[kick-rim]

hope this is right place. When I first recieved my 7520 the security password was not enabled now it is After some reading I gather my company turned it on with the email activation. If I go to security the disable button isnt even availible. My question is there a way to go in and override this setting somehow. having to enter a password in everytime this thing sits is very annoying.

[NJBlackBerry]

Nope. It is part of an "IT Policy" sent down by your company. No way for you to deactivate it.

[PhilMax]

Simple answer......no.

[kick-rim]

Not really the answer I was hoping for. So on to phase 2, I read where the security policy can b changed to allow phone calls. So if I try to get our company to change this. Will I be correct if I ask them to make this change EVERYthing else will still be locked down and all of the phone features will be availible not just an emergency call that comes up now.
Thats All I really want. They took our phones ang gave us BB and while I am use to a dell pda I am trying to learn and use the features BB has. The phone is still my main use and so far its not near as user friendly as I would like.

[Dawg]

it will become that way trust me I hated mine when i first got it after reading here for a few days and learning i love it

[PhilMax]

Quote:

Originally Posted by kick-rim

Will I be correct if I ask them to make this change EVERYthing else will still be locked down and all of the phone features will be availible not just an emergency call that comes up now.

The phone being 'locked' except for an emergency call is the default. It is possible to change the rule and it is specific to what you are asking. Trying to get our people to do the same thing.

[jibi]

The phone being 'locked' except for emergency calls is NOT a default policy. If they set this policy as such, to disable the phone, then it will do so. If they took away your phones and gave you the BlackBerry as a replacement, I'm not sure how they gave you a viable option for a phone?

As for the password policy, its simple network security, which is most likely part of your company's IT policies. I would read up on their security policies. Basically, as long as you are on the BES, there's no way you can circumvent the company's IT Policy in place on said BES. Even if you got the policy wiped using some default policy.bin, your company's IT Policy would be sent right back down to the handheld in a short period.

Just keep in mind that security policies are in place for a reason. If a rogue user of services within a company decides they do not like the policies and goes against the policies set, then you can pretty much put your ENTIRE company at risk. If your company is publically traded, then you bet your ass that you can put them in just a bit more trouble than a little (security audits are a *****). Part of your employment most likely covers the fact that you would abide by rules set by the company. Learn to live with that or simply leave for a new job (although that would be a bit much for this situation, in my opinion).

[PhilMax]

jibi, I think you misunderstood. What I was saying is that when the BB is locked due to the password function being enabled, either voluntarily or because the IT policy has set it, the default is to only let the user access the phone for an "emergency call". When the unit itself has been unlocked via the password, the full functionality of the phone is there. That is the rule's default. We have made no changes to the IT policy and that is the way all of our BBs work.

The rule can be changed to allow full functionality of the phone at all times, even when the unit itself has been locked down. I don't have the policy rules list with me at home to quote it, unfortunatley, but it is a discussion that our BB committee has specifically had - are we that concerned that if the unit is lost or stolen it can be used as a phone even while it is password protected, creating this inconvenience for our users who have to inout their password just to make a call, or is our major concern really one of data protection? I think we could endure an unauthorized person using the phone until we are told it is lost and we can diasable it remotely and will probably change the rule.

As for the rest of what you said about the need for security, I totally agree!!! I've seen first hand what failure to follow rules can do and the cost to the company was measured in $100's of million of dollars.

[kick-rim]

thanks phil, I think the way you stated it, I will give it a try and see what they say.
Jibi, easy there big boy, First I think you misundersood how the security is applied it was changed to have the bb lock after so much time with no use the max setting is an hour, second I work every day in IT and understand security, but there is a big difference between security and what we refer to as CF (Control Freak). As phil stated having an open phone isnt much of a securty risk but If I lost my bb and someone found it with no securty they could read my e-mails that i have left on the bb a slight security risk, they could surf a few internal websites nothing of high security because those require a second logon, I understand passwording that. On my laptop it has a 15 min window before it locks. Also My company gave us this as a tool to help us with our job and the phone function is my main tool.
All said and done Philmax has given me a solution that will hopefully make both partys happy.

[jdh]

Quote:

Originally Posted by PhilMax

That is the rule's default. We have made no changes to the IT policy and that is the way all of our BBs work.

The rule can be changed to allow full functionality of the phone at all times, even when the unit itself has been locked down.

Actually, as jibi points out, the default IT policy on a BES does not lock down this function (in fact, the default IT policy on a BES doesn't do anything until it's configured).

It is, however, set by default on the Blackberry itself, but unless I.T. has specifically set it in the BES IT policy, the user can turn the option off if they so desire.

In fact, even if you were to push it out in an IT policy (ie, to explicitly allow it), each individual user still has to set the feature on their individual device (under Options->Security).

[PhilMax]

jdh, are you referring to the use of a password? Then you are correct. However, there is a rule in 4.0 in the IT Policy, "Allow Outgoing Call When Locked", the description for which is "Specifies whether users can place calls when the handheld is security locked". The default setting is "False", meaning users can NOT place calls when the handheld is security locked. That has to be changed to "True" in the IT Policy to allow users to make calls while the phone is security locked pending unlocking by password.

The "Allow Phone" rule which specifies if users can use the phone capabilities defaults to True.

"Password Required" defaults to False.

"Maximum Security Timeout" defaults to blank as does "Minimum Password Length".

If no password is required by policy, then the user can choose to use a password or not on the handheld itself. However, if they choose to use a password they still cannot override the Allow Phone Rule if that is left at default.

The information is directly from the BES Administration Manual.

[jdh]

I actually was referring to the "Allow Outgoing Call When Locked" setting in the IT Policy... but I just tested it and it would appear that you're correct. While the policy is blank, the default option if not present is a setting of "False"

I could have sworn that in a previous version of BES this wasn't the case, but I may just be confused...

Thanks for clearing that up.

[PhilMax]

Not being an admin, but only on our BB committee that will decide the ultimate IT Policy (I'm CISO in our organization), I don't know how the policy looks on the server but only the way the Rules are listed in the manual. So, where it defaults to a true or false value in the list it is actually "blank" on the server with the value being what the manual indicates?

[jdh]

Yes, that's correct. On a new BES installation, you have one policy, named "Default" in which all of the policy values are blank. Any unspecified policies will default to what is listed in the manual (also shown in the policy description on the BES configuration screen).

Most of the default policies are permissive, rather than restrictive, however, which is why that particular default for allowing outgoing calls when locked is kind of odd.

[jibi]

IT Policy options are always blank by default, if not selected. Once you enable them, you set the value of the option. If the policy is not enabled, it will take a 'False' (although Blank) option because the policy is to enable an ability that is not included with the handheld's abilities by default. see screenshots (i had to shrink them in order to upload here, so i apologize about the tiny and blurred lettering).

[jdh]

Incidentally, the policies do look a little bit different on the BES 4.0 for GroupWise... Rather than being a traditional "check-box", they are drop-down menus with options contained in them.... In this case, the option for allowing outgoing calls would need to be set to "True" or "False" as opposed to simply a checkbox. In this case it is less inherently clear what the default behaviour is unless you read the fine print.

See below for an example...

[jibi]

i like that a hell of a lot better than the option we're given... *sigh*

[ocman]

The Policies are very nice in 4.0 For Domino and work flawlessly on the server I manage.

We require 8 char passwords, 1 hour lock time, and data encryption as well as have all bluetooth disabled for now.

[PhilMax]

Quote:

Originally Posted by ocman

The Policies are very nice in 4.0 For Domino and work flawlessly on the server I manage.

We require 8 char passwords, 1 hour lock time, and data encryption as well as have all bluetooth disabled for now.

Why disable bluetooth? The only thing it can be used for on the BBs that I am aware of is the headsets. The P/W policy looks very reasonable.

[jibi]

Quote:

Originally Posted by PhilMax

Why disable bluetooth? The only thing it can be used for on the BBs that I am aware of is the headsets. The P/W policy looks very reasonable.

for one thing, i would imagine that its less support calls.