BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/index.php)
-   RIM Software (http://www.blackberryforums.com/forumdisplay.php?f=13)
-   -   Remove IT Policy (http://www.blackberryforums.com/showthread.php?t=67224)

John Clark 03-01-2007 01:42 AM

Remove IT Policy
 
Important: If you're still connected to a company BES, and simply want to install the latest and greatest third party application I would not recommend this approach. Talk to your BES administrators and ask them to grant you the appropriate rights. There are two problems in using this guide to bypass your company's security policy. First, whenever you reconnect to the company server, your security settings will revert back to how they were. Second, and perhaps more importantly, you run the risk of getting fired. Use of this procedure will sever the tie between your BlackBerry and your company BES and you will need to reactivate in order to reestablish the connection.

Method 1: IT Policy Removal For Devices with OS 4.5 and higher (Preferred)

The preferred method for removing IT policy is to update your device to OS 4.5 or higher (if possible) and use JL_Cmder's "resettofactory" command or the resettofactory command that is included in Loader.exe that installs with Desktop Manager (or any BB OS) to remove ALL IT policy, Firewall restrictions and Application Permission settings. After you've upgraded to OS 4.5 or higher, simply backup the device using Desktop Manager, close Desktop Manager, then run JL_Cmder and execute the "resettofactory" command or if you don't have JL_Cmder, just do the following:

1. Go to Start >Run and type CMD (you can also find the command prompt in Programs >Accessories.)

A command box will open.

2. Type the following exactly including spaces: cd c:\program files\common files\research in motion\apploader

You should now see that path followed by the cursor.

3. Now type: loader.exe/resettofactory


After using JL_Cmder or the cmd prompt method above, the device will do a security wipe of the device; (meaning wipe your data but leave the OS, DO NOT use the "Wipe" command in JL_Cmder) then reboot leaving the OS, 3rd party apps but no data AND, best of all, NO IT policy whatsoever. When you're done, simply restore your backup and you're good to go with no policy or locked firewall. (y) You can downgrade back to the old OS if you desire, too.




If your 7xxx or 8xxx device is running OS 4.2 or lower (look in Options >About) and you can't upgrade it to OS 4.5 or higher you will NOT be able to use method 1 above and you will need to use method #2 below:




================================================== ================================================== ================================================

Edit 04/16/2010: Since the procedure below is no longer needed on most of the current devices in use, the procedure below is no longer necessary in most cases and therefore the blank policy used is no longer available for download. I will leave the instructions posted so that they can be used to remove the policy.bin file from a PC if it gets left there inadvertently. Please refer to Method 1 above to remove the IT Policy from your device. If your device is running OS 4.2 you will need to update it to 4.5 before removing the policy using the method above.

Method 2: Placing Blank IT Policy on the Device(OS 4.2 and earlier devices ONLY)
Quote:

WARNING!
Follow these instructions only if you know what you are doing.
These instructions can actually downgrade certain BlackBerry's abilities (i.e. permanent loss of support for Bluetooth keyboards) if your BlackBerry actually does not already have an IT policy installed. These instructions are meant as a last resort to regain BlackBerry capabilities, in the event your BlackBerry is encumbered by a restrictive leftover IT policy after removal from a BES and you are unable to upgrade to OS 4.5 or higher and use Method 1 above. (i.e. eBay purchased older BlackBerry)
Removing IT Policy.


This procedure should ONLY be used on devices that cannot be upgraded to OS 4.5 or higher. If you have a device that can be upgraded to OS 4.5 or higher DO NOT USE THIS PROCEDURE. Use Method 1 described above. If you have an older device that cannot be upgraded to OS 4.5 then continue with the following instructions. This is a How-To for removing IT policy from your BB. In essence, what this does is apply a blank IT policy to the device. The blank IT policy does, unfortunatly, leave some IT policy firewalls in place, however. For instance "keystroke injection" is set by default to "deny" on most IT policies. This blank policy won't give back "allow" for this feature. This becomes a problem if you desire to use a Bluetooth keyboard. You'll be unable to use the keyboard. If a way is found to get this back then I'll edit this post accordingly. A quick check to see if your BB is under IT policy can be done by going to Options/Security on your Device. If you see any references to IT Policy whatsoever, then you have a potentially restrictive IT Policy that can be removed. The Disclaimer/Intended Use. This guide is intended for use by people that own their own Blackberry, and for whatever reason, have inherited a company's IT policy on their device. Really, there are two scenarios where this guide is useful.
  • You bought a Blackberry on eBay and are unable to make changes to the settings or install Third Party Applications.
  • You have a Blackberry that was previously connected to a company's BES and, for whatever reason, you no longer intend to connect to that BES.
Important: If you're still connected to a company BES, and simply want to install the latest and greatest third party application I would not recommend this approach. Talk to your BES administrators and ask them to grant you the appropriate rights. There are two problems in using this guide to bypass your company's security policy. First, whenever you reconnect to the company server, your security settings will revert back to how they were. Second, and perhaps more importantly, you run the risk of getting fired.
Procedure: Step 1 Ensure the Blackberry Desktop Manager is installed using Blackberry Internet Service, and not Blackberry Enterprise Server. If you are unsure, it would probably be a good idea to uninstall the Desktop Manager and start again. If you don't have the CD that came with your Blackberry, the Software can be downloaded here.

Step 2 Download the file Policy.bin (this file has been removed...see note in red above) and save it in your Blackberry installation directory (C:\Program Files\Research In Motion\BlackBerry).

Step 3 Wipe your Blackberry, creating a backup if necessary. Select Options/Security/Wipe on the Device. If this option is unavailable, you may have to install the latest software on your Blackberry. You need to Download and install the latest OS for your device. Connect your device, open the Desktop Manager, select Application Loader, and follow the prompts.

Step 4 Close the Desktop Manager if it is open.

Step 5 From the Windows XP Start Menu select Run..., and at the prompt type regedit. In the tree on the left hand side, navigate to:

HKEY_Current_Users\Software\Research In Motion\BlackBerry\PolicyManager

Right-Click the Policy Manager Folder and select New/String Value. Name the value Path. Now, Double-Click the Path Subkey and set Value Data to:

C:\Program Files\Research In Motion\BlackBerry\policy.bin

Step 6 Open the Desktop Manager.

Step 7Connect the Device. Verification Once complete, the Options/Security screen on your Blackberry should not contain references to an IT Policy, you should now be able to change all settings (including password prompts), and install Third Party Applications.

A big thanks to 7100simpleisbetter and barjohn of BlackberryForums.com for this BB saving procedure.

I personally wrote this policy so that there would be no question as to what it does to your device. Here is the code included in the Policy.bin above: (If you have comments or questions or you see something that should be changed, please contact me in this thread or via PM.)


IMPORTANT Note: After following the instructions in method 2, any BB connected to your Desktop Manager will have this policy applie to it. For that reason it is highly recommended that after finishing placing this blank policy to the restricted BlackBerry I recommend removing the policy.bin and the registry entry you added from your computer. Basically go back and reverse these instructions. If you don't then you risk plugging in a new BB or someone else's BB with NO policy and adding this blank policy to it as well.

Code:

;
;***************************************************************************
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Desktop Manager Configuration
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; If application is shown on task bar.
HideWhenMinimized {default} = true
 
; Prompt the user when the Desktop Manager starts.
MessagePrompt {default} = Welcome to the Desktop Manager.
 
; To enable or disable the USB-Serial converter
EnableUSBconverter {default} = true
 
; Control whether the Application Loader is available to the user.
ShowApplicationLoader {default} = true
 
; Control whether if offline IT Policy warning prompt should be displayed.
ShowPolicyErrMsg {default} = true
 
; Control the length of time the device password is cached by Desktop Manager. (Minutes)
DesktopPasswordTimeout {policy} = 10
 
; This setting controls whether or not Desktop add-ins are permitted.
; When set to false, no desktop add-in code will be executed.
AllowDesktopAddIns {policy} = true
 
; Indicates whether or not the desktop software will allow the user to switch devices.
AllowDeviceSwitch {policy} = true
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Synchronization
;; Synchronize for PIM,Email and Folder Management defaults.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 
; This setting allows you to specify whether or not you would like PIM
; information to be synchronized when the user selects the Synchronize Now
; button from the Intellisync dialog.
SynchronizeNowPIM = true
 
; This setting allows you to specify whether or not you would like Email
; information to be synchronized when the user selects the Synchronize Now
; button from the Intellisync dialog.
SynchronizeNowEmail = true
 
; This setting allows you to specify whether or not you would like the date and
; time to be synchronized when the user selects the Synchronize Now button from
; the Intellisync dialog.
SynchronizeNowDateTime = true
 
; This setting allows you to specify whether or not you would like PIM
; information to be  to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizePIM = false
 
; This setting allows you to specify whether or not you would like Email
; information to be  to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizeEmail = false
 
; This setting allows you to specify whether or not you would like Date and Time
; information to be  to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizeDateTime = false
 
; This setting allows you to specify whether or not you would like to synchronize
; folders instead of performing an import.
SyncFoldersInsteadOfImport = true
 
; This setting allows you to specify how information conflicts between the handheld
; and the PC encountered during synchronization are handled. If set to true, desktop
; information is used. If set to false, handheld information is used.
FolderConflictDesktopWins = true
 
; This setting allows the enabling or disabling of wireless email reconcilation.
AllowWirelessEmailSynchronization = true
 
; This setting allows the wireless calendar synchronization functionality to be disabled.
DisableWirelessCalendar = false
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Redirector Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Append signature on out going messages
AutoSignature = -----------------\
Sent from my BlackBerry Handheld.
 
; Forwards messages to the handheld
ForwardMessagesToHandheld = true
 
; Allows user's to receive mail when handheld is connected to cradle
ForwardMessagesInCradle = true
 
; Setup filter rules for email redirection
FilterRuleFile = c:\myfilters.rfi
; When filter rules don't apply, forward or don't send messages
ForwardWhenRulesDontApply = true
 
; When sending a message from handheld, don't save a copy in my 'Sent Items' folder
DontSaveSentMessages = false
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Backup/Restore Configuration
;;
;; These value control the setting in "Backup and Restore Options" dialog
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; This value control the value of the "Automatically backup my handheld" setting
; in the options dialog, which is enables or disables prompted Automatic Backups.
AutoBackupEnabled = true
 
; This value indicates how often an AutoBackup is performed in days.
AutoBackupFrequency = 7
 
; This setting controls the exclusion of Email and synchronized data from the
; automatic backup. If set to true, the "Backup all handheld application data"
; radio button is selected.
AutoBackupIncludeAll = true
 
; This setting allows control over whether email is excluded from automatic backups
; (when AutoBackupIncludeAll is false).
AutoBackupExcludeEmail = false
 
; This setting allows control over whether synchronized application data is excluded
; from automatic backups (when AutoBackupIncludeAll is false). "Synchronized data" is
; that data which is configured for synchronization with Intellisync; this varies
; according to the user's preferences.
AutoBackupExcludeSync = false
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; WebLink Configuration
;;
;; These values control the appearance and behaviour of the WebLink extension.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Setting this value to false prevents the WebLink icon from being displayed.
ShowWebLink = true
 
; This setting specifies the URL that will be used when the WebLink
; icon is activated.
WebLinkURL = www.your_network_here.com/go/downloads
 
; This setting controls the label that is displayed for the WebLink icon.
WebLinkLabel = Downloads
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Device Security Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Determine if the password is required on device
PasswordRequired {policy} = false
 
; Determine if the user can disable the password
UserCanDisablePassword {policy} = true
 
; Minimum length of the password.
; Valid range is 1 to 12 characters, inclusive.
;
; This value indicates the minimum length of an acceptable device
; security password.
MinPasswordLength {policy} = 1
 
; Password Pattern Checks
; Valid range is 0 or 1 at this time
;    0 -> no checks
;    1 -> ensure password has at least on letter and one digit
PasswordPatternChecks {policy} = 0
 
; Suppress Password Echo
;
; Option to disable password echo after x numbers of fail attempts to unlock handheld.
; false -> Disable
; true -> Enable
;
SuppressPasswordEcho {policy} = false
 
; Maximum device security timeout.
; Valid range is 1 to 60 minutes, inclusive.
;
; The handheld user is permitted to select any security timeout value
; less than this value.
MaxSecurityTimeout {policy} = 60
 
; Password Timeout
; Valid range is 0 to 60 minutes, inclusive.
;
; Set the effective password timeout on handheld.  This value must be
; less than that of the MaxSecurityTimeout.
SetPasswordTimeout {policy} = 0
 
;
; If set, forces the device to the lock screen when it is holstered
ForceLockWhenHolstered {policy} = false
 
; Determine if the user can change the timeout
UserCanChangeTimeout {policy} = TRUE
 
; Password aging.
; Valid range is 0 to 365.
;
; Specifying a value of 0 indicates password aging is disabled. Other
; values specify the maximum age of the password before the handheld
; user is prompted to change it.
MaxPasswordAgeInDays {policy} = 0
 
; Password History
; Valid range is 0 to 15
;
; Specify the number of passwords to retain for checking. Passwords in password history cannot be used when
; setting a new handheld password.
;
MaximumPasswordHistory {policy} = 0
 
 
; Maximum Password Attempts
; Valid range is 3 to 10
;
; Set the maximum number of  password attempts on handheld.
;
SetMaximumPasswordAttempts {policy} = 10
 
; Indicate if Long Term Security Timeout is enabled/disabled
;
; If true, handheld long term timeout is enabled
; If false, handheld long term timeout is disabled.
LongTermTimeoutEnable {policy} = false
 
; Attachment Viewing
;
; Controls the ability to view email attachments on the handheld. 
; If set to true then users can view attachments on the handheld
AllowAttachmentViewing {policy} = true
 
; Policies that control the behaviour of third party applications
; on Java-based handhelds.
AllowThirdPartyUseSerialPort {policy} = true
AllowExternalConnections {policy} = true
AllowInternalConnections {policy} = true
AllowSplitPipeConnections {policy} = true
DisallowThirdPartyAppDownloads {policy} = false
 
; Policies that control the behaviour of the handheld Browser application
;
; DefaultBrowserConfigUID {default} = "BlackBerry Browser"
; MDSBrowserTitle {default} = "YourCompany Intranet"
; HomepageAddress {default} = www.your_network_here.com
; HomepageAddressReadOnly {policy} = true
; EnableWAPConfig {policy} = false
 
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
; Policies that apply to the TLS protocol.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 
; TLS Disable Invalid Connection
; Disallow users to connect to a server with an invalid certificate (i.e revoked, expired, etc ).
; Value: 0=true,1=false,2=prompt on device
TLSDisableInvalidConnection {policy} = 1
 
; TLS Disable Untrusted Connection
; Prevent TLS connections to untrusted servers.
; Values: 0=true,1=false,2=prompt on device
TLSDisableUntrustedConnection {policy} = 2
 
; TLS Disable Weak Ciphers
; Disable use of weak ciphers during a TLS connection.
; Values: 0=true,1=false,2=prompt on device
TLSDisableWeakCiphers {policy} = 2
 
; TLS Minimum Strong DH Key Length,
; Valid range 512 to 4096
TLSMinimumStrongDHKeyLength {policy} = 1024
 
; TLS Minimum Strong ECC Key Length
; Valid range 160 to 571
TLSMinimumStrongECCKeyLength {policy} = 163
 
; TLS Minimum Strong RSA Key Length
; Valid range 512 to 4096
TLSMinimumStrongRSAKeyLength  {policy} = 1024
 
; Disable the use of any cipher that is not FIPS compliant.
TLSRestrictFIPSCiphers {policy} = false
 
; TLS Minimum Strong DSA Key Length
;
; Set the minimum DSA key size allowed for use during a TLS connection.
; Range: 512 - 1024 bits in 64 bit increments
TLSMinimumStrongDSAKeyLength {policy} = 1024
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Messaging Settings.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Indicate if PIN to PIN messaging is permitted.
;
; If true, handheld users are permitted to use the PIN to PIN messaging
; feature. If false, this capability is hidden from the handheld user.
AllowPINtoPIN {policy} = true
 
; Indicate if the specification of BCC recipients is permitted.
;
; If true, handheld users can specify BCC recipients when composing messages.
; If false, this capability is unavailable to handheld users.
AllowBCCRecipients {policy} = true
 
; Indicate if SMS messaging is permitted.
;
; If true, handheld users are permitted to send SMS messages.
; If false, this capability is unavailable to handheld users.
AllowSMS {policy} = true
 
; Indicate if the RIM phone application can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's phone.
; If false, users are not permitted to use the handheld's phone.
AllowPhone {policy} = true
 
; Indicate if the RIM web browser can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's web browser.
; If false, users are not permitted to use the handheld's web browser.
AllowBrowser {policy} = true
 
; Indicate if other email services are permitted on the handheld.
;
; If false, no other email service books (other than the Enterprise
; edition one) are permitted on the handheld. Any other existing email
; service books are removed when the policy is installed; while the
; policy is in effect, other email service books will be rejected by the
; device. This forces all outbound email to be routed through the
; organization's BlackBerry Enterprise Server.
;
; If true, no restrictions are applied to email service books.
AllowOtherEmailServices {policy} = true
 
; Indicate if other browser transport services are permitted on the handheld.
;
; If false, no other browser transport service books (other than the
; Enterprise edition one) are permitted on the handheld. In this case,
; any other existing browser transport service books are removed when the
; policy is installed; while the policy is in effect, other browser transport
; service books will be rejected by the device. This forces all browser
; traffic to be routed through the organization's BlackBerry Enterprise Server.
;
; If true, no restrictions are applied to browser transport service books.
AllowOtherBrowserServices {policy} = true
 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Owner Information
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
; Owner Name - if value = '*' use the registry setting
OwnerName {default} = Research In Motion Ltd.
 
; Owner Info - if value = '*' use the registry setting
OwnerInfo {default} = This BB has Blank IT policy on it written by John Clark from www.BlackBerryForums.com
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Other Info
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


Lex Luthor 03-01-2007 02:55 AM

I've seen various threads on this and many people have asked about how to remove an IT policy so I'm glad this topic is now a sticky.

*&)) 03-05-2007 07:41 PM

this information is like an admins nightmare

John Clark 03-05-2007 07:46 PM

Why? In order to complete the process it means wiping the handheld. When the handheld is wiped it loses the connection/encryption with the BES. If the policy restricted user gets this far and gets the policy removed he/she still has to reactivate on the BES. When he/she runs an EA the policy will once again push to the device. Right?

This info has been out for quite some time. It's not new.

*&)) 03-05-2007 08:01 PM

i find that all the it admin i have ever worked with wanted everyone to be in the dark. and yes i realize the information isn't new but now its easily accessible. but i guess what isn't these days
i'm not saying that you are creating problem for any one or anything b/c i actually found it usefully. but i know where this would have driven a former boss of mine crazy.

John Clark 03-05-2007 08:06 PM

I believe corporations have every right to restrict devices connected to their network to any extent they feel necessary. However, I don't think it's right to render a BB, or any of it's functions, totally useless for the rest of the BB's life. This is not meant to circumvent any restrictions corporations place on devices, as I'm opposed to that, as well. It's only meant to help those who are no longer connected to a BES.

*&)) 03-05-2007 08:20 PM

i worked for a news paper and things use to walk away on the regular (because of where the it offices were, there were interns in and out for the paper and no one asking questions) so we tried our hardest to make sure that if it walked and we didn't know it was leaving that it would be almost useless to anyone else. We once found about 20 blackberry's online that belonged to the paper. but about 10 of them were useless because this person didn't have this type of information. Now i know that if there is a will theres a way but we were just glad that we were able to stop them that way.

ohad_129 03-12-2007 03:48 PM

i folow every thing you write and i cant still disable the firewall
did i have to wipe all the data from my handheld and download it again
thank you
eli

kdolliff 03-13-2007 11:30 AM

:smile: THANK YOU for this info. I purchased 75 blackberries from my former company that went out of business for my new company to use and deploy. The BES was DOD wiped and there was no way to get the policy off these devices. Thank you for providing a real solution for a legitimate need. Blackberry was of no help telling me I would have to purchase BES software in order to use these devices. I really appreciate the info. If people choose to use it with a device they do not own then they have to deal with the consequences. Thanks again!(y)

John Clark 03-13-2007 08:27 PM

Quote:

Originally Posted by ohad_129
i folow every thing you write and i cant still disable the firewall
did i have to wipe all the data from my handheld and download it again
thank you
eli

There have been issues with the firewall using this procedure. Sorry, I don't have an answer. The policy.bin file in this sticky was not created by me so I can't vouch for what it contains. Many have had success with it but some have not. Sorry, it's the best I can do.

camaxtli 03-13-2007 11:19 PM

Thanks for posting this. I recently had hot dog juice squirt onto my blackberry 7290 and sent it off for repair leaving me to purchase a used one from a ebay seller. My problems started when I tried using Yak-On but received many APN errors. Contacted Yak-On after unsuccessfully talking to Cinguar blackberry support, Yak-On did try to be very helpful but failed several times to get it working. After countless searches on this site I finally came across this thread and I must tell you, THANKS!! I followed the directions and presto! Yak-On works! I emailed the Yak-On support person who was helping me and told him about this site.

ohad_129 03-14-2007 01:08 AM

thank you man
but do you have any idea how to find the pin code ?

lauragal 03-16-2007 01:21 AM

Can someone give me step by step instructions on how to do this using a Mac? Sorry, I am new to Blackberry. I posted in another thread, and have not been able to resolve my problem.

I own my Blackberry 7130e, however, I allowed my job to use BES so that I could receive email from them. Mistake - they put so much security on it that I could no longer download 3rd part software. They recently removed it, and now I can no longer send emails or access the internet.

The only way I can sync with my Blackberry is through PocketMac. Is there a way to do this right on the Blackberry? However, I don't want to wipe out everything on the Blackberry (especially my current email services which I can still receive mail from).

Thanks in advance!
Laura

lauragal 03-16-2007 06:50 PM

Okay, I have just about wasted the whole day trying to resolve this problem!! I finally had to call Verizon/Blackberry Tech Support and I wiped out the BB and reloaded everything.

After hanging up with them, although I could access the internet and receive email, I still cannot download 3rd party software. When I looked at my security settings, the IT Policy was STILL THERE!!! Even after doing a "wipe"!!

I am ready to toss this BB! I cannot use the instructions above as it pertains to the Desktop Manager for a PC. I'm on a Mac. Any suggestions????????

Thanks again
Laura

John Clark 03-16-2007 07:03 PM

Laura,
You MUST use a PC in order to complete the above procedure. Simply wiping the device will NOT remove the IT policy. Find a friend with a PC, load desktop Manager and follow the above instructions. Mac won't work, sorry.

John

lauragal 03-16-2007 07:05 PM

Thanks John!

I guess that is what I'll have to do. The tech people at my job, and at Verizon/Blackberry don't seem to have a clue!!

Thanks alot.

Laura

John Clark 03-16-2007 07:07 PM

Direct the tech folks at your job to the above instructions and they might be able to help. A friend may not be real happy with you editing their registry if you are not sure what you are doing.

Good luck!

JC

lauragal 03-16-2007 07:44 PM

John,

OMG - I cannot believe the trouble I am having with this! I talked with a tech at Verizon/Blackberry and they are not willing to help with something that goes into the registry of a computer!!!

If I follow the directions exactly as above, will the registry of the PC I'm using go back to what it was before I touched it?

I'm pretty good with following directions!

Thanks - it seems that I am totally stuck unless I do it as per the instructions above.

Laura

John Clark 03-16-2007 08:19 PM

This is a hack. Nobody from tech support with Verizon is going to help you. I mentioned you might be able to get your tech guys to help you with it but not Verizon.

Follow the instructions. The PC will be fine.

lauragal 03-16-2007 08:22 PM

Oh, okay! Sorry about all of the questions. Unfortunately, the IT techs at work won't be able to help me out as they have already told me that my service provider has to fix the problem!

I'm going to try it on my husband's laptop in a little while. Thanks again!

Laura

BTW - my husband's computer runs Vista - is that going to be a problem?

John Clark 03-16-2007 10:10 PM

Another potential problem. I've not tried this on vista. I don't even use vista. If it's going to work you'll need the latest version of Desktop Manager 4.2.1 SP1 which can be found here:

BlackBerry - BlackBerry - Sys Req V4-2 Pack 1

I don't know if the registry is the same on Vista. Maybe someone else here has tried this on Vista?

lauragal 03-16-2007 10:15 PM

Well, I can tell you that it the Desktop Manager that came with my BB 7130e does not recognize my BB after downloading the manager to a Vista computer. I don't know if Vista is the problem or it's something else. I was doing a search of the forums to see if there was something I was overlooking when I installed the Desktop Manager.

John Clark 03-16-2007 10:22 PM

Laura, that version won't work with Vista. Only the version of DM I posted above will work with Vista.

lauragal 03-16-2007 10:26 PM

Thanks John (we must have been posting at the same time!)

I am downloading the version you suggested now, to see if that will work.

Thanks again!

Laura (sorry to be such a pain)!

John Clark 03-16-2007 10:31 PM

Trust me, you're not a pain. There are a couple others here that really are a pain right now. You're simply someone who I can help. I hope you get it sorted out. DM 4.2.1 SP1 will work with Vista. However, if the procedure above doesn't work with Vista then you'll need to find an XP machine. I know it will work on that. I can only assume the registry entries are the same for Vista. If not, you'll be out of luck until you find an XP machine or someone can give instructions for Vista.

lauragal 03-16-2007 10:38 PM

Thanks so much for your time and help, John.

I'll give it a shot on Vista. I don't have access to my daughter's XP machine right now - she took it with her and will be back tomorrow. So if this doesn't work, then I'll try it on her machine tomorrow.

I cannot believe this has literally taken up my whole day and night - I'm glad we had a Nor-easter here today as I had no intentions of going out anyway!!!

Thanks again - and I'll let you know if it works on Vista.

Laura

lauragal 03-16-2007 11:26 PM

Update:

Cannot even seem to install DM 4.2.1 SP1 to the PC. Keep getting error messages. Will have to wait until I can get my hands on my daughter's XP PC. What a total waste of a day!!!

Laura

John Clark 03-16-2007 11:35 PM

Sometimes BlackBerry days go like that. That's how I learned BlackBerry. Wasting my days away messing around with it, searching these forums, trying this and that. If you search around for a while you'd find a thread about completely uninstalling Desktop Manager and reinstalling it. That might be what is necessary. However, if you've spent that much time on it today it would probably be best to start fresh tomorrow.

Get a good night's sleep and try again tomorrow or give it a few days and come back to it. Sometimes I get where I want to throw the thing at the wall. That's when it's time to be done!

Been there. Done that.

Jagga 03-17-2007 12:11 AM

Quote:

Originally Posted by lauragal
Update:

Cannot even seem to install DM 4.2.1 SP1 to the PC. Keep getting error messages. Will have to wait until I can get my hands on my daughter's XP PC. What a total waste of a day!!!

Laura

Laura, if I may put in a suggestion John. Sorry for the disruption. However if Laura has an INTEL based cpu Mac ... then if she's willing even with her local Apple store rep for guidance update the firmware of her Mac - which SHOULD NOT disrupt any app installed or preferences or anything - then installed Boot CAMP. Its perfectly legal to install your daughters WinXP SP2 OS disc for a DUAL BOOT option - follow directions on Apple.com site for BOOTCAMP and specific model firmware. (*heck if you have Parallels even better for dual OS mode/coherence).

Then you can follow John's procedures in his original post above to the letter.

PS2BOTH of you. Again sorry for the intrusion just a possible option I'm suggesting. John sorry for the intrusion once again. Also is there a way to follow your steps and the policy.bin procedure in your original post WITHOUT uninstall of the BBDM - I failed as I tried to rush through without uninstall & reinstall - I should've known better :(

Cheers.

lauragal 03-17-2007 12:17 AM

Hi Jagga,

Thanks for the suggestion - but I'm not sure what you mean. I do have an Intel-based CPU (MacBookPro), and if I can do this via Boot Camp, without having to fool around with my daughter's computer, that would be even better.

I also have AppleCare so I could call them anytime free of charge to walk me through it, but I believe they only deal with the computer and not non-Mac-based devices.

Sorry if I'm just not getting what you're saying!!

Laura

John Clark 03-17-2007 12:32 AM

Boot Camp is an option. I have zero experience with it. Can't help ya with that one, sorry.

lauragal 03-17-2007 01:22 AM

I am about to shoot myself!!!!! I was finally able to download DM 4.2.1 SP1. Got it working. Downloaded policy.bin. Wiped my BB.

Believe it or not - I cannot get to the next step. "From the Windows Start Menu select "Run" - I honestly cannot find "Run" anywhere on the start menu!!!!!

HELP!!!!!!

Thanks,
Laura

lauragal 03-17-2007 01:31 AM

Never mind!!

I successfully removed the IT Policy!!!! Now I just have to figure out how to get my email accounts back!!

Thanks again
Laura

John Clark 03-17-2007 01:33 AM

WooHoo!!! Never gave up! Great job!

Jagga 03-17-2007 02:05 AM

Quote:

Originally Posted by lauragal
Never mind!!

I successfully removed the IT Policy!!!! Now I just have to figure out how to get my email accounts back!!

Thanks again
Laura

Atta Girl! Nice work. Now your a BB pro user! Totally Cracked out - and I mean that in the biggest way of respect & comradeship.

If your on a BES then on your work computer's BBDM sync it there, then an automatic Enterprise Activation will set it up.

If its personal ... login to your providers BIS site and click on resend service books or just goto Options> Advanced Options > Host Routing Table and RE-Register.

All is well & looking up here on out!

ohad_129 03-17-2007 03:53 AM

how you made it?
do you can disable the fire wall?
please let me know
thank you

camaxtli 03-18-2007 01:13 PM

Hi John,I was hoping her question about will the computer return to normal before she touched it would be answered. The registry has me slightly worried as I was in the same boat as Laura, I use Mac at home and so I had to do it on my desktop at work, should I be worried?

lauragal 03-18-2007 09:54 PM

John and Jagga,

Thanks!!! Trust me, I was sweating all the way!!!!! But I do feel like a pro now!!!! I am no longer on a BES at work so now worries there - they were the ones who caused this problem to begin with!! And I was able to re-send the service books (the site was down last night but I was able to do it this morning). Thanks to both of you for all your help.

Ohad - I did not have to disable my firewall.

Camaxtli - if you follow John's instructions step by step, there should be no problem. My husband's PC is working without any problems. Although you're going into the registry, it seems to me that you're just changing a part of the registry that pertains to the Blackberry, so anything else on the computer is untouched.

camaxtli 03-22-2007 12:17 AM

Quote:

Originally Posted by lauragal
John and Jagga,

Camaxtli - if you follow John's instructions step by step, there should be no problem. My husband's PC is working without any problems. Although you're going into the registry, it seems to me that you're just changing a part of the registry that pertains to the Blackberry, so anything else on the computer is untouched.

Thanks. I havent heard anything so....I guess its cool.

bradpoff 03-23-2007 10:50 PM

need someone to write a program
 
Instead of disabling the BES stuff, I want a program that will issue a wheel click every 19 minutes since my password timeout is 20 minutes. That way I don't have to keep entering the password everytime it vibrates to tell me I have another meeting but won't let me see the meeting announcement.

Anyone know how to do this? I'm not a programer but it would seem like a simple thing to do (always is for the ignorant)

Appreciate the help.

Soapm 03-23-2007 11:22 PM

Quote:

Originally Posted by bradpoff
Instead of disabling the BES stuff, I want a program that will issue a wheel click every 19 minutes since my password timeout is 20 minutes. That way I don't have to keep entering the password everytime it vibrates to tell me I have another meeting but won't let me see the meeting announcement.

Anyone know how to do this? I'm not a programer but it would seem like a simple thing to do (always is for the ignorant)

Appreciate the help.

Yes, every 19 minutes, pick up the berry grasping firmly in the palm of hand. Extend the thumb of right hand and carefully place onto the thumb wheel located on the right side of berry. Applying slight pressure, roll the wheel one click either direction. Presto! Unit will not lock for another 20 minutes. :)

"...yes, and I haven't taken any lessons (William Hung)"

bradpoff 03-24-2007 10:36 AM

Brilliant! Why didn't I think of that? :oops: That's why I labeled my self 'the ignorant'.

GDBerryuser 03-24-2007 11:21 AM

why dont you change the timeout option to one hour? I am on a bes with an it policy and I was able to change mine

John Clark 03-24-2007 11:23 AM

It depends on if the specific IT policy allows that change.

bradpoff 03-25-2007 07:00 AM

Unfortunately they've set it up so I cannot change the timeout.

Is what I'm suggesting possible (program running in the background that enters a keystroke every 19 minutes--since timeout set by administrator to 20 minutes), does it makes sense? Any volunteers to write something for me to try?

kirk_gcm 03-29-2007 11:37 AM

Success confirmation
 
I am please to confirm that the instructions by John Clark worked, (8700g owner)

John Clark 04-01-2007 10:49 PM

I have been attempting to use a bluetooth keyboard with my 8100 Pearl. It is under IT policy. The default policy denies access to "keystroke injection" in the Application Permissions under Security Settings which is necessary for access by a Bluetooth Keyboard.

I tried this procedure on an old BB that is no longer used on the BES in order to see if I could get the "keystroke injection" denial lifted and use the keyboard on the old BB. Yes, the procedure will appear to "remove" IT policy. However, it only applies a blank policy which doesn't show up under Security Settings. There is still policy on the device after using this procedure. Firewalls are set to "default" policy. Under default some settings are defaulted to "disallow" or "deny." One of which is the "keystroke injection." It needs to be set to "allow" in order to allow access by a Bluetooth Keyboard. This blank policy doesn't allow this.

I just wanted to inform those using this procedure that it doesn't completely "remove" all IT policy. It does lift a lot of restrictions from the device but not all.

Jagga 04-02-2007 12:44 AM

John, I was wondering. When a user performs an E.A. on BBDM within a company firewall for BES, with a unit that has a previous IT Policy from another company, they show up at "initializing". Most of the information is there with IT Policy at a pending field which within 5-10mins shows "failed" on the BES for that particular user. Why doesn't trying to send "Blank" IT Policy clear the previous one out, then "Send" IT Policy for the company its on resolve this?

BTW, the BB Unit was procured under warranty replacement with Cingular by specific internal company contact & Cingular.

PS I was just curious.

djdcyphr 04-02-2007 11:55 AM

Is it possible for me to wipe the device, remove the policy, and then upload applications to my device. Such as games or ringtones. Then when i am finished, reconnect to my DES and go undetected?

John Clark 04-02-2007 12:39 PM

Read the disclaimer in the original post. That is NOT what this is intended for. You risk your job in doing this. Additionally, when you connect back up to the BES the policy will be pushed right back anyway and you'll lose everything.

JoeIndy 04-05-2007 02:45 PM

Quote:

Originally Posted by John Clark
I just wanted to inform those using this procedure that it doesn't completely "remove" all IT policy. It does lift a lot of restrictions from the device but not all.

With a new Pearl with BIS and downloading the desktop software from T-Mobile's site, I ran into an interesting issue. It apparently comes with an IT Policy that is more restrictive than none, because since I hooked it up the first time (to do an OS upgrade), it now requires 5 character passwords and, here's the fun one, the password expires after 5 days. :cry:

Does the policy.bin that's floating around here have more generous settings than this?

d_fisher 04-05-2007 03:12 PM

No password required with this policy.

JoeIndy 04-05-2007 10:46 PM

I downloaded a copy of the free BES Express. It contains the policy compiler. I made my own policy.inf with the settings I wanted. My paranoia was kicking in at the though of downloading and applying a policy file from the Net, even though I have no reason to doubt the policy.bin file in the thread is clean and legit. Like I said, paranoia. :)

The default policy file looks like the default policy that comes with the BES Express download is the .bin file included in Desktop Manager. It had a 5 character password minimum, and maximum password age was set to 5 days.

omkhar 04-06-2007 02:41 PM

Quote:

Originally Posted by *&))
i find that all the it admin i have ever worked with wanted everyone to be in the dark. and yes i realize the information isn't new but now its easily accessible. but i guess what isn't these days
i'm not saying that you are creating problem for any one or anything b/c i actually found it usefully. but i know where this would have driven a former boss of mine crazy.

Security through obscurity (leaving users in the dark) is not security at all.

John Clark 04-06-2007 11:24 PM

Quote:

Originally Posted by JoeIndy
I downloaded a copy of the free BES Express. It contains the policy compiler. I made my own policy.inf with the settings I wanted. My paranoia was kicking in at the though of downloading and applying a policy file from the Net, even though I have no reason to doubt the policy.bin file in the thread is clean and legit. Like I said, paranoia. :)

The default policy file looks like the default policy that comes with the BES Express download is the .bin file included in Desktop Manager. It had a 5 character password minimum, and maximum password age was set to 5 days.


So you were able to create your own policy.bin using the BES express download? Howabout some more info on this. How did you do it?

JoeIndy 04-06-2007 11:57 PM

Quote:

Originally Posted by John Clark
WAIT WAIT WAIT! So you were able to create your own policy.bin using the BES express download? Howabout some more info on this. How did you do it?

When you download BES Express, it comes in a self extracting ZIP file. When you run it, it extracts the files to C:\Research In Motion\BlackBerry Enterprise Server 4.1.3\. In this directory is one called "ITPolicy"... which contains the program to generate policy.bin files.

Go forth and free your (personally owned, not attached to a corporate network less you get fired for cause) BlackBerry!

John Clark 04-07-2007 02:25 AM

Joe, this was a good find. You've figured out how the policy.bin was created. I've tried creating another policy.bin. I was successful but, unfortunatly, it doesn't do any better than the one posted originally in the first post. There is no way to use this policy compiler to open up the application permissions from what the BES pushed out in policy.

Good work, though. I now know how to create a policy.bin.

JoeIndy 04-07-2007 10:47 AM

Quote:

Originally Posted by John Clark
Joe, this was a good find. You've figured out how the policy.bin was created. I've tried creating another policy.bin. I was successful but, unfortunatly, it doesn't do any better than the one posted originally in the first post. There is no way to use this policy compiler to open up the application permissions from what the BES pushed out in policy.

John, sorry to hear that it didn't work. I did some looking and found a user manual for a Bluetooth Keyboard designed for BlackBerry's. There's a section for how to allow use of the keyboard through BES. But, it looks like something that isn't accessable to BES Express without going through the whole installation and everything... basically, another section of policies that isn't controlled through policy.bin.

BlueKeyboard Download - Download the manual, see page 26.

Best of luck getting it resolved. -- Joe

John Clark 04-07-2007 04:35 PM

Quote:

Originally Posted by JoeIndy
basically, another section of policies that isn't controlled through policy.bin.

I did fix the issue on my BES attached BB by having the IT dept do their thing. I've just been looking for a way to remove the restriction from my old BB so I can use the keyboard (and others) on that BB as well. I may have to switch devices so the new policy is pushed to the old device. However, that only allows the one particular application permission to the keystroke injection. It doesn't really *solve* the core problem.

hb88xx 04-10-2007 07:13 AM

Quote:

Originally Posted by JoeIndy
When you download BES Express, it comes in a self extracting ZIP file. When you run it, it extracts the files to C:\Research In Motion\BlackBerry Enterprise Server 4.1.3\. In this directory is one called "ITPolicy"... which contains the program to generate policy.bin files.

Go forth and free your (personally owned, not attached to a corporate network less you get fired for cause) BlackBerry!

It's not only BES express. When you unpack the SP3 for 4.1 which is free to download, the folder and tool are there too

ammatusk 04-10-2007 10:07 AM

Thanks so much
 
As a split-personality user (I am on BES at work and BIS for my personal BB), I have learned so much from this thread.

Initially, I tried wiping and although I blew out my personal data, it seemed that the policy didn't take.

Well, that's because I'm one of those "oh, it doesn't matter where the file is as long as I point to it" people. Yeah...didn't work.

So....went through it again and followed the directions to the letter and, surprise, surprise, it worked great.

I wanted to thank everyone who has been posting on this issue. The inability to load some apps (Google Maps, specifically) was driving me batty.

All fixed now, thanks to all of you!
-s.

raafter 04-10-2007 11:08 AM

If you have devices that "walk" from your organization and you want to ensure they are never used again you can contact RIM client care or t-support and have the pin blocked from their NOC.

The device will NEVER work again if that's the case. it isn't something that is used widely however it is available.

nyubi 04-15-2007 01:50 AM

i have a used pearl, it has it policy, after i followed above op described step, i finally can clear the it policy, disable password etc.

but the firewall still enable, can't be disable, but i still can edit the firewall option (install 3rd party apps, keystroke injection,etc) to allow..

am I good to go now ?

caseymandy560 04-20-2007 07:15 PM

This worked great. Thanks!!!

canmat 05-01-2007 06:09 PM

I have a blackberry 7100g I bought off ebay for my wife. I it has a security policy, but these steps may have to be a little modified for me.

I used the Cingular software here -> https://www.blackberry.com/Downloads...1c2114287438TR

BlackBerry Handheld Software v4.1.0.556 (Multilanguage)

Package Version: 4.1.0.556
Consisting of:
Applications: 4.1.0.377
Software Platform: 1.8.0.154
File name: 7100E_PBrER4.1.0_rel556_PL1.8.0.154_A4.1.0.377_AWS .exe
File size: 36.42MB

It appears this is the latest software availible to me from cigular for my bb. It does not give me the HKEY_Current_Users\Software\Research In Motion\BlackBerry\PolicyManager as an option in the registry.

Heck, the only availible category is HKey _Current_Users\Software\Research In Motion\BlackBerry\Loader

I am a bit of a noob when it comes to this blackberry, but I'm having a good time. If you have any tips it would be greatly appreciated!

John Clark 05-01-2007 06:30 PM

Are you running Windows XP? Do you have Desktop Manager installed?

canmat 05-01-2007 06:53 PM

Is desktop manager in different package then what I downloaded? Yes I am in Win XP. I tried to download a newer operating system, but it did not have the software it needed for my device. Does desktop manager come in a stand alone version that will work with Package Version: 4.1.0.556, it wasn't an install option when I installed using custom install. I installed every option there was.

Thank you for your help!

John Clark 05-01-2007 07:01 PM

Download and Install Desktop Manager from here:

BlackBerry - BlackBerry - Sys Req V4-2 Pack 1

Then download and install the OS of your choice. If it's from a carrier other than the one your BB is branded to then delete the vendor.xml file after the installation of the OS.

canmat 05-01-2007 11:43 PM

Thank you very much! It worked like a charm, thank you so much for your help!

Carla_scotland 05-05-2007 04:22 PM

IT Policy removal on BB7230 / Vodafone / UK
 
Hello all from Glasgow, Scotland.

I have recently purchased a BB7230 off ebay, with SIMlock to Voafone(UK). I _dont_ have a BES or BIS account and have a Pay as You Go (pre-pay) Vodafone SIM. I mainly intend to use the BB as a Phone /PDA but a bit of TCP/IP access would be nice.

The Vodafone SIM works fine on GPRS in other mobile phones I can use my laptop and the IR port on my Nokia for internet access on most ports (80,21,23,8080 etc).

I found these very helpful forums via Google so rather than just ask for help I though I would share my learning so far for others to find - and then post my question immediately below this...

Removing the IT policy
====
I downloaded the BB desktop software but could not install applicatios so I followed the instructions here:
http://blackberry.ig3.net/
Other people have reported mixed results, but it worked fine for me and I can now download and install software via the desktop.

TCP / IP Access
====
I entered APN pp.vodafone.co.uk user:web, password:web (exactly the same as on my Nokia phone)

I have no Blackberry browser and know of no method to get it back so I then downloaded Opera Mini and installed it.

During first start up it goes through a number of staps before failing with an error:

The application operette$2dhifi has attempted to open a connection to a location inside the firewall and outside the firewall which is not allowed by your it policy.

Googling round a bit this seems to be due to a policy restriction, that is turned on by DEFAULT in the BLANK profile to DISABLE split-pipe-connections. See:
http://osdir.com/ml/java.sun.kvm/2004-12/msg00045.html]
http://downloads.rogers.com/wireless...n_Security.pdf

AFAIK since OS version 3.61 an application can only connect via wither the BES/MDS _or_ TCP/IP - the first service it connects to (even if it does not work) is remembered unless you remove all the software and reinistall. See link below for how to make the BB "forget":
http://www.idokorro.com/support/mdt-supportfaq.shtml#q5

So I then installed a trial of IM+ that allows you to select the transport mode TCP/IP or MDS/BES or BIS and I also installed a trial of Idokorro Mobile SSH that allows you to pick TCP/IP, BIS or BES/MDS.

In both cases with the software set it TCP/IP I get as far as the "arrows" flashing in the top right of the screen the the BB transmits (I can hear the interference on a radio) with no firewall problems.

Carla_scotland 05-05-2007 04:23 PM

BB 7230 / Vodafone(UK) / will not connect
 
-----------
And now the questions:

I have a good signal strength 2-3 blobs on the meter, Given GPRS works on the SIM in another phone I am assuming there is nothing wrong with the Vodafone account...

but the BB fails to connect - the arrows in the top right flash for a while with "half thickness" (if this makes sence) than stop.

Anyone got any suggestions - can anyone explain what the "arrows" mean.

Thanks
Carla

John Clark 05-05-2007 04:28 PM

Wirelessly posted (BB 8860: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100)

Yes, your issue is due to a leftover IT policy. As far as I know, there is no way to remove the firewalls. In order to access data you need a BB data plan. Without a BB data plan, no data. However, as you say it is sometimes possible to access the internet with Opera and a GPRS data plan. However, with the policy in place its very possible you will never be able to access this. The only way to remove all policy is to connect the BB back to a bes and push a new blank policy to it.

nosralr 05-26-2007 12:35 PM

Quoting the first post in this thread:

Step 3
Wipe your Blackberry, creating a backup if necessary. Select Options/Security/Wipe on the Device.
If this option is unavailable, you may have to install the latest software on your Blackberry. You need to Download and install the latest OS for your device. Connect your device, open the Desktop Manager, select Application Loader, and follow the prompts.

I have a 6230. I clicked the above link to install the latest OS on my device. When I go there I find a huge list of carriers. However, some have a lock after them and some have another icon. For instance, Etisalat doesn't have a lock. When I click Etisalet it displays 4.2 OS for the Pearl 8100. Will that work on my 6230? Or what do I want? I am not using any of the carriers listed there, as I am in Bangladesh. Thanks.

John Clark 05-26-2007 12:43 PM

The 8100 OS will NOT work on a 6230. The 6230 is a pretty old device.

BTW, your profile says "7100t."

nosralr 05-26-2007 12:43 PM

One more thing. I have tried to wipe my 6230 a few times. When I installed Opera Mini on it I got to step 6 and it ran into the IT policy program. So I then wiped my 6230 BB but Opera Mini is still on there. Why would that be after wiping it?

John Clark 05-26-2007 12:57 PM

Because "wiping" from the handheld only removes data, not programs or OS.

nosralr 05-26-2007 01:44 PM

Yes, I know my profile says "7100t." I guess it should say, "7100t, 7100g, and 6230!"

I have not be able to get Opera to work on any one of them. I am at my wits end.

What can I try next? I have wiped the 6230's, and the 7100g. I then installed my Desktop Manager 4.0 on my laptop, added the policy.bin before I opened it and then connected it to my 6230 and then later to my 7100g. I can install Opera Mini but cannot get it past step 6 before it gives the message that inside and outside the firewall something is being accessed and it is not in the IT policy. You know the message! Everyone has seen it.

Do I have any other options?

John Clark 05-26-2007 01:47 PM

OK...that's the first time you've mentioned the error message you're receiving. Posting that first would have made this easier. Unfortunatly, the remove IT policy procedure will not remove firewall restrictions that were put in place by a BES. The only way to do that is to reconnect to a BES and have a blank policy sent with no restrictions on firewall. Sorry.

stinkyfeet 06-10-2007 10:42 AM

this is the greatest post ever, i recently just got a new blackberry and had to stop using my old one ::cry:: so i was able to get rid of my IT policy on it which i can prolly sell it better or give it away or even use it on my off days

CooCkieXP 06-25-2007 11:42 PM

Will this bin file work on DM 4.2 SP2?

John Clark 06-26-2007 02:13 AM

Quote:

Originally Posted by CooCkieXP (Post 579481)
Will this bin file work on DM 4.2 SP2?

Yes.

blackberry-guy 06-27-2007 12:42 AM

Quote:

Originally Posted by John Clark (Post 529058)
Wirelessly posted (BB 8860: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100)

Yes, your issue is due to a leftover IT policy. As far as I know, there is no way to remove the firewalls. In order to access data you need a BB data plan. Without a BB data plan, no data. However, as you say it is sometimes possible to access the internet with Opera and a GPRS data plan. However, with the policy in place its very possible you will never be able to access this. The only way to remove all policy is to connect the BB back to a bes and push a new blank policy to it.

I'm running a blackberry on a pay as you go provider (boost mobile) and I'm using opera mini. I have an IT policy on my BB that I think is preventing me from using other apps like GMAIL (which can be used on other phones using boost). I would like to remove the IT policy and wipe my device to see if I can get GMAIL running.... but I'm afraid that if I change everything I could possibly end up losing the ability to run opera mini. Is there a way for me to back-up my current IT policy and revert back to my current state should this whole process fail and leave me worse off?

blackberry-guy

blackberry-guy 06-27-2007 12:45 AM

Quote:

Originally Posted by John Clark (Post 547362)
OK...that's the first time you've mentioned the error message you're receiving. Posting that first would have made this easier. Unfortunatly, the remove IT policy procedure will not remove firewall restrictions that were put in place by a BES. The only way to do that is to reconnect to a BES and have a blank policy sent with no restrictions on firewall. Sorry.

Can't somebody come up with a blank policy with no restrictions for everyone to use and to install? What would it take?

blackberry-guy

John Clark 06-27-2007 02:01 AM

Quote:

Originally Posted by blackberry-guy (Post 580570)
Can't somebody come up with a blank policy with no restrictions for everyone to use and to install? What would it take?

blackberry-guy

Good question!

blackberry-guy 06-27-2007 01:26 PM

Quote:

Originally Posted by John Clark (Post 580597)
Good question!

And a question that I'm surprised that nobody seems to know the answer to.

Here's what I've been thinking about.....

Can "any" BES push a blank policy onto your blackberry, or just the BES that installed the restrictions to begin with? If any BES will work, then we would have a few options I think....

But you have to know what you're shooting for first;

A: (what exactly are the settings for a "new" blackberry)

If someone were connected to a BES, what would they need that BES to do for them to reset their device to a totally unlocked and "free" state? Basically, I'm asking; we would need a complete run down of all the settings of each blackberry model as they are set on a "new" fresh unit. We will be striving to reset all blackberry settings and policies to the same state they were when the unit was NEW.

B: (A method for loading the clean state onto a blackberry from a PC)

Can all of the settings of a "new" blackberry be saved and then loaded onto the device from a PC? By "settings", I'm talking about rewriting EVERYTHING back to the way it originally was on a brand new unit.

C: (If it's possible, where to get the "blank" settings)

Someone who has access to BES software might be able to create this "clean state" for us? Or someone using a BES who would like to help us. But, I have more questions....

If only the BES that installed the restrictions can remove them, how difficult would it be to create BES unlocking software. Basically, something that would figure out the BES settings that your device expects, then provide the BB with those settings (making the BB think it's connected to the original BES) so that you can send the "clean" state to it.

It really shouldn't be that big a deal to reset all the policies on a BB and wipe EVERYTHING back to a "new" state (as the unit was when it was new). This should be able to be done with sofware on your PC and not require connection to a BES, etc. Think about it, it CAN be done, we just have to figure out how to do it.

blackberry-guy

John Clark 06-27-2007 01:35 PM

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

That's exactly what the above policy.bin does. Its just that it doesn't unlock any application restrictions that have been locked out like keystroke injection.

blackberry-guy 06-27-2007 01:52 PM

Quote:

Originally Posted by John Clark (Post 581136)
Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

That's exactly what the above policy.bin does. Its just that it doesn't unlock any application restrictions that have been locked out like keystroke injection.

And nobody knows how to unlock the application restrictions? Do all the answers reside in the policy.bin file ALONE? Or would other files need to be rewritten?

By the way, this is an excellent thread and I very much appreciate your hard work on this issue (and for your time discussing this with me).

blackberry-guy

John Clark 06-27-2007 01:55 PM

Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

Everything except the application restrictions. Nobody has been able to unlock them. I was thinking of doing a trial of Exchangemymail.com and seeing if that would unlock it. There is no way other than attaching to a BES.

blackberry-guy 06-27-2007 02:19 PM

Quote:

Originally Posted by John Clark (Post 581164)
Wirelessly posted (BB 8860: BlackBerry8100/4.2.1 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100 UP.Browser/5.0.3.3 UP.Link/5.1.2.1)

Everything except the application restrictions. Nobody has been able to unlock them. I was thinking of doing a trial of Exchangemymail.com and seeing if that would unlock it. There is no way other than attaching to a BES.

If you have the time, would you mind explaining what you hope to accomplish by using exchangemymail.com and HOW it will be accomplished? I'd like to get a better idea of exactly what needs to be done and what you're trying to do, so I can research this issue correctly.

What does attaching to a BES actually "DO" for your handheld that unlocks the restrictions? What does it change on the handheld and HOW does it do it?

Sorry for the stupid questions, I"m just trying to understand fully what a BES does for the handheld and why we can't FORCE those same changes without the BES.

blackberry-guy

Dawg 06-27-2007 03:18 PM

Quote:

Originally Posted by blackberry-guy (Post 581195)
If you have the time, would you mind explaining what you hope to accomplish by using exchangemymail.com and HOW it will be accomplished? I'd like to get a better idea of exactly what needs to be done and what you're trying to do, so I can research this issue correctly.

What does attaching to a BES actually "DO" for your handheld that unlocks the restrictions? What does it change on the handheld and HOW does it do it?

Sorry for the stupid questions, I"m just trying to understand fully what a BES does for the handheld and why we can't FORCE those same changes without the BES.

blackberry-guy

Please take what I am about to say with a grain of salt, I would highly recommend that you sell that BB and buy a new one. You wont be happy with it, only because of the amount of work you are going to have to put into it.

I would highly suggest that you buy a new device so you wont be so frustrated.

What j is talking about is attaching another BES to the phone that installs anothe IT policy to it. That may remove the first one it may not. I would lean toward the second.

You cant force the existing BES off with out having the IT dept remove it or tryingto put a new one one which I dont think is possible.

Not to mention you are using boost so none of the features are going to work for you anyway. You can use it as a phone and a PDA but you wont be able to use BIS or any other intergraded feature of the BB

John Clark 06-28-2007 02:29 AM

Dawg is right. Many people have tried to get rid of these settings. Unfortunatly, these policies are put on for a reason and therefore are not easily taken off. The fact is that it's not possible to "remove" the policies. I believe that when the carriers or RIM refurbish they can remove them but not the end users. This thread is the best there is for making used BB's work. While it's good to be on the lookout for other methods we need to just live wth the fact that used BB's have their issues.

newbie100 06-28-2007 06:53 AM

I have tried to read every message in this thread, but I cant seem to wonder why the following would not work.

1. I have a BB (8800 O/s 4.2) activated to a BES

2. I wiped / nuked the device.

3. Then the device was no longer activated to the BES. - So all policies should be wiped. Correct ???

I cant understand the need to download a policy.bin file.

Can someone please explain why the policy.bin file is needed ?

Thanks

gacek 06-29-2007 05:41 AM

Hi guys,

i read all threds in this post and try disabled IT Policy in my BB 8700g and i have a problem :( My BB works in ERA network Poland, my OS ver.4.1. So i downloaded file policy.bin, i make change in Windows register and gone according to John Clark tutorial's and i still do not load applications to my BB :/

Who can help me?

blackberry-guy 07-01-2007 09:02 PM

Quote:

Originally Posted by JoeIndy (Post 503029)
John, sorry to hear that it didn't work. I did some looking and found a user manual for a Bluetooth Keyboard designed for BlackBerry's. There's a section for how to allow use of the keyboard through BES. But, it looks like something that isn't accessable to BES Express without going through the whole installation and everything... basically, another section of policies that isn't controlled through policy.bin.

BlueKeyboard Download - Download the manual, see page 26.

Best of luck getting it resolved. -- Joe

Another set of policies? I know I'm still totally ignorant when it comes to this issue, but I'm trying to gather info and learn. So basically, you're saying that the policy.bin file controls several MAIN functions, but not all. The other functions are controlled by OTHER policy files? My questions would then be this:

What settings exactly does policy.bin control, and what are the defaults that will be obtained by applying the blank policy.bin (please list them).

Also, what files then would control the OTHER policies and where might we obtain them in order to tinker with them.

blackberry-guy

John Clark 07-01-2007 09:13 PM

FYI: This is what's in the policy.bin posted above:

Code:

Policy.inf  - Management Configuration file for Desktop Software
;               
;
;  Notes: For comments a (;) must be at the beginning of the line
;        Use (\) for line continuation for strings
;           
;        Format:  Key = Value         
;                  Key {Policy } = value
;                  Key {Default} = value
;                 
;                  where: 'value'  can be an int, boolean or string.
;                        {Policy}  key is updated if different time stamp.
;                        {Default} key is updated only once.
;
;                  If no policy attribute {}, key will default to 'Default'
;
;***************************************************************************

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Desktop Manager Configuration
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; If application is shown on task bar.
HideWhenMinimized {default} = true

; Prompt the user when the Desktop Manager starts.
MessagePrompt {default} = Welcome to the Desktop Manager.

; To enable or disable the USB-Serial converter
EnableUSBconverter {default} = false

; Control whether the Application Loader is available to the user.
ShowApplicationLoader {default} = true

; Control whether if offline IT Policy warning prompt should be displayed.
ShowPolicyErrMsg {default} = true

; Control the length of time the device password is cached by Desktop Manager. (Minutes)
DesktopPasswordTimeout {policy} = 10

; This setting controls whether or not Desktop add-ins are permitted.
; When set to false, no desktop add-in code will be executed.
AllowDesktopAddIns {policy} = true

; Indicates whether or not the desktop software will allow the user to switch devices.
AllowDeviceSwitch {policy} = true

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Synchronization
;; Synchronize for PIM,Email and Folder Management defaults.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


; This setting allows you to specify whether or not you would like PIM
; information to be synchronized when the user selects the Synchronize Now
; button from the Intellisync dialog.
SynchronizeNowPIM = true

; This setting allows you to specify whether or not you would like Email
; information to be synchronized when the user selects the Synchronize Now
; button from the Intellisync dialog.
SynchronizeNowEmail = true

; This setting allows you to specify whether or not you would like the date and
; time to be synchronized when the user selects the Synchronize Now button from
; the Intellisync dialog.
SynchronizeNowDateTime = true

; This setting allows you to specify whether or not you would like PIM
; information to be  to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizePIM = false

; This setting allows you to specify whether or not you would like Email
; information to be  to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizeEmail = false

; This setting allows you to specify whether or not you would like Date and Time
; information to be  to be automatically synchronized when the handheld
; is connected to the PC.
AutoSynchronizeDateTime = false

; This setting allows you to specify whether or not you would like to synchronize
; folders instead of performing an import.
SyncFoldersInsteadOfImport = true

; This setting allows you to specify how information conflicts between the handheld
; and the PC encountered during synchronization are handled. If set to true, desktop
; information is used. If set to false, handheld information is used.
FolderConflictDesktopWins = true

; This setting allows the enabling or disabling of wireless email reconcilation.
AllowWirelessEmailSynchronization = true

; This setting allows the wireless calendar synchronization functionality to be disabled.
DisableWirelessCalendar = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Redirector Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Append signature on out going messages
AutoSignature = -----------------\
Sent from my BlackBerry Handheld.

; Forwards messages to the handheld
ForwardMessagesToHandheld = true

; Allows user's to receive mail when handheld is connected to cradle
ForwardMessagesInCradle = false

; Setup filter rules for email redirection
FilterRuleFile = c:\myfilters.rfi
; When filter rules don't apply, forward or don't send messages
ForwardWhenRulesDontApply = true

; When sending a message from handheld, don't save a copy in my 'Sent Items' folder
DontSaveSentMessages = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Backup/Restore Configuration
;;
;; These value control the setting in "Backup and Restore Options" dialog
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; This value control the value of the "Automatically backup my handheld" setting
; in the options dialog, which is enables or disables prompted Automatic Backups.
AutoBackupEnabled = true

; This value indicates how often an AutoBackup is performed in days.
AutoBackupFrequency = 7

; This setting controls the exclusion of Email and synchronized data from the
; automatic backup. If set to true, the "Backup all handheld application data"
; radio button is selected.
AutoBackupIncludeAll = true

; This setting allows control over whether email is excluded from automatic backups
; (when AutoBackupIncludeAll is false).
AutoBackupExcludeEmail = false

; This setting allows control over whether synchronized application data is excluded
; from automatic backups (when AutoBackupIncludeAll is false). "Synchronized data" is
; that data which is configured for synchronization with Intellisync; this varies
; according to the user's preferences.
AutoBackupExcludeSync = false

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; WebLink Configuration
;;
;; These values control the appearance and behaviour of the WebLink extension.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Setting this value to false prevents the WebLink icon from being displayed.
ShowWebLink = true

; This setting specifies the URL that will be used when the WebLink
; icon is activated.
WebLinkURL = www.your_network_here.com/go/downloads

; This setting controls the label that is displayed for the WebLink icon.
WebLinkLabel = Downloads

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Device Security Settings
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Determine if the password is required on device
PasswordRequired {policy} = false

; Determine if the user can disable the password
UserCanDisablePassword {policy} = true

; Minimum length of the password.
; Valid range is 1 to 12 characters, inclusive.
;
; This value indicates the minimum length of an acceptable device
; security password.
MinPasswordLength {policy} = 4

; Password Pattern Checks
; Valid range is 0 or 1 at this time
;    0 -> no checks
;    1 -> ensure password has at least on letter and one digit
PasswordPatternChecks {policy} = 0

; Suppress Password Echo
;
; Option to disable password echo after x numbers of fail attempts to unlock handheld.
; false -> Disable
; true -> Enable
;
SuppressPasswordEcho {policy} = false

; Maximum device security timeout.
; Valid range is 1 to 60 minutes, inclusive.
;
; The handheld user is permitted to select any security timeout value
; less than this value.
MaxSecurityTimeout {policy} = 60

; Password Timeout
; Valid range is 0 to 60 minutes, inclusive.
;
; Set the effective password timeout on handheld.  This value must be
; less than that of the MaxSecurityTimeout.
SetPasswordTimeout {policy} = 60

;
; If set, forces the device to the lock screen when it is holstered
ForceLockWhenHolstered {policy} = false

; Determine if the user can change the timeout
UserCanChangeTimeout {policy} = TRUE

; Password aging.
; Valid range is 0 to 365.
;
; Specifying a value of 0 indicates password aging is disabled. Other
; values specify the maximum age of the password before the handheld
; user is prompted to change it.
MaxPasswordAgeInDays {policy} = 365

; Password History
; Valid range is 0 to 15
;
; Specify the number of passwords to retain for checking. Passwords in password history cannot be used when
; setting a new handheld password.
;
MaximumPasswordHistory {policy} = 0


; Maximum Password Attempts
; Valid range is 3 to 10
;
; Set the maximum number of  password attempts on handheld.
;
SetMaximumPasswordAttempts {policy} = 10

; Indicate if Long Term Security Timeout is enabled/disabled
;
; If true, handheld long term timeout is enabled
; If false, handheld long term timeout is disabled.
LongTermTimeoutEnable {policy} = false

; Attachment Viewing
;
; Controls the ability to view email attachments on the handheld. 
; If set to true then users can view attachments on the handheld
AllowAttachmentViewing {policy} = true

; Policies that control the behaviour of third party applications
; on Java-based handhelds.
AllowThirdPartyUseSerialPort {policy} = true
AllowExternalConnections {policy} = true
AllowInternalConnections {policy} = true
AllowSplitPipeConnections {policy} = true
DisallowThirdPartyAppDownloads {policy} = false

; Policies that control the behaviour of the handheld Browser application
;
; DefaultBrowserConfigUID {default} = "BlackBerry Browser"
; MDSBrowserTitle {default} = "YourCompany Intranet"
; HomepageAddress {default} = www.your_network_here.com
; HomepageAddressReadOnly {policy} = true
; EnableWAPConfig {policy} = false


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
; Policies that apply to the TLS protocol.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


; TLS Disable Invalid Connection
; Disallow users to connect to a server with an invalid certificate (i.e revoked, expired, etc ).
; Value: 0=true,1=false,2=prompt on device
TLSDisableInvalidConnection {policy} = 1

; TLS Disable Untrusted Connection
; Prevent TLS connections to untrusted servers.
; Values: 0=true,1=false,2=prompt on device
TLSDisableUntrustedConnection {policy} = 2

; TLS Disable Weak Ciphers
; Disable use of weak ciphers during a TLS connection.
; Values: 0=true,1=false,2=prompt on device
TLSDisableWeakCiphers {policy} = 2

; TLS Minimum Strong DH Key Length,
; Valid range 512 to 4096
TLSMinimumStrongDHKeyLength {policy} = 1024

; TLS Minimum Strong ECC Key Length
; Valid range 160 to 571
TLSMinimumStrongECCKeyLength {policy} = 163

; TLS Minimum Strong RSA Key Length
; Valid range 512 to 4096
TLSMinimumStrongRSAKeyLength  {policy} = 1024

; Disable the use of any cipher that is not FIPS compliant.
TLSRestrictFIPSCiphers {policy} = false

; TLS Minimum Strong DSA Key Length
;
; Set the minimum DSA key size allowed for use during a TLS connection.
; Range: 512 - 1024 bits in 64 bit increments
TLSMinimumStrongDSAKeyLength {policy} = 1024

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Messaging Settings.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Indicate if PIN to PIN messaging is permitted.
;
; If true, handheld users are permitted to use the PIN to PIN messaging
; feature. If false, this capability is hidden from the handheld user.
AllowPINtoPIN {policy} = true

; Indicate if the specification of BCC recipients is permitted.
;
; If true, handheld users can specify BCC recipients when composing messages.
; If false, this capability is unavailable to handheld users.
AllowBCCRecipients {policy} = true

; Indicate if SMS messaging is permitted.
;
; If true, handheld users are permitted to send SMS messages.
; If false, this capability is unavailable to handheld users.
AllowSMS {policy} = true

; Indicate if the RIM phone application can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's phone.
; If false, users are not permitted to use the handheld's phone.
AllowPhone {policy} = true

; Indicate if the RIM web browser can be used on the handheld.
;
; If true, handheld users are permitted to use the handheld's web browser.
; If false, users are not permitted to use the handheld's web browser.
AllowBrowser {policy} = true

; Indicate if other email services are permitted on the handheld.
;
; If false, no other email service books (other than the Enterprise
; edition one) are permitted on the handheld. Any other existing email
; service books are removed when the policy is installed; while the
; policy is in effect, other email service books will be rejected by the
; device. This forces all outbound email to be routed through the
; organization's BlackBerry Enterprise Server.
;
; If true, no restrictions are applied to email service books.
AllowOtherEmailServices {policy} = true

; Indicate if other browser transport services are permitted on the handheld.
;
; If false, no other browser transport service books (other than the
; Enterprise edition one) are permitted on the handheld. In this case,
; any other existing browser transport service books are removed when the
; policy is installed; while the policy is in effect, other browser transport
; service books will be rejected by the device. This forces all browser
; traffic to be routed through the organization's BlackBerry Enterprise Server.
;
; If true, no restrictions are applied to browser transport service books.
AllowOtherBrowserServices {policy} = true

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Owner Information
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Owner Name - if value = '*' use the registry setting
OwnerName {default} = Research In Motion Ltd.

; Owner Info - if value = '*' use the registry setting
OwnerInfo {default} = Please return to RIM\
Phone # (519) 888-7465\
295 Phillip St\
Waterloo Ont\
N2L 3W8
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Other Info
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


blackberry-guy 07-01-2007 10:04 PM

Thanks very much for the in-depth breakdown of the contents of the policy.bin file!

It'll be intersting to see if we can also find out what files control the bluetooth stuff and firewall settings (that the policy file does not). And then also if we can manipulate them without needing to connect to a BES.


Then again, and I know this is a long shot, could it be that we could manipulate the OTHER settings (for bluetooth keyboard, etc.) by adding options within the policy.bin file that are currently not there? I know that the compiler may not offer other settings to be adjusted, but if those settings are indeed controlled from within policy.bin and the compiler simply doesn't offer the ability to set them, that doesn't mean that we might not be able to hack policy.bin with other settings. Of course, that would only work if those settings for bluetooth keyboard, firewall, etc. can be controlled via policy.bin. If they are, we might be able to hack them into the policy.bin file.

If those settings are controlled by other policy files, we need to find out which ones.

Thanks again!

blackberry-guy

John Clark 07-01-2007 10:12 PM

Many others have tried with no success.....Good luck! :-)

mgmillsa 07-02-2007 05:16 PM

A simple method that we have found at my company is to install all the 3rd-party SW you want after you setup of the phone with the carrier, but before you activate with BES the first time. Probably not much use for most of you BES users, but will help for your next Blackberry.

WILEMORE 07-02-2007 06:31 PM

Any help on getting around the gps so that the company cant track me?

blackberry-guy 07-03-2007 05:22 AM

Quote:

Originally Posted by WILEMORE (Post 586939)
Any help on getting around the gps so that the company cant track me?

Smash your blackberry with a hammer! :smile:


blackberry-guy

P.S. I wish I had some serious info for you.... maybe someone else will :)


All times are GMT -5. The time now is 11:23 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, vBulletin Solutions Inc.