What is your normal employee termination process?
 

What process should I take with my BB owners that are getting termed?

If I disable there AD account will they still be able to send an email from there BB? Is it possible to lock the BB so they cant use it at all....email and phone?

Also, is there a way to temporarily disable the blackberry then re-enable it remotely?

For example... I have an employee in another state that may be getting fired but I want to disable the BB until we can investigate it a little more.

Under BES 4.0 and above there is a Set Password & Lock Handheld option as well as a Erase Data and Disable Handheld option. Either one lets you send remote commands to a specified user's device. You'll just want to make sure that the command is accepted by the device before removing their account from the BES

If content protection is on the device and the device is locked, it will reject the Lock handheld commands.

Yes, I am running a BES (4.1). I have tried the "set password and lock handheld" and it is what I am looking for. I was just curious how people handle these things.

Is there a way to only disable email?

Yes, you can disable redirection. You can disable redirection from the bes. Select the user on the BES and select Disable redirection from the tasks under common. You could also just remove the user from the BES server.

That will successfully shut them down from BES, but I believe BIS e-mail will continue to work, right?

nothing can stop the BIS ... except the evil forces of IT Policy

:) ... oh that and RIM / Carrier outages.

Yeah IT policies are a very good way to lock the device down so it is almost unbearable to use. Of course if the user knew how he could remove the IT policy, but doing so would prevent him from getting his mail regardless.

I was thinking about pushing out an IT policy but havent got around to it just yet. BES hasnt been up long.

What are some of the setting you use in the IT Policy for this?
Does anyone have a sample Policy or one I can go by on setting mine up?

There are all kinds of settings and restrictions. You can restrict the camera, the phone, text messaging. You can force the device to have a password, you could make the password as many characters as you would like (20 characters in length if you would like). You can force the device to lock after 1 minute wether it is in use or idle. Like I said, you could make it very unbearable to use.

We normally change the key code for the front door and then stop paying them!!!!

Joking aside, it depends on the situation. If you have someone who doesn't know yet and you need to buy some time then I'd disable redirection and when they notice just blame it on an issue with their BES user which you need to look in to - just techno babble them with crap to buy you time!

What does disable redirection do exactly? just doesnt direct email to their BB?

If I set password and lock, then remove them from the BES will the handheld still stay locked?

as long as you've confirmed that the password has been received on the device; yes.

personally I find that an AK47 works well ;-)

Agreed - it's amazing how often you can find out whats going on in an org by sniffing around AD. When I was doing a non-IT admin job with a previous company they had called an 'all hands' meeting for 10:30 and come about 10:10 I noticed that a bunch of names were missing from the AD...hmm I thought... come 10:15 it transpired that 'most' people were going to the 4th floor and a select few had their 'all hands' meeting on the 5th floor. Upshot was as you might imagine come 10:30 the company had gone into administration (Chap 11) and those on the 4th floor were summarily ditched and those on the 5th floor were 'alright jack'...

Fun and games!

Awewwww... that was dirty

yes, stopping redirection stops the BES from relaying the PIM info to and from the BB.

And with the set password and lock handheld, the user can put their password in wrong 10 times and wipe the device - so you may have to reactivate it in the end. Or if he does get fired, no worries!

Which group were you in!!

Our termination process is:

Add user to "Deny Access Group" on Notes.
Erase and Disable Handheld.
Ring Carrier and ask them to put a bar on all calls and data.
Try and recover Handset.

'alright jack' - i.e. still with a job, but I left anyway 2 days later to take a contract role - and 5 years on I'm still there but it's got a different name and it's a permanent job..

Lock and Disable Handheld
Redirect all e-mail to Supervisor 24hr's before Termination
Remove AD Permissions
5 minutes before they get the call to HR, Disable AD account
Put phone on DND so when they get permission error's, they can't call me.