[Soapm]

I agree, the policy should be removed with a security wipe since all data and BES info is removed. I also think no policy or blank policy should mean all services are enabled. Why do we have to create a policy to enable a feature when no policy should give you a fully working device?

[CanuckBB]

Quote:

Originally Posted by Soapm

I agree, the policy should be removed with a security wipe since all data and BES info is removed. I also think no policy or blank policy should mean all services are enabled. Why do we have to create a policy to enable a feature when no policy should give you a fully working device?

No. a security wipe should not remove policies. Omly the removal from the BES should do that. And only if I can notify RIM that a particular PIN belongs to a stolen device. an end user should not have that ability.

[jonberry]

Quote:

Originally Posted by KonTiki

I have a simple solution that Rim might want to look at: If the concern is the wrong person removing the police and circumventing restrictions, I will tell RIM add one more restriction. If someone removes the IT policy then that device will nto work on the BES any longer unless it was brought back to the IT administrator. This would allow for the policy removal and at the same time wiping the BB ala Kill command so it be useless to anyone wanting to break security, yet allowing a legitimate user the benefit of the full device.

That sounds very reasonable to me; I hope someone from RIM is reading this.

Also, I would think that if someone were to report their BlackBerry as stolen, RIM or the carrier could use the PIN or IMEI number to deactivate the device on either the BIS or BES.

[Soapm]

Quote:

Originally Posted by CanuckBB

No. a security wipe should not remove policies. Omly the removal from the BES should do that..

A security wipe does remove the handset from the BES. It also removes all data. Why leave the policy behind?

Quote:

Originally Posted by CanuckBB

And only if I can notify RIM that a particular PIN belongs to a stolen device. an end user should not have that ability.

What if the device isn't stolen? Besides, end users do have the ability, haven't you been reading this thread?

[CanuckBB]

Quote:

Originally Posted by Soapm

What if the device isn't stolen? Besides, end users do have the ability, haven't you been reading this thread?

That's the point. An end user should NOT have that ability. Only admin tools should be able to do so, and it should be automatic upon removal from the BES, so that admins don't forget. I don't want my users removing policies.

[bigdongers]

Quote:

Originally Posted by Soapm

A security wipe does remove the handset from the BES. It also removes all data. Why leave the policy behind?

I agree with this. A security wipe should erase everything including the policy. This will not compromise security for a BES admin... BES admins please let me know how this is a problem.

If the device gets reconnected to a BES, the policy will get reapplied. I agree the BES user should not be able to remove Policys but if the device is not connected to a BES then why should there be a policy on it?

[ebgreen]

Quote:

Originally Posted by bigdongers

I agree the BES user should not be able to remove Policys but if the device is not connected to a BES then why should there be a policy on it?

To deter theft of corporate devices.

[CanuckBB]

Because if one of my devices is stolen or lost, I don't want to make it easy for the thief to use or resell it.

A policy can only be applied from a BES, it should only be removable from the BES. I do think that a blank policy should be sent to the device when it is deleted from the BES. That way, we admins would have one last thing to worry about.

[bigdongers]

Not sure if you can in the US but here in Australia, if your phone is lost or stolen, you can ring up the carrier and get the IMEI black listed. This prevents it from being used on any network. This is much more effective than any IT policy really.

My company's IT policy is an enforced password. If someone stole my device, they can still use it and just choose a new password after they wipe my device. Not really a big deterrent.

[ebgreen]

I don't know if there is a system like that here in the states or not. Regardless, if we get a report of a stolen device, I know that we send a nuke command then apply a policy that is so restictive as to make the device essentially useless.

[bigdongers]

Just out of interest, can you change an IT policy after the unit is wiped? Or would you have to apply the policy prior to wiping?

Is there any policy that prevents the user logging in at all? That would be useful...

[ebgreen]

I do not manage the BES policies myself, but if I remember I will ask next time I talk to the admin nerds.

[jibi]

Stolen equipment amounts to tax write-offs at the end of the year for American corporations (not sure about other countries' taxing policies), so if that is the only reason anyone can think of as to why to keep policy on the handheld after a security wipe, then I'd have to agree with the consumer, non-admins on this particular thread (Soapm, etc).

Sure, its always nice to be able to stick it to the thieves, but a line has to be drawn somewhere.

Any other concerns as to why policy MUST remain on the handheld if its no longer on the BES, short of having a leg-up on would-be thieves?

[TYSON]

Does this policy.bin work with MAC Computers? Thank you.

[7100simpleisbetter]

I have found a great solution for those of us that are no longer on a
BES but have policies, especially those policies that block out some of
the Bluetooth functionality that no one seems to be able to remove with
a policy.bin file. I signed up for the exchangemymail.com service and
everyting is now functional including Bluetooth synch.

I AM SYNCHING RIGHT NOW WITH MY BLUETOOTH ENABLED BLACKBERRY 7100t USING THE HK4.1 CSL WITH DESKTOP MANAGER 4.1.

1. Quick, quick, quick setup of account and BES access
2. Easy to configure and connect to BES, even wirelessy without any
desktop configuration to activate

The customer service is great as noted in other posts and I am very
pleased with the service.

The cost is pretty reasonable for gaining full control of your
blackberry and I highly recommend this rather than scurrying about to find
a better/cheaper solution!!!

7100sib

You can find more information on exchangemymail.com in the sponsor thread below. Yes, they are also a sponsor of this forum!!

http://www.blackberryforums.com/showthread.php?t=17095

[ebgreen]

Quote:

Stolen equipment amounts to tax write-offs at the end of the year for American corporations (not sure about other countries' taxing policies), so if that is the only reason anyone can think of as to why to keep policy on the handheld after a security wipe, then I'd have to agree with the consumer, non-admins on this particular thread (Soapm, etc).

[sarcasm]Well...in that case, don't bother locking the doors of any department store. As a matter of fact, why have doors at all? It's all just a tax write off right?[/sarcasm]

[booya2007]

I am pretty new to the forum but have found it very useful and have used many of the threads to customize my phone. That being said I am willing to be the tester if someone kind enough with the right BES version (I think I have read BES 4.1 or 4.0 SP3) would create a policy.bin with the bluetooth settings as noted in this and other threads. I appreciated the idea to use the hosted BES but am not sure I want to pay for the service just to use Bluetooth. Maybe someone can start a BES service to just push policies for a low cost fee.

If you are willing to create the policy.bin with the latest BES feel free to email the policy.bin directly to me at and I will begin testing right away.

[Jayachandra]

Guys!
Some simple work around for the frustrated EBay customers sprout in my mind. Can someone confirm if this would really work.

Lets say on EBay, I was sold a locked BB which doesn't allow me to make a call (or any other very basic operation). Now if I download a BES trial (I'm assuming that it would be free) and register my BB into it and then via this BES if I reset this device's policy to 'Default' policy won't the BB be unlocked? I strongly believe it would.

regards
Jayachandra

[Soapm]

Why do all that, just read post #5 of this thread...

[Jayachandra]

Quote:

Originally Posted by Soapm

Why do all that, just read post #5 of this thread...

Yes buddy,
Daniel sure has a good solution. That's why I said an "Alternative" way of unlocking . With all due commendation to Daniel's work, I'd like to say...
(i)The reason behind my work around was that the process involved in Daniel's solution was too cryptic (real geeky hack type). And this one is a little more transparent one.
(ii)The .bin file is binary file and hence user never knows what all settings will be open/close once the hack is done. Whereas via the BES trial version u could see what options you are keeping on/off on your BB.

regards
Jayachandra