You're right to be concerned, not only about the information on the devices but the passwords as well because most of your users probably have configured their devices to save their password for synchronizing with Exchange Server. That Active Directory (AD) username and password is often also their main account for accessing the rest of the Windows network. Windows Mobile protection of saved passwords has come under fire for being easy to break. Therefore, loss of a device could potentially result in that user's entire account being compromised, including all applications that depend on AD for authentication.

Asking users to configure mobile devices with a PIN is likely to meet with little compliance because of the inconvenience, especially because some poorly designed Windows mobile phone devices require you to enter the PIN just to answer an incoming call.

To reduce the risks associated with mobile devices, you should consider implementing the Windows Mobile 5.0 Mobility and Security Feature Pack and insist that all devices in your fleet either run Windows Mobile 2005 or fully support the client-side features of the Mobility and Security Feature Pack. In addition to the Mobility and Security Feature Pack's DirectPush technology that enables mobile devices to immediately receive new email messages and other mailbox updates as the occur, the feature pack introduces two crucial features for secure management of your mobile device fleet. Mobility and Security Feature Pack lets you remotely wipe lost or stolen devices and also lets you set a policy that enforces the use of PINs. If a user reports a lost or stolen device, you simply log on to the Mobility and Security Feature Pack's administration Web page on your Exchange server and issue a remote wipe command for that device. If the radio in the device is turned on, it will immediately wipe the device's memory and report back to the Exchange server so that you get positive confirmation. Otherwise, as soon as the device is turned on, the device will see the wipe request when it tries to connect to Exchange.

I recently left my Palm Treo 700w in a cab and immediately logged on to Exchange and issued a wipe command. As it turned out, the battery had already died, and I later retrieved the device from the cab driver. I was able to log on to Exchange and cancel the wipe command before bringing the phone back up, thus eliminating the need to reconfigure all my phone settings. The key to making remote wipe work to mitigate risk is to train users to notify the Help desk immediately when their phone is lost or stolen.
—Randy Franklin Smith

How can I increase the limit on rules storage in Exchange 2007 from the 32KB default?

RulesQuota is one of the many parameters available for the SetMailbox cmdlet, which configures dozens of parameters on an individual mailbox. The syntax to increase the rules capacity to the maximum 256KB for a mailbox with the alias MyMailbox would look like this: set-mailbox -identity MyMailbox -RulesQuota 256KB.
—Sue Mosher

Outlook FAQs

Given that it's so much easier to share mailbox folders with Microsoft Office Outlook 2007, does conflict resolution work any differently?

Streamlined mailbox folder sharing is one of the big new collaboration features in Outlook 2007, and one that doesn't require Exchange 2007. By using the Share command on the navigation pane or folder context menu, sharing a folder is as easy as sending an email message. What's different behind the scenes (and what the user might not realize) is that for nonmail folders, Outlook 2007 by default caches the shared folders locally in the offline folders .ost file. That's a big change from previous versions, in which users with access to a shared mailbox folder always connected directly to the shared folder on the Exchange server, with no local cache involved. Since both Outlook 2007 users (the mailbox owner and the user with shared access) are likely to be working with cached data for a shared mailbox folder, it's certainly possible for conflicts to happen if both have write access to the folder. My testing so far shows that Outlook tries to make an intelligent decision about which change “wins,” but when it can't, it puts a conflict message in the Sync Issues\Conflicts folder.
—Sue Mosher

If User A has access to a folder from User B's mailbox and User B's mailbox is deleted, what happens to the cached copy of User B's folder, the one that resides in User A's offline folders .ost file?

The cached data is still visible to any user who already has a shared copy of the mailbox. For non-calendar folders, the user can open existing items and, if originally granted write permission, create new items. However, for a calendar folder, any attempt to open an appointment results in an error message: Cannot open this item. Cannot open the free/busy information. Microsoft Exchange is not available. Either there are network problems or the Exchange computer is down for maintenance. A similar message appears when a user with write permission tries to create a new item. Ideally, you'd want the user to see a more informative message about the shared mailbox being unavailable, but it could be that Outlook just can't distinguish between a problem with a specific mailbox and general network issues affecting its connectivity.
—Sue Mosher

Is there a way to turn off shared-mailbox folder caching?

Yes, through Group Policy Objects (GPOs). After you install the Outlk12.adm file, which you can obtain via the 2007 Office System Administrative Templates (ADM) page (http://www.microsoft.com/downloads/details.aspx?familyid=92d8519a-e143-4aee8f7a-e4bbaeba13e7), you should see that option in Group Policy Editor (GPE) under User Configuration, Administrative Templates, Microsoft Office Outlook 2007, Tools, Account Settings, Cached Exchange Mode as a policy named Download shared non-mail folders. On the download page for the .adm files, note that they're available in multiple languages. The Outlook 2007 .adm files include a detailed description of each option in the language you select for the download.

What technologies are available for indexing Outlook attachments?

The next FAQ shows how the Windows Desktop Search component can index and search attachments in Outlook email messages. There are also other technologies for indexing Outlook attachments. You'll find a full list of these technologies at http://www.slipstick.com/addins/search.htm. The solutions are grouped according to those targeting individuals and those for the entire enterprise.
—John Savill

How can I enable Windows Desktop Search to index Outlook mail attachments?

Attachment indexing is usually enabled by default, but you can also set it by performing these steps:

1. Start Windows Desktop Search (Start, Programs, Windows Desktop Search).
2. Select Desktop Search Options from the options menu, as Figure 3 shows.
3. Ensure that Index e-mail attachments is selected.
4. Click OK.

—John Savill

SharePoint FAQs

What's page ghosting in Microsoft SharePoint technologies?

SharePoint uses a number of site templates, which are essentially predefined layouts for SharePoint pages and form the foundation of all the content created. Because most pages in SharePoint are derived from the site templates, the pages store only the differences between the actual page and the original template. This approach lets SharePoint cache into memory the main site templates, then apply the changes for all instances of a page based off the template (the changes are stored in the content database). This application of changes over the site template is known as page ghosting. In addition to the performance improvements page ghosting offers, it also lets you change a site template, which would then apply to all pages that were based off of the site template.

This is important to understand because when you use Microsoft Office FrontPage 2003 to edit a page, it unghosts the page. FrontPage does this because instead of now saving the changes from the page and the original site template (e.g., the original default.aspx page), SharePoint now just saves the entire page as a separate object that's no longer linked to the template. Therefore, if the site template is modified, the changes won't affect the FrontPage-edited version. This page will have to be fully loaded from the content database, so you can't take advantage of the cached site templates. The following links provide further information about SharePoint page ghosting:

• http://msdn.microsoft.com/library /en-us/odc_sp2003_ta/html/office_sharepointapplyingcorporatebrand.asp?frame=true#office_sharpoint applyingcorporatebrand_abouttemplates
• http://msdn.microsoft.com/msdnmag/issues/06/07/wss30preview/default.aspx

—John Savill

How can I make links in Microsoft SharePoint technologies open in a new browser window?

By default, SharePoint links open in the existing browser window. You can find several solutions for this behavior on the Web, but I found the following solution to be the easiest:

1. Use Microsoft Internet Explorer (IE) to open the SharePoint page containing the links.
2. From the File menu, select Edit with Microsoft Office FrontPage.
3. In FrontPage, right-click the section with the links, and from the displayed context menu select Convert to XSLT Data View.
4. Right-click one of the links and select Hyperlink Properties.
5. From the displayed dialog box, click the Target Frame button.
6. Select New Windows and click OK to all dialog boxes.
7. Save the page changes.

Now, when someone clicks a link, the page will open in a new window. You can find other solutions for this behavior at http://mindsharpblogs.com/todd/archive/2005/08/16/654.aspx and http://andrewconnell.com/blog/articles/sharepointlinkslistopeninnewwindow.aspx.
—John Savill

How can I hide SharePoint columns from certain users? I have a power user who, ideally, should have access to all columns as well as standard users who need only limited column access.

Neither Windows SharePoint Services 3.0 nor Microsoft Office SharePoint Server 2007 (or earlier SharePoint technologies) supports the ability to apply permissions at the columm (i.e., field) level. You have several options for meeting this type of need, but if you require the information to be truly secure, you'll have to use custom coding or purchase a third-party product.

One of the simplest ways to address this need is by using FrontPage 2003 to remove the sensitive fields from the existing list pages and create other pages for your power users that contain those sensitive fields. Then you need to prevent your standard users from accessing the pages designed for your power users. One approach is to use a simple redirect Web Part, such as the one created by Bamboo Solutions (http://www.bamboosolutions.com). Such a Web Part will redirect users to another SharePoint page or site if they don't belong to a specific permission group. Note that this approach will unghost your pages and therefore require additional maintenance in the future. (For more information about page ghosting, see the first FAQ on this page.)

A second—and considered a bestpractice—approach is to create a custom list definition. You can create a custom list definition to provide most any functionality you want, including how the list is displayed. If you chose to create a custom list definition, I recommend that you read the MSDN article “Creating a List Definition” (http://msdn.microsoft.com/library/en-us/spptsdk/html/tsptcreatelisttemplate_sv01016233.asp). You might need to augment this list definition approach by using a custom Web Part that lets you control what information is displayed to users. (For more information about custom Web Parts, see “A Developer's Introduction to Web Parts” at http://msdn2.microsoft.com/en-gb/library/ms916848.aspx.)
—Bob Mixon

How can I display the currently logged-on user on our SharePoint portal's home page?

Surprisingly, this functionality wasn't a standard UI element in Windows SharePoint Services 2.0 or Microsoft SharePoint Portal Server 2003. Rest assured that Microsoft has added it Windows SharePoint Services 3.0 and SharePoint Server 2007, but if you're still running the earlier versions, there are a couple of methods you can use to gain this functionality. Probably the easiest approach is to find a third-party Web Part that will display this information. You can download one such free Web Part from the Microsoft SharePoint Products and Technologies Web Component Directory (http://www.microsoft.com/sharepoint/downloads/ components/detail.asp?a1=841).

Another approach, which is described in the MSDN FrontPoint blog post “Howto: Display the Username for the Logged on user on a page” (http://blogs.msdn.com/frontpoint/articles/123179.aspx), uses the Data View Web Part and a few custom Collaborative Application Markup Language (CAML) techniques. Take a look at the article before you decide on the approach you want to take.
—Bob Mixon