One of offices is currently running BES 4.1.5, with Exchange 2003 SP2 as the ... Server Admins forum
Password enforcement on BES devices
One of offices is currently running BES 4.1.5, with Exchange 2003 SP2 as the messaging platform. Devices are 4.2 OS, and we have a variety of models.
It is now a requirement that all Blackberry handhelds need a password before the emails on them can be accessed. Does anyone know how I can do this?
You need to create (try not to use the default one) and apply an IT policy that requires any devices using that policy to use a password.
Pretty simple - in the BB Manager, click on 'BlackBerry Domain', then in the right-hand pane, click 'Edit properties'. When 'Edit global properties' comes up, click on 'IT Policy' in the left-hand pane. In the right hand pane, click the '...' button next to 'IT Policies'. There you should be able to copy the default policy, create a new one, and then apply your users to it later (back one screen).
When the policy applies to each device, they will be prompted to change their password if they don't have one set already (and if it doesn't fall within the requirements that you set in the policy).
Just a word of warning...I don't know how many users you have, but I would give them a notice before you do it - users are a bit picky about stuff like enforced passwords.
Here's some information I included in my email to my users when I enforced this a few years ago:
A person who has posession of your BlackBerry can:
Good luck - and let us know how it goes.
- View, delete, and reply to corporate email AS YOU.
- View, create, delete, change your Calendar, Contacts, Memos, and Tasks in your corporate mailbox.
- Above changes/deletes, etc. synchronize DIRECTLY with your mailbox.
- Access corporate Intranet and all resources immediately available to the BlackBerry browser.
- Access any data, personal or otherwise, that may be stored on your BlackBerry
Thanks very much for the comprehensive answer!
Is there a way to integrate the BB passwords/policy with a directory service like Active Directory or Novell eDirectory? If no, does any know if such a feature planned?
What exactly do you mean? Do you mean when you apply a GPO to an AD user who has a BlackBerry then a particular IT policy is applied?
Originally Posted by theancient
That would be one way. The other I was thinking of was using Internet Authentication Services and setting up the BES as a client for authentication purposes.
Originally Posted by qc_metal
By enabling the password policy on your BB device, what level of encryption is used to encrypt the data on the device when locked? We currently enforce an IT policy which requires passwords. I've been asked what level of encryption is on the device when the device is locked/password protected and how safe is the device content? How does this differ from enabling Content Protection?
Tags for this Thread