[BlueBerry2007]

Question and answer method I think could work also, on the surface it seems easy to implement but the more you think about it, the more planning it seems would be needed--and thus not easily implemented.

Quote:

Originally Posted by ladydi

the security question method could work, but people will get frustrated when they can't remember the answer to that either. I guess I don't have any good suggestions as to how to securely identify someone over the phone - I will just thank my lucky stars that I know all my users.

[BlueBerry2007]

Dang, I didn't even know about content protection not allowing passwords to be reset remotely.

Anybody actually have in place a content protection coporate/IT BES policy?

I guess this is the equivalent of encryption for computers. That would seem like it it would slow BB devices down.

[BlueBerry2007]

Do you enforce a policy that prevents a user from enabling content protection? ... but still allow enabling content protection on a user by user basis.

[x14]

Quote:

Originally Posted by BlueBerry2007

Do you enforce a policy that prevents a user from enabling content protection? ... but still allow enabling content protection on a user by user basis.

Content protection causes a few headaches so we do not enforces. One headache being it can take an hour to do a security wipe on a BB.

[Jadey]

Quote:

Originally Posted by ladydi

Step 1: use Exchange Everything syncs OTA without hassle.

Ahem. With all due respect - when Domino is configured properly and as per best practices, then everything syncs OTA without hassle.

The Domino vs. Exchange battle could go on for ever, but in terms of BlackBerry, Domino works as well as anything else with BES if you set it up right.

[Jadey]

Quote:

Originally Posted by BlueBerry2007

I guess you'd re-activate the Blackberry wirelessly ... but just wondering, cause unfortunately for us, we use Lotus Notes, and a user's address book is local on their PC, we currently have them trained to synch. up their address book by using desktop manager and usb cable. (I know it can be done wirelessly but most haven't been trained to do so)

You can't train the users to wirelessly synch an address book (although that WOULD be an interesting trick..!)
Yes, a user PAB is local to PC by default. That is primarily for the reason that any notes client or domino server uses names.nsf as a configuration file - this is standard Domino structure. It is also because notes clients are designed to be easily taken offline, to work offline, you need local files. The whole domino replication process, one of the backbones of the architecture, is designed to keep copies in-line.

For DR purposes, PAB ought to be replicated to the users home mail server. We're not talking huge disk space here, even a PAB with over 1000 entries is roughly 11 MB (unless you're going to start adding all sorts of attachments and graphics to user records. Then, asking PAB size is a little like asking how long a piece of string is).

Once the PAB (and journal for those of you using the Memo section on BBs) are replicated to a server, you give the Domino BES server access on ACL, and reference in the users PIM Synch fields. Job done. Wireless synch wins.

[Aroc]

1. Since we're on BES 4.1, and do everything OTA, I just simply delete the BES user. I can recreate him or her later. A secretary then cancels service with the mobile phone provider, she takes the spare BB out of a drawer, activates the SIM card with the old number, I activate it, and it's given to the user.

2. No passwords on handhelds. The executives/owners won't go for that. Short of an IT audit or someone sponsoring this in the company, I'm not going to implement it. A lot of data flys out of this company unprotected. The BB is the least of my worries.

3. It gets wiped, that's what the device does by default! If I can activate it wirelessly, great. We'll try that. We're a Lotus shop and we do all of the PIM data (mail/calendar/contacts/tasks/memos) and handheld settings wirelessly in BES. On the odd chance that fails, we can engage local IT support either from one of our facilities or a customer/client site. If that is not possible (or doesn't work), then we'll need to get the device in front of us. The BB user can eithe FedEx it back to us, or he/she can deliver it in person when he/she gets back into the office. That's how we used to do it. Sometimes technology has limitations.

4. See number three. He/she is SOL. He/she can use his/her notebook computer until the device can be activated. I can't bleed blood from a rock.

5. We're a small shop (17 BB users, 300 mail users, 1200 employees). I can recognize most users by voice, or we send out encrypted email that particular user can retrieve (Lotus Notes does encryption). Or I'll work with local IT staff (either my own, or through a trusted customer/client/partner site) to get the user's account reset.

--
I'm actually glad to be rid of Desktop Manager. Nearly 85-90% of my BB headaches (and these are few and far between) are due to Desktop Manager. Doing everything OTA (even with increased traffic due to the Synchronizer service and Messaging Agents).

I actually like that "dead man's switch" of wiping a device that this XX days since having an IT policy applied. If we every go down the mandatory password route. I'd like to implement something like that. Just be careful when you turn off that BB for that 14 day vacation, though!

[hdawg]

Quote:

Originally Posted by Jadey

but in terms of BlackBerry, Domino works as well as anything else with BES if you set it up right.

When Domino BES is setup right I think it is much cooler than Exchange (not better ... just cooler) ... Domino has the ability to handle a remote BES about eleventy billion times better than Exchange; which is +1 on the cool factor for me.

From a strictly mail server perspective, there isn't even a discussion on which is better.

[Jadey]

Quote:

Originally Posted by hdawg

When Domino BES is setup right I think it is much cooler than Exchange (not better ... just cooler) ... Domino has the ability to handle a remote BES about eleventy billion times better than Exchange; which is +1 on the cool factor for me.

From a strictly mail server perspective, there isn't even a discussion on which is better.

** Honestly not trying to ignite the age-old Exchange v. Domino battle **

Which mail server is better? Can't ascertain which you mean from answer... unless that was intentional

[hdawg]

Quote:

Originally Posted by Jadey

** Honestly not trying to ignite the age-old Exchange v. Domino battle **

Which mail server is better? Can't ascertain which you mean from answer... unless that was intentional

Heh ... slightly intentional.

As you've said, and from one messaging geek to another, lets leave it at me saying Exchange and you possibly not saying Exchange

[Jadey]

Quote:

Originally Posted by hdawg

Heh ... slightly intentional.

As you've said, and from one messaging geek to another, lets leave it at me saying Exchange and you possibly not saying Exchange

Heh

Agreed

[penguin3107]

My $.02 ...
In the Domino vs. Exchange battle, Groupwise always loses.

[hdawg]

Groupwhat?

[BlueBerry2007]

Quote:

Originally Posted by Aroc

2. No passwords on handhelds. The executives/owners won't go for that. Short of an IT audit or someone sponsoring this in the company, I'm not going to implement it. A lot of data flys out of this company unprotected. The BB is the least of my worries.

We're in the same boat. No passwords on handhelds. It is the way it has been (mainly also because we are just now on BES 4.x, before we were on 2.x). I have a password set on mine and it is a bit of a hassle to key it in everytime I want to check my BB--especially not having used a password before. So, I can already imagine the complaints from users and higher ups. Even though everyone would probably agree the advantage of protecting corporate data outweighs the hassle of having to input a password. But yes, who wants to bear the burden? Unless you also have backing from an IT audit, sponsor, and/or group.

I still think put the responbility on the user. Show them how to set their password and have it reset. It's up to them to implement. If they lose their device and there was important data on it? Guess who's fault it is, not IT, theirs.

Quote:

Originally Posted by Aroc

I actually like that "dead man's switch" of wiping a device that this XX days since having an IT policy applied. If we every go down the mandatory password route. I'd like to implement something like that. Just be careful when you turn off that BB for that 14 day vacation, though!

I like this idea too. Ouch, I hadn't tought about the 14 day (or longer) vacation thing.

[BlueBerry2007]

Quote:

Originally Posted by Jadey

You can't train the users to wirelessly synch an address book (although that WOULD be an interesting trick..!)

[Lotus Notes personal address book (PAB)] ought to be replicated to the users home mail server.

Once the PAB (and journal for those of you using the Memo section on BBs) are replicated to a server, you give the Domino BES server access on ACL, and reference in the users PIM Synch fields. Job done. Wireless synch wins.

In order for the personal address book (residing locally on the computer) to replicate to the user's home mail server, in Notes client the user has to select the Inbox > go to the Actions menu > and select Synchronize Address Book.

The same thing also has to be done if they make changes to contacts on the handheld and want that synch'ed up with their personal address book.

This is what I meant by not having them trained to do wireless synch.

[penguin3107]

Quote:

Originally Posted by BlueBerry2007

I still think put the responbility on the user. Show them how to set their password and have it reset. It's up to them to implement. If they lose their device and there was important data on it? Guess who's fault it is, not IT, theirs.

I wholeheartedly disagree with this.
Security is the responsibility of the IT department, and should never be put in the hands of the end-user.
Especially when you're talking about a BlackBerry device on a corporate BES.

An unprotected BlackBerry device on a BES has access to the INTERNAL corporate network through MDS.
As a result of a lost BlackBerry, you're not just losing the data on the device itself... you're also opening a door to your network. That's a risk that many are not willing to take. Please keep that in mind when making your decisions about enabling password policies.

[penguin3107]

Quote:

Originally Posted by BlueBerry2007

In order for the personal address book (residing locally on the computer) to replicate to the user's home mail server, in Notes client the user has to select the Inbox > go to the Actions menu > and select Synchronize Address Book.

The same thing also has to be done if they make changes to contacts on the handheld and want that synch'ed up with their personal address book.

This is what I meant by not having them trained to do wireless synch.

That's only one way to do it.

You could always replicate the user's personal address book on a schedule to the Domino server, and point the user's BES profile to use the server copy of the address book.
Then there is absolutely no end-user intervention or action required at all.
Very simple.

[BlueBerry2007]

Or, does it make any difference? Whether the user gets deleted from the BES or not.

[penguin3107]

Quote:

Originally Posted by BlueBerry2007

Or, does it make any difference? Whether the user gets deleted from the BES or not.

Not deleting them from BES makes it much easier to configure a new device for the user once they have one.
All of their personal settings and data will be maintained on the BES (using wireless backup) and will populate the new device once its activated.

[hdawg]

Thanks for saving my fingers the typing.

DITTO

If it is your job, I would think part of your job is to maintain a level of security.