive. Saves the password to a USB flash drive.
  • Save the password in a folder. Saves the password to a network drive or other location.
  • Print the password. Prints the password.

The recovery password will be required in the event the encrypted drive must be moved to another computer, or changes are made to the system startup information. This password is so important that it is recommended that you make additional copies of the password stored in safe places to assure you access to your data. You will need your recovery password to unlock the encrypted data on the volume if BitLocker enters a locked state. This recovery password is unique to this particular BitLocker encryption. You cannot use it to recover encrypted data from any other BitLocker encryption session. You should store recovery passwords apart from the computer for maximum security.

BL3

11. When you have finished backing up your recovery passwords you are ready to Encrypt the volume. On the Encrypt the selected disk volume page, confirm that the Run BitLocker System Check check box is selected, and then click Continue.
Confirm that you want to restart the computer by clicking Restart Now. The computer restarts and BitLocker verifies if the computer is BitLocker-compatible and ready for encryption.

12. If the system passed the checks you will see a ‘Encryption in Progress’ notifier in the system tray.

BL5

13. You can now have an enrypted disk!

BL5

14. If you would like to add more volumes and encrypt them then create the volumes as normal and then turn on Bitlocker for that drive.

BL8

Which Mobile for Exchange Mailbox Synchronization?

Activesync icon

At present we only officially support the use of Windows Mobile devices when communicating with the Exchange servers. This decision was made on the basis of the consistent standard of Windows Mobile and having devices ourselves that we can test and check problems out on. Now, a number of the big mobile manufacturers are licensing Microsoft’s ActiveSync technology and introducing the Enterprise level functionality into their devices. We don’t prohibit their use, but can’t offer any in depth support.

I hope this post gives some information on our findings.

Windows Mobile:
All versions of Windows Mobile should be compatible with Exchange. Obviously with each new iteration of the operating system (We are now up to 6.1) new functionality is introduced. Push e-mail was introduced in Windows Mobile 5.0. Motorola, Samsung, Palm, HTC are among manufacturers that produce Windows Mobile devices. Many of the UK mobile providers (Orange, O2, T-Mobile) re-badge HTC devices as their own.

Nokia:
As James documented in an earlier post, Nokia were one of the first manufacturers to licence Activesync which they called ‘Mail for Exchange’. It seems to only be available for some of their ‘E’ and ‘N’ series devices.

Sony Ericsson:
We have only been able to take a look at one Sony Ericsson device and unfortunately their version of Activesync on that particular device doesn’t seem to be compatible with Forms Based Authentication. (The type of authentication that we use!)

Blackberry:
As Blackberry have their own version of Activesync, it doesn’t look like they will license Microsoft’s version. Unfortunately to get the Blackberry to offer push e-mail with an Exchange server, a separate server (Blackberry Enterprise Server) and client access licenses need to be purchased. As we can offer Microsoft Activesync for no extra cost, we have no plans to offering push e-mail support to Blackberries.

Apple iPhone:
Apple incorporate Microsoft’s Activesync into their software on July 11th. The software will be made available for existing iPhones, IPod Touch and the soon to be released 3G iPhone. We haven’t yet been able to test this.

Some useful resources:

Modaco : Thorough news and forums
MSMobiles : News
CoolSmartphone : News
Expansys : Online Retailer