Windows RT and 8 –security when using the Mail App and Exchange

27 01 2013

As a technology coordinator within a school I’ve worked through a number of issues in connecting to the school’s exchange email server via Windows RT and Windows 8.  The concerns I’ve had and wanted to explore are somewhat peculiar to a school environment although may exist elsewhere.

The concerns were based around when a user accesses email via Windows RT or Windows 8 using the Mail App some of the security settings are imported from the domain where the exchange server is based and forced upon any computer wanting to access email from the particular site.  In some ways this is not as significant an issue with Windows 8 as it is with Windows RT as Windows 8 allows users to access other email applications such as Windows Live Mail, Outlook and potentially a range of other email programs.  However, with Windows RT if you want to connect to an exchange server the only App available is the Mail App.

My initial concern with security settings connected to the Mail App was on my Windows RT Surface tablet. When I connected to our school’s email server there was no choice but to enforce the policies from the exchange server as per the following.

image

In my mind there are a number of issues with this. One issue is that the user is provided no details as to what policies will be enforced and what impact they will have. Further given my RT Surface is my own device I didn’t really want to have school exchange security settings applied. However, that aside the biggest issue I had after I accepted these policies was that my Windows RT Surface would lock and require a password after a period of inactivity.

It’s highly annoying to have to constantly re-enter passwords on tablet devices and everything I read suggested this setting could not be removed without first disconnecting the Mail App from the exchange mail server. When I tried to remove the settings under User within PC Settings the option of “Never require a password” was not allowed.

image

Perhaps strangely, I found this setting could actually be adjusted without disconnecting the Mail App from the exchange server. This involved first choosing to “Reset Security Policies” from with User Accounts in the Control Panel as indicated in the following image.

image

To be clear the account I use to logon to my RT Surface is a “live” account and the security policies had come from the exchange server from my school.  Resetting the Policies in this instance meant I could go back into the User settings in PC Settings and subsequently set the settings to be “Never require a password”.  This subsequently solved my issue of having to constantly having to re-enter my password when the tablet locked as a result of a period of inactivity.

It wasn’t clear what other security settings were still applying to my tablet as a result of joining the Mail App to the school’s exchange server.  However, what ever settings may have been in place didn’t appear to be having a negative impact on my use of my RT Surface.

What did concern me, was that in my role of coordinating technology within our school, I had a number of conversations with the school’s systems administrator as to how this might impact students who also tried to connect to the exchange email server with similar devices.

As a result of these conversations I came to understand that these security settings were connected to the ability to be able to remotely control and wipe devices such as tablets and phones.  This caused me some concern because while I wanted students to connect to our exchange server to support email communication I didn’t want to be in a position where the school’s staff might be accused of wiping student devices.

I subsequently did some further investigations about this and found a number of links which provided some details about what might occur.  The following are a few of these links.

http://blog.exchangegeek.com/2012/06/windows-8-mail-app-exchange-activesync.html

http://blogs.technet.com/b/exchange/archive/2012/11/26/supporting-windows-8-mail-in-your-organization.aspx

Beyond this I wasn’t overly concerned until I upgraded my home desktop to Windows 8.  The Mail App in Windows 8 then synched automatically with my Windows RT Surface Mail App.  Both devices used the same live account to logon with.  There was no fine grained synching control where I could simply stop the Mail App synching – nor do I recall there being a way I could remove the Mail App from my Windows 8 computer.  While I didn’t have to open the Mail App and access the school email via this App on my Windows 8 computer  it looked a bit ugly to have a partly broken App sitting there in Windows 8. However, I put my school coordinator hat on and thought that any students in a similar situation would may want to access the school email on all the devices they have and was interested to know the result of doing so.

While there were a number of questions I really couldn’t answer without having access to administer the exchange server I was interested in what a user (i.e. a student) could do. I subsequently performed a test on the ability to remotely wipe my RT Surface device from OWA (Outlook Web Access).

To test what wiping would do on my Windows RT Surface I connected the Mail App to the school’s exchange server and then via OWA, Options, Mobile Devices I selected the device and chose to “Wipe All Data from Device” as per the following image. 

image

The result was largely as expected, following some research on the topic.  Initially nothing happened to my Surface and it appeared I could read existing school email via the Mail App.  After about 5 minutes of waiting with nothing happening I attempted to send an email via the Mail App using the school email system. More or less as soon as I hit send the wipe occurred.

The Mail App connection to the school email server was removed with the school email account disappeared from the Mail App.  In addition I received the following email confirmation.

image

The wipe fortunately didn’t wipe the entire Surface Tablet as some documentation indicates but rather just removed the school email account from the Mail App as indicated above. 

It was then a relatively simple process of reconnecting the Mail App to the school email system by first “Removing Device from List” in OWA and then repeating the process of connecting to the school email via the Mail App on the Surface.

In Summary given the significance of accessing email from Tablet type devices there appears to be a dearth of clear technical and user documentation on how everything works.  I take this to be part of the unfinished software feel of the surface tablet.

As a footnote I read with interest from http://winsupersite.com/windows-rt/microsoft-prepping-outlook-2013-windows-rt that Microsoft may release Outlook for RT.  Given the issues with the Mail App it would be interesting to see how that operates.





Synchronizing Favourites and Bookmarks

28 10 2012

In preparing to move from Windows 7 to Windows 8 and to sort out my bookmarks from a range of systems I looked for the best way to manage these bookmarks. 

Firstly I wanted to export bookmarks from an iPad. The way I did this was to download iCloud Control Panel onto my Windows 7 computer.  Using this and following instructions from the http://www.solveyourtech.com/how-to-export-ipad-safari-bookmarks/ I was able to Sync bookmarks from IE on my PC to Safari on my iPad.

I subsequently used both 1) Google Chrome in conjunction with a google account to sync bookmarks between various installations of Google Chrome – including one on an iPad, and 2) xmarks (www.xmarks.com) to synch between Google Chrome and IE.

I had not previously used xmarks but found it excellent and given that I’m not aware of any standard way to Synch IE favourites from (pre windows 8 version of) Windows computers – xmarks was also able to do this as well.  Another great feature of xmarks is that it keeps a history of favourites – so when you accidentally remove all your favourites it provides backed up versions of them.

Going forward I am likely to have Windows RT and Windows 8 devices.  Windows 8 and RT will sync favourites between the devices using Microsoft’s cloud services.  However, these don’t currently Sync with older version of Windows/Browsers nor other operating systems/browsers.  In addition xmarks does not currently run on Windows 8. Hence going forward I’m likely to want to synch everything first with xmarks, then perhaps also using google sync services, and let Windows 8 and RT use it’s own synch services.  To synch favourites/bookmarks between Windows 8/RT and other systems I may have to use a manual export/import step.   I may also need to use Apple’s iCloud occasionally if I continue to save bookmarks using Safari on an iPad (a habit I am trying to break – with the aim of using Chrome on the iPad in the future).  This is relatively complicated but on the other hand apart from xmarks the other services are pretty much just there anyway. At least in the short term xmarks will prove the glue between the different operating systems and browsers.





DEECD Improving School Governance

30 04 2012

This session was held at the Loddon Mallee Regional Office on Monday 30th of April 2012 from 7.00pm to 9.00pm.  Peter Howlett presented the session.

This was an valuable session reinforcing some known details and providing details I had either not known about or had only a limited understanding of.

Importantly we were provided with a folder containing a number of key documents describing the function of school councils.  The majority of the session focused on what is covered in the induction section of the material. An electronic copy of the induction material can be found here at: http://www.education.vic.gov.au/management/governance/schoolcouncils/default.htm.  This site also contains electronic copies of the Finance, Policy Development and Review, and the Strategic Planning section. 

What are some things I learnt form the presentation

  1. School Councils no longer have AGMs.  Peter made a point of this although the module doesn’t specifically mention this. Peter clarified this is really now “The first meeting of the new council” and as such really just a name change.  Details are covered on page 23 of the Principal’s Guide to School Council Elections 2012.
  2. A Quorum requires not less than one half of school council members currently holding office, with a majority being not Department employees. Members can be present via tele or video conferencing.
  3. It was suggested that school councils should have a code of conduct for councillors and that this be part of the council’s “Standing Orders”.
  4. Subcommittees don’t decide anything.  They only require one council member and their task is to recommend things to the school council.
  5. School council members are not legally liable for anything if acting in good faith.
  6. When making decisions school council should consider the decision in reference to the Strategic Plan and Annual Implementation Plan.
  7. It’s a good idea to have the Strategic and Annual Implementation plan present for council meetings.
  8. Agenda is set by the Principal and President the week before each meeting.
  9. Although not covered in the written Induction document Peter made the point of ensuring that all parents going on an overnight excursion should have a WWC card.  This though is not government policy.
  10. . Don’t accept any excursion not on DEECD’s pro-forma for excursions.
  11. . It was suggested that at the beginning of the year parents be advised of “voluntary accident insurance” options through the newsletter.
  12. . If a school council member is absent for 3 consecutive meetings without special leave then their position becomes vacant.  This should be in the standing orders.
  13. . What an apology is should be in the standing orders.
  14. . Schedule 7 from the “Principals Guide to School Council Elections 2012” shows who’s on school council and I think Peter indicated should be available to council members.

From reading the Induction document I’ve noted the following:

  1. Functions of school council include the regulating and facilitating of after hours use of school premises and grounds.
  2. Council are significantly involved in the development of the strategic plan and the AIP.
  3. Council is responsible for how the school raises income (over and above the funding provided by the government).
  4. The school council is responsible for developing particular policies to reflect the school’s values and support the school’s strategic plan. Day-to-day policies and procedures are managed by the principal and staff.
  5. The principal is an ex-officio of all council sub-committees.
  6. Sub-committees must have at least three members with at least one school council member.
  7. Schools are encouraged to have a finance sub-committee and others as appropriate.
  8. Decisions are always the decision of the whole council.  Decisions are made by voting, ideally by, consensus.
  9. The school council should keep the community informed about its operations by publishing a report following a meeting in the school newsletter and/or on the school website. A person does not have the right of access to the minutes or other documents or records of a school council under the Freedom of Information Act 2000.
  10. .  A school council must call a public meeting at least once each year and report the proceedings of the council since the date of the previous public meeting. The council muse present the annual report to the meeting and, if the school council accounts have been audited, present a copy of the audited accounts.




Discrimination, Harassment and Bullying course and Refresher

6 10 2011

On October the 4th 2011 I completed the Discrimination and Harassment online course.  I was also required to complete the Discrimination, Harassment, Bullying Refresher which I did on October 5th 2011.  I obtained a perfect score in both online tests and the courses were valuable in reminding me of the needs and issues around these subjects.





David Hopkins at Bendigo South East College

9 09 2011

David spoke to all teachers from BSSC 4pm to 6pm at BSE on 7/9/11 and to leading teachers from BSSC at BSSC from 2.30 to 3.30 on Thursday 8/9/11.

In the first part of the meeting on Wednesday 7/9/11 Ron Lake spoke to assembled staff and highlighted challenges for teachers in the Bendigo area. In particular written literacy was an area that was well below where it should be and the uptake of mathematics in later years was poor. With regards to BSSC staff it indicated the likely challenge as being to continue to work on literacy skills across the board with all students and in addition attract more students to complete higher level maths.

David’s message was interesting but not new. He in fact claimed that he was not presenting anything fundamentally ground breaking but rather emphasising known good practices.  With regards to BSSC in particular (on the Thursday) he emphasised that our content was fine, but what we needed to work on was our pedagogy.  He described five areas of teaching which I’ve listed below. In particular I found the description of operating within a students “zone of proximal development” a valuable idea for achieving good outcomes. This idea is discussed in greater depth in his book “Every School a Great School”.  Reference to this can be found at http://www.davidhopkins.co.uk/books.htm.  Some of the pages re this topic can be seen through book previews at Google Books. David also referred to John Hattie’s book “Visible Learning” and it’s a book which on first glance appears to be a valuable summary or synthesis of existing educational research ( a little like Marzano’s “What works in schools”).

1) INTENTIONS, PACE AND NARRATIVE

When teachers set learning intentions, use appropriate pace, and have a clear and strong narrative about their teaching, then students are more secure about their learning, and achievement, understanding and curiosity is increased.

2) TASKS

When learning tasks are purposeful, clearly defined, differentiated and challenging ( according to the student’s zone of proximal development) then the more powerful, progressive and precise the learning for all students.

3) HIGHER ORDER QUESTIONS

Teachers systematically using high order questioning leads to the level of student understanding deepening and the level of engagement increasing. Students who are regularly required to analyse, synthesise and evaluate are more motivated and engaged.

4) FEEDBACK AND DATA

Using feedback to inform future learning.

5) FEEDBACK AND REFLECTION

Peer assessment

6) COLLABORATIVE GROUP WORK

Cooperative group structures to mediate between whole class instruction and students carrying out tasks.





Cisco Victorian Networking Academy Conference

26 05 2011

This was an all day conference from 9.30 till 5.30 at Cisco Head Office in Melbourne on 26th of May 2011.

A number of topics were covered at the conference. 

  1. New mappings had been made against the ICA11 Training Package and the Cisco Discovery and Exploration courses.  This work had been completed by Box Hill Institute.
  2. An Academy Evolution had occurred which meant we can can go anywhere for training of staff in the future.  BSSC will have a direct relationship with Cisco rather than Regional Academy. The following will exist.
  3. a) Instructor Training Centres for Victoria will be Box Hill and RMIT

    b) Academy Support Centre will be Box Hill

    c) There will also be NetAcad Resource Partners

  4. The role Cisco Academies will continued largely as is and therefore there appears no significant change directly to BSSC
  5. Harry Wang will look after quality assurance. Can share best practice with Harry as he needs to share best practice with Asia Pac – it needs to be measurable.
  6. Equipment Update
  7. a) New CCNA bundles

    b) ~72% off RRP for CCNA

    c) License Key required for new routers New equipment will require Windows 7 style security to protect IOS. Cost of new routers are slightly higher due to max RAM, flash. (i.e. a $600 router might become a $950 router). Only one IOS available for new routers. 2901 – 1 RU, 1941- 2 RU

    d) $4300 per pod basis

    e) Version 12 to version 15 of IOS – should be no cost for IOS under smartnet

  8. Telstra Graduate didn’t fill all positions – students with CCNA are highly regarded in this process – technical starting salary $60,000 – www.optioncity.com.au
  9. Netriders Tuesday 13th and Wednesday 14th of September, 2 members per team, and as many teams as you like. 18 years and over 31st Dec 2011.  50% theory and 50% packet tracer.




KeePass on Android, Ubuntu and Windows

25 01 2011

For sometime now I’ve kept an electronic copy of passwords in a spreadsheet which I occasionally update and print out. It’s quite a reasonable way to go, but with a recently acquired Android phone I wanted to make use of this to hold passwords rather than using little bits of paper. 

I tested a number of version builds and ports of KeePass as the original main KeePass (http://keepass.info/) is a Windows only program.  On Ubuntu I tried KeePassX and on my Android Phone I went with KeePassDroid.  The good things is that all these programs can work with a similar database created by the other versions.  The bad thing is that currently this is really only true for .kdb (1.x) files/versions of KeePass databases and not .kdbx (2.x) files/versions of KeePass databases. This is somewhat limiting and resulted in quite a bit of playing around to get what I wanted to do to work.

The plan was to boot into a disconnected version of Ubuntu which I booted into from a 4GB memory stick on an isolated and disconnected computer.  Complete all the editing while in Ubuntu and then transfer my spreadsheet list of passwords into KeePass and finally transfer an appropriate subset of these passwords onto my mobile phone.

To do this I installed Ubuntu 10.10 onto the memory stick.  By default this installed OpenOffice which I was to use to update my spreadsheet.  This worked well.  However, when it came to importing the spreadsheet into KeePass I found KeePassX extremely limited and could not import comma separated files (CSV). I really gave up on KeePassX after this. I subsequently resorted to using KeePass 2.14 running under Mono.  This later step I also almost gave up with as I am no Linux expert and couldn’t understand how to install and get Mono running. In the end I did get KeePass 2.14 to run under Linux with Mono, but I’m not certain of the correct or best steps.  Nevertheless what appeared to work was first installing monoDevelop under Ubuntu 10.10.  Then I ran monoDevelop and selected Debug Applications from the monoDevelop Run menu and selected the KeePass.exe file from the downloaded KeePass 2.14 version.  It subsequently ran KeePass and this allowed me to import from the CSV file OpenOffice saved to.  Importing from a CSV limits fields which can be imported/exported to KeePass, but apart from these limitations the import worked well.

Once I got the files into a kdbx file I really had to give up on Linux.  In the future if KeePassX fully supports kdbx files I could do everything in Linux, but for now Mono caused a number of limitations with KeePass 2.14 when it came to printing, and when editing the kdbx file that it became impractical to use. 

I transferred my kdbx file created under Ubuntu to a Windows 7 notebook.  Using KeePass 2.14 in Windows I was able to save/export all and parts of my password lists to other formats.  The plan for ongoing use is to maintain the master list of passwords in a kdbx database and export necessary subsets to other locations.  KeePass 2.14 is very flexible with importing and exporting.  As such I exported a group of passwords to a kdb file.  This kdb file was easily/simply transferred to my Android phone through the USB cable connected to the Android phone. 

Finally I was able to open the kdb file and access my passwords using KeePassDroid running on the Android Phone.

In the future when I have a phone or software which fully supports KeePass kdbx files I may copy all passwords into the one database and carry them on the phone with me.  This is really what KeePass can easily be used for.  However, I am a little cautious with this because there are still some security risks with this and the more one attempts to mitigate these risks (ie long master password) the more tedious using this technology becomes. 

Anyway for now I’ll continue to try this technology and maintain my master password list in a kdbx database rather than a spreadsheet.  KeePass 2.14 prints out useful tabular summaries (with passwords) which I’ll also use in some instances as it better suits my purposes of access.








Follow

Get every new post delivered to your Inbox.