[82whiskey]

Hi all,

I'm managing a small BES environment (15 users) and my boss is getting many complaints form users about the password lock. I have it set now at 30 minutes and I have suggested to my boss that it not be extended.

The biggest complaint is about access to the device for making calls. Given that I don't believe access to phone features is a major concern I have already allowed calls without unlocking the phone. For users this just means having to push one extra button to get to phone features but still some are complaining about that.

I need to know what is the worse that can happen if some unscrupulous person were to steal or find one of our blackberries?

Another concern we have is the Navigator software on each device and I will admit is it a pain when you are driving and using the software and the bb keeps locking and you can no longer see the screen. Is there a way to prevent the phone form locking while running certain applications like Navigator?

Thanks

Brian

[MarkF]

Worse that can happen? Someone accesses some data that allows them to sue your company and it folds. Bet your end users don't like to enter a password on their laptops either, why not disable them too?

Here's a KB article about preventing the password timeout from locking while Telenav is running:

Livelink - Redirection

[Jadey]

Some interesting threads:

http://www.blackberryforums.com/bes-...ckberries.html

http://www.blackberryforums.com/bes-...rotection.html

http://www.blackberryforums.com/bes-...gh-policy.html

[Jadey]

Also have a look at http://www.blackberryforums.com/bes-...lock-time.html

There are differing views about lots of aspects of BES/BB security, particularly things like content protection. However, for the majority of BES Admins, device passwords are non negotiable. Apart from the data on the device, you have routes through the LAN depending on how MDS is configured. You also have the risk of identity theft, whoever steals the BB pretending to be the CEO and sending emails that will mess up the company (for example)

[82whiskey]

Hi Mark, Thanks for the link but I'm not understanding something. Here is what I clipped from the page:

In BlackBerry Device Software 4.3, for the Backlight.enable method or the EventInjector method to prevent the Lock screen from being shown, the following criteria must be met:

For BlackBerry device users that have an account on the BlackBerry® Enterprise Server, an IT policy called SecurityPolicy.ALLOW_RESET_IDLE_TIMER must be set to true. By default this IT policy is set to false. No action is required for BlackBerry device users that have a BlackBerry® Internet Service account and who are not on a BlackBerry Enterprise Server.
For both BlackBerry Enterprise Server and BlackBerry Internet Service users, the Security Timer Reset application control must be set to Allow. By default, this control is set to Deny. BlackBerry device users may change this setting on their BlackBerry devices using one of the following methods:
Go to Options > Advanced Options > Applications, and select Edit Permissions from the menu.
Go to Options > Security Options > Application Permissions , and select Edit Permissions from the menu.Regardless of whether the above criteria have been met, the Backlight.enable and EventInjector methods will continue to perform their primary function of enabling the backlight and injecting keyboard and trackball/trackwheel events. No exceptions will be thrown if these criteria are not met; the BlackBerry device will simply display the Lock screen after the security timeout value has been reached.


When I go to the menu locations above on my Blackberry I find Navigator in the applications lsit but I'm not sure what I'm supposed to do or see once I get to Applications and Edit Permissions???

Brian

[Frank Castle]

I'd just put it at the max and be done with it (1 hour) .. then they have nothing to complain about.

Haven't heard of a way to stop the auto lock .. that would be interesting but would have battery life implications.

[wunderbar]

we see these kinds of threads in here probably once every couple of months. the advice is always the same. When you are talking about company data that could potentially be worth thousands, millions, or even billions of dollars, you NEED to ensure that that data is protected.

We instituted a password policy on our blackberries on my recommendation after a lunch meeting with our company president. He got up to go to the bathroom, left his Blackberry on the table. I took it and put in my pocket. When he came back he started freaking out becuase the last email he had looked at had an excel attachment with the entire company financial structure. When I gave him the device back and explained to him that a simple 4 digit password could prevent that from happening, the policy went into effect that afternoon.

I wouldn't recommend trying that paticular scare tactic though. We're a really close knit company, almost like an (admittedly dysfunctional) family. I didn't get into trouble for that stunt, actually got praise for opening his eyes. If I was working anywhere else I would have been in huge trouble for pulling a stunt like that.

[Frank Castle]

That's pretty funny.

[MarkF]

Brian - Once you click Edit Permissions, you need to make sure the Security Timer Reset is set to Allow.
It's important to note that after you change this setting, if you were to have Navigator running and lost the device, the security timer will not start until you exit Navigator. That could give someone with malicious intentions a 30 minute window (as your IT Policy is set) to access your company data.
Ideally, when you exited Navigator, the device would be locked.

[82whiskey]

I'm unable to find this in our IT policy:

ALLOW_RESET_IDLE_TIMER IT policy

Is it not available in 4.1.2?

Thanks
Brian

[MarkF]

Brian - That I don't know. We have 4.1.4 and it's in the Security Policy Group, near the bottom

cheers

[knottyrope]

Quote:

Originally Posted by wunderbar

We instituted a password policy on our blackberries on my recommendation after a lunch meeting with our company president. He got up to go to the bathroom, left his Blackberry on the table. I took it and put in my pocket. When he came back he started freaking out becuase the last email he had looked at had an excel attachment with the entire company financial structure. When I gave him the device back and explained to him that a simple 4 digit password could prevent that from happening, the policy went into effect that afternoon.

.

That is awsome,