RIM veröffentlicht die ersten beiden IT-Policies für das BlackBerry PlayBook

Der BlackBerry Hersteller Research in Motion hat heute in seinem Knowledgebase-Artikel KB26294 die ersten beiden IT-Policy-Regeln veröffentlicht:

Enable BlackBerry Bridge
This policy can be found under the BlackBerry Bridge category when configuring an IT Policy after the file below has been applied to the BlackBerry Enterprise Server.

Description: Specify whether a BlackBerry device can run BlackBerry Bridge. If you set this rule to Yes, a user can run BlackBerry Bridge and use it to connect a companion device (for example, the BlackBerry PlayBook) to the BlackBerry device. If you set this rule to No, a user cannot run BlackBerry Bridge and cannot use it to connect a companion device to the BlackBerry device. If you do not set this rule, a default value of Yes will be used.

BlackBerry PlayBook Log Submission
This policy can be found under the Companion Devices category when configuring an IT Policy after the file below has been applied to the BlackBerry Enterprise Server.

Description: Specify whether a BlackBerry PlayBook tablet can generate and send log files to the BlackBerry Technical Solution Center. The default value for this rule is Enable Logging. If you set this rule to Enable Logging, the tablet can generate and send log files to the BlackBerry Technical Solution Center. If you set this rule to Disable Logging, the tablet cannot generate and send log files to the BlackBerry Technical Solution Center.

Da diese Policy Regeln noch nicht mit den letzten Updates aktualisiert worden sind, müsst Ihr diese importieren – und so geht es im BAS (BlackBerry Administration Service):

  1. ITPolicyPackPlayBook.zip hier herunterladen und entpacken
  2. BAS öffnen und unter BlackBerry Solution Management den Punkt Policy erweitern
  3. Manage IT Policy Rules klicken und Import IT Policy Definitions auswählen
  4. Zum Inhalt der ITPolicyPackPlayBook.zip navigieren und die Datei ITPolicyPackPlayBook.xml auswählen
  5. Mit Save abspeichern
  6. Es sollte die Bestätigung „The IT policy definitions have been updated.“ folgen

Solltet Ihr das für den BES 4.0 oder 4.1 machen wollen, so könnt Ihr das mit Hilfe des BlackBerry Manager oder mit der loadbesmetadata.exe bewerkstelligen – wie das funktioniert steht auch im KB26294.

Alle Verbindungen über den BlackBerry MDS Connection Service erzwingen

Um alle Verbindungen, die am BlackBerry Smartphone initiiert werden, über den MDS Connection Service laufen zu lassen, gibt es die Möglichkeit, dieses Verhalten via IT-Policy zu erzwingen. Erstellt einfach eine neue IT-Policy und konfiguriert folgende Werte:

  • Service Exclusivity > Allow Other Browser Services = False/No
  • Security > Allow Internal Connections = True/Yes
  • Security > Allow External Connections = False/No

Diese IT-Policy weist Ihr dann den jeweiligen BlackBerry-Usern zu und verhindert somit evtl. entstehende zusätzliche Kosten. Diese Einstellung gibt es nur beim großen BES (Nicht beim BESX) und ist enthalten in den Versionen 4.1.X bis 5.0.2 (Stand heute).

Verfügbare IT-Policy Einstellungen beim BlackBerry Enterprise Server Express (BESX)

Dass der BESX im Vergleich zum großen Bruder BES nur 35 von ca. 500 IT-Policy Einstellungen bietet, ist ja schon lange kein Geheimnis mehr – sollte aber auch für Kleinunternehmen wirklich reichen. Die folgende Tabelle soll Euch eine Übersicht aller verfügbaren Stacks bieten, die Ihr konfigurieren könnt:

Common policy group
Disable MMS IT policy rule This rule specifies whether a BlackBerry smartphone user can send and receive MMS messages
Device Only items
Allow SMS IT policy rule This rule specifies whether a user can send Short Message Service (SMS) text messages.
Maximum Password Age IT policy rule This rule specifies the number of days before a BlackBerry smartphone password expires and a user must set a new password. The permitted range is 0 to 65,535 days.
Maximum Security Timeout IT policy rule This rule specifies the maximum time (in minutes) that a user can specify as the security timeout value. The security timeout value is the number of minutes of inactivity before the BlackBerry smartphone locks. The permitted range is 10 to 480 minutes.
Minimum Password Length IT policy rule This rule specifies the minimum number of characters that are required for a BlackBerry smartphone password. The permitted range is 4 to 14 characters. The maximum password length, which this rule does not control, is 32 characters.
Password Pattern Checks IT policy rule This rule specifies whether to verify that a BlackBerry smartphone password matches specific character pattern requirements.
Password Required IT policy rule This rule specifies whether a user must configure a password on a BlackBerry smartphone.
User Can Change Timeout IT policy rule This rule specifies whether a user can override the security timeout value.
User Can Disable Password IT policy rule This rule specifies whether a user can turn off the requirement for a BlackBerry smartphone security password.
Bluetooth policy group
Disable Bluetooth IT policy rule This rule specifies whether support for Bluetooth® technology on a BlackBerry smartphone is turned off.
Camera policy group
Disable Photo Camera IT policy rule This rule specifies whether the camera is available on a BlackBerry smartphone.
Disable Video Camera IT policy rule This rule specifies whether the video camera feature on a BlackBerry smartphone is turned on.
Email Messaging policy group
Confirm External Image Download IT policy rule This rule specifies whether a BlackBerry smartphone displays a confirmation dialog box when a user clicks the Get Images link in an HTML-formatted email message.
Disable Manual Download of External Images IT policy rule This rule specifies whether a user can request to view URL-referenced content (such as pictures) that is embedded in email messages manually.
Disable Rich Content Email IT policy rule This rule specifies whether a BlackBerry smartphone can receive email messages in rich text or HTML format.
Maximum Native Attachment MTH attachment size IT policy rule This rule specifies the maximum size (in KB) of a single standard attachment that a user can download to a BlackBerry smartphone. The permitted range is 0 to 1,048,576 KB.
Maximum Native Attachment MFH attachment size IT policy rule This rule specifies the maximum size (in bytes) of a standard attachment that a user can upload from a BlackBerry smartphone. The permitted range is 0 to 3 MB.
Maximum Native Attachment MFH total attachment size IT policy rule This rule specifies the total size (in bytes) of all standard attachments that a user can upload from a BlackBerry smartphone. The permitted range is 0 to 5 MB.
Password policy group
Forbidden Passwords IT policy rule This rule specifies the passwords that a user cannot use. You must separate multiple passwords with a comma.
Maximum Password History IT policy rule This rule specifies the maximum number of previous passwords that a BlackBerry smartphone checks new passwords against to prevent a user from reusing previous passwords.
Set Maximum Password Attempts IT policy rule This rule specifies the number of password tries that a user can make before a BlackBerry smartphone deletes all of the application data permanently. The permitted range is 3 to 10 tries.
Set Password Timeout IT policy rule This rule specifies the number of minutes of inactivity before the security timeout occurs and a user must type the password to unlock the BlackBerry smartphone.
Suppress Password Echo IT policy rule This rule specifies whether, after a given number of incorrect password attempts, the characters that a user types in the Password dialog box appear on the screen.
PIM Synchronization policy group
Disable SMS Messages Wireless Sync IT policy rule This rule specifies whether wireless data synchronization for SMS text messages is turned off.
Security policy group
Content Protection Strength IT policy rule This rule specifies the cryptography strength that a BlackBerry smartphone uses to encrypt content that it receives while it is locked. When you specify a value, the content protection feature is turned on.
Disable External Memory IT policy rule This rule specifies whether to prevent a user from accessing the media card on a supported BlackBerry smartphone.
Disable IP Modem IT policy rule This rule specifies whether the Internet Protocol (IP) modem on an applicable BlackBerry smartphone is available.
Disallow Third Party Application Downloads IT policy rule This rule specifies whether a user can install an application that the Research In Motion® signing authority system did not digitally sign on a BlackBerry smartphone.
Encryption on On-Board Device Memory Media Files IT policy rule If a user inserts a media card in the BlackBerry smartphone, this rule specifies whether the media files that are located on the media card are encrypted to the user password and the device-generated key.
External File System Encryption Level IT policy rule This rule specifies the level of encryption that a BlackBerry smartphone uses to encrypt files that it stores on a media card.
Force Lock When Holstered IT policy rule This rule specifies whether a BlackBerry smartphone locks when a user inserts it in the holster.
Required Password Pattern IT policy rule This rule specifies the permitted structure of a BlackBerry smartphone password. Passwords can contain Latin-1 characters only.
S/MIME Application policy group
S/MIME Allowed Content Ciphers IT policy rule This rule specifies the encryption algorithms that a BlackBerry smartphone can use to encrypt Secure Multipurpose Internet Mail Extensions (S/MIME) protected messages.
S/MIME Force Encrypted Messages IT policy rule This rule specifies whether a BlackBerry smartphone encrypts all messages that it sends using S/MIME encryption.
Wi-Fi policy group
Disable Wi-Fi IT policy rule This rule specifies whether a user can access a Wi-Fi® network from a Wi-Fi enabled BlackBerry smartphone.
Wireless Software Upgrades policy group
Disallow Patch Download Over WAN IT policy rule This rule specifies whether to prevent a BlackBerry smartphone from downloading updates for the BlackBerry® Device Software over a wide area network (WAN) connection.
Wired Software Updates policy group
Allow Web-Based Software Loading IT policy rule This rule specifies whether a user can update the BlackBerry Device Software using the web-based software loading feature.
Cryptographic Services Backup IT policy rule This rule specifies whether the BlackBerry smartphone can back up cryptographic services data when a user updates the BlackBerry Device Software.

[Quelle: KB21123]

Neue IT-Policy Einstellungen im BES 5.0 Service Pack 1

Durch das Erscheinen des Service Pack1 wurde des BES 5.0 nicht nur um die von mir schon erwähnten Details verbessert, es wurde auch die IT-Policy erweitert. In der folgenden Tabelle sind alle Policy-Stacks aufgeführt, die zusätzlich dazu gekommen sind:

Policy Group Regel ab Firmware
BlackBerry Messenger Disable Check for Updates 4.5
Disable Location Requests, Responses, and Proximity Alerts

4.5
Disable Server Based Contact List Synchronization

4.5
Disallow External Email Address for Server Registration

4.5
Disallow Setting a Subject on Conversations

4.5
Enforce Security Question in BlackBerry Messenger Invitation

4.5
Date and Time Automatic Time Zone Change Detection

5.0
Enable Time Zone Definitions Update

5.0
Periodic Time Synchronization 5.0
Time Zone Definitions Automatic Update Interval

5.0
Time Zone Definitions Update Server

5.0
Desktop Allow BlackBerry® Desktop Software Statistics
Allow External Device Software Servers

Allow Personal Folder Reconciliation

Generate Encrypted Backup Files

Instant Messaging Disable Automatic Login

4.5

Disable Broadcast Messages

4.5

Disable Emoticons

4.5

Disable Offline Messaging for Enterprise Messenger

4.5

Maximum File Transfer Size (Mb)

4.5
PIM Synchronization Disable BlackBerry Messenger Wireless Synchronization 5.0
PGP® Application PGP More All And Send Mode

5.0
RIM Value-Added Applications Allow Edits to BlackBerry Social Network Application
Proxy URL for Lotus® Quickr™
5.0
Allow TiVo® for BlackBerry Application

4.2
BlackBerry Social Network Application Proxy URL for
Lotus Connections
5.0
BlackBerry Social Network Application Proxy URL for Lotus Quickr 5.0
Enable the „Tell A Friend“ Feature in BlackBerry Client for Lotus Quickr

5.0
Security Disable BlackBerry App World™

4.2
Disable Certificate or Key Import From External Memory

5.0
Encryption on On-Board Device Memory Media Files

5.0
Force Notifications for Keys with Medium Security Level

5.0
Lock on Proximity Authenticator Disconnect

5.0
Login Disclaimer 5.0
Media Card Format on Device Wipe

5.0
Two Factor Content Protection Usage

5.0
S/MIME Application S/MIME More All And Send Mode

5.0
TLS Application TLS Disable Weak Digests 4.7.1
TLS Prevent Unmatched Domain Name 5.0
User Feedback Allow User Feedback 5.0
Wired Software Updates

Allow Web-Based Software Loading

5.0
Cryptographic Services Backup 5.0

BlackBerry Messenger mit Hilfe der IT-Policy deaktivieren

Seit dem Release des Service Pack 1 für den BlackBerry Enterprise Server 5.0 ist es nun möglich, die drahtlose Synchronisierung des BlackBerry Messenger, mit Hilfe der IT-Policy / Sicherheitsrichtlinie, zu deaktivieren. Für diese Maßnahme, sind folgende Schritte notwendig:

  1. BlackBerry Administration Service öffnen
  2. Linke Spalte: BlackBerry solution management
  3. Policy
  4. Manage IT policies
  5. Policy auswählen
  6. Edit IT policy
  7. PIM Synchronization
  8. Disable BlackBerry Messenger Wireless Synchronization auf True stellen

Hinweis: Weitere Neuerungen des SP1 für den BES 5.0

Übersicht der default IT-Policy

Tipp: Praktisch um nach einem Begriff zu suchen und zu wissen wo er sich befindet (Ich wünsche mir bis heute eine integrierte Suchfunktion in der IT-Policy von RIM).

Application Center policy group
Disable Application Center IT policy rule
Disable Carrier Directory IT policy rule

BlackBerry MDS Integration Service policy group
Disable Activation With Public BlackBerry MDS Integration Service IT policy rule
Disable MDS Runtime IT policy rule
Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule
Lowest BlackBerry MDS Integration Service Security Version Allowed IT policy rule
Verify BlackBerry MDS Integration Service Certificate IT policy rule

BlackBerry Messenger policy group
Disable BlackBerry Messenger IT policy rule
Disallow Forwarding Of Contacts IT policy rule
Messenger Audit Email Address IT policy rule
Messenger Audit Max Report Interval IT policy rule
Messenger Audit Report Interval IT policy rule
Messenger Audit UID IT policy rule

BlackBerry Smart Card Reader policy group
Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule
Force Erase All Keys on BlackBerry Disconnect Timeout IT policy rule
Force Erase Key on PC Standby IT policy rule
Maximum BlackBerry Disconnected Timeout IT policy rule
Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule
Maximum BlackBerry Long Term Timeout IT policy rule
Maximum Bluetooth Encryption Key Regeneration Period IT policy rule
Maximum Bluetooth Range IT policy rule
Maximum Connection Heartbeat Period IT policy rule
Maximum Number of BlackBerry Transactions IT policy rule
Maximum Number of PC Pairings IT policy rule
Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule
Maximum Number of PC Transactions IT policy rule
Maximum PC Disconnected Timeout IT policy rule
Maximum PC Long Term Timeout IT policy rule
Maximum Smart Card Not Present Timeout IT policy rule

BlackBerry Unite! policy group
Disable Download Manager IT policy rule
Disable Unite! Applications IT policy rule

Bluetooth policy group
Allow Outgoing Calls IT policy rule
Disable Address Book Transfer IT policy rule
Disable Advanced Audio Distribution Profile IT policy rule
Disable Audio/Video Remote Control Profile IT policy rule
Disable Bluetooth IT policy rule
Disable Desktop Connectivity IT policy rule
Disable Dial-Up Networking IT policy rule
Disable Discoverable Mode IT policy rule
Disable File Transfer IT policy rule
Disable Handsfree Profile IT policy rule
Disable Headset Profile IT policy rule
Disable Pairing IT policy rule
Disable Serial Port Profile IT policy rule
Disable SIM Access Profile IT policy rule
Disable Wireless Bypass IT policy rule
Force CHAP Authentication on Bluetooth Link IT Policy rule
Limit Discoverable Time IT policy rule
Minimum Encryption Key Length IT policy rule
Require Encryption IT policy rule
Require LED Connection Indicator IT policy rule
Require Password for Discoverable Mode IT policy rule
Require Password for Enabling Bluetooth Support IT policy rule

Browser policy group
Allow Application Download Services IT policy rule
Allow Hotspot Browser IT policy rule
Allow IBS Browser IT policy rule
Disable Auto Synchronization in Browser IT policy rule
Disable JavaScript in Browser IT policy rule
Download Images URL IT policy rule
Download Themes URL IT policy rule
Download Tunes URL IT policy rule
MDS Browser BSM Enabled IT policy rule
MDS Browser Domains IT policy rule
MDS Browser HTML Tables Enabled IT policy rule
MDS Browser JavaScript Enabled IT policy rule
MDS Browser Style Sheets Enabled IT policy rule
MDS Browser Title IT policy rule
MDS Browser Use Separate Icon IT policy rule

Camera policy group
Disable Photo Camera IT policy rule
Disable Video Camera IT policy rule

Certificate Synchronization policy group
Random Source URL IT policy rule
User Can Disable Automatic RNG Initialization IT policy rule

Common policy group
BlackBerry Server Version IT policy rule
Confirm On Send IT policy rule
Disable Kodiak PTT IT policy rule
Disable MMS IT policy rule
Disable Voice-Activated Dialing IT policy rule
Disable Voice Note Recording IT policy rule
IT Policy Notification IT policy rule
Lock Owner Info IT policy rule
Set Owner Info IT policy rule
Set Owner Name IT policy rule

Desktop Only items
Auto Backup Enabled IT policy rule
Auto Backup Exclude Messages IT policy rule
Auto Backup Exclude Sync IT policy rule
Auto Backup Frequency IT policy rule
Auto Backup Include All IT policy rule
Disable Wireless Calendar IT policy rule
Do Not Save Sent Messages IT policy rule
Force Load Count IT policy rule
Force Load Message IT policy rule
Forward Messages In Cradle IT policy rule
Message Conflict Mailbox Wins IT policy rule
Message Prompt IT policy rule
Show Application Loader IT policy rule
Show Web Link IT policy rule
Synchronize Messages Instead Of Importing IT policy rule
Web Link Label IT policy rule
Web Link URL IT policy rule

Desktop policy group
Desktop Allow Desktop Add-ins IT policy rule
Desktop Allow Device Switch IT policy rule
Desktop Password Cache Timeout IT policy rule
Disable Check For Updates Link IT policy rule
Disable Media Manager IT policy rule
Override Check For Updates URL IT policy rule

Device IOT Application policy group
Device Diagnostic App Disable IT policy rule
Set Diagnostic Report Email Address IT policy rule
Set Diagnostic Report PIN Address IT policy rule

Device Only Items
Allow BCC Recipients IT policy rule
Allow Peer-to-Peer Messages IT policy rule
Allow SMS IT policy rule
Default Browser Config UID IT policy rule
Enable Long-Term Timeout IT policy rule
Enable WAP Config IT policy rule
Home Page Address IT policy rule
Maximum Password Age IT policy rule
Home Page Address Is Read-Only IT policy rule
Maximum Security Timeout IT policy rule
Minimum Password Length IT policy rule
Password Pattern Checks IT policy rule
Password Required IT policy rule
User Can Change Timeout IT policy rule
User Can Disable Password IT policy rule

Documents To Go policy group
Disable Documents To Go IT policy rule
Hide Documents To Go Communication Menus IT policy rule
Hide Documents To Go Premium Feature Menus IT policy rule

Email Messaging policy group
Allow Auto Attachment Download IT policy rule
Attachment Viewing IT policy rule
Disable Form Submission IT policy rule
Disable Manual Download of External Images IT policy rule
Disable Notes Native Encryption Forward And Reply IT policy rule
Disable Rich Content Email IT policy rule
Enable Wireless Message Reconciliation IT policy rule
Inline Content Requests IT policy rule
Keep Message Duration IT policy rule
Keep Saved Message Duration IT policy rule
Maximum Native Attachment MFH attachment size IT policy rule
Maximum Native Attachment MFH total attachment size IT policy rule
Notes Native Encryption Password Timeout IT policy rule
Prepend Disclaimer IT policy rule
Maximum Native Attachment MTH attachment size

Enterprise Voice Client policy group
Disable DTMF Fallback IT policy rule
Disable Enterprise Voice Client IT policy rule
Lock Outgoing Line IT policy rules
Reject Non-Enterprise Voice Calls IT policy rule

Firewall policy group
Restrict Incoming Cellular Calls IT policy rule
Restrict Outgoing Cellular Calls IT policy rule

Global items
Allow Browser IT policy rule
Allow Phone IT policy rule
Auto Signature IT policy rule

Instant Messaging policy group
Disallow File Transfer Types IT policy rule
Disable Emailing Conversation IT policy rule
Disable Saving Conversation IT policy rule

Location Based Services policy group
Disable BlackBerry Maps IT policy rule
Enable Enterprise Location Tracking IT policy rule
Enterprise Location Tracking User Prompt Message IT policy rule
Enterprise Location Tracking Interval IT policy rule

Memory Cleaner policy group
Force Memory Clean When Holstered IT policy rule
Force Memory Clean When Idle IT policy rule
Memory Cleaner Maximum Idle Time IT policy rule

On-Device Help policy group
On-Device Help Links IT policy rule
On-Device Help Group Label IT policy rule

Password policy group
Duress Notification Address IT policy rule
Forbidden Passwords IT policy rule
Maximum Password History IT policy rule
Periodic Challenge Time IT policy rule
Set Maximum Password Attempts IT policy rule
Set Password Timeout IT policy rule
Suppress Password Echo IT policy rule

PIM Synchronization policy group
Disable Address Wireless Synchronization IT policy rule
Disable All Wireless Synchronization IT policy rule
Disable Calendar Wireless Synchronization IT policy rule
Disable Enterprise Activation Progress IT policy rule
Disable Memopad Wireless Sync IT policy rule
Disable Phone Call Log Wireless Synchronization IT policy rule
Disable PIN Messages Wireless Synchronization IT policy rule
Disable SMS Messages Wireless Sync IT policy rule
Disable Task Wireless Sync IT policy rule
Disable Wireless Bulk Loads IT policy rule

PGP Application policy group
PGP Allowed Content Ciphers IT policy rule
PGP Allowed Encrypted Attachment Mode
PGP Allowed Encryption Type IT policy rule
PGP Blind Copy Address IT policy rule
PGP Force Digital Signature IT policy rule
PGP Force Encrypted Messages IT policy rule
PGP Minimum Strong DH Key Length IT policy rule
PGP Minimum Strong DSA Key Length IT policy rule
PGP Minimum Strong RSA Key Length IT policy rule
PGP Universal Enrollment Method IT policy rule
PGP Universal Policy Cache Timeout IT policy rule
PGP Universal Server Address IT policy rule

RIM Value-Added Applications policy group
Disable BlackBerry Wallet IT policy rule
Disable Ecommerce Content Optimization Engine IT policy rule
Disable Lotus Connections IT policy rule
Lotus Connections Activities Server IT policy rule
Lotus Connections Blogs Server IT policy rule
Lotus Connections Communities Server IT policy rule
Lotus Connections Dogear Server IT policy rule
Lotus Connections Profiles Server IT policy rule

S/MIME Application policy group
Entrust Messaging Server (EMS) Email Address IT policy rule
S/MIME Allowed Content Ciphers IT policy rule
S/MIME Allowed Encrypted Attachment Mode IT policy rule
S/MIME Allowed Encryption Types IT policy rule
S/MIME Blind Copy Address IT policy rule
S/MIME Force Digital Signature IT policy rule
S/MIME Force Encrypted Messages IT policy rule
S/MIME Force Smartcard Use IT policy rule
S/MIME Minimum Strong DH Key Length IT policy rule
S/MIME Minimum Strong ECC Key Length IT policy rule
S/MIME Minimum Strong DSA Key Length IT policy rule
S/MIME Minimum Strong RSA Key Length IT policy rule

Secure Email policy group
Canonical Certificate Domain Name IT policy rule
Disable Certificate Address Checks IT policy rule

Security policy group
Allow External Connections IT policy rule
Allow Internal Connections IT policy rule
Allow Outgoing Call When Locked IT policy rule
Allow Resetting of Idle Timer IT policy rule
Allow Screen Shot Capture IT policy rule
Allow Smart Card Password Caching IT policy rule
Allow Split-Pipe Connections IT policy rule
Allow Third Party Apps to Use Persistent Store IT policy rule
Allow Third Party Apps to Use Serial Port IT policy rule
Certificate Status Maximum Expiry Time IT policy rule
Content Protection Strength IT policy rule
Desktop Backup IT policy rule
Disable DES Transport Crypto IT policy rule
Disable Cut/Copy/Paste IT policy rule
Disable External Memory IT policy rule
Disable Forwarding Between Services IT policy rule
Disable Geo-Tagging of Photos IT policy rule
Disable GPS IT policy rule
Disable Invalid Certificate Use IT policy rule
Disable IP Modem IT policy rule
Disable Key Store Backup IT policy rule
Disable Key Store Low Security IT policy rule
Disable Media Manager FTP Access
Disable Message Normal Send IT policy rule
Disable Peer-to-Peer Normal Send IT policy rule
Disable Persisted Plain Text IT policy rule
Disable Public Photo Sharing Applications IT policy rule
Disable Public Social Networking Applications IT policy rule
Disable Radio When Cradled IT policy rule
Disable Revoked Certificate Use IT policy rule
Disable Smart Password Entry IT policy rule
Disable Stale Certificate Status Checks IT policy rule
Disable Stale Status Use IT policy rule
Disable Untrusted Certificate Use IT policy rule
Disable Unverified Certificate Use IT policy rule
Disable Unverified CRLs IT policy rule
Disable USB Mass Storage IT policy rule
Disable Weak Certificate Use IT policy rule
Disallow Third Party Application Downloads IT policy rule
External File System Encryption Level IT policy rule
FIPS Level IT policy rule
Firewall Block Incoming Messages IT policy rule
Firewall Whitelist Addresses IT policy rule
Force Content Protection Of Master Keys IT policy rule
Force Include Address Book In Content Protection IT policy rule
Force LED Blinking When Microphone Is On IT policy rule
Force Lock When Holstered IT policy rule
Force Smart Card Two Factor Authentication IT policy rule
Force Smart Card Two Factor Challenge Response IT policy rule
Key Store Password Maximum Timeout IT policy rule
Lock on Smart Card Removal IT policy rule
Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule
Message Classification IT policy rule
Message Classification Title IT policy rule
Minimal Encryption Key Store Security Level IT policy rule
Minimal Signing Key Store Security Level IT policy rule
Password Required for Application Download IT policy rule
Required Password Pattern IT policy rule
Remote Wipe Reset to Factory Defaults IT policy rule
Require Secure APB Messages IT policy rule
Secure Wipe Delay After IT Policy Received IT policy rule
Secure Wipe Delay After Lock IT policy rule
Secure Wipe if Low Battery IT policy rule
Security Service Colors IT policy rule
Security Transcoder Cod File Hashes IT policy rule
Trusted Certificate Thumbprints IT policy rule
Weak Digest Algorithms IT policy rule

Service Exclusivity policy group
Allow Other Browser Services IT policy rule
Allow Other Calendar Services IT policy rule
Allow Other Message Services IT policy rule
Allow Public AIM Services IT policy rule
Allow Public Google Talk Services IT policy rule
Allow Public ICQ Services IT policy rule
Allow Public IM Services IT policy rule
Allow Public WLM Services IT policy rule
Allow Public Yahoo! Messenger Services IT policy rule

SIM Application Toolkit policy group
Disable Network Location Query IT policy rule
Disable SIM Call Control IT policy rule
Disable SIM Originated Calls IT policy rule

Smart Dialing policy group
Enable Smart Dialing Policy IT policy rule
Set Local Area Code IT policy rule
Set Local Country Code IT policy rule
Set National Number Length IT policy rule
Smart Dialing Allow Device Changes IT policy rule

TCP policy group
TCP APN IT policy rule
TCP Password IT policy rule
TCP Username IT policy rule

TLS policy group
TLS Device Side Only IT policy rule
TLS Disable Invalid Connection IT policy rule
TLS Disable Untrusted Connection IT policy rule
TLS Disable Weak Ciphers IT policy rule
TLS Minimum Strong DH Key Length IT policy rule
TLS Minimum Strong DSA Key Length IT policy rule
TLS Minimum Strong ECC Key Length IT policy rule
TLS Minimum Strong RSA Key Length IT policy rule
TLS Restrict FIPS Ciphers IT policy rule

Wireless Software Upgrades policy group
Allow Non Enterprise Upgrade IT policy rule
Disallow Device User Requested Rollback IT policy rule
Disallow Device User Requested Upgrade
Disallow Patch Download Over International Roaming WAN IT policy rule
Disallow Patch Download Over Roaming WAN IT policy rule
Disallow Patch Download Over WAN IT policy rule
Disallow Patch Download Over WiFi IT policy rule

WTLS policy group
WTLS Disable Invalid Connection IT policy rule
WTLS Disable Untrusted Connection IT policy rule
WTLS Disable Weak Ciphers IT policy rule
WTLS Minimum Strong DH Key Length IT policy rule
WTLS Minimum Strong ECC Key Length IT policy rule
WTLS Minimum Strong RSA Key Length IT policy rule
WTLS Restrict FIPS Ciphers IT policy rule

[Policy Reference Guide / BlackBerry Enterprise Server Policy Reference Guide / Version 33]
Version: 4.1 | Service Pack: 6]

SMS und PIN Logging aktivieren

  1. BlackBerry Manager öffnen
  2. Im Menü „Domain“ auswählen
  3. „Global“-Tab anklicken
  4. Im rechten Abschnitt „Edit properties“ auswählen
  5. Links IT-Policy anklicken
  6. Eine Poliy auswählen und auf „Properties“ klicken
  7. Im Policy-Fenster „PIM Sync Policy Group“
  8. „Disable PIN Messages Wireless Sync“ auf  „False“ setzen
  9. „Disable SMS Messages Wireless Sync“ auf „False“ setzen
  10. Alle Änderungen bestätigen und Fenster schließen
  11. Entweder abwarten bis die IT-Policy automatisch gepushed wird, oder manuel ansteuern

IT-Policy am BlackBerry entfernen

  1. Desktop Manager installieren
  2. Policy.bin runterladen
  3. Unter „<driveletter>\Research In Motion\BlackBerry\“ speichern
  4. regedit starten
  5. HKEY_Current_Users\Software\Research In Motion\BlackBerry\PolicyManager
  6. Rechte Maustaste auf den Ordner „PolicyManager“, Neu > Zeichenfolge
  7. Diesen „Path“ nennen
  8. Wert „<driveletter\Research In Motion\BlackBerry\policy.bin“ eingeben
  9. BlackBerry anschließen und DesktopManager starten
  10. Fertig

Anmerkungen:

  • <driveletter> sollte durch den jeweiligen Laufwerksbuchstaben ersetzt werden
  • Dieses Verfahren ist dafür gedacht, um bei gebraucht gekauften Geräten die IT-Policy zu entfernen und nicht um den Admin zu umgehen.
  • Alles auf eigene Gefahr

IT-Policy des BlackBerry Enterprise Server exportieren und importieren

Für den Fall einer Migration auf einen neuen BES, hat RIM eine Kurzanleitung zur Verfügung gestellt, um die Lizenzen aus der Datenbank zu exportieren und wieder in eine andere Datenbank einzupflegen. Die Handhabung ist sehr einfach und geschieht wie folgt über die Eingabeaufforderung:

IT Policy exportieren
bcp besmgmt..itpolicy2 out c:\itpolicy2.txt -c -T -S SQLServername\SQLInstance
bcp besmgmt..itpolicytemplate2 out c:\itpolicytemplate2.txt -c -T -S SQLServername\SQLInstance

IT Policy importieren
bcp besmgmt..itpolicy2 in c:\itpolicy2.txt -c -T -S SQLServername\SQLInstance
bcp besmgmt..itpolicytemplate2 in c:\itpolicytemplate2.txt -c -T -S SQLServername\SQLInstance

Anmerkung
Diese Befehle müssen auf dem Server ausgeführt werden, auf dem sich die SQL-Datenbank bzw. die Instanz befindet.