X
Tech

Bits from Apple's iPhone deployment guide for the enterprise

Following the release of the iPhone Software 3.0, Apple also presented corporate customers with its first edition of the iPhone OS Enterprise Deployment Guide. This manual is packed with instructions for setting up mass quantities of iPhones and iPod Touches as well as some interesting "important" notes and tips.
Written by David Morgenstern, Contributor

Following the release of the iPhone Software 3.0, Apple also presented corporate customers with its first edition of the iPhone OS Enterprise Deployment Guide. This manual is packed with instructions for setting up mass quantities of iPhones and iPod Touches as well as some interesting "important" notes and tips.

Here are some of these items that the guide considered important as well as some other items I found interesting:

First was a warning about the time it takes to remotely wipe an iPhone. This action removes all data and config info from the device, which is restored to its factory settings. But this all takes a while, a number of hours depending on how much memory the iPhone contains.

Important:  With some devices, such as older iPhone models and iPod touch, wiping can take approximately one hour for each 8 GB of device capacity. Connect these devices to a power supply before wiping. If the device turns off due to low power, the wiping process resumes when the device is connected to power.

With Exchange Server 2007, you can initiate a remote wipe using the Exchange Management Console, Outlook Web Access, or the Exchange ActiveSync Mobile Administration Web Tool.

With Exchange Server 2003, you can initiate a remote wipe using the Exchange ActiveSync Mobile Administration Web Tool.

Users can also wipe a device in their possession by choosing “Erase All Content and Settings” from the Reset menu in General settings. Devices can also be configured to automatically initiate a wipe after several failed passcode attempts.

So, a fully-packed, 32GB iPhone 3G S or iPod Touch could take 4 hours to erase, and longer if its battery runs out (with the iPhone, a likelyhood).

Another "important" note was found in the section on updating configuration profiles. Much of the guide is about the use of the iPhone Configuration Utility and its use in a Windows Exchange Server environment.

The warning is about the actions when removing a configuration profile. Everything goes.

Important:  Removing a configuration profile removes policies and all of the Exchange account’s data stored on the device, as well as VPN settings, certificates, and other information, including mail messages, associated with the profile.

The configuration profiles are authenticated with the enterprise's copy of iPhone Configuration Utility. Users can't change settings enforced by the profile. In addition, the guide says that configuration profile updates aren’t pushed to users; managers must distribute the updated profiles to their users.

To change a setting, you must install an updated profile. If the profile was signed, it can be replaced only by a profile signed by the same copy of iPhone Configuration Utility. The identifier in both profiles must match in order for the updated profile to be recognized as a replacement.

One common user problem is entering passcodes, or more to the point, getting cut off from services with too many failed passcode entries. Apple's default settings triggers a time delay after 6 failures. And if you get to 11 tries: kaboom!

Maximum number of failed attempts:  Determines how many failed passcode attempts can be made before the device is wiped. If you don’t change this setting, after six failed passcode attempts, the device imposes a time delay before a passcode can be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, all data and settings are securely erased from the device. The passcode time delays always begin after the sixth attempt, so if you set this value to 6 or lower, no time delays are imposed and the device is erased when the attempt value is exceeded.

In the I-did-not-know-that department: Activation Mode settings. Of course, when managing an iPhone for someone else, you don't want sync the device with your own machine. But there's a StoreActivationMode that you can turn on with the Terminal.

Before a new iPhone or iPod touch can be used, it must be activated by connecting it to a computer that is running iTunes. Normally, after activating a device, iTunes offers to sync the device with the computer. To avoid this when you’re setting up a device for someone else, turn on activation-only mode. This causes iTunes to automatically eject a device after it’s activated. The device is then ready to configure, but doesn’t have any media or data.

To turn on activation-only mode on Mac OS X:

1 Make sure iTunes isn’t running, and then open Terminal. 2 In Terminal, enter a command: - To turn activation-only mode on: defaults write com.apple.iTunes StoreActivationMode -integer 1 - To turn activation-only mode off: defaults delete com.apple.iTunes StoreActivationMode

Editorial standards