BES - Policy - BB Version 5 0 2 Rohversion

Name
Application Center
Disable Application Center
Disable Carrier Directory
BlackBerry App World

Disable App World
Application Restriction Rule
Application Restriction List
Category Restriction Rule
Category Restriction List
Disable Application Purchasing
Enable Wireless Service Provider

Billing
BlackBerry Messenger
Disable BlackBerry Messenger
Messenger Audit Email Address
Messenger Audit UID
Messenger Audit Report Interval
Messenger Audit Max Report Interval
Disallow Forwarding Of Contacts
Disable Location Requests,

Responses & Proximity Alerts
Disable Server Based Contact List

Synchronization
Disable Check For Updates
Enforce Security Question In

BlackBerry Messenger Invitation
Disallow Setting A Subject On

Conversations
Disallow External Email Address For
Server Registration

Groups
BlackBerry Smart Card Reader

Maximum Connection Heartbeat
Period
Maximum BlackBerry Disconnected

Timeout
Maximum BlackBerry Long Term
Timeout
Maximum BlackBerry Bluetooth

Traffic Inactivity Timeout
Maximum Smart Card Not Present

Timeout
Maximum Number of BlackBerry

Transactions
Maximum Bluetooth Range
Maximum PC Disconnected Timeout
Maximum PC Long Term Timeout
Maximum PC Bluetooth Traffic

Inactivity Timeout
Maximum Number of PC
Transactions
Maximum Number of PC Pairings
Force Erase All Keys on BlackBerry

Disconnected Timeout
Maximum Bluetooth Encryption Key

Regeneration Period
Force Erase Key On PC Standby
Disable Auto Reconnect To

BlackBerry Smart Card Reader
Minimum PIN Entry Mode
BlackBerry Unite!
Disable Unite! Applications
Disable Download Manager
Bluetooth
Disable Bluetooth
Disable Pairing
Disable Headset Profile

Disable Handsfree Profile
Disable Serial Port Profile
Disable Discoverable Mode
Allow Outgoing Calls
Disable Address Book Transfer
Disable Desktop Connectivity
Disable Wireless Bypass
Require Password for Enabling

Bluetooth Support
Require Password for Discoverable

Mode
Require Encryption
Disable File Transfer
Require LED Connection Indicator
Disable Dial-Up Networking
Force CHAP Authentication on

Bluetooth Link
Disable Advanced Audio Distribution

Profile
Disable Audio/Video Remote Control

Profile
Minimum Encryption Key Length
Limit Discoverable Time
Disable SIM Access Profile

Disable Message Access Profile
Browser
MDS Browser Title
Disable Java Script in Browser
Allow IBS Browser
MDS Browser JavaScript Enabled
MDS Browser Style Sheets Enabled
MDS Browser HTML Tables Enabled
MDS Browser BSM Enabled
Download Images URL

Download Themes URL
Download Tunes URL
Disable Auto Synchronization in
Browser
MDS Browser Use Separate Icon
MDS Browser Domains
Allow Application Download Services
Allow Hotspot Browser
Camera
Disable Photo Camera
Disable Video Camera
Certificate Synchronisation
Random Source URL
User Can Disable Automatic RNG
Initialization
Certification Authority Profile

Certificate Authority Profile Name
Certification Authority Profile

Automatic Enrollment
Certificate Authority Type
Certificate Authority Host
Certificate Authority Port
RSA Certificate Authority Certificate

ID
RSA Jurisdiction ID
Microsoft Certificate Authority

Certificate Template
Key Algorithm
Key Length
Certificate Enrollment Delay
Certificate Expiry Window
Common Name Components
Allow Private Key Export
Custom Microsoft Certificate

Authority Certificate Template
Distinguished Name Components
Chalk Pushcast
Allow Launch of Chalk Pushcast
Player
Allow Chalk Pushcast Player

Roaming
Restrict Chalk Pushcast Player to

Wi-Fi
Restrict Chalk Pushcast Player to
Wi-Fi
Allow Chalk Pushcast Player Auto

Update Prompt
Allow Chalk Pushcast Player Auto

Update Prompt
Chalk Pushcast Player Default
Connection Type
Common
Lock Owner Info
IT Policy Notification
Confirm On Send
Set Owner Info
Set Owner Name
Disable MMS
Disable Voice-Activated Dialing
Disable Kodiak PTT
Disable Voice Note Recording
Enable Simultaneous Phone and

Data
Date and Time
Automatic Time Zone Change

Detection
Periodic Time Synchronization
Enable Time Zone Definitions

Update
Time Zone Definitions Automatic

Update Interval
Time Zone Definitions Update Server
Desktop
Desktop Password Cache Timeout
Desktop Allow Desktop Add-ins
Desktop Allow Device Switch

Disable Media Manager
Disable Check For Updates Link
Override Check For Updates URL
Disable Media Synchronization
Allow External Device Software

Servers
Allow Personal Folder Reconciliation
Generate Encrypted Backup Files
Allow BlackBerry Desktop Software

Statistics
Allow IP Modem application
Force updates for application loader

tool
Desktop Only
Message Prompt
Show Application Loader
Force Load Count
Synchronize Messages Instead Of

Importing
Message Conflict Mailbox Wins
Disable Wireless Calendar

Auto Backup Enabled
Auto Backup Frequency
Auto Backup Include All
Auto Backup Exclude Messages
Auto Backup Exclude

Synchronization
Show Web Link
Web Link URL
Web Link Label
Auto Signature
Forward Messages In Cradle
Do Not Save Sent Messages
Force Load Message
Device IOT Application

Device Diagnostic App Disable
Set Diagnostic Report Email Address

Set Diagnostic Report Pin Address
Device Only
Password Required
Allow Peer-to-Peer Messages
Minimum Password Length
User Can Disable Password
Maximum Security Timeout
Maximum Password Age
User Can Change Timeout
Password Pattern Checks
Enable Long-Term Timeout
Allow SMS
Allow BCC Recipients

Home Page Address
Home Page Address is Read-Only
Enable WAP Config
Default Browser Config UID
Documents To Go
Disable Documents To Go
Hide Documents To Go Premium

Feature Menus
Hide Documents To Go
Communication Menus
Email Messaging
Enable Wireless Message
Reconciliation
Attachment Viewing
Prepend Disclaimer
Keep Message Duration
Keep Saved Message Duration
Maximum Native Attachment MFH

Total Attachment Size
Maximum Native Attachment MFH

Attachment Size
Allow Auto Attachment Download

Disable Notes Native Encryption
Forward And Reply
Notes Native Encryption Password

Timeout
Maximum Native Attachment MTH

Attachment Size
Disable Rich Content Email
Inline Content Requests
Disable Manual Download of

External Images
Disable Form Submission
Require Notes Native Encryption For

Outgoing Messages
Confirm External Image Download
Enterprise Voice Client

Disable Enterprise Voice Client
Reject Non-Enterprise Voice Calls
Lock Outgoing Line
Disable DTMF Fallback
External Display
Display Notification Details
Include Message Text In Notification
Details
Firewall
Restrict Incoming Cellular Calls
Restrict Outgoing Cellular Calls
Global
Allow Phone
Allow Browser
Instant Messaging
Disallow File Transfer Types
Disable Emailing Conversation
Disable Saving Conversation
Disable Address Book Lookup for

Enterprise Messenger
Maximum File Transfer Size (Mb)
Disable Emoticons
Disable Broadcast Messages
Disable Automatic Login
Disable Offline Messaging for

Enterprise Messenger
Location Based Services
Disable BlackBerry Maps
Enable Enterprise Location Tracking
Enterprise Location Tracking User

Prompt Message
Enterprise Location Tracking Interval
Allow Geolocation Service
MDS Integration Service

Disable MDS Runtime
Lowest MDS Integration Service

Security Version Allowed
Verify BlackBerry MDS Integration

Service Certificate
Disable Activation With Public

BlackBerry MDS Integration Service
Disable User-Initiated Activation with

the BlackBerry MDS Integration
Service
Allow Discovery by User
Allow Access to Multiple Domains
Queue Limit for Inbound Application

Messages
Queue Limit for Outbound
Application Messages
Enable access to organizer data, IPC
and phone for MDS Runtime 4.3.0
and earlier
Memory Cleaner
Memory Cleaner Maximum Idle Time
Force Memory Clean When Idle
Force Memory Clean When

Holstered
Force Memory Clean When Closed
On-Device Help
On-Device Help Links
On-Device Help Group Label
PGP Application
PGP Minimum Strong DH Key
Length
PGP Force Digital Signature
PGP Force Encrypted Messages
PGP Blind Copy Address
PGP Allowed Content Ciphers
PGP Minimum Strong RSA Key

Length
PGP Minimum Strong DSA Key

Length
PGP Universal Server Address
PGP Universal Enrollment Method
PGP Universal Policy Cache Timeout
PGP Allowed Encrypted Attachment

Mode
PGP Allowed Encryption Types
PGP More All And Send Mode
PIM Synchronization
Disable All Wireless Synchronization
Disable Address Wireless

Synchronization
Disable Calendar Wireless
Synchronization
Disable Memopad Wireless
Synchronization
Disable Task Wireless
Synchronization
Disable Wireless Bulk Loads
Disable PIN Messages Wireless

Synchronization
Disable SMS Messages Wireless

Synchronization
Disable Phone Call Log Wireless

Synchronization
Disable Enterprise Activation
Progress

Wireless Synchronization
Password
Set Password Timeout
Set Maximum Password Attempts

Suppress Password Echo
Maximum Password History
Duress Notification Address
Periodic Challenge Time
Forbidden Passwords
Phone
Outgoing Call Redirection
RIM Value-Added Applications

Disable RIM Value-Added
Applications
Disable Ecommerce Content

Optimization Engine
Disable BlackBerry Wallet
Disable Lotus Connections
Lotus Connections Dogear Server
Lotus Connections Profiles Server

Lotus Connections Communities
Server
Lotus Connections Blogs Server
Lotus Connections Activities Server
Disable organizer data access for

social networking applications
Allow TiVo for BlackBerry Application
BlackBerry Social Network

Application Proxy URL for Lotus
Quickr
Allow Edits to BlackBerry Social

Network Application Proxy URL for
Lotus Quickr
Enable the "Tell A Friend" Feature in
BlackBerry Client for Lotus Quickr
BlackBerry Social Network

Application Proxy URL for Lotus
Connections
Allow Edits to BlackBerry Social

Network Application Proxy URL for
Lotus Connections
Enable the "Tell A Friend" Feature in

BlackBerry Client for Lotus
Connections
Deactivate eBay for BlackBerry
smartphones
Prevent uploading of videos to
YouTube
Prevent BlackBerry Podcasts
Disable Feeds application
Prevent RSS Feeds

S/MIME Application
S/MIME Minimum Strong RSA Key
Length
S/MIME Minimum Strong DH Key

Length
S/MIME Minimum Strong ECC Key

Length
S/MIME Force Digital Signature
S/MIME Force Encrypted Messages
S/MIME Force Smartcard Use
S/MIME Blind Copy Address
S/MIME Allowed Content Ciphers
S/MIME Minimum Strong DSA Key

Length
Entrust Messaging Server (EMS)

Email Address
S/MIME Allowed Encrypted
Attachment Mode
S/MIME Allowed Encryption Types
S/MIME More All And Send Mode
SIM Application Toolkit

Disable SIM Call Control
Disable Network Location Query
Disable SIM Originated Calls
Secure Email
Disable Certificate Address Checks
Canonical Certificate Domain Name
Security
Lock on Smart Card Removal
Force Smart Card Two Factor

Authentication
Disable Untrusted Certificate Use
Disable Revoked Certificate Use
Disable Message Normal Send
Disable Peer-to-Peer Normal Send
Disable Key Store Low Security
Key Store Password Maximum

Timeout
Certificate Status Cache Timeout

Disallow Third Party Application
Downloads
Force Lock When Holstered
Allow Third Party Apps to Use Serial

Port
Allow Third Party Apps to Use
Persistent Store
Content Protection Strength
Allow Internal Connections
Allow External Connections
Allow Split-Pipe Connections
Disable Invalid Certificate Use
Disable Weak Certificate Use
Trusted Certificate Thumbprints
Disable Key Store Backup
Certificate Status Maximum Expiry

Time
Disable Stale Status Use
Disable Cut/Copy/Paste
Disable Radio When Cradled
Disable Forwarding Between

Services
FIPS Level
Allow Outgoing Call When Locked
Disable Unverified CRLs
Security Service Colors
Disable 3DES Transport Crypto
Disable Persisted Plain Text
Minimal Signing Key Store Security

Level
Minimal Encryption Key Store

Security Level
Desktop Backup
Disable Unverified Certificate Use
Disable IP Modem
Allow Smart Card Password Caching
Disable GPS
Force Content Protection of Master

Keys
Force LED Blinking When

Microphone Is On
Content Protection of Contact List
Disable Stale Certificate Status

Checks
Disable External Memory
Disable USB Mass Storage
External File System Encryption

Level
Disable Media Manager FTP Access

Disable Smart Password Entry
Force Smart Card Two Factor

Challenge Response
Secure Wipe If Low Battery
Secure Wipe Delay After IT Policy

Received
Secure Wipe Delay After Lock
Firewall Block Incoming Messages
Required Password Pattern
Require Secure APB Messages
Password Required for Application

Download
Allow Resetting of Idle Timer

Remote Wipe Reset to Factory
Defaults
Allow Screen Shot Capture
Disable Public Photo Sharing

Applications
Disable Geo-Tagging of Photos
Message Classification Title
Firewall Whitelist Addresses
Weak Digest Algorithms
Maximum Smart Card User

Authenticator Certificate Status
Check Period
Security Transcoder Cod File

Hashes
Disable Public Social Networking

Applications
Force Lock When Closed
Force Device Password Entry While

User Authentication is Enabled
Allowed Authentication Mechanisms

Force Multi Factor Authentication
Force Smart Card Reader Challenge

Response while User Authentication
is enabled
Login Disclaimer
Two-factor Content Protection Usage
Disable BlackBerry App World

Disable Certificate or Key Import
From External Memory
Lock on Proximity Authenticator

Disconnect
Force Notifications for Keys with

Medium Security Level
Encryption On On-Board Device

Memory Media Files
Media Card Format On Device Wipe
Content Protection Usage
Force Display IT Policy Viewer Icon

on Homescreen
Disable Browsing Of Remote Shared
Folders
Service Exclusivity
Allow Other Message Services
Allow Other Browser Services
Allow Public Yahoo! Messenger

Services
Allow Public AIM Services
Allow Public ICQ Services
Allow Public IM Services
Allow Public Google Talk Services
Allow Other Calendar Services
Allow Public WLM Services
Allow Network Address Book Sync
Smart Dialing
Enable Smart Dialing Policy
Smart Dialing Allow Device Changes
Set Local Country Code

Set Local Area Code
Set National Number Length
TCP
TCP APN
TCP Username
TCP Password
TLS Application
TLS Disable Weak Ciphers
TLS Disable Untrusted Connection
TLS Minimum Strong RSA Key

Length
TLS Minimum Strong DH Key Length
TLS Minimum Strong ECC Key

Length
TLS Disable Invalid Connection
TLS Restrict FIPS Ciphers
TLS Minimum Strong DSA Key

Length
TLS Device Side Only
TLS Disable Weak Digests
TLS Prevent Unmatched Domain

Name
User Feedback
Allow User Feedback
VPN
Enable VPN
VPN Allow Handheld Changes
VPN Vendor Type
VPN Gateway Address
VPN Group Name

VPN Group Password
VPN User Name
VPN User Password
VPN DNS Configuration
VPN Primary DNS
VPN Secondary DNS
VPN Domain Name
Use VPN Xauth
VPN Xauth Type
VPN IKE DH Group
VPN IKE Cipher
VPN IKE Hash
VPN PFS
VPN IPSEC Cipher and Hash
VPN Allow Password Save
VPN NAT Keep Alive

VPN Password Hidden on Input
VPN Disable Prompt for Credentials

Re-Entry
Disable VPN User Profiles
VPN Minimal Certificate Encryption

Key Security Level
Visual Voice Mail

Disable Visual Voice Mail
Allow Users to Save Messages
Require password
Password Complexity
VoIP
Allow VoIP
VoIP Allow BlackBerry Device

Changes
SIP Realm
SIP User ID
SIP User Password
SIP Server Type
SIP Server Name
SIP Server Port
VoIP Emergency Number
SIP User Display Name

SIP Domain
SIP Server Transport
SIP Registration Timeout
SIP RTP Media Port
SIP Local Port
SIP Authentication ID
VoIP Emergency Number
VoIP Enable Call Hold
VoIP Enable Unattended Call

Transfer
VoIP Enable Attended Call Transfer
Disable VoIP User Profiles
WTLS Application
WTLS Disable Weak Ciphers
WTLS Disable Untrusted Connection
WTLS Minimum Strong RSA Key

Length
WTLS Minimum Strong DH Key

Length
WTLS Minimum Strong ECC Key

Length
WTLS Disable Invalid Connection
WTLS Restrict FIPS Ciphers
Wi-Fi
Wi-Fi Allow Handheld Changes
Wi-Fi Link Security
Wi-Fi SSID
Wi-Fi Default Key ID
Wi-Fi WEP Key 1

Wi-Fi WEP Key 2
Wi-Fi WEP Key 3
Wi-Fi WEP Key 4
Wi-Fi Preshared Key

Wi-Fi User Name
Wi-Fi User Password
Wi-Fi DHCP Configuration
Wi-Fi IP Address
Wi-Fi Subnet Mask
Wi-Fi Primary DNS
Wi-Fi Secondary DNS
Wi-Fi Default Gateway
Wi-Fi Minimal EAP-TLS Certificate

Encryption Key Security Level
Wi-Fi Enable Authentication Page
Disable Wi-Fi
Wi-Fi Password Hidden on Input
Disable WAN-Only Mode
Disable WAN-Preferred Mode
Disable GAN-Only Mode
Disable GAN-Preferred Mode
Disable GAN Selection Mode Editing

Wi-Fi Disable Prompt for Credentials
Re-Entry
Disable Wi-Fi User Profiles
GAN Wi-Fi Threshold
GAN Signal Strength Threshold
GAN Signal Quality Threshold
Disable Wi-Fi Direct Access to

BlackBerry Enterprise Server
Wi-Fi profile forwarding mode
BlackBerry Infrastructure Wi-Fi

Access Mode
Blocked Wi-Fi SSIDs
Wired Software Updates

Allow Web-Based Software Loading
Cryptographic Services Backup

Wireless Software Upgrades
Disallow Patch Download Over WAN
Disallow Patch Download Over

Roaming WAN
Disallow Patch Download Over

International Roaming WAN
Disallow Patch Download Over WiFi

Description
Contains IT policy rules that apply to the BlackBerry Application Center.
Specify whether to disable the BlackBerry Application Center on the BlackBerry device. Set this rule to Yes to prevent the
BlackBerry Application Center. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.3.0 and higher.
Specify whether to disable the carrier directory in the BlackBerry Application Center on the BlackBerry device. Set this rule
accessing the carrier directory in the BlackBerry Application Center. If you do not set this rule, a default value of No will be
Java-based BlackBerry devices version 4.3.0 and higher.
Contains IT policy rules that apply to the BlackBerry App World

Specify whether the BlackBerry App World application is disabled on the BlackBerry device. To prevent a BlackBerry devic
World, set the value for this rule to Yes. To permit a BlackBerry device to run BlackBerry App World, set the value for this r
precedence over the Disable BlackBerry App World IT policy rule that is included in the Security policy group.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify guidelines that a BlackBerry device can use to permit or prevent a user from purchasing and downloading applicat
BlackBerry App World storefront. If you set the value of this rule to None, the user can purchase or download any applicati
to Allow, the user can only purchase or download applications that you specify in the Application Restriction List IT policy r
rule to Deny, the user cannot purchase or download applications that you specify in the Application Restriction List IT polic
If you do not set this rule, a default value of "None" will be used.
Type a comma-separated list of application IDs of applications that are available on the BlackBerry App World storefront a
to BlackBerry device users. You must configure the Application Restriction Rule IT policy rule to indicate whether you want
that you specify in this rule to users. To find the application ID for an application, in http://appworld.blackberry.com/websto
application. The application ID is the number that is located at the end of the URL for the application.
Specify guidelines that a BlackBerry device can use to permit or prevent a user from purchasing and downloading categor
available on the BlackBerry App World storefront. If you set the value of this rule to None, the user can purchase or downlo
category. If you set the value of this rule to Allow, the user can only purchase or download applications that are included in
the Category Restriction List IT policy rule. If you set the value of this rule to Deny, the user cannot purchase or download
the categories that you specify in the Category Restriction List IT policy rule.
If you do not set this rule, a default value of "None" will be used.
Type a comma-separated list of category IDs of application categories that are available on the BlackBerry App World stor
or deny to BlackBerry device users. You must configure the Category Restriction Rule IT policy rule to indicate whether yo
application categories that you specify in this rule to users. To find the category ID for a category, in http://appworld.blackb
application category name. The category ID is the number that is located at the end of the URL for the application category
Specifies whether a BlackBerry device user can purchase new applications from the BlackBerry App World storefront. To p
applications from BlackBerry App World, set the value of this rule to No. To prevent a user from purchasing applications fro
value of this rule to Yes.
Specifies whether a BlackBerry device user can purchase applications from the BlackBerry App World storefront using the
organization's wireless service provider. To permit a user to purchase applications from BlackBerry App World using the w
purchasing plan, set this rule to Yes. To prevent a user from purchasing applications from BlackBerry App World using the
purchasing plan, set this rule to No.
BlackBerry Messenger policy group

Specify whether the BlackBerry Messenger is turned off on the BlackBerry device. If you do not set this rule, a default valu
applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Type the address to which the BlackBerry device sends BlackBerry Messenger audit reports. If this rule is empty, the Black
auditing and does not send reports. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Type the unique identifier (UID) of the service book to use when sending the BlackBerry Messenger audit reports. If you le
BlackBerry device uses the first available encrypted message service to send reports. This rule applies only to Java-based
and higher.
Type the interval, in hours, after which the BlackBerry Messenger sends a new audit report if there is new data. Note: Rep
frequently, if required, to manage BlackBerry device memory. The valid range for the value of this rule is 1 through 8736 h
default value of 24 will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Type the interval, in hours, after which the BlackBerry device sends a new BlackBerry Messenger audit report, whether or
range for the value of this rule is 1 through 8736 hours. If you do not set this rule, a default value of 168 will be used. This
BlackBerry devices version 3.6.0 and higher.
Specify whether a user can forward contacts using BlackBerry Messenger. If you do not set this rule, a default value of No
only to Java-based BlackBerry devices version 4.6.0 and higher.
Specify whether a BlackBerry Messenger user can request location requests, respond to location requests, and request or
BlackBerry Messenger user. If you do not set this rule, a default value of No will be used. This rule applies only to Java-ba
4.5.0 and higher.
Specify whether a BlackBerry Messenger user can store the contact list for the BlackBerry Messenger in the BlackBerry In
switch to another BlackBerry device more reliably. If you do not set this rule, a default value of No will be used. This rule ap
Specify whether a BlackBerry device can check for a newer version of the BlackBerry Messenger automatically. If you do n
No will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether a BlackBerry device can enforce a security question for invitations that the BlackBerry Messsenger proces
channels (for example, email). If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.5.0 and higher.
Specify whether a BlackBerry Messenger user can set a subject for a BlackBerry Messenger conversation. If you do not se
will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether a BlackBerry Messenger user can register, with the BlackBerry Messenger server, an email address that i
BlackBerry Enterprise Server. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.5.0 and higher.
Specify whether a BlackBerry Messenger user can participate in BlackBerry Messenger Groups.
Contains IT policy rules that apply to the BlackBerry Smart Card Reader.
Specify the maximum heartbeat period, in seconds. Each heartbeat period, the paired BlackBerry device or computer send
BlackBerry Smart Card Reader acknowledges. If either side fails to send or acknowledge a heartbeat in the maximum hea
device or computer closes the Bluetooth connection. Note: When the connection closes, the disconnected timer starts if yo
on the BlackBerry device or computer. The BlackBerry device or computer clears the secure pairing keys when the discon
policy rule to prevent an attacker from using a low-level Bluetooth heartbeat to keep the Bluetooth connection open betwee
computer, and the BlackBerry Smart Card Reader and the secure pairing keys present, for an extended period after the co
you set this IT policy rule, the user cannot disable the heartbeat, but can decrease the Connection Heartbeat Period field v
BlackBerry device or computer. If you do not set this IT policy rule, the user can choose any period or set the Connection H
None on the BlackBerry device or computer to disable the heartbeat period. Note: If you set this IT policy rule to a low hea
Specify the maximum time, in seconds, after the BlackBerry device and the BlackBerry Smart Card Reader close the Bluet
that the disconnected timeout fires. If you set this IT policy rule, the user cannot disable the timeout, but can decrease the
on the BlackBerry device. If you do not set this IT policy rule, the user can choose any disconnected timeout value or set th
value to None on the BlackBerry device to disable this feature. Note: You can use the Force Erase All Keys on BlackBerry
rule to specify whether the secure pairing keys for the current BlackBerry device and computer connections to the BlackBe
cleared when the disconnected timeout fires. The valid range for the value of this rule is 0 through 604800 seconds. This r
Specify the maximum time, in hours, after the BlackBerry device and the BlackBerry Smart Card Reader establish the secu
them, that the BlackBerry device and the BlackBerry Smart Card Reader remove their secure pairing information. If you se
cannot disable the timeout, but can decrease the Long Term Timeout field value from that value on the BlackBerry device.
rule, the user can choose any disconnected timeout value or set the Long Term Timeout field value to None on the BlackB
Related IT policy rule: Maximum BlackBerry Bluetooth Traffic Inactivity Timeout. The valid range for the value of this rule is
Specify the maximum time, in minutes, of secure Bluetooth traffic inactivity permitted between the BlackBerry Smart Card R
before the secure pairing information is removed from the BlackBerry device and the BlackBerry Smart Card Reader. Note
other than the connection heartbeat sent or received by the BlackBerry device and the BlackBerry Smart Card Reader. If y
cannot disable the inactivity timeout, but can decrease the Inactivity Timeout field value from that value on the BlackBerry
policy rule, the user can choose any inactivity timeout value or set the Inactivity Timeout field value to None on the BlackB
The valid range for the value of this rule is 1 through 10080 minutes. This rule applies only to Java-based BlackBerry devic
Specify the maximum time, in seconds, after the user removes the smart card from the BlackBerry Smart Card Reader tha
removed from the BlackBerry device and the BlackBerry Smart Card Reader. If you set this IT policy rule, the user cannot
timeout, but can decrease the Card Not Present Timeout field value from that value on the BlackBerry device. If you do no
can choose any smart card not present timeout value or set the Card Not Present Timeout field value to None on the Black
feature. The valid range for the value of this rule is 0 through 86400 seconds. This rule applies only to Java-based BlackBe
higher.
Specify the maximum number of transactions (smart card-related operations) that the BlackBerry device and the BlackBerr
and receive before the secure pairing information is removed from the BlackBerry device. If you set this IT policy rule, the u
pairing wipe, but can decrease the Number of Transactions field value from that value on the BlackBerry device. If you do
can choose any number of BlackBerry transactions or set the Number of Transactions field value to None on the BlackBer
The valid range for the value of this rule is 100 through 10000 transactions. This rule applies only to Java-based BlackBerr
higher.
Specify the maximum power range, as a value between 30% (the shortest range) and 100% (the longest range), that the B
uses to send Bluetooth packets. A longer range enables the BlackBerry device or the computer to communicate with the B
over a greater distance. If you do not set this rule, a default value of "100%" will be used. This rule applies only to Java-ba
4.0.0 and higher.
Specify the maximum time, in seconds, after the computer and the BlackBerry Smart Card Reader close the Bluetooth con
secure pairing information for that dropped connection is removed from the computer and the BlackBerry Smart Card Read
the user cannot disable the PC disconnected timeout, but can decrease the Disconnected Timeout field value in the BlackB
on the computer. If you do not set this IT policy rule, the user can choose any maximum PC disconnected timeout or set th
value to None in the BlackBerry Smart Card Reader Options on the computer to disable this feature. This rule applies to B
Version 1.5 or later only. The valid range for the value of this rule is 0 through 604800 seconds.
Specify the maximum time, in hours, after the computer and the BlackBerry Smart Card Reader establish the secure pairin
the computer and the BlackBerry Smart Card Reader remove their secure pairing information. If you set this IT policy rule,
timeout, but can decrease the Long Term Timeout field value from that value in the BlackBerry Smart Card Reader Option
set this IT policy rule, the user can choose any disconnected timeout value or set the Long Term Timeout field value to No
Reader Options on the computer to disable this feature. Related IT policy rule: Maximum PC Inactivity Timeout. This rule a
Reader Version 1.5 or later only. The valid range for the value of this rule is 1 through 720 hours.
Specify the maximum time, in minutes, of secure Bluetooth traffic inactivity permitted between the BlackBerry Smart Card R
the secure pairing information is removed from the computer and the BlackBerry Smart Card Reader. Note: Activity is any
connection heartbeat sent or received by the BlackBerry device and the BlackBerry Smart Card Reader. If you set this IT p
the inactivity timeout, but can decrease the Inactivity Timeout field value from that value in the BlackBerry Smart Card Rea
you do not set this IT policy rule, the user can choose any inactivity timeout value or set the Inactivity Timeout field value to
Card Reader Options on the computer to disable this feature. This rule applies to BlackBerry Smart Card Reader Version 1
for the value of this rule is 1 through 10080 minutes.
Specify the maximum number of transactions (smart cardrelated operations) that the computer and the BlackBerry Smart C
receive between them before the secure pairing information is removed from the computer and the BlackBerry Smart Card
any request and response set of packets other than a connection heartbeat. If you set this IT policy rule, the user cannot c
transactions, but can decrease the Number of Transactions field value from that value in the BlackBerry Smart Card Read
do not set this IT policy rule, the user can choose any number of PC transactions or set the Number of Transactions field v
Smart Card Reader Options on the computer to disable this feature. This rule applies to BlackBerry Smart Card Reader 1.5
the value of this rule is 100 through 10000 transactions.
Specify the maximum number of computers that can pair with the BlackBerry Smart Card Reader. If you set this IT policy r
with the BlackBerry Smart Card Reader, the BlackBerry Smart Card Reader disconnects and removes the pairings of the l
exceed the maximum number permitted. This rule applies to BlackBerry Smart Card Reader 1.5 or later only. The valid ran
through 65535.
Specify whether the connected BlackBerry device removes its secure pairing key and drops its connection to the BlackBer
BlackBerry Smart Card Reader removes all secure pairing keys and drops all connections to connected computers when t
timeout fires. The user can set this feature on the BlackBerry device. If you set this IT policy rule to Yes, the user cannot d
BlackBerry device. This rule applies to BlackBerry Smart Card Reader Version 1.5 and later only. If you do not set this rule
used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify a period, in hours, after which the BlackBerry Smart Card Reader regenerates the Bluetooth encryption key if the B
connected to the BlackBerry Smart Card Reader when the period expires. If the BlackBerry device or computer is not conn
Card Reader when the period expires, the BlackBerry Smart Card Reader regenerates the key when the BlackBerry device
BlackBerry Smart Card Reader. The valid range for the value of this rule is 1 through 720 hours. This rule applies only to J
version 4.0.0 and higher.
Specify whether the computer remove its secure pairing key and drops the connection to the BlackBerry Smart Card Read
standby mode. The user can set this feature on the computer. If you set this IT policy rule to Yes, the user cannot disable t
you do not set this rule, a default value of No will be used.
Prevent automatic reconnections to the BlackBerry Smart Card Reader from previously connected BlackBerry devices and
Auto Reconnect On BlackBerry option to prevent the BlackBerry device from reconnecting automatically to the BlackBerry
Disable Auto Reconnect On PC option to prevent the computer from reconnecting automatically to the BlackBerry Smart C
reconnections from the BlackBerry device is designed to increase the life of the BlackBerry device. This rule applies only to
Specify the minimum PIN entry mode required when pairing the BlackBerry Smart Card Reader with a BlackBerry device o
Secure Pairing PINs enforce this mode. If you do not set this rule, a default value of "Numeric" will be used. This rule appli
devices version 5.0.0 and higher.
Contains IT policy rules that apply to BlackBerry Unite!.

Specify whether to prevent BlackBerry Unite! Applications from running on BlackBerry devices. This rule applies only to Bla
Unite! Applications installed. If you do not set this rule, a default value of No will be used. This rule applies only to Java-ba
4.2.2 and higher.
Specify whether to prevent the BlackBerry Download Manager for BlackBerry Unite! from running on BlackBerry devices. T
BlackBerry devices with BlackBerry Unite! Applications installed. If you do not set this rule, a default value of No will be use
based BlackBerry devices version 4.2.2 and higher.
Contains IT policy rules that apply to Bluetooth.

Specify whether support for Bluetooth technology is turned off on the BlackBerry device. If the Bluetooth wireless radio is a
receives this IT policy rule, the BlackBerry device must be reset manually for the change to take effect. If you do not set th
be used. This rule applies only to Java-based BlackBerry devices version 3.8.0 and higher.
Specify whether to prevent a Bluetooth enabled BlackBerry device from establishing a relationship (in other words, pairing
Note: Set this rule to Yes to prevent the BlackBerry device user from pairing with subsequent Bluetooth devices after the B
approved Bluetooth device (for example a headset). If you do not set this rule, a default value of No will be used. This rule
Specify whether to prevent a Bluetooth enabled BlackBerry device from using the Bluetooth Headset Profile (HSP) require
capabilities with most headsets and some car kits. If you do not set this rule, a default value of No will be used. This rule a
Specify whether to prevent a Bluetooth enabled BlackBerry device from using the Bluetooth Hands Free Profile (HFP) requ
capabilities with most car kits and some headsets. If you do not set this rule, a default value of No will be used. This rule a
Specify whether to prevent a Bluetooth enabled BlackBerry device from using the Bluetooth Serial Port Profile (SPP) requi
connection between the BlackBerry device and a Bluetooth peripheral using a serial port interface. If you do not set this ru
Specify whether to prevent a Bluetooth enabled BlackBerry device user from turning on Discoverable mode on their BlackB
device with Discoverable mode turned on can be discovered by other Bluetooth enabled devices in range of the BlackBerr
rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.0.2 and higher.
Specify whether the user can place outgoing phone calls from a Bluetooth enabled BlackBerry device. If you do not set this
Specify whether to prevent the BlackBerry device from exchanging address book data with supported Bluetooth enabled d
a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Specify whether the BlackBerry device can use Bluetooth technology to connect to the BlackBerry Desktop Manager. If yo
value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Specify whether a Bluetooth enabled BlackBerry device can perform wireless bypass over Bluetooth. If you do not set this
Specify whether the BlackBerry device requires that the user type the BlackBerry device password to enable Bluetooth sup
BlackBerry device to prompt the user for the BlackBerry device password when enabling Bluetooth support. Set to No to p
to enable Bluetooth support without typing the BlackBerry device password. If you do not set this rule, a default value of No
Specify whether the BlackBerry device requires that the user type the BlackBerry device password to enable Discoverable
BlackBerry device to prompt the user for the BlackBerry device password to make the BlackBerry device discoverable by o
to permit the BlackBerry device user to turn on Discoverable Mode without entering the BlackBerry device password. If you
value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Specify whether a Bluetooth enabled BlackBerry device uses Bluetooth encryption on all connections. Set to Yes to force B
devices to use Bluetooth encryption on all connections. Note: Requiring Bluetooth encryption on all connections might rest
Bluetooth enabled devices. If you do not set this rule, a default value of No will be used. This rule applies only to Java-bas
4.1.0 and higher.
Specify whether the Bluetooth enabled BlackBerry device can exchange files with compatible Bluetooth OBject EXchange
this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and high
Specify whether the LED is required to flash when the BlackBerry is connected to another Bluetooth device. If you do not s
Specify whether a Bluetooth enabled BlackBerry device can use the Bluetooth Dial-Up Networking Profile (DUN). If you do
of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether the Bluetooth serial connection to a Desktop must use CHAP authentication. If you do not set this rule, a d
This rule applies only to Java-based BlackBerry devices version 4.2.2 and higher. This rule applies to BlackBerry Desktop
higher.
Specify whether a Bluetooth enabled BlackBerry device can use the Bluetooth Advanced Audio Distribution Profile (A2DP)
Bluetooth. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry de
Specify whether a Bluetooth enabled BlackBerry device can use the Bluetooth Audio/Video Remote Control Profile (AVRC
audio & video via Bluetooth. If you do not set this rule, a default value of No will be used. This rule applies only to Java-bas
4.2.2 and higher.
Specify the minimum encryption key length (in bytes) that the BlackBerry device uses to encrypt Bluetooth connections. Th
rule is 1 through 16 bytes. If you do not set this rule, a default value of 1 will be used. This rule applies only to Java-based
and higher.
Specify whether the BlackBerry device user can set the Bluetooth discoverable mode option to have no time limit. Set this
set the Bluetooth discoverable mode option to have a time limit of 2 minutes or to turn off Bluetooth discoverable mode. Th
policy rule only if the Disable Discovery Mode IT policy rule is set to No. If you do not set this rule, a default value of No wil
Specify whether to prevent a Bluetooth enabled BlackBerry device from using SIM Access Profile (SAP). Some car kits req
when the car kit initiates dialing. If you do not set this rule, a default value of No will be used. This rule applies only to Java
This rule specifies whether a Bluetooth device can retrieve email and SMS messages from a BlackBerry device. By defaul
retrieve email and SMS messages from a BlackBerry device. If you change the value to Yes, a Bluetooth enabled device c
messages from a BlackBerry device.
Contains IT policy rules that apply to the BlackBerry device browsers.

Type the name that appears on the BlackBerry device Home screen for the BlackBerry Browser icon. If you do not set this
"BlackBerry Browser" will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether to prevent the execution of JavaScript code on a BlackBerry device. If you do not set this rule, a default va
Specify whether the Internet Browsing Service (IBS) browser icon appears on the BlackBerry device when the service prov
and the appropriate service books are present. Set this rule to No to hide the IBS browser icon. If you do not set this rule, a
Specify whether JavaScript is enabled by default in the BlackBerry Browser. If you do not set this rule, a default value of N
Specify whether style sheets are enabled by default in the BlackBerry Browser. If you do not set this rule, a default value o
applies only to Java-based BlackBerry devices version 4.0.2 through 4.6.0.
Specify whether HTML tables are enabled by default in the BlackBerry Browser. If you do not set this rule, a default value
applies only to Java-based BlackBerry devices version 4.0.2 through 4.6.0.
Specify whether the Browser Session Manager is enabled in the BlackBerry Browser. Note: The Browser Session Manage
BlackBerry Browser by helping BlackBerry MDS better utilize the BlackBerry Browser cache. If you do not set this rule, a d
Type the URL of a web page that lists additional images. This rule applies only to Java-based BlackBerry devices version
Type the URL of a web page that lists additional themes. This rule applies only to Java-based BlackBerry devices version
Type the URL of a web page that lists additional ring tones. This rule applies only to Java-based BlackBerry devices versio
Specify whether to prevent synchronization intervals from being set for bookmarks in the BlackBerry Browser automatically
default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether the MDS Browser should be accessed from a separate icon on the home screen. If you do not set this rule
Specify a list of web addresses that the BlackBerry device should retrieve using the BlackBerry Browser. Separate multiple
This rule supports the use of wildcard characters. If you want to allow the BlackBerry Browser to retrieve sub-domains of a
with a period. For example, type ".yahoo.ca" to allow the BlackBerry Browser to retrieve all sub-domains of yahoo.ca (such
www.yahoo.ca). This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether application download service icons appear on the BlackBerry device when the wireless service provider a
appropriate service books are present on the BlackBerry device. Set this rule to No to hide all application download service
a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.3.0 and higher.
Specify whether the hotspot browser is available on a Wi-Fi enabled BlackBerry device. Set this rule to Disallow to prevent
Set this rule to Only for Hotspot Login to allow access to the hotspot browser only for the purpose of authentication to the h
a default value of "Allow" will be used. This rule applies only to Java-based BlackBerry devices version 4.6.0 and higher.
Contains IT policy rules that apply to the integrated camera.

Specify whether the ability to take still pictures with the camera is turned off on the BlackBerry device. If you do not set this
Specify whether the ability to record video with the camera is turned off on the BlackBerry device. Set this rule to Yes to tu
you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version
Certificate Synchronisation Group

Type the URL from which the BlackBerry Desktop Software can retrieve random data to add to the BlackBerry device's ran
This rule applies to BlackBerry Desktop Software version 4.0.0 and higher.
Specify whether users can stop the BlackBerry Desktop Software from starting the random number generation process on
automatically.
If you do not set this rule, a default value of Yes will be used.
Contains the IT policy rules that are used to create a certificate authority profile for wireless certificate requests.
Specify the friendly name for the certificate authority profile. Note: This IT policy rule is required for the feature to work corr
limited to 32 characters. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify whether the certification authority profile begins enrollment automatically. In most cases, setting this IT policy rule t
interaction. However, if the certification authority type is Microsoft Enterprise the user will be prompted for his/her NTLM cr
enrollment.
Specify the type of certificate authority. If you do not set this rule, a default value of "MS-Enterprise" will be used. This rule
Specify the host of the certificate authority for the profile including the protocol (i.e. http://). Note: This IT policy rule is requ
correctly. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the port of the certificate authority for the profile. The valid range for the value of this rule is 0 through 65535. If you
value of 80 will be used. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the unique certificate authority certificate ID that is associated with the RSA certificate authority. This value maps t
provided by the administrator of the RSA certificate authority. Note: This IT policy rule is required if the certificate authority
ignored. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the unique domain ID that is associated with the RSA certificate authority. This value maps to the jurisdiction ID pr
RSA certificate authority . Note: This IT policy rule is required if the certificate authority type is RSA; otherwise, it is ignored
Specify a certificate template for the Microsoft enterprise certificate authority. Note: This IT policy rule applies if the certifica
Enterprise; otherwise, it is ignored. If you do not set this rule, a default value of "User" will be used. This rule applies only to
Specify the algorithm that the BlackBerry device should use to generate the key. If you do not set this rule, a default value
Specify the length of the key that the BlackBerry device generates. Note: If RSA has been chosen as the key algorithm, th
multiple of 64. If DSA has been chosen as the key algorithm, then the key length must be one of 512, 768 and 1024. If an
entered, the device will choose the next strongest key length and proceed with the key generation. The valid range for the
16384 bits. If you do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry
Specify a time, in hours, that the enrollment can be delayed. New enrollments are throttled over this time period to reduce
policy rule is also used as the enrollment retry time if there is an error during enrollment. Note: If a value of 0 is chosen the
enrollment retry time will default to 1 hour. This is not recommended if you have a large number of users. The valid range f
through 24 hours. If you do not set this rule, a default value of 1 will be used. This rule applies only to Java-based BlackBe
higher.
Specify the length of time before a certificate expires that the BlackBerry device should start generating a new certificate re
certificate. The valid range for the value of this rule is 1 through 30 days. If you do not set this rule, a default value of 7 will
Specify the components should appear in the common name of distinguished name of the certificate. The Local Email Add
username of the email address only, and does not include the '@' or the domain information. Note: If the certificate authori
uses a template which builds the subject name from Active Directory, then this IT policy rule is ignored. In this case, the co
Directory are used (NTLM credentials). If you do not set this rule, a default value of "User Name | Device PIN" will be used
Specify whether to prevent the user from exporting private keys associated with the CA profile using the Backup and Resto
tool. If set to Yes, users can only restore the private key to the same Blackberry device because the private key is encrypte
to the BlackBerry device. If Disable Key Store Backup is set to Yes, then private keys are not backed up. If you do not set
Specify a custom certificate template for the Microsoft Enterprise certificate authority. The value entered here must be the
configured on the Microsoft Enterprise certificate authority. If this value is populated, then the Microsoft Certificate Authorit
rule is ignored. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the other components that should appear in the distinguished name of the certificate in a comma-delimited list (for
O=Organization, OU=Organizational Unit). Note: If the certificate authority type is Microsoft Enterprise and uses a template
from Active Directory, then this IT policy rule is ignored. In this case, the components defined in the Active Directory are us
C: Country
L: Locality
O: Organization
OU: Organizational unit
ST: state or province
Chalk Pushcast Player Group

Specify whether a BlackBerry device user can launch the Chalk Pushcast Player application on a BlackBerry device.
To allow a user to launch the Chalk Pushcast Player application, set the rule to Yes
To prevent a user from launching the Chalk Pushcast Player application, set the rule to No.
When you set the rule to No, the user will be prevented from accessing the Chalk Pushcast Player application.
Specify whether a user of the Chalk Pushcast Player on a BlackBerry device can receive content from the Chalk Pushcast
To allow a user to receive content from the Chalk Pushcast Software server when roaming, set the rule to Yes.
To prevent a user from receiving content from the Chalk Pushcast Software server when roaming, set the rule to No.
Specify whether a user of the Chalk Pushcast Player on a BlackBerry device can receive content from the Chalk Pushcast
Fi.
If you do not set this rule, a default value of "No Restrictions" will be used.
Specify the data limit (in MBs) that can be used to download content over the mobile network connection in a calendar mo
To allow unlimited data usage, set the value to -1.
To not allow any data usage, set the value to 0.
The valid range for the value of this rule is -1 through 1048576 megabytes.
If you do not set this rule, a default value of -1 will be used.
Specify if the Chalk Pushcast Player should enable the auto update prompt when a new version of the player is available.
To notify the user when an update is available, set the rule to Yes.
To not notify the user when an update is available, set the rule to No.
Specify the URL of the Chalk Pushcast Software server host that the Chalk Pushcast Player will communicate with by defa
Specify the default connection type that the Chalk Pushcast Player is to attempt communication on first.
If you do not set this rule, a default value of "BES" will be used.
Contains IT policy rules that apply to BlackBerry device owner information and the Multimedia Messaging Service
Specify whether users can change specified fields in the Owner options screen of the BlackBerry device.
1: Lock Information text
2: Lock Name text
3: Lock both Name and Information text.
Note: You can use this rule to lock the text defined in the Set Owner Info and Set Owner Name rules. If you set this rule, th
only if you change the values of those rules and the BlackBerry device receives the IT policy again, or if you send a Set Ow
command to the BlackBerry device. This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/
2.7.0 and higher.
Specify if warnings of IT policy changes are displayed to the BlackBerry device user. If you do not set this rule, a default va
applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and hig
Type the message that prompts BlackBerry device users to confirm before sending an email message, PIN message, SMS
Note: If you do not specify a message using this rule, a confirmation dialog does not appear (in other words, the BlackBerr
to confirm before sending a message). This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 8
Type the owner information that is set on the BlackBerry device. Use the Lock Owner Info rule to prevent the BlackBerry d
information. Warning: This information is overwritten by the Set Owner Information IT Admin command. The length of this s
This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.
Type the owner name that is set on the BlackBerry device. Use the Lock Owner Info rule to prevent the BlackBerry device
Warning: This information is overwritten by the Set Owner Information IT Admin command. The length of this string is limite
Specify whether to prevent the BlackBerry device user from using Multimedia Messaging Service (MMS) functionality on th
policy rule to Yes to hide MMS functionality on the BlackBerry device. Note: To block incoming MMS messages, set the Fir
IT policy rule in the Security policy group. If you do not set this rule, a default value of No will be used. This rule applies on
Specify whether to prevent the BlackBerry device user from using the Voice-Activated Dialing functionality on the BlackBer
Specify whether to prevent the BlackBerry device user from using Kodiak Instant Calling, or Push to Talk (PTT) functionalit
devices. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devi
Specify whether the voice note recording feature on the BlackBerry device is turned on. Set this rule to Yes to turn off the v
prevent applications on the BlackBerry device from accessing it. If you do not set this rule, a default value of No will be use
Specify whether a BlackBerry device can turn on data during a phone call. Set to 0 to never allow simultaneous phone and
simultaneous phone and data. Set to 2 to turn on data during a phone call if the phone application is in the background. Th
rule is 0 through 2. This rule applies only to Java-based BlackBerry devices version 4.6.0 and higher.
IT policy rules in the Date and Time IT policy group apply to the date and time on a BlackBerry device, including th
information.
Specify whether a BlackBerry device can update the time zone setting automatically based on the information that it receiv
you do not set this rule, a default value of "Prompt" will be used. This rule applies only to Java-based BlackBerry devices v
Specifies whether a BlackBerry device can synchronize the real-time clock periodically with the wireless network. If you do
of Yes will be used. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Permit a BlackBerry device to update the time zones definitions over the wireless network when a user requests a time zon
this rule to No, the BlackBerry device cannot update time zone definitions over the wireless network. If you do not set this r
Specify the interval (in days) that a BlackBerry device must wait between time zone definitions updates over the wireless n
turns off Automatic Updates. The valid range for the value of this rule is 0 through 365 days. If you do not set this rule, a de
rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the FQDN of the web server that a BlackBerry device can use to retrieve time zone definitions updates from. This
Contains IT policy rules that apply to the BlackBerry Desktop Software.

Specify the length of time, in minutes, that the BlackBerry Desktop Software caches the BlackBerry device password in me
the BlackBerry Desktop Software password cache is cleared only when the BlackBerry device connection to the desktop c
how long the BlackBerry device has been connected to the desktop computer. For users running on BlackBerry Enterprise
rule only applies in conjunction with BlackBerry Web Desktop Manager. The valid range for the value of this rule is 0 throu
this rule, a default value of 10 will be used. This rule applies to BlackBerry Desktop Software version 3.6.0 and higher.
Specify whether the BlackBerry Desktop Software enables the user to configure and execute desktop add-ins (third-party C
access the BlackBerry device databases during synchronization). This rule does not apply to users running on BlackBerry
GroupWise. If you do not set this rule, a default value of Yes will be used. This rule applies to BlackBerry Desktop Softwar
Specify whether the BlackBerry Desktop Software allows users to switch BlackBerry devices. For users running on BlackB
GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a defau
rule applies to BlackBerry Desktop Software version 3.6.1 and higher.
Specify whether the media manager tool of the BlackBerry Desktop Manager is available. This rule does not apply to users
Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of No will be used. This rule applies to B
Specify whether the 'Check for updates' link is available on the home screen of the BlackBerry Desktop Manager. If you do
of No will be used. This rule applies to BlackBerry Desktop Software version 4.5.0 and higher.
Specify the destination URL for the 'Check for updates' link on the home screen of the BlackBerry Desktop Manager. The l
512 characters. This rule applies to BlackBerry Desktop Software version 4.5.0 and higher.
Specify whether BlackBerry Media Sync is available. This rule does not apply to users running on BlackBerry Enterprise S
do not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop Software version 4.6.0 and
Specify whether to allow BlackBerry Device Software updates from software servers that are hosted externally. This rule d
BlackBerry Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of No will be used. This rule
Software version 4.7.0 and higher.
Specify whether to allow serial email reconciliation with personal folders. This rule does not apply to users running on Blac
Novell GroupWise. If you do not set this rule, a default value of Yes will be used. This rule applies to BlackBerry Desktop S
Specify whether to require the user to generate encrypted backup files. This rule does not apply to users running on Black
GroupWise. If you do not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop Software
Specify whether to allow BlackBerry Desktop Software to send statistical information to RIM when the device is connected
default value of Yes will be used. This rule applies to BlackBerry Desktop Software version 5.0.0 and higher.
Specifies whether a BlackBerry device user can use the integrated IP modem application in the BlackBerry Desktop Mana
integrated IP modem application, set this rule to Yes. To prevent a user from using the integrated IP modem application, s
this rule to No, the BlackBerry Desktop Manager does not display the integrated IP modem application.
Specifies whether to force the user to update the application loader tool when an updated version is available and the user
Device Software. If you set this rule to Yes, the BlackBerry Desktop Manager will update the application loader tool if an up
set this rule to No, the BlackBerry Desktop Manager does not check for a later version of the application loader tool.
Contains IT policy rules that apply to settings that appear in the BlackBerry Desktop Software.
Type a message to prompt the user each time the BlackBerry Desktop Software starts. This rule does not apply to users ru
Server for Novell GroupWise. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry device user has access to the application loader in the BlackBerry Desktop Software. For
Enterprise Server for Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager versio
this rule, a default value of Yes will be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify the number of times a BlackBerry device user can decline when prompted to update the BlackBerry device before
the forced update functionality, set this rule to -1. For users running on BlackBerry Enterprise Server for Novell GroupWise
conjunction with BlackBerry Web Desktop Manager version 1.0 or 1.0.1. The valid range for the value of this rule is -1 thro
this rule, a default value of no limit will be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher
Specify whether message and folder synchronization can occur instead of an import of moves and deletes on the BlackBe
apply to users running on BlackBerry Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of
applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry Desktop Software or the BlackBerry device wins when a conflict occurs during folder recon
software wins. Set this rule to No to force the BlackBerry device to overrule the desktop software if a conflict occurs. This r
running on BlackBerry Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of Yes will be use
Desktop Software version 3.5.0 and higher.
Specify whether the wireless calendar synchronization option (BlackBerry Wireless Synchronization) is available to BlackB
option. This rule does not apply to users running on BlackBerry Enterprise Server for Novell GroupWise. If you do not set t
be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the option to automatically backup data and encryption keys on the BlackBerry device is turned on. Set th
in the backup and restore settings of the BlackBerry Desktop Software. For users running on BlackBerry Enterprise Server
only applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a default value of No will be
BlackBerry Desktop Software version 3.5.0 and higher.
Specify, in days, how often the BlackBerry device performs an automatic backup of its data and encryption keys. For users
Server for Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager. The valid range
through 99 days. If you do not set this rule, a default value of 7 will be used. This rule applies to BlackBerry Desktop Softw
Specify whether all data is included in automatic backups. If this rule is set to Yes, the "Backup all BlackBerry device applic
Backup and Restore Options of the BlackBerry Desktop Manager will be selected. For users running on BlackBerry Enterp
this rule only applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a default value of Ye
to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry device excludes messages from automatic backups of its data. If this rule is set to Yes, the
must be set to No. For users running on BlackBerry Enterprise Server for Novell GroupWise, this rule only applies in conju
Desktop Manager. If you do not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop So
Specify whether synchronized application data (data configured for synchronization with Intellisync) can be excluded from
set to Yes, the Auto Backup Include All rule must be set to No. For users running on BlackBerry Enterprise Server for Nove
applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a default value of No will be used
Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry device user has access to the Web Link icon in the BlackBerry Desktop Software. Note: Th
default URL is set using the WebLinkURL rule. This rule does not apply to users running on BlackBerry Enterprise Server f
not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and hig
Type the URL for the Web Link icon, if it appears on the BlackBerry Desktop Software. Note: If you set this value the Web
also set the Show Web Link rule to Yes. This rule does not apply to users running on BlackBerry Enterprise Server for Nov
to BlackBerry Desktop Software version 3.5.0 and higher.
Type the label for the Web Link icon, if it appears in the BlackBerry Desktop Software. Setting this value does not imply tha
Note: When setting this rule, also set the Show Web Link rule to Yes. This rule does not apply to users running on BlackBe
GroupWise. If you do not set this rule, a default value of "Downloads" will be used. This rule applies to BlackBerry Desktop
higher.
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.2. The functionality provided by this rule is now provide
settings. Setting this policy rule will not prevent a user from changing their Auto Signature text on BlackBerry devices runn
refer to the Administration Guide for BlackBerry Enterprise Server 4.1 for information on how to set disclaimer text. Type th
automatically to the BlackBerry device user's outgoing messages. For users running on BlackBerry Enterprise Server for N
applies in conjunction with BlackBerry Web Desktop Manager. The length of this string is limited to 4096 characters. This r
Specify whether the BlackBerry device continues to receive messages while it is connected to the desktop computer using
rule does not apply to users running on BlackBerry Enterprise Server for Novell GroupWise. This rule applies to BlackBerry
and higher.
Specify whether a copy of each message that the BlackBerry device user sends is saved to a Sent messages folder. Set to
every message that the BlackBerry device user sends. Set to No to save a copy of every message that the BlackBerry dev
BlackBerry Enterprise Server for Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Man
BlackBerry Desktop Software version 3.5.0 and higher.
Type the message that appears when the BlackBerry device prompts users are to update to a later version of the BlackBe
BlackBerry device uses this rule only if you also set the Force Load Count rule to a positive number. For users running on
Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager version 1.0 or 1.0.1. This ru
Contains IT policy rules that apply to the device diagnostic application.

Specify whether to prevent the user from accessing Device Diagnostic Application applicable BlackBerry devices. If you do
of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Type the destination email address of the diagnostic report. One or multiple email addresses can be specified here. The em
a comma. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Type the destination PIN address of the diagnostic report. One or multiple PIN addresses can be specified here. The PIN a
comma. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Contains IT policy rules that apply to the BlackBerry device only.

Specify whether the BlackBerry device requires a password. Set this rule to Yes to require the user to enter a password to
Rule dependency: If you set this rule to Yes, you should set the User Can Disable Password rule to No to prevent the Blac
this rule. Warning: If the FIPS Level rule is set to 2, the BlackBerry device explicitly requires a password and ignores this ru
rule, a default value of No will be used. This rule applies to Java-based BlackBerry devices version 3.6.0 and higher, and 8
Specify whether the user can send PIN messages from the BlackBerry device. Set this rule to No to hide PIN messaging fu
device. Note: To block incoming PIN messages, set the Firewall Block Incoming Messages IT policy rule in the Security po
rule, a default value of Yes will be used. This rule applies to Java-based BlackBerry devices version 3.6.0 and higher, and
Type the minimum required length, in characters, of the BlackBerry device password. This rule only controls the minimum
maximum password length. The maximum password length is 32 characters. Rule dependency: The BlackBerry device us
device password is set. To require a BlackBerry device password, set the Password Required rule to Yes. Warning: If the F
the BlackBerry device ignores this rule and explicitly requires a minimum password length of five characters. The valid ran
through 14 characters. This rule applies to Java-based BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBe
higher.
Specify whether the user can disable the requirement for a BlackBerry device password. Set this rule to No to prevent use
requirement on the BlackBerry device. Rule dependency: The BlackBerry device uses this rule only if a BlackBerry device
BlackBerry device password, set the Password Required rule to Yes. If you do not set this rule, a default value of Yes will b
based BlackBerry devices version 3.6.0 through 4.0.0, and 85x/95x BlackBerry devices version 2.5.0 through 2.7.0.
Specify the maximum time, in minutes, that a BlackBerry device user can set as the security timeout value (the number of
inactivity allowed before the security timeout occurs and the BlackBerry device requires the user to type the BlackBerry de
BlackBerry device). The BlackBerry device user can set any timeout value that is less than or equal to the maximum value
Change Timeout rule value to No. The maximum security timeout value available by default on the BlackBerry device is 60
Timeout rule to set a specific timeout value. Rule dependency: The BlackBerry device uses this IT policy rule only if the Pa
Yes. The valid range for the value of this rule is 10 through 480 minutes. This rule applies to Java-based BlackBerry device
85x/95x BlackBerry devices version 2.5.0 and higher.
Type the number of days until a BlackBerry device password expires and the BlackBerry device prompts the user to set a
to 0 to prevent the BlackBerry device password from expiring. Rule dependency: The BlackBerry device uses this rule only
is set. To require a BlackBerry device password, set the Password Required rule to Yes. The valid range for the value of th
This rule applies to Java-based BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.
Specify whether the BlackBerry device user can change the security timeout to any value less than the value you can set u
Timeout rule. Set this rule to No to prevent the user from changing the timeout value. If you do not set this rule, a default v
Specify a character pattern that the BlackBerry device password must match. Rule dependency: The BlackBerry device us
device password is set. To require a BlackBerry device password, set the Password Required rule to Yes. Warning: If you
password pattern checking is disabled on 95x/85x BlackBerry devices. If you do not set this rule, a default value of "No res
Specify whether the BlackBerry device locks after a predefined period of time, regardless of whether the BlackBerry device
that interval. Set this rule to Yes to force the BlackBerry device to lock automatically after 60 minutes. Note: You can use th
shorten the timeout interval. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether the BlackBerry device permits sending Short Message Service (SMS) messages (text messaging). Set thi
messaging functionality on the BlackBerry device. Note: To block incoming text, or SMS, messages, set the Firewall Block
in the Security policy group. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-ba
3.6.0 and higher.
Specify whether the user can include BCC recipients when composing messages on the BlackBerry device. Set this rule to
including BCC recipients when sending messages. If you do not set this rule, a default value of Yes will be used. This rule
devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.0 and higher.
Type the URL of the BlackBerry device browser's home page. Note: If you do not specify a URL, the BlackBerry device us
page URL. This rule applies to Java-based BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices v
Specify whether the BlackBerry device user can modify the URL address of the browser home page. This rule applies to J
version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.0 and higher.
Specify whether the user can see and use the WAP browser icon on the BlackBerry device (when the Internet service prov
and the appropriate service books are on the BlackBerry device). Set this rule to No to hide the WAP Browser icon on the
Type a unique identifier (UID) for the Browser Config Service Record, which sets the default browser on the BlackBerry de
links in messages). This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Documents To Go policy group

Specify whether users can open files or attachments using the Documents To Go application on the BlackBerry device. If y
Specify whether to hide the premium DataViz Documents To Go features that are not available on BlackBerry devices that
of the Documents To Go application. If you set the Disable Documents To Go IT policy rule to Yes, the BlackBerry device
Specify whether users can register the Documents To Go application with DataViz, check for software updates from DataV
of the Documents To Go application on the BlackBerry device. If you set the Disable Documents To Go IT policy rule to Ye
this rule. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devi
Contains IT policy rules that apply to wireless message reconciliation and attachment viewing.
Specify whether the BlackBerry device supports wireless message reconciliation functionality. Default setting: If you enable
on the BlackBerry Enterprise Server, wireless message reconciliation is enabled on the BlackBerry device by default, even
policy to which a user is assigned. Set this rule to No to disable wireless message reconciliation on the BlackBerry device.
BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.6.0 and higher.
Specify whether users can view supported attachments in messages and calendar entries received on the BlackBerry dev
users viewing attachments in messages and calendar entries received on the BlackBerry device. Setting this rule to No do
viewing native attachments on the BlackBerry device. To support attachment viewing in calendar entries, you must use Bla
5.0 or later and BlackBerry Enterprise Server version 5.0 or later. If you do not set this rule, a default value of Yes will be u
based BlackBerry devices version 3.7.0 and higher, and 85x/95x BlackBerry devices version 2.6.1 and higher.
Type a disclaimer to appear at the beginning of all email messages that the user composes and sends using the BlackBer
Java-based BlackBerry devices version 4.1 MR2 and higher.
Specify the maximum length of time, in days, that the BlackBerry device keeps messages. Note: Set this IT policy rule to 0
BlackBerry device indefinitely. The valid range for the value of this rule is -1 through 180 days. If you do not set this rule, a
Specify the maximum length of time, in days, that the BlackBerry device keeps saved messages. Note: Set this IT policy ru
messages on the BlackBerry device indefinitely. Set this rule to -2 to delete saved messages and turn off the ability to save
device that is running BlackBerry Device Software version 4.5 or later. The valid range for the value of this rule is -2 throug
rule, a default value of -1 will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify the total size (in bytes) of all native attachments that can be uploaded from the BlackBerry device. The valid range
through 5242880 bytes. If you do not set this rule, a default value of 5242880 will be used. This rule applies only to Java-b
4.2.0 and higher.
Specify the maximum size (in bytes) of a single native attachment that can be uploaded from the BlackBerry device. The v
is 0 through 3145728 bytes. If you do not set this rule, a default value of 3145728 will be used. This rule applies only to Ja
This rule is obsolete as of BlackBerry Enterprise Server version 5.0.0. Specify whether supported BlackBerry devices can
attachments from received messages using the Attachment Service. If you set this IT policy rule to Yes, users can use the
message option on their BlackBerry devices if the Attachment Service is installed, running, and connected to the BlackBer
attachment connector. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based Bl
through 5.0.0.
Specify whether to prevent a BlackBerry device user from forwarding and replying to received IBM Lotus Notes encrypted
devices. If you set this rule to Yes, BlackBerry device users cannot forward or reply to received IBM Lotus Notes encrypted
devices. By default, a BlackBerry device user with support for reading IBM Lotus Notes encrypted messages enabled on th
or reply to an encrypted message that the BlackBerry device has received, decrypted, and decompressed. The BlackBerry
Domino decrypts the message before the BlackBerry device sends the message to the recipient as plain text. If you do not
Specify whether to prevent a BlackBerry device user from forwarding and replying to received IBM Lotus Notes encrypted
devices. If you set this rule to Yes, BlackBerry device users cannot forward or reply to received IBM Lotus Notes encrypted
devices. By default, a BlackBerry device user with support for reading IBM Lotus Notes encrypted messages enabled on th
or reply to an encrypted message that the BlackBerry device has received, decrypted, and decompressed. The BlackBerry
Domino decrypts the message before the BlackBerry device sends the message to the recipient as plain text. If you do not
Specify the maximum size (in kilobytes) of a single native attachment that can be downloaded to the BlackBerry device. A
to download native attachments is turned off on the BlackBerry device. The valid range for the value of this rule is 0 throug
set this rule, a default value of 10240 will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 a
Specify whether the BlackBerry Enterprise Server sends email messages to the BlackBerry device in Rich Content (HTML
Specify whether the BlackBerry device can send messages with inline content and request inline content in received mess
BlackBerry device user must manually request inline content on the BlackBerry device. If you do not set this rule, a default
Specify whether the BlackBerry device user can manually request URL-referenced content (images) that are embedded in
BlackBerry device receives. If you do not set this rule, a default value of No will be used. This rule applies only to Java-bas
4.5.0 and higher.
Specify whether the BlackBerry device user can submit forms embedded in email. If you do not set this rule, a default valu
Specify whether all email messages sent from a BlackBerry device that uses email services capable of IBM Lotus Notes en
necessary, the user is prompted for encryption credentials (the Notes Native Encryption password) on the BlackBerry devi
device does not perform the encryption. This IT policy rule ensures that the BlackBerry device configures messages that it
encryption by the BlackBerry Enterprise Server. This IT policy rule does not affect messages sent from the BlackBerry dev
not capable of IBM Lotus Notes encryption. If you do not set this rule, a default value of No will be used. This rule applies o
Specifies whether the BlackBerry device displays a confirmation dialog box to a user when the user clicks Get Images in a
message. The message of the confirmation dialog box informs the user that downloading an image from the Internet can e
do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 5.0
Contains IT policies that allow you to restrict the enterprise voice client functionality on the BlackBerry device.
Specify whether enterprise voice functionality is available for the BlackBerry device. If you do not set this rule, a default va
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.4. Specify whether incoming calls are accepted only if
server. If you do not set this rule, a default value of No will be used.
Specify whether to lock outgoing calls to the enterprise voice line. User can only make or receive calls on the Work line. Th
lines for inbound or outbound calls. Best practice is to remove voicemail from the other lines. If you do not set this rule, a d
Specify whether the BlackBerry device can use a DTMF call format for outgoing calls if outgoings calls using the protocol f
wireless coverage levels. The DTMF call format uses weaker authentication than the protocol call format. Set this IT policy
calls if the protocol format cannot be used. If you do not set this rule, a default value of No will be used.
Contains IT policy rules that apply to the external display on applicable BlackBerry devices.
Specify when to display notifications on the external display. If you do not set this rule, a default value of "Always" will be u
Specify whether to display preview text for a notification on the external display. Note: This rule is dependent on the "Displ
to "Always" or "Only when unlocked". If you do not set this rule, a default value of Yes will be used. This rule applies only to
Contains IT policy rules that apply to firewall settings

Specify whether the BlackBerry device firewall blocks calls that the user receives unless the calls use a set fixed dialing pa
dialing patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix) separated by a se
"+1...;1..." to permit calls from numbers preceded by 1 or +1 only. Append "r" to a pattern to prevent calls using that specifi
"011...r" to prevent calls in the format 011NNNNNNNNNN. Type "r" in the pattern list to indicate that all other patterns are n
allow phone calls from the number 5198881234 only, type "+15198881234;+15198881234;r". The BlackBerry device must
IT policy rule setting. This IT policy rule does not affect the emergency calling functionality on the BlackBerry device. This r
Specify whether the BlackBerry device firewall blocks calls that the user makes unless the calls use a set fixed dialing patt
dialing number (FDN) patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix) sep
example, type "+1...;1..." to permit calls from numbers preceded by 1 or +1 only. Append "r" to a pattern to prevent calls us
example, type "011...r" to prevent calls in the format 011NNNNNNNNNN. Type "r" in the pattern list to indicate that all othe
example, to allow phone calls from the number 5198881234 only, type "+15198881234;+15198881234;r". The BlackBerry
to use this IT policy rule setting. This IT policy rule does not affect the emergency calling functionality on the BlackBerry de
Contains IT policy rules that apply to phone and browser functionality on the BlackBerry device, and IT policy rule
attaching an auto signature to email messages sent from the BlackBerry device.
Specify whether the phone functionality on the BlackBerry device is available to the user. Set this IT policy rule to No to pre
receiving any phone calls except emergency calls from their BlackBerry devices. The phone icon is still visible to users on
not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0
Specify whether the user can use the BlackBerry Browser included on the BlackBerry device. Set this rule to No to hide the
BlackBerry device. If you do not set this rule, a default value of Yes will be used. This rule applies to Java-based BlackBer
higher, and 85x/95x BlackBerry devices version 2.5.0 and higher.
Contains IT policy rules that apply to instant messaging.

Specify the types of files that the BlackBerry device user cannot transfer when using instant messaging. Specify the file ex
format (for example, "bat, exe, mp3"). Set this rule to "Null / " to allow all file types. Set this rule to "*" to prevent all file type
Specify whether a user can send an instant messaging conversation in an email message on the BlackBerry device. If you
Specify whether a user can save an instant messaging conversation into the device memory or media card on the BlackBe
Specify whether to disable an address book lookup when adding a contact. The address book lookup can sometimes retur
cannot use to add a contact because it is not the correct SIP address. If you do not set this rule, a default value of No will b
Specify the maximum size of files which can be sent by a BlackBerry Client for an instant messaging server. The valid rang
through 4096. If you do not set this rule, a default value of 4096 will be used. This rule applies only to Java-based BlackBe
higher.
Specify whether the collaboration client on a BlackBerry device displays graphical emoticons and allow a user to add emot
not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 a
Specify if a user can broadcast messages to multiple receivers from a BlackBerry device. If you do not set this rule, a defa
Specify if a user can permit collaboration clients to automatically log back in when a BlackBerry device restarts or reenters
Specify whether or not to disable offline messaging using Enterprise Messenger. Offline message delivery may require the
do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.5
Contains IT policy rules that apply to Location Based Services.
Specify whether the BlackBerry Maps functionality is available (turned on) on the BlackBerry device. If you do not set this r
used.
Specify whether to turn on Enterprise Location Tracking. Set this rule to Yes to turn on the reporting of a device's location
Specify a message to prompt to the user when Enterprise Location Tracking is enabled. If you do not set this rule, a defau
being tracked at the server" will be used. This rule applies only to Java-based BlackBerry devices version 4.2.2 and higher
Type the interval, in minutes, after which a device will report location back to the BES. The valid range for the value of this
not set this rule, a default value of 15 will be used. This rule applies only to Java-based BlackBerry devices version 4.2.2 a
Specify whether the BlackBerry device can use the geolocation service to identify the geographic location of the user. Set
geolocation service on the BlackBerry device. If you do not set this rule, a default value of Yes will be used. This rule appli
Contains IT policy rules that apply to the BlackBerry MDS Integration Service.
Specify whether to disable the BlackBerry MDS Runtime on the BlackBerry device. Set this rule to Yes to prevent the Blac
the BlackBerry MDS Runtime. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.0.0 and higher.
Specify the lowest security version permitted for the BlackBerry MDS Integration Service. The security version affects the c
MDS Runtime Version 1.1 and later and the BlackBerry MDS Integration Service. Set this IT policy rule to 1 to permit Black
MDS Runtime Version 1.1 or later to communicate with all versions of the BlackBerry MDS Integration Service. Set this IT
BlackBerry devices running the BlackBerry MDS Runtime Version 1.1 or later to communicate with the BlackBerry MDS In
or later only. The valid range for the value of this rule is 1 through 65535. If you do not set this rule, a default value of 1 wil
Specify whether the BlackBerry MDS Runtime Version 1.1 or later verifies the BlackBerry MDS Integration Service certifica
No, the BlackBerry MDS Integration Service permits unauthenticated connections from BlackBerry devices running the Bla
1.1 or later. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry d
This rule is obsolete as of BlackBerry Enterprise Server version 4.0.6. Specify whether to prevent BlackBerry devices from
MDS Integration Service.
Specify whether to prevent the BlackBerry device user from initiating activation with the BlackBerry MDS Integration Servic
the user from specifying the BlackBerry MDS Integration Service to connect to on the BlackBerry device. If you do not set
Specify whether to prevent the user from being able to search and install BlackBerry MDS Runtime Applications. If you do
Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether to allow the user to install BlackBerry MDS Runtime Applications that use multiple web services on the Bla
Specify the queue limit for inbound application messages. The valid range for the value of this rule is 0 through 50 messag
Specify the queue limit for outbound application messages. The valid range for the value of this rule is 0 through 50 messa
Specify whether the BlackBerry MDS Runtime version 4.3.0 and earlier can access the organizer data, interprocess comm
BlackBerry device. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based Black
higher.
Contains IT policy rules that apply to cleaning BlackBerry device memory.

Type the maximum BlackBerry device idle time, in minutes, allowed before the memory cleaner starts. Rule dependency: T
rule only if the Force Memory Clean When Idle rule is set to Yes. The valid range for the value of this rule is 1 through 60 m
a default value of 60 will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether the BlackBerry device performs a memory clean when idle. If you do not set this rule, a default value of N
Specify whether the BlackBerry device performs a memory clean when holstered. If you do not set this rule, a default value
Specify whether the BlackBerry device performs a memory clean when closed. If you do not set this rule, a default value o
Contains IT policy rules that apply to the help on the BlackBerry device.
Type the links to add to the On-Device Help index page using the format "uri1|label1|...|uriN|labelN". If you specify multiple
Device Help Group Label rule. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Type the label to use when grouping multiple On-Device Help links. This rule applies only to Java-based BlackBerry device
Contains IT policy rules that apply to the PGP Support Package.

Specify the minimum DH key size, in bits, allowed for use in the PGP application. The valid range for the value of this rule
not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0
Specify whether all outgoing PGP messages are digitally signed. Warning: If you apply this IT policy rule, you might overru
the PGP Universal Server. If you do not set this rule, a default value of No will be used. This rule applies only to Java-base
4.1.0 and higher.
Specify whether all outgoing PGP messages are encrypted. Warning: If you apply this IT policy rule, you might overrule se
PGP Universal Server. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based B
and higher.
Type the email address that the BlackBerry device adds as a BCC recipient to all outgoing PGP encrypted messages. This
Specify the content ciphers that the BlackBerry device can use to encrypt PGP messages. Warning: To maintain compatib
at least one of Triple DES and CAST. Warning: If the FIPS Level rule is set to 2, then the setting of this rule is ignored and
permitted to use AES (256-bit), AES (192-bit), AES (128-bit) and 3DES. If you do not set this rule, a default value of "AES
(128-bit) | CAST (128-bit) | Triple DES" will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0
Specify the minimum RSA key size, in bits, allowed for use in the PGP application. The valid range for the value of this rule
do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices version 4
Specify the minimum DSA key size, in bits, allowed for use in the PGP application. The valid range for the value of this rule
Type the URL of a PGP Universal Server that your organization uses to enforce a secure email policy and access PGP ke
BlackBerry devices with the PGP Support Package installed receive this rule set to a PGP Universal Server URL, they mus
communicate with the specified PGP Universal Server to send PGP messages. This rule applies only to Java-based Black
higher.
Specify the method by which BlackBerry devices with the PGP Support Package installed are prompted to enroll with the P
setting: 1 (The BlackBerry device prompts the user to type their email address.) You can set this rule to 0 to force the Blac
to enroll with the PGP Universal Server by typing their domain user name and password. If you do not set this rule, a defau
enrolment" will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Type the maximum length of time, in hours, that the BlackBerry device caches the PGP Universal Server secure email poli
Universal Server again. Default setting: 24 hours. The valid range for the value of this rule is 4 through 48. If you do not se
Specify the least restrictive mode for retrieving PGP-encrypted attachment information on the BlackBerry device. If you do
"Automatic" will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify the types of encryption that are allowed for PGP protected messages. If you do not set this rule, a default value of
Specify the mode that a BlackBerry device can use to retrieve the complete text of the original message when a user replie
you do not set this rule, a default value of "Manual" will be used. This rule applies only to Java-based BlackBerry devices v
Contains IT policy rules that apply to settings for synchronization of PIM data over the wireless network.
Specify whether to turn off wireless synchronization of all PIM databases. Set this rule to Yes to turn off synchronization of
calendar. Note: This rule does not affect wireless message reconciliation. Users can still send and receive messages. If yo
value of No will be used. This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackB
higher.
Specify whether to turn off wireless synchronization of the Address Book database. If you do not set this rule, a default val
Specify whether to turn off wireless synchronization of the Calendar database. If you do not set this rule, a default value of
to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and higher.
Specify whether to turn off wireless synchronization of the Memo Pad database. If you do not set this rule, a default value
Specify whether to turn off wireless synchronization of the Tasks database. If you do not set this rule, a default value of No
Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and higher.
Specify whether to turn off wireless synchronization of PIM data during wireless enterprise activation or as part of a backup
require that the BlackBerry device is physically connected to a desktop computer before the activation data transfer starts.
transfers when activating or updating BlackBerry devices. Note: If the BlackBerry device is disconnected from the desktop
the BlackBerry Desktop Software sends the remainder of the data to the BlackBerry device over the wireless network. If yo
value of No will be used. This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackB
higher.
Specify whether to turn off wireless synchronization of the PIN messages database. Warning: Turning on this feature enab
message text in unencrypted format to the specified log file. Make sure that the target log file is in a location for which your
restrict internal and external user access. If you do not set this rule, a default value of Yes will be used. This rule applies on
Specify whether to turn off wireless synchronization of the SMS Messages database. Warning: Turning on this feature ena
message text in unencrypted format to the specified log file. Make sure that the target log file is in a location for which your
restrict internal and external user access. If you do not set this rule, a default value of Yes will be used. This rule applies on
Specify whether to turn off wireless synchronization of the Phone Call Logs database. If you do not set this rule, a default v
Specify whether the Home screen displays enterprise activation progress. If you set this IT policy rule to Yes, enterprise ac
on the Home screen. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based Bl
and higher.
Specify whether to turn off wireless synchronization of the messages database for the BlackBerry Messenger. Warning: If
BlackBerry Messenger logs all message text in unencrypted format to a log file that you specify. You must ensure that the
which your organization's security policies restrict internal and external user access. If you do not set this rule, a default va
Contains IT policy rules that apply to BlackBerry device password settings.

Specify the amount of time, in minutes, of BlackBerry device user inactivity allowed before the security timeout occurs and
the user to type the password to unlock the BlackBerry device. Note: The default security timeout interval is 2 minutes of in
Software versions earlier than 4.7 and 30 minutes of inactivity for BlackBerry Device Software versions 4.7 and later. Rule
device uses this rule only if the Password Required rule is set to Yes. If you do not set the User Can Change Timeout rule
can set the password timeout to one of a range of values. The maximum security timeout value available by default on the
The valid range for the value of this rule is 0 through 60. This rule applies only to Java-based BlackBerry devices version 3
Set the number of password attempts (incorrect passwords entered) permitted on the BlackBerry device before the BlackB
the BlackBerry device is disabled. Default setting: 10 password attempts You can use this rule to lower the number of pass
dependency: The BlackBerry device uses this rule only if a BlackBerry device password is set. To require a BlackBerry dev
Required rule to Yes. The valid range for the value of this rule is 3 through 10 attempts. This rule applies only to Java-base
3.6.0 and higher.
Set this rule to Yes to prevent the echoing (printing to the screen) of characters typed into the password screen after the u
incorrect passwords when attempting to unlock the BlackBerry device. Rule dependency: The BlackBerry device uses this
password is set. To require a password, set the Password Required rule to Yes. Note: You can set the number of incorrec
BlackBerry device permits before password echoing (if permitted) occurs, using the Set Maximum Password Attempts rule
to 2, then the BlackBerry device ignores this rule and explicitly prevents password echoing. This rule applies only to Java-b
3.6.0 and higher.
Set the maximum number of previous passwords against which the BlackBerry device can check new passwords to preven
Note: Set this rule to 0 to prevent the BlackBerry device from checking for reused passwords. Rule dependency: The Black
a BlackBerry device password is set. To require a BlackBerry device password, set the Password Required rule to Yes. Th
rule is 0 through 15 passwords. If you do not set this rule, a default value of 0 will be used. This rule applies only to Java-b
3.6.0 and higher.
Type the message account address that receives notification when users type their BlackBerry device passwords under du
indicate that they are unlocking their BlackBerry devices against their will). Warning: If you do not specify an email address
respond to passwords entered under duress. Warning: To prevent a party who has stolen the unlocked BlackBerry device
duress notification on the BlackBerry device, the message account you specify to receive duress notification messages sh
out of office or other auto-reply function set. Rule dependency: The BlackBerry device uses this rule only if a BlackBerry de
a BlackBerry device password, set the Password Required rule to Yes. Warning: If you set this IT policy rule, the set maxim
attempts is effectively reduced by half; each time the user types a password to unlock the BlackBerry device, the BlackBer
the password attempt is either the correct password or the correct duress password. This rule applies only to Java-based B
and higher.
If you set the Enable Long-Term Timeout IT policy rule to Yes, the security timeout interval is turned on and set to 60 minu
time elapsed, in minutes, after which the BlackBerry device locks and prompts the user to type the BlackBerry device pass
BlackBerry device has been idle or in use during that interval. Type a periodic challenge time to shorten or extend the secu
the range of 1 to 1440 minutes (24 hours). Note: To disable the security timeout, set the Enable Long-Term Timeout IT pol
Periodic Challenge Time. Rule dependency: The BlackBerry device uses this rule only if a BlackBerry device password is s
device password, set the Password Required rule to Yes. The valid range for the value of this rule is 1 through 1440 minut
Type a list of comma-separated string values representing words that users are not permitted to use within their passwords
BlackBerry device uses this rule only if a BlackBerry device password is set. To require a BlackBerry device password, set
Yes. Note: The BlackBerry device automatically prevents common letter substitutions. For example, if you include "passwo
list, users cannot use "p@ssw0rd", "pa$zword", or "password123" on the BlackBerry device. This rule applies only to Java
Phone Policy Group

Specify how a BlackBerry device must redirect outgoing calls using the format remap0,*,,#,#, where is the area code. For e
BlackBerry device to redirect phone numbers like *555000 and call 5197555000 instead, specify remap0,*,5197,6,6 as the
be declared using semi-colon separator.
Contains IT Policy rules that control the availability of RIM value-added applications.
Specify whether to prevent RIM value-added applications on the BlackBerry device. Note: This policy does not apply to so
(Yahoo! Messenger, Windows Live Messenger, AOL Instant Messenger, ICQ, Google Talk, Microsoft Office Communicato
GroupWise Messenger, BlackBerry Messenger), BlackBerry Maps, some public photo-sharing clients (Flickr, Picasa Web A
MDS Runtime Applications, or the Device Diagnostic Application. For these applications, use the application specific policy
default value of No will be used.
Specify whether to prevent the E-Commerce Optimization Engine from running on the BlackBerry device. If you do not set
be used.
Specify whether to prevent BlackBerry Wallet from running on the BlackBerry device. If you do not set this rule, a default v
Specify whether to prevent IBM Lotus Connections from running on the BlackBerry device. If you do not set this rule, a def
Specify the server address of the server that hosts IBM Lotus Connections Dogear. If this rule is not set, users can enter th
this rule is set, users will only be allowed to use the specified server information.
Specify the server address of the server that hosts IBM Lotus Connections Profiles. If this rule is not set, users can enter th
this rule is set, users are only allowed to use the specified server information.
Specify the server address of the server that hosts IBM Lotus Connections Communities. If this rule is not set, users can e
manually. If this rule is set, users are only allowed to use the specified server information.
Specify the server address of the server that hosts IBM Lotus Connections Blogs. If this rule is not set, users can enter the
Specify the server address of the server that hosts IBM Lotus Connections Activities. If this rule is not set, users can enter
Specify whether to prevent social networking applications from accessing organizer data. If set to Yes, then social network
Facebook cannot have read or write access to the address book, calendar, and other organizer data. If you do not set this
Specify whether the TiVo for BlackBerry application is turned on, on the BlackBerry device. If you do not set this rule, a de
Specify the URL of the server that hosts the BlackBerry Social Network Application Proxy that the BlackBerry Client for Lot
https://server_name:port/qkr-100. If you do not set this rule, a user can type the server URL on the BlackBerry device. If yo
'Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr' IT Policy rule to control whether the use
Specify whether to permit a user to change the BlackBerry Social Network Application Proxy URL for Lotus Quickr on a Bla
rule to No, a user cannot change the URL that you specified in the BlackBerry Social Network Application Proxy URL for L
do not set this rule, a default value of Yes will be used.
Specify whether to permit the Tell a Friend feature in the BlackBerry Client for Lotus Quickr. If you turn this feature off, a us
invitation with a link that the recipient can use to download the Blackberry Client for Lotus Quickr. If you do not set this rule
used.
Specify the URL of the server that hosts the BlackBerry Social Network Application Proxy that the BlackBerry Client for Lot
example, https://server_name:port/lcs-230.
If you do not set this rule, a user can type the server URL on the BlackBerry device. If you set this rule, you can use the 'A
Network Application Proxy URL for Lotus Connections' IT Policy rule to control whether the user can edit this URL.
Specify whether to permit a user to change the BlackBerry Social Network Application Proxy URL for Lotus Connections o
If you set this rule to No, a user cannot change the URL that you specified in the BlackBerry Social Network Application Pr
policy rule.
Specify whether to permit the Tell a Friend feature in the BlackBerry Client for Lotus Connections.
If you turn this feature off, a user cannot send an email invitation with a link that the recipient can use to download the Blac
Connections.
Specify whether a BlackBerry device can run eBay for BlackBerry smartphones. By default, the BlackBerry device can run
smartphones.
If you dowhether
Specify not set athis rule,
user cana default
upload value
videosoftoNo will be used.
YouTube from a BlackBerry device. If you set this rule to Yes, a user cannot u
set this rule to No, a user can upload videos to YouTube.
Specify whether a user can run BlackBerry Podcasts on a BlackBerry device. If you set this rule to No, a user can run Blac
device. If you set this rule to Yes, a user cannot run BlackBerry Podcasts.
Specify whether a BlackBerry device can run the Feeds application. If you set this rule to Yes, the BlackBerry device cann
you set this rule to No, the BlackBerry device can run the Feeds application.
This rule applies to BlackBerry Desktop Software version and higher.
Specify whether the Feeds application can run RSS feeds on a BlackBerry device. If you set this rule to Yes, the Feeds ap
you set this rule to No, the Feeds application can run RSS feeds.
This rule applies to BlackBerry Desktop Software version and higher.
Contains IT policy rules that apply to the S/MIME Support Package.
Specify the minimum RSA key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this
you do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices versi
Specify the minimum DH key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this ru
Specify the minimum ECC key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this
you do not set this rule, a default value of 163 will be used. This rule applies only to Java-based BlackBerry devices versio
Specify whether all outgoing S/MIME messages are digitally signed. If you do not set this rule, a default value of No will be
Specify whether all outgoing S/MIME messages are encrypted. If you do not set this rule, a default value of No will be used
Specify whether all key operations must be performed using an attached smart card reader. If you do not set this rule, a de
Type an email address that the BlackBerry device adds as a BCC recipient on all outgoing S/MIME messages. This rule ap
Specify the content ciphers that the BlackBerry device can use to encrypt S/MIME messages. Warning: To maintain comp
enable at least one of Triple DES or an RC2 cipher. Warning: If the FIPS Level rule is set to 2, then the setting of this rule
device is explicitly permitted to use AES (256-bit), AES (192-bit), AES (128-bit) and 3DES. If you do not set this rule, a def
(192-bit) | AES (128-bit) | CAST (128-bit) | RC2 (128-bit) | Triple DES" will be used. This rule applies only to Java-based Bl
and higher.
Specify the minimum DSA key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this
you do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices versi
Type the email address for your organization's Entrust Messaging Server (EMS). This rule applies only to Java-based Blac
higher.
Specify the least restrictive mode for retrieving S/MIME-encrypted attachment information on the BlackBerry device. If you
value of "Automatic" will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify the types of encryption that are allowed for S/MIME protected messages. If you do not set this rule, a default value
Specify the mode that a BlackBerry device can use to retrieve the complete text of the original message when a user replie
you do not set this rule, a default value of "Manual" will be used. This rule applies only to Java-based BlackBerry devices v
Contains IT policy rules that apply to SIM cards.

Specify whether to prevent the SIM from modifying an outgoing call, supplementary service request or short message. Set
an outgoing call, supplementary service request or short message. If you do not set this rule, a default value of No will be u
Specify whether to prevent the network or SIM from querying the BlackBerry device for certain location-related information
current network and cell identities, the device IMEI, the date and time, and some measurement results. If you do not set th
Specify whether to prevent the SIM from making an outgoing call, performing a supplementary service operation, or sendin
set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and
Contains IT policy rules that apply to secure email messaging.

Specify whether warnings should be displayed to the user when the user receives a signed message but the sender's ema
certificate or PGP key used to sign the message. This rule is intended for use in an organization where users' certificates c
different from those that they typically use to send email. If you do not set this rule, a default value of No will be used. This
Specify the domain name that is used for the email addresses contained in certificates issued within the organization. This
organizations where users' certificates contain a long-lived email address but they typically send email from a shorter-lived
username component and a different domain component. Note: Both the short-lived and long-lived email addresses will be
certificates for use with secure email. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Contains IT policy rules that apply to BlackBerry device security.

Specify whether the BlackBerry device locks when the user removes the smart card from a supported smart card reader or
card reader from the BlackBerry device. If you set this IT policy rule to Yes, users might require a smart card authenticator
card driver and a supported smart card reader driver installed on their BlackBerry devices, to use their BlackBerry devices.
reader drivers support smart card removal detection. Rule dependency: The BlackBerry device uses this IT policy rule only
Force Smart Card Two Factor Authentication IT policy rules are set to Yes. When you set this IT policy rule to Yes, BlackB
Device Software Version 4.2 or later automatically set the Password Required and Force Smart Card Two Factor Authentic
same BlackBerry device IT policy. You must manually set the Password Required and Force Smart Card Two Factor Auth
BlackBerry devices running BlackBerry Device Software versions earlier than 4.2. If you do not set this rule, a default value
Specify whether the user must type the BlackBerry device password and the smart card password to use the BlackBerry d
to Yes, users might require a smart card authenticator module and must have a smart card driver and a supported smart c
BlackBerry devices, to use their BlackBerry devices. Rule dependency: The BlackBerry device uses this IT policy rule only
set to Yes. When you set this IT policy rule to Yes, BlackBerry devices running BlackBerry Device Software Version 4.2 or
Password Required IT policy rule to Yes in the same BlackBerry device IT policy. You must manually set the Password Re
devices running BlackBerry Device Software versions earlier than 4.2. If you do not set this rule, a default value of No will b
Specify whether to prevent the BlackBerry device user from sending messages that are encrypted with certificates that the
Set this rule to No to force the BlackBerry device to warn the user that the certificate is not trusted. The BlackBerry device
sending the message. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based Bl
and higher.
Specify whether to prevent the BlackBerry device user from sending messages that are encrypted using revoked certificate
BlackBerry device to warn the user that the certificate is revoked. The BlackBerry device does not prevent the user from se
Specify whether to force the BlackBerry device user to send encrypted or signed email. Set this rule to force the BlackBerr
or signed email. Warning: If you set this rule to Yes, you must enable the secure message package support on the BlackB
user must install the supported secure message package on the BlackBerry device to send email messages. For Java-bas
version 5.0.0, the IT policy applies to all email services. For Java-based BlackBerry devices version 5.0.0 and above, the I
organization's email services. To block other email services, see the Allow Other Message Services IT policy under Servic
Specify whether to prevent the BlackBerry device user from sending plain text PIN messages. Set this rule to Yes to preve
sending plain text PIN messages. Warning: If you set this rule to Yes, you must enable secure message package support
Server and the user must install the supported secure message package on the BlackBerry device to send PIN messages
entirely, set the Allow Peer-to-Peer Messages rule to No. If you do not set this rule, a default value of No will be used. This
Specify whether to prevent the BlackBerry device user from setting the Security Data security level to Low on the BlackBer
automatically change Security Data security to a higher level. For BlackBerry devices running BlackBerry Device Software
High. For BlackBerry devices running BlackBerry Device Software Version 4.0, the next level is Medium. If you do not set t
Type the maximum number of minutes allowed before the cached key store password times out and the BlackBerry device
store password. If you set this rule to 0, the BlackBerry device does not cache the key store password. Note: The BlackBe
database that stores the user's private keys. The key store uses a password to protect the user's private keys. By default,
key store password to minimize the number of key store password prompts. The valid range for the value of this rule is 0 th
set this rule, a default value of 1 will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and hi
Type the maximum number of days that the BlackBerry device caches the certificate status. The valid range for the value o
If you do not set this rule, a default value of 7 will be used.
Specify whether applications that are not digitally signed by the Research In Motion signing authority system are permitted
user tries to download the applications or the BlackBerry Enterprise Server or another party sends the applications to the d
from installing unsigned third-party applications over the wireless network or when the BlackBerry device is connected to th
or application loader tool. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based
and higher.
Specify whether the BlackBerry device is security locked when placed in the holster. If you do not set this rule, a default va
Specify whether third-party applications on the BlackBerry device can use the serial port, IrDA, or USB ports. If you do not
Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
This rule is obsolete as of BlackBerry Enterprise Server version 3.6.2. Specify whether third-party applications on the Black
persistent store application programming interface (API). BlackBerry devices with OS version 3.x and lower should use the
AllowThirdPartyUsePersistentStore IT policy. Those with 4.0 and later should use application control policy. If you do not s
will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 through 4.0.0.
Specify whether content protection is turned on by selecting the cryptography strength that the BlackBerry device uses to e
while it is locked. When content protection is turned on, BlackBerry device content is always protected with the 256 bit AES
BlackBerry device is locked when it receives content, the BlackBerry device randomly generates the content protection key
and an ECC key pair, derives an ephemeral 256 bit AES encryption key from the BlackBerry device password, and uses th
content rotection key and the ECC private key. Strong: Provides good security and performance. This setting is adequate f
Provides better security, but slower performance. If you use this setting, RIM recommends that you set the Minimum Passw
characters. trongest: Provides the best security, but with the slowest performance. If you use this setting, RIM recommend
set a password of at least 21 characters. Note: Set this rule to prioritize either encryption strength or decryption time. When
Server decrypts the message using the BlackBerry device master encryption key, it uses the ECC public key in the decryp
Specify whether applications can initiate internal connections (for example, to BlackBerry MDS Services) on the BlackBerr
rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether applications can initiate external connections (for example, to WAP, SMS, or other public gateways) on th
set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and
Specify whether applications can open both internal and external connections simultaneously. Note: If you set this rule to Y
surreptitiously collect data from inside the firewall and send it outside the firewall without any auditing, introducing a possib
Specify whether to prevent the BlackBerry device user from sending a message using a certificate that is expired or not va
BlackBerry device to warn the user that the certificate is expired or not valid. The BlackBerry device does not prevent the u
you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version
Specify whether to prevent the BlackBerry device user from sending a message using a certificate that has a weak corresp
No to force the BlackBerry device to warn the user that the certificate has a weak corresponding public key. The BlackBerr
user from sending the message. Note: Use the IT policy rules provided for each secure messaging application (WTLS, TLS
minimum strength for each type of encryption key (RSA, DH, DSA, ECC). Note: Use the Weak Digest Algorithms IT policy
that the BlackBerry device considers weak. If you do not set this rule, a default value of No will be used. This rule applies o
Type a string that contains a semi-colon delimited list of Hex-ASCII trusted certificate thumbprints, generated using SHA-1
algorithms. If the BlackBerry device receives a certificate with a thumbprint that does not appear in the list that you define u
add the certificate to the trusted key store on the BlackBerry device. SHA-256 and SHA-512 algorithms are only supported
Software version 5.1 and later. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether to prevent the BlackBerry device user from backing up certificates and private keys in the BlackBerry devi
Type the maximum length of time, in hours, that a certificate status can remain on the BlackBerry device before it should b
Synchronization Manager and in the BlackBerry device key store. By default a certificate status can remain indefinitely on
range for the value of this rule is 1 through 4380 hours. This rule applies only to Java-based BlackBerry devices version 4.
Specify whether to prevent the BlackBerry device user from sending a message that is encrypted using a certificate with a
force the BlackBerry device to warn the user that the certificate is stale. The BlackBerry device does not revent the user fro
Specify whether to prevent the BlackBerry device user from cutting, copying, and pasting content on the BlackBerry device
Specify whether the BlackBerry device turns off the wireless transceiver when it connects to a USB device. Note: Only USB
support this IT policy rule. Set this IT policy rule to 0 to keep the wireless transceiver turned on when connected to a USB
to turn off the wireless transceiver when connected to a USB device. Set this IT policy rule to 2 to turn off the wireless tran
USB device (for example, a computer) sends standard USB requests to communicate with the BlackBerry device. If you do
of "Radio not disabled when USB device is connected" will be used. This rule applies only to Java-based BlackBerry devic
Specify whether to prevent the BlackBerry device user from forwarding or replying to a message on the BlackBerry device
messaging service that is associated with a BlackBerry Enterprise Server or BlackBerry Internet Service that is different fro
original message. For example, use this IT policy rule to prevent forwarding or replying to a PIN message with an email me
message with a PIN message. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.0.0 and higher.
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.3. Specify the level of Federal Information Processing
Level 1: You can apply Level 1 compliance to Java based BlackBerry devices using BlackBerry Device Software Version 3
affects the BlackBerry Cryptographic Kernel, which is the embedded cryptographic module required for basic operation of
You can apply Level 2 compliance to Java based BlackBerry devices using BlackBerry Device Software Version 4.0 and la
only the BlackBerry Device Software and does not result in the BlackBerry device meeting FIPS 140-2 Level 2 hardware s
Selecting Level 2 prevents WTLS from using the RC5 cipher, which can result in problems using the WTLS protocol. Set th
BlackBerry Device Software to operate in a FIPS-compliant mode of operation and enforce the following IT policy rules wit
Password Required = Yes
Minimum Password Length >= 5 characters
Specify whether users can place calls from the BlackBerry device while it is security locked. If you set this rule to Allow or d
the Allow Outgoing Calls While Locked field to Yes on their BlackBerry devices to turn on the ability to place outgoing calls
are locked. If you explicitly set this rule to No, users cannot place outgoing calls while their BlackBerry devices are locked.
Specify whether to prevent the BlackBerry device user from accepting unverified CRLs on the Mobile Data Service when c
If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices versi
Type RGB (hexadecimal) codes to set the background color of messages. Use a semi-colon to separate colors (for examp
color represents the background color of encrypted messages sent from the BlackBerry Enterprise Server that sends the I
encrypted with a corporate scrambling key. The second color represents the background color of messages sent from all o
encrypted with the global scrambling key. This rule applies only to Java-based BlackBerry devices version 4.0.0 and highe
Specify whether to prevent the BlackBerry device from using the Triple DES algorithm to encrypt and decrypt packets that
BlackBerry Enterprise Server that sends the IT policy send between them. Set this IT policy rule to Yes to require the Blac
Enterprise Server to use the AES algorithm to encrypt and decrypt the communication between them. If you do not set this
Specify whether to prevent applications from persisting the plain text form of a content protected object in the persistent sto
Set this rule to Yes to enable the BlackBerry device to write information about the application in the BlackBerry device Eve
the BlackBerry device to a valid known state. Warning: If you set this rule to Yes, all applications might not work. RIM reco
security-conscious customers who need assurance that sensitive data cannot be persisted in plain text form. If you do not
Specify the minimum security level for the signing key in the key store. Note: All keys on the BlackBerry device are forced
using this rule as their minimum, but the user can set a higher security level if desired. Low security: The BlackBerry device
key store password when accessing the signing key. Medium security: The BlackBerry device only prompts the user for the
password is cleared from the key store cache. Note: Medium security is the default security level assigned to a private key
device. High security: The BlackBerry device always prompts the user for their password when accessing the signing key.
password, the BlackBerry device prompts the user to confirm access to the private key. If you do not set this rule, a defaul
Specify the minimum security level for the encryption key in the key store. All keys on the BlackBerry device are forced to h
using this rule as their minimum, but the user can set a higher security level if desired. Low security: The BlackBerry device
key store password when accessing the encryption key. Medium security: The BlackBerry device only prompts the user for
password is cleared from the key store cache. Note: Medium security is the default security level assigned to a private key
device. High security: The BlackBerry device always prompts the user for their password when accessing the encryption k
password, the BlackBerry device prompts the user to confirm access to the private key. If you do not set this rule, a defaul
Specify which BlackBerry device databases are backed up by the BlackBerry Desktop Software. All databases: The deskto
BlackBerry device databases. Minimal subset of databases: The desktop software backs up a minimal subset of BlackBerr
these are databases which some desktop software components, such as the Certificate Synchronization Manager, require
No databases: The desktop software does not back up BlackBerry device databases. If you do not set this rule, a default v
Specify whether to prevent the BlackBerry device user from sending messages that are encrypted with a certificate that the
If this rule is set to No, the user is warned about, but not prevented from, using an unverified certificate. If you do not set th
Specify whether the Internet Protocol (IP) modem feature on applicable BlackBerry devices is turned off. If you do not set t
Specify whether the smart card password can be cached. If this rule is set to Yes, the password is cached for a period of ti
private key timeout. Cached passwords are cleared by the memory cleaner. If you do not set this rule, a default value of N
Specify whether the GPS functionality on the BlackBerry device is turned on. If you do not set this rule, a default value of N
Specify whether the BlackBerry device, when locked, prevents the radio and serial bypass from receiving datagrams it can
encrypt the device transport keys stored in BlackBerry device flash memory. If you set this rule to Yes, the device transpor
message key. The message key is encrypted with the BlackBerry device user's password (using content protection) when
text copy of the message key resides in BlackBerry device RAM only and is never pushed to flash memory. After the Black
BlackBerry device LED blinks to indicate that it needs to be unlocked. The user must type their BlackBerry device passwor
After the BlackBerry device is unlocked, the message key is decrypted into RAM and the radio and serial bypass are enab
on content protection for master keys, you or a user must turn on content protection on the BlackBerry device. You can tur
BlackBerry device using the Content Protection Strength IT Policy Rule. If you do not set this rule, a default value of No wi
to Java-based BlackBerry devices version 4.1.0 and higher.
Specify whether the BlackBerry device indicates that its microphone is on (for example, when a phone call is in progress o
If you set this rule to Yes, the BlackBerry device LED blinks rapidly when its microphone is on. If you set this rule to No, the
indicate that its microphone is on. If you do not set this rule, a default value of No will be used. This rule applies only to Jav
Specify whether the Include Contacts option on the BlackBerry device is set to Yes or No. Set this rule to Allowed to allow
exclude their contact list from content protection. Set this rule to Required to turn off the option so that the contact list is alw
user cannot change this setting on the BlackBerry device. Set this rule to Disallowed to turn off the option so that the conta
the user cannot change this setting on the BlackBerry device. Warning: You must set this rule, or the Include Contacts opt
from content protection, or the BlackBerry device will apply content protection to the contact list. Note: The contact list is on
user turn on content protection. Note: When the address book is content-protected, features such as Caller ID and Bluetoo
work when the BlackBerry device is locked, and exceptions to the firewall whitelist do not apply successfully. If you or a us
content protection, these features work even when the BlackBerry device is locked. Note: The Disallowed option is only su
Specify whether to prevent the BlackBerry device from displaying warnings and visual indications if the user receives an em
certificate with stale status. Consider setting this IT policy rule to Yes if your organization uses a PKI that does not update
dependency: If this rule is set to Yes, the "Certificate Status Maximum Expiry Time" rule will be ignored, i.e. the status of ce
Specify whether to prevent the expandable memory (microSD) feature from working on supported BlackBerry devices. If yo
Specify whether to prevent the USB Mass Storage feature or the Media Transfer Protocol feature from working on support
this IT policy rule to Yes, the BlackBerry device cannot use an external file system connected to the USB port. This means
an external file system using the Media Manager with BlackBerry Desktop Manager Version 4.2.2 and 4.3 is turned off. If y
Specify the level of file system encryption that the BlackBerry device uses to encrypt files that it stores on an external file s
rule to require the BlackBerry device to encrypt an external file system, either including or excluding multi-media directories
BlackBerry Desktop Manager Version 4.2 only. Note: The external file system encryption does not apply to files that the Bl
transfers to the external memory device (for example, from a USB mass storage device). If you do not set this rule, a defau
Specify whether to disable access to the file transfer protocol channel from the media manager tool of the BlackBerry Desk
Specify whether to prevent the user from using smart password entry on the BlackBerry device when using two factor auth
rule to Yes, the BlackBerry device resets any knowledge of the user's numeric passwords if the user is currently using sma
IT policy rule to No, the user cannot use smart password entry on the BlackBerry device when using two factor authenticat
authentication and their BlackBerry device password or authenticator password is numeric, smart password entry enables
remember whether the last password that the user typed in a password field was numeric and if it was, the next time that t
BlackBerry device applies a numeric filter so that the user does not have to press the Alt key to type the numbers. By defa
knowledge of the user's numeric passwords only if the user is using smart password entry. If you do not set this rule, a def
Specify whether the user must choose a smart card certificate for use with smart card two-factor authentication. If smart ca
turned on, when the user unlocks the BlackBerry device, the BlackBerry device sends a challenge to the smart card to ver
that the BlackBerry device used to initialize the authenticator module. If you set this IT policy rule to Yes, smart card two fa
increases, but the BlackBerry device requires more time to unlock and the user must have the appropriate smart card drive
reader driver installed on their BlackBerry device or they cannot unlock their BlackBerry device. Rule dependency: The Bla
rule only if the Password Required rule and the Force Smart Card User Authentication rule are set to Yes. If you do not se
Specify whether the BlackBerry device securely wipes all of its user data if the BlackBerry device battery becomes critically
require a BlackBerry device with insufficient battery power to perform a secure wipe of user data. If you do not set this rule
Specify the length of time, in hours, after receiving an IT policy update that the BlackBerry device securely wipes all of its u
require a BlackBerry device that cannot receive IT policy updates or IT Admin commands to perform a secure wipe of user
specified. Warning: If you set this IT policy rule, set the Policy Resend Interval on the BlackBerry Enterprise Server (in the
that is lower than this rule setting to prevent unwanted BlackBerry device wiping. The valid range for the value of this rule i
not set this rule, a default value of Disabled will be used. This rule applies only to Java-based BlackBerry devices version 4
Specify the length of time, in hours, after the BlackBerry device locks that the BlackBerry device securely wipes all of its us
require a BlackBerry device that the user has not unlocked within the length of time specified to perform a secure wipe of u
value of this rule is 2 through 720 hours. If you do not set this rule, a default value of Disabled will be used. This rule applie
Specify whether the firewall on the BlackBerry device blocks, and prevents the BlackBerry device from processing, specific
bypass your corporate network. If you set this IT policy rule, the BlackBerry device drops the specified type(s) of incoming
not display received message notifications for those messages. Note: Users can specify whether to block public PIN mess
Users cannot specify whether to block corporate PIN messages on the BlackBerry device. This rule applies only to Java-ba
4.2.0 and higher.
Specify the permitted structure of the BlackBerry device password. A character in the password pattern specifies the chara
in the password. You can require a letter, uppercase letter, number, symbol, consonant letter, or vowel letter character typ
set a password greater than or equal to the length of the pattern on their BlackBerry device. Password characters that exc
letters, numbers, or symbols. Warning: Preventing a particular password character reduces the entropy level and security l
the maximum security level of the password pattern by summing the number of bits of entropy associated with each passw
the sum of entropy bits in the password pattern, a total of (2 to the power of t) passwords could match the pattern. An attac
power t) chance of randomly guessing the password. Supported pattern characters:
a: Permits any letter. (5.7 bits of entropy)
A: Permits an uppercase letter only. (4.7 bits of entropy)
Specify whether the BlackBerry device can receive unsecured messages, including All Points Bulletin (APB) messages, fro
Server. The BlackBerry device can receive all messages from the BlackBerry Enterprise Server that are not blocked at the
unless you set this IT policy to Yes to prevent the BlackBerry device from receiving unsecured messages. If you do not set
Specify whether the BlackBerry device will prompt the user for their password prior to using the browser to download appli
BlackBerry device uses this IT policy rule only if the Password Required rule is set to Yes. If you do not set this rule, a defa
Specify whether the BlackBerry will allow third party applications to reset the device's idle timer, bypassing the security tim
Specify whether the BlackBerry device resets itself to factory default settings when it receives the Delete all device data an
command over the wireless network. Set this IT policy rule to Yes to require the BlackBerry device to permanently delete it
third party applications, in addition to performing the BlackBerry device wipe process. For BlackBerry devices version 5.0.0
only enforced on the remote wipe, but will also be enforced on a local wipe i.e. when the user exceeds the maximum pass
security wipe. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry
Specify whether the BlackBerry device will allow applications to capture screen shots. This applies to RIM applications and
not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.2.2
Specify whether to prevent public photo sharing applications (for example, Flickr) on the BlackBerry device from uploading
do not set this rule, a default value of No will be used.
Specify whether to prevent the BlackBerry device from adding geographical co-ordinates to the meta-data of photos. If you
vSpecify the message classification title that BlackBerry devices will include when users within the organization send mess
Specify the list of email addresses that the BlackBerry device firewall allows. The BlackBerry device receives messages fro
the user blocks all incoming messages on the BlackBerry device. Specify email addresses with wildcard characters (for ex
allow email messages from a specific domain. Note: When the address book is included in Content Protection, the Firewal
Excluding the address book from Content Protection allows this features to work properly. This rule applies only to Java-ba
4.5.0 and higher.
Specify the digest algorithms that the BlackBerry device considers weak. The BlackBerry device uses the list of weak dige
algorithms used to digitally sign messages that the BlackBerry device receives are strong enough. The BlackBerry device
algorithms to verify that the certificate chains for the certificates used to sign messages that the BlackBerry device receive
of algorithms that the BlackBerry device considers weak to prevent users from sending an S/MIME-encrypted or PGP encr
or key whose corresponding public key is weak. For BlackBerry devices 5.0.0 and above, a default value of MD2 will be us
Java-based BlackBerry devices older than version 5.0.0, no digest algorithm is specified as weak by default, in case the ru
specify SHA-384 and SHA-512 as weak algorithms. This rule applies only to Java-based BlackBerry devices version 4.3.0
Specify the maximum length of time (in minutes) between status checks of the user authentication certificates that the Blac
cards. Each period, the BlackBerry device requests the status of the certificate. If the certificate is revoked, the BlackBerry
unable to unlock it unless the certificate status changes from On Hold to Good. The BlackBerry device uses this rule only i
Smart Card User Authentication, and Force Smart Card Two Factor Challenge Response rules are set to Yes. The valid ra
240 through 40320 minutes. If you do not set this rule, a default value of -1 will be used. This rule applies only to Java-bas
4.5.0 and higher.
Specify the hash or hashes of the .cod file for a transcoder implementation to permit the BlackBerry device to register the t
each hash in hexadecimal, delimited by semi-colons, to be read from the command "javaloader siblinginfo <implementation
BlackBerry Enterprise Solution to use a third-party encoding scheme in addition to BlackBerry transport layer encryption an
If you specify third-party applications that can use the Transcoder API on the BlackBerry device, those applications might i
performance of the BlackBerry Enterprise Solution. This rule applies only to Java-based BlackBerry devices version 4.5.0 a
Specify whether to prevent public social networking applications on the BlackBerry device from accessing public social net
Facebook). If you do not set this rule, a default value of No will be used.
Specify whether the BlackBerry device is security locked when closed. If you do not set this rule, a default value of No will
Specify whether to require users to type both their User Authenticator credentials as well as their BlackBerry device passw
option is turned on.
Specify which types of authentication mechanisms the BlackBerry device user can turn on. The authentication mechanism
device. Authentication mechanisms considered "Other" can be controlled using the User Authenticator API application con
takes priority over the Force Smart Card Two Factor Authentication IT policy rule. For example, if this IT policy rule preven
the Force Smart Card Two Factor Authentication IT policy rule is set to Yes, smart card authentication is not enforced. If yo
value of "Smart Card | Fingerprint | Smart Card & Fingerprint | Proximity | Other" will be used. This rule applies only to Java
Specify whether to force the use of multi-factor authentication on BlackBerry devices. Users are required to use a user aut
their BlackBerry devices. Related rules: The Allowed Authentication Mechanisms IT policy rule controls which user authen
more than one authentication mechanism is allowed, the BlackBerry device lock screen will prompt users to select a user a
Specify whether the BlackBerry device requires the user to always use the same smart card reader, in addition to the User
the User Authenticator option is enabled. Note: If you set this rule to Yes, the user is required to wipe the BlackBerry devic
stolen.
Specify a disclaimer that a BlackBerry device can display before a user unlocks the BlackBerry device for the first time afte
The length of this string is limited to 512 characters. This rule applies only to Java-based BlackBerry devices version 5.0.0
Specify whether a user can turn on two-factor content protection on a BlackBerry device. If a user turns on two-factor conte
device protects the content protection decryption keys with a private key that is stored on a smart card and the BlackBerry
content protection decryption keys and unlock the BlackBerry device, a user must know the BlackBerry device password a
turn on two-factor content protection on a BlackBerry device, the protection of the content protection decryption keys incre
device requires more time to unlock and, to unlock the BlackBerry device, the user must have the appropriate smart card d
reader driver installed on the BlackBerry device. You or a user cannot reset the BlackBerry device password when a user
protection. Rule dependency: If you change the value of this rule to Required, the BlackBerry uses this rule only if you also
Strength IT policy rule and change the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes. Alte
Force Smart Card Two Factor Authentication IT policy rule to Yes to configure two-factor content protection, you can set th
Specify whether the BlackBerry App World is turned off on the BlackBerry device. If you do not set this rule, a default value
Specify whether a BlackBerry device can import certificates and PGP keys, including private keys, from external memory d
you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices versio
Specify whether a BlackBerry device must lock when a user disconnects the proximity authenticator or the proximity authe
the BlackBerry device. This policy does not require the BlackBerry device to use a proximity authenticator. To require the B
proximity authenticator, you can use the Force Multi Factor Authentication IT policy rule and Allowed Authentication Mecha
Specify whether a BlackBerry device must display key store notifications for private keys with a medium security level durin
If you set this rule to Yes, the BlackBerry device always displays a key store notification during the cached period, every tim
uncached secure email message. If you set this rule to No, the user can turn off key store notifications for a specific key an
Specify whether the media files located on the on-board device memory will be encrypted to the user password and the de
device memory exists. Set this rule to Required or Disallowed to disable the option so that the user cannot change this set
BlackBerry device uses this IT policy rule only if the Content Protection Strength is set. If you do not set this rule, a default
Specify whether a BlackBerry device formats the media card when a user or administrator permanently deletes all BlackBe
this rule to Allowed, a user can change the setting on the BlackBerry device. To prevent a user from changing this setting o
rule to Required or Disallowed. If you do not set this rule, a default value of "Allowed" will be used. This rule applies only to
Specifies whether a user can turn on content protection on a BlackBerry device. When content protection is turned on, Bla
protected with the AES-256 encryption algorithm. If the BlackBerry device is locked when it receives content, the BlackBer
content protection key (a AES-256 encryption key) and an ECC key pair, derives an ephemeral AES-256 encryption key fr
password, and uses the ephemeral key to encrypt the content protection key and the ECC private key.
Set this rule to Disallowed to prevent the use of content protection. Set this rule to Allowed to allow the use of content prote
Note: The setting of this rule does not turn on content protection on the user's device. The Content Protection Strength rule
protection on the user's device.
This rule only applies to BlackBerry devices that run BlackBerry Device Software version 5.2.0 or later.
If you do not set this rule, a default value of "Allowed" will be used.
Specifies whether a BlackBerry device displays the IT Policy Viewer application icon on the homescreen. Set this rule to Y
user cannot change this setting on the device.
Specify whether a user can browse shared folders and files located on servers in your organization's network using the file
If you set this rule to No, a user can browse shared folders and files on your organization's network.
If you set this rule to Yes, a user cannot browse shared folders and files on your organization's network.
This rule applies to a feature that requires BlackBerry Enterprise Server 5.0.2 or higher.
Contains IT policies that allow you to restrict the services that are available on the BlackBerry device.
Specify whether users can use other message services on the BlackBerry device.Set this rule to No to force all outbound m
organization's BlackBerry Enterprise Server and prevent users from sending outbound messages from other message serv
prevent users from receiving inbound messages from other message services. If you do not set this rule, a default value of
Specify whether users can use other browser services on the BlackBerry device. Set this rule to No to force all browser tra
BlackBerry Enterprise Server and prevent users from installing other browser services. If you do not set this rule, a default
Specify whether the public Yahoo! Messenger for BlackBerry service is permitted on the BlackBerry device. Set this rule to
using the public Yahoo! Messenger service on the BlackBerry device. If you do not set this rule, a default value of Yes will
Specify whether the public AOL Instant Messenger (AIM) for BlackBerry service is permitted on the BlackBerry device. Set
communication using the public AIM service on the BlackBerry device. If you do not set this rule, a default value of Yes wil
Specify whether the public ICQ service is permitted on the BlackBerry device. Set this rule to No to prevent communication
the BlackBerry device. If you do not set this rule, a default value of Yes will be used.
Specify whether any public instant messaging (IM) for BlackBerry services are permitted on the BlackBerry device. Set this
all public IM services on the BlackBerry device, and to prevent communication using any public instant messaging service
This rule applies to all RIM public IM services that were released after the first availability of this rule. To prevent Yahoo! M
BlackBerry device, use the Allow Public Yahoo! Messenger Services rule. If you do not set this rule, a default value of Yes
Specify whether the public Google Talk for BlackBerry service is permitted on the BlackBerry device. Set this rule to No to
public Google Talk service on BlackBerry devices. Note: If you set this rule to No and users have downloaded Google Talk
BlackBerry devices, the Google Talk for BlackBerry icon remains on the Home screen. If users attempt to sign into Google
on their BlackBerry devices indicates that they cannot use Google Talk for BlackBerry. If you do not set this rule, a default
Specify whether BlackBerry device users can use calendar services other than the standard calendar application. Set this
for BlackBerry device users in your organization to send appointments through a BlackBerry Enterprise Server within your
do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.3
Specify whether the public Windows Live Messenger for BlackBerry service is permitted on the BlackBerry device. Set this
communication using the public Windows Live Messenger service on BlackBerry devices. If you do not set this rule, a defa
Specify whether the Network Address Book service is allowed to run on the device. If this service is enabled, contacts on t
the carrier's Network Address Book server. This service may be enabled or disabled. My Faves applies only to T-Mobile an
carrier will behave with the default.
If you do not set this rule, a default value of "Disabled" will be used.
Contains IT policy rules that apply to smart dialing.

This rule is obsolete as of BlackBerry Enterprise Server version 4.1.4. Specify whether smart dialing is enabled on the Blac
this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 through
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.4. Specify whether to enable BlackBerry device users
settings on the BlackBerry device. Default setting: Yes (BlackBerry device users can change Smart Dialing settings on the
to No to prevent users from changing Smart Dialing settings on the BlackBerry device. If you do not set this rule, a default
rule applies only to Java-based BlackBerry devices version 4.0.0 through 4.2.2.
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.4. Type the local country code for use with smart dialin
this rule is 0 through 999999999. This rule applies only to Java-based BlackBerry devices version 4.0.0 through 4.0.2.
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.4. Type the local area code for use with smart dialing.
based BlackBerry devices version 4.0.0 through 4.0.2.
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.4. Type the national phone number length for use with
the value of this rule is 0 through 64. This rule applies only to Java-based BlackBerry devices version 4.0.0 through 4.0.2.
Contains IT policy rules that apply to default Access Point Names (APN) for TCP on the BlackBerry device.
Type the default Access Point Name (APN) on the BlackBerry device for Transmission Control Protocol (TCP). The length
characters. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the default Access Point Name (APN) username on the BlackBerry device for Transmission Control Protocol (TCP).
to 32 characters. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the default Access Point Name (APN) password on the BlackBerry device for Transmission Control Protocol (TCP). T
to 32 characters. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Contains IT policy rules that apply to Transport Layer Security (TLS).

Specify whether to prevent the BlackBerry device from permitting the use of weak ciphers during TLS connections. If you d
of "Prompt user on BlackBerry device" will be used. This rule applies only to Java-based BlackBerry devices version 3.6.1
Specify whether to prevent the BlackBerry device from permitting the use of connections to untrusted servers during TLS c
rule, a default value of "Prompt user on BlackBerry device" will be used. This rule applies only to Java-based BlackBerry d
Specify the minimum RSA key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range
through 4096 bits. If you do not set this rule, a default value of 512 will be used. This rule applies only to Java-based Black
higher.
Specify the minimum DH key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range f
higher.
Specify the minimum ECC key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range
through 571 bits. If you do not set this rule, a default value of 160 will be used. This rule applies only to Java-based BlackB
higher.
Specify whether the BlackBerry device permits the use of connections to servers with invalid certificates during TLS conne
a default value of "Prompt user on BlackBerry device" will be used. This rule applies only to Java-based BlackBerry device
Specify whether the BlackBerry device can use an algorithm with TLS that is not FIPS-compliant. Warning: If the FIPS Lev
default, the BlackBerry device ignores this IT policy rule and uses only algorithms that are FIPS-compliant. If you do not se
Specify the minimum DSA key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range
higher.
Specify whether the BlackBerry Enterprise Solution permits the use of proxy mode TLS/SSL or proxy HTTPS connections
and the BlackBerry Enterprise Server. By default, the BlackBerry Enterprise Solution permits proxy mode TLS or proxy HT
Yes to force the use of device-side TLS/SSL for all HTTPS connections. Warning: If you set this rule to Yes and device-sid
exception occurs. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackB
higher.
Specify whether to prevent a BlackBerry device from using weak digests during TLS connections. For Java-based BlackBe
5.0.0, a default value of Allow weak digests will be used. For BlackBerry devices 5.0.0 and above, a default value of Disab
Specify whether to prevent a BlackBerry device from opening a TLS connection to a server that has a domain name that d
in the server's certificate. If you do not set this rule, a default value of "Prompt user on BlackBerry device" will be used. Thi
Contains IT policy rules that apply to User Feedback.

Specify whether a user can provide feedback to Research In Motion. Change this rule to Yes to allow a user to provide fee
Contains IT policy rules that apply to VPN settings to use in conjunction with the WLAN support on the BlackBerr
Specify whether the BlackBerry device VPN client is turned on. Set this rule to Yes if the BlackBerry device requires the us
Fi network. Set this rule to No to disable the VPN client on the BlackBerry device. If you turn off the VPN client on the Blac
device might not be able to use a Wi-Fi network that requires VPN access, or it might require the use of an alternate form o
Specify whether users can change all VPN policy rules on the BlackBerry device. If this rule is set to No, BlackBerry device
user name and VPN password on the BlackBerry device. If you do not set this rule, a default value of Yes will be used. Thi
Specify the type of VPN client that the BlackBerry device VPN client should emulate. This rule applies only to Java-based
and higher.
Type the VPN server IP address in "dotted" (for example, 10.0.0.0) or FQDN format. This rule applies only to Java-based B
and higher.
Type the VPN server group name. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the VPN server group password. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the Default User Name that the BlackBerry device uses to login to the VPN server. If you set this rule, you must set t
Type the Default User Password that the BlackBerry device uses to login to the VPN server. If you set this rule, you must s
Specify the VPN DNS configuration. If this rule is set to Yes, the DNS settings are automatically fetched from the VPN gate
static settings specified in the VPN Primary DNS, VPN Secondary DNS, and VPN Domain Name policy rules are used. If y
Enable VPN rule to Yes. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based
and higher.
Type the static setting for the Primary DNS Server in dotted IP Address format (for example, 10.0.0.0). Note: If you set this
Configuration policy rule to No and set the Enable VPN rule to Yes. This rule applies only to Java-based BlackBerry device
Type the static setting for the Secondary DNS Server in IP Address format (for example, 10.0.0.1). Note: If you set this rule
policy rule to No and set the Enable VPN rule to Yes. This rule applies only to Java-based BlackBerry devices version 4.0.
Type the internal domain name suffix using the FQDN format. Note: If you set this rule, set the VPN DNS Configuration po
VPN rule to Yes. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether the client should use extended authentication (XAUTH) during authentication process with the VPN gatew
those vendor types which support both regular and extended authentication (such as Nortel). There is no need to specify t
type either uses extended authentication exclusively (such as Cisco 3000) or does not support it (such as CheckPoint). If y
Enable VPN rule to Yes. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based
and higher.
Specify the type of user-level authentication to be used by the server. If you set this rule, you must set the Enable VPN rule
rule, a default value of "Username and password required" will be used. This rule applies only to Java-based BlackBerry d
Specify the Diffie-Hellman group used to generate key material. RIM recommends setting this rule to use Group 7. Note: If
Enable VPN rule to Yes. If you do not set this rule, a default value of "Group 7" will be used. This rule applies only to Java-
4.0.0 and higher.
Specify the hash used to authenticate IKE exchanges. RIM recommends using AES128. If you do not set this rule, a defau
Specify the hash message authentication code (HMAC) to be used. RIM recommends using SHA1. If you do not set this ru
160bits" will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether Perfect Forward Secrecy (PFS) is enabled. RIM recommends using PFS. If you do not set this rule, a defa
Specify the cipher and hash for IPSec Security Associations (SAs). RIM recommends using SHA1 with AES128 cipher. If y
value of "SHA1 Hash and AES128 Cipher" will be used. This rule applies only to Java-based BlackBerry devices version 4
Specify whether users can save VPN passwords on the BlackBerry device. Set this rule to Yes to permit users to save VP
device. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devic
Type the NAT "keep alive" frequency. The valid range for the value of this rule is 1 through 1439 minutes. If you do not set
Set to Yes to mask the password that the BlackBerry device user types. Set to No to allow the BlackBerry device to display
BlackBerry device user types. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.2.1 and higher.
Set to Yes to disable the prompt for re-entry of VPN credentials on the BlackBerry device after an authentication failure. If
Set to Yes to prevent the BlackBerry device user from creating new VPN profiles on the BlackBerry device. If you do not se
Specify the minimum security level for private keys used by methods employing client certificates. Low security: The user w
their Key Store password. At this point the private key is retrieved and then stored, unencrypted, with the VPN profile. The
again for their Key Store password. Medium security: The user will initially be prompted for their Key Store password and f
prompted again after a device reset. Private keys are cached in memory, but are not stored with the VPN profile. High sec
prompted for the Key Store password when access to the private key is required. This may happen frequently, even if the
password. Private keys are not stored with the VPN profile. If you do not set this rule, a default value of "Low security" will
Contains IT Policies for the BlackBerry Visual Voice Mail client.

Specify whether to prevent the BlackBerry device user from using Visual Voice Mail (VVM) functionality on the BlackBerry
Yes to hide VVM functionality on the BlackBerry device. Note: Check that the carrier does not have the Visual Voice Mail s
subscriber as it may prevent the user from receiving regular voice mail notifications. If you do not set this rule, a default val
Specify whether to allow the Visual Voice Mail (VVM) user to save or forward their voice mail messages. If you do not set t
Specify whether to require a password for TUI (Telephone User Interface). If you do not set this rule, a default value of No
Specify the minimum length of the password. To use this rule, you must turn on the Password Required IT policy rule. The
rule is 0 through 16 digits. If you do not set this rule, a default value of 4 will be used. This rule applies only to Java-based
and higher.
Contains IT policy rules that apply to Voice over IP (VoIP) calls.

Specify whether a BlackBerry device that supports implementation on a Wi-Fi network can make VoIP calls. If you do not s
Specify whether users can change all VoIP/SIP settings on a BlackBerry device that supports implementation on a Wi-Fi n
permit users to change the user-specific VoIP/SIP rules only. If you do not set this rule, a default value of Yes will be used.
Type the domain or host name that shares authentication for the SIP proxy server used by a BlackBerry device that suppo
network. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the SIP user ID that a Wi-Fi enabled BlackBerry device uses to connect to the SIP proxy server. Note: The user can
device. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the SIP user password that a Wi-Fi enabled BlackBerry device uses to connect to the SIP proxy server. Note: The us
BlackBerry device. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the type of SIP proxy server. Set this rule to 1 to accept the default generic SIP server setting. If you do not set this
SIP" will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the name of the SIP proxy server either in dotted format (for example, 10.0.0.1) or FQDN format. This rule applies on
Type the port number on the SIP proxy server that the BlackBerry device uses to make network connections. The valid ran
through 65536. If you do not set this rule, a default value of 5060 will be used. This rule applies only to Java-based BlackB
higher.
This rule is obsolete as of BlackBerry Enterprise Server version 4.0.6. Type the emergency number used on your network.
this rule is 0 through 999999999. If you do not set this rule, a default value of 911 will be used. This rule applies only to Jav
version 4.0.0 through 4.0.1.
User display name used when sending the user's SIP Address. This rule applies only to Java-based BlackBerry devices ve
Specifies the Domain for which the user ID is valid. This rule applies only to Java-based BlackBerry devices version 4.0.0 a
Specifies the SIP Transport protocol (UDP or TCP) on your network. If you do not set this rule, a default value of "UDP" wi
to Java-based BlackBerry devices version 4.0.0 and higher.
Specifies the SIP Registration Timeout in minutes. The valid range for the value of this rule is 1 through 65535 minutes. If
value of 25 will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specifies the RTP Media Port. The valid range for the value of this rule is 1 through 65535. If you do not set this rule, a def
Specifies Local SIP Port. The valid range for the value of this rule is 1 through 65535. If you do not set this rule, a default v
Specifies ID used to authenticate with the SIP registrar or proxy server. This rule applies only to Java-based BlackBerry de
Specifies the emergency number used on your network. If you do not set this rule, a default value of "911" will be used. Th
Specifies whether the call hold feature is enabled on the BlackBerry device. If you do not set this rule, a default value of Ye
Specifies whether the ability to perform an unattended call transfer is enabled on the BlackBerry device. If you do not set th
Specifies whether the ability to perform an attended call transfer is enabled on the BlackBerry device. If you do not set this
Set to Yes to prevent the BlackBerry device user from creating new VoIP profiles on the BlackBerry device. If you do not s
Contains IT policy rules that apply to WTLS.

Specify whether the BlackBerry device permits the use of weak ciphers during WTLS connections. If you do not set this ru
on BlackBerry device" will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether the BlackBerry device permits the use of connections to untrusted servers during WTLS connections. If yo
value of "Prompt user on BlackBerry device" will be used. This rule applies only to Java-based BlackBerry devices version
Specify the minimum RSA key size, in bits, that the BlackBerry device permits for use in WTLS connections. The valid rang
higher.
Specify the minimum DH key size, in bits, that the BlackBerry device permits for use in WTLS connections. The valid range
higher.
Specify the minimum ECC key size, in bits, that the BlackBerry device permits for use in WTLS connections. The valid ran
through 571 bits. If you do not set this rule, a default value of 160 will be used. This rule applies only to Java-based BlackB
higher.
Specify whether the BlackBerry device permits the use of connections to servers with invalid certificates during WTLS conn
rule, a default value of "Prompt user on BlackBerry device" will be used. This rule applies only to Java-based BlackBerry d
Specify whether the BlackBerry device can use an algorithm with WTLS that is not FIPS-compliant. Warning: If the FIPS L
default, the BlackBerry device ignores this IT policy rule and uses only algorithms that are FIPS-compliant. If you do not se
Contains IT policy rules that apply to Wi-Fi support on the BlackBerry device.
Specify whether to enable users to change all Wi-Fi policy rules on the BlackBerry device. Set to No to permit users to cha
rules on the BlackBerry device. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java
Specifies the type of security required for Wi-Fi network access. (Open, WEP, PSK, EAP-PEAP, EAP-LEAP, EAP-TLS). If
value of "Open Wi-Fi security" will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and high
Type the network name of the Wi-Fi network and its access points. This rule applies only to Java-based BlackBerry device
Type the Default WEP Key ID. Note: The WEP Key ID must match the desired WEP access point ID and the correspondin
the value of this rule is 1 through 4. If you do not set this rule, a default value of 1 will be used. This rule applies only to Jav
Type the password for WEP key 1 using the format xx:xx:xx:xx:xx. Allowable values are either 5 or 13 pairs of hexadecima
by a colon. For example, "AB:CD:EF:01:23" or "AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23" are acceptable values. This ru
Type the pre-shared key. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the user name for EAP-PEAP or EAP-LEAP security access on the BlackBerry device. This rule applies only to Java
Type the user password for EAP-PEAP or EAP-LEAP security access on the BlackBerry device. This rule applies only to J
Specify whether Dynamic Host Configuration Protocol (DHCP) is used for dynamic network configuration. Note: If you are
network, RIM recommends turning on DHCP to enable roaming between subnets. If you do not set this rule, a default valu
Type the IP address in IP address format (for example,10.0.0.1) for use if Dynamic Host Configuration Protocol (DHCP) is
device (in other words, if the Wi-Fi DHCP Configuration rule is set to No). Warning: If the Wi-Fi DHCP Configuration rule is
Yes. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the subnet mask in dotted format (for example, 10.0.0.1) for use if Dynamic Host Configuration Protocol (DHCP) is tu
Warning: Do not apply this rule if the DHCP is enabled. This rule applies only to Java-based BlackBerry devices version 4.
Type the primary DNS in IP address format (for example, 10.0.0.1) if the DHCP is disabled. Do not apply this rule if the DH
Type the secondary DNS in dotted format (for example, 10.0.0.1) if the DHCP is disabled. Do not apply this rule if the DHC
Type the default gateway in IP address format (for example, 10.0.0.1) if the DHCP is disabled. Do not apply this rule if the
Specify the minimum security level for private keys used by EAP methods employing client certificates (for example, EAP-T
prompts the user for the key store password once to retrieve the private key for encrypting messages. Device stores the un
Wi-Fi profile. Medium security: Device prompts the user for the key store password only once to retrieve the private key for
subsequently only after a device reset. Device caches the private key in memory but does not store it with the Wi-Fi profile
prompts the user for the key store password when accessing the private key for encrypting messages. Device does not sto
with the Wi-Fi profile. If you do not set this rule, a default value of "Low security" will be used. This rule applies only to Java
Set to Yes to enable handheld users to use the HTTP browser. Please note that this policy has been made obsolete on the
named "Allow Hotspot Browser" instead. If you do not set this rule, a default value of No will be used. This rule applies only
devices version 4.0.0 through 4.6.0.
Set to Yes to disable use of Wi-Fi on the device. If you do not set this rule, a default value of No will be used. This rule app
Set to Yes to mask the password that the BlackBerry device user types. Set to No to allow the BlackBerry device to display
BlackBerry device user types. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.2.1 and higher.
Set to Yes to disable use of WAN-only mode in the GAN selection modes of the BlackBerry device. If you do not set this ru
Set to Yes to disable use of WAN-preferred mode in the GAN selection modes of the BlackBerry device. If you do not set t
Set to Yes to disable use of GAN-only mode in the GAN selection modes of the BlackBerry device. If you do not set this ru
Set to Yes to disable use of GAN-preferred mode in the GAN selection modes of the BlackBerry device. If you do not set th
Set to Yes to disable changing the GAN selection mode on the BlackBerry device. If you do not set this rule, a default valu
Set to Yes to disable the prompt for re-entry of Wi-Fi credentials on the BlackBerry device after an authentication failure. If
Set to Yes to prevent the BlackBerry device user from creating new Wi-Fi profiles on the BlackBerry device. If you do not s
Specify the Wi-Fi signal quality threshold for roving from GAN to WAN. If the Wi-Fi signal quality drops below this threshold
BlackBerry device attempts to handover or rove to the WAN, if an acceptable cell is available. If this rule is not specified, th
suitable value (possibly specified by the carrier). Possible values are:
Low: use GAN mode unless the Wi-Fi signal quality is very low.
Medium: use GAN mode if Wi-Fi signal quality is high or medium.
High: use GAN mode only if Wi-Fi signal quality is high.
Specify the signal strength threshold for rove-in from WAN to GAN. In WAN-preferred mode, if the signal strength of the se
then the device will use the GAN cell, if one is available. This value is specified in RXLEV units, described in 3GPP 5.08 8.
63 means -48 dBm. If this rule is not specified, the device chooses a suitable value (possibly specified by the carrier). The
rule is 0 through 63 RXLEV. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify the signal quality threshold for handover from WAN to GAN. In WAN-preferred mode, if the signal quality drops be
attempt a handover to a GAN, if possible. The signal quality is related to bit error rate and is described in 3GPP 5.08 8.2.4
means worst quality. If this rule is not specified, the device chooses a suitable value (possibly specified by the carrier). The
rule is 0 through 7. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to disable direct access to the BlackBerry Enterprise Server from Wi-Fi networks using a direct BlackBerry Rou
direct access to the BlackBerry Enterprise Server from Wi-Fi networks. The default value is carrier-dependent; some carrie
the BlackBerry Enterprise Server by default. Note, in order to disable Wi-Fi access to the BlackBerry Enterprise Server usi
the "BlackBerry Infrastructure Wi-Fi Access Mode" IT policy or Wi-Fi configuration setting. By using these settings together
Fi access to the BlackBerry Enterprise Server and/or BlackBerry Internet Service. This rule applies only to Java-based Bla
higher.
Specify whether to allow forwarding of Wi-Fi profiles that a user creates. Depending on the mode, the user can forward a W
devices using one the following options: Email message, PIN message (if allowed by the IT policy), SMS (if allowed by the
message (if allowed by the IT policy). Note that forwarding of Wi-Fi profiles that are pushed using an IT policy is not allowe
can set the profile forwarding mode to one of the following options:
Enabled: Wi-Fi profile forwarding is allowed and the user is not required to specify a forwarding password.
Enabled with password: Wi-Fi profile forwarding is allowed, but the user is required to specify a forwarding password.
Disabled: Wi-Fi profile forwarding is not allowed.
If you do not set this rule, a default value of "Enabled" will be used. This rule applies only to Java-based BlackBerry device
Specify whether BlackBerry device can use the BlackBerry Infrastructure over a Wi-Fi network to access the BlackBerry En
Internet Service. You can set the mode to one of the following:
Access does not require VPN: Wi-Fi access to the BlackBerry Infrastructure can bypass an active VPN connection on the
Access requires VPN: Wi-Fi access to the BlackBerry Infrastructure requires an active VPN connection, either due to the s
Access disabled: Wi-Fi access to the BlackBerry Infrastructure is disabled.
Note that you can override this setting by the related Wi-Fi configuration setting called Wi-Fi BlackBerry Infrastructure Wi-F
configuration setting allows you to configure an access mode in regards to VPN depending on a particular corporate Wi-Fi
policy rule can configure the access mode for other non-corporate Wi-Fi networks. Note, however, that you can turn off Wi
Infrastructure only using the IT policy rule and you cannot override the IT policy rule using a Wi-Fi configuration settting. No
field is to allow a Wi-Fi connection to the BlackBerry Infrastructure to bypass an active VPN connection. If you do not set th
does
Specifynotarequire VPN" will belist
comma-separated used. This SSIDs
of Wi-Fi rule applies
whichonly to Java-based
should be blocked BlackBerry
from usage.devices version
If specified, 5.0.0 and
handheld will higher.
never be a
given SSIDs. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Contains IT policy rules that apply to Wired Software Updates.

Specify whether to allow a user to update the BlackBerry Device Software using the web-based software loading feature. S
user from using the web-based software loading feature to update the BlackBerry Device Software. If you do not set this ru
Specify whether to turn off the ability of the BlackBerry device to back up cryptographic services data when a user updates
If you allow a BlackBerry device to back up cryptographic services data, the BlackBerry device can continue to use the cry
update process completes without requiring the user to reactivate the BlackBerry device. If you do not set this rule, a defau
Contains IT policy rules that apply to the wireless software upgrade process for upgrading BlackBerry Device Sof
Specify whether to prevent the wireless software upgrade application on the BlackBerry device from downloading software
WAN connection. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackB
higher.
roaming WAN connection. If you do not set this rule, a default value of No will be used. This rule applies only to Java-base
4.5.0 and higher.
international WAN connection. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.5.0 and higher.
Fi connection. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry
higher.
Default value
No
No
No
None
None
No
No
No
24
168
No
No
No
No
No
No
No
No
100%
No
No
Numeric
No
No
No
No
No
No
No
No
Always
No
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
Blackberry Browser
No
Yes
No
No
No
Yes
No
No
Yes
Allow
No
No
Yes
Yes
MS-Enterprise
80
RSA
1024
User Name \|Device PIN
No
Yes
Yes
No Restrictions
-1
Yes
BES
No
No
No
No
No
Prompt
Yes
No
10
Yes
Yes
No
No
No
No
Yes
No
Yes
Yes
Yes
Yes
no limit
Yes
Yes
No
No
Yes
No
No
No
Downloads
No
No
Yes
Yes
60
Yes
No restriction
Yes
Yes
No
No
No
Yes
-1
-1
5242880
3145728
No
No
-1
10240
No
Automatic Allowed
No
No
No
No
No
No
No
No
Only when unlocked

No
Yes
Yes
No
No
No
4096
No
No
No
Yes
No
No
Your Location is now being

tracked at the server
15
Yes
No
Yes
No
Yes
No
16
No
60
No
No
No
1024
No
No
AES (256-bit) \| AES (192-bit) \|

AES (128-bit) \| CAST (128-bit) \|
Triple DES
1024
1024
Email-based enrolment
24
Automatic
Both
Manual
No
No
No
No
No
No
Yes
Yes
No
Yes
Yes
10
0
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
1024
1024
163
No
No
No
AES (256-bit) \| AES (192-bit) \|

AES (128-bit) \| CAST (128-bit) \|
RC2 (128-bit) \| Triple DES
1024
Automatic
Both
Manual
No
No
No
No
No
No
No
No
No
No
No
7
No
No
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
Radio not disabled when USB
device is connected
No
FIPS 140-2 Level 1 compliance
No
No
No
No
Low security
Low security
All databases
No
No
No
No
No
No
Allowed
No
No
No
Not Required
No
No
No
No
Disabled
Disabled
No
No
No
No
Yes
No
No
-1
No
No
No
Smart Card \| Fingerprint \|

Smart Card & Fingerprint \|
Proximity \| Other
No
No
Allowed
No
Yes
No
No
Allowed
Allowed
Allowed
No
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Disabled
Yes
Yes
Prompt user on Blackberry
device
device
512
512
160

device
No
512
No
Disable
Prompt user on BlackBerry

device
No
No
Yes
Yes
No
Group 7
Group 7
AES128
SHA1 160bits
Yes
SHA1 Hash and AES128 Cipher
Yes
1
No
No
No
Low security
No
Yes
No
Yes
Yes
Generic SIP
5060
911
UDP
25
51100
5060
911
Yes
Yes
Yes
No

device
device
512
512
160

device
No
Yes
Open Wi-Fi security
1
Yes
Low security
No
No
No
No
No
No
No
No
No
No
Enabled
Access does not require VPN
No
Yes
No
No
No
No
Category Header
Added in BES 4.1.7
Added in BES 5.0.1
Added in BES 5.0.2

BES - Policy - BB Version 5 0 2 Rohversion

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

BES - Policy - BB Version 5 0 2 Rohversion

Загружено:

Авторское право:

Доступные форматы

Name

Disable Carrier Directory

BlackBerry App World

Application Restriction Rule

Application Restriction List

Category Restriction Rule

Category Restriction List

Disable Application Purchasing

Enable Wireless Service Provider

Messenger Audit Email Address

Messenger Audit UID

Messenger Audit Report Interval

Messenger Audit Max Report Interval

Disallow Forwarding Of Contacts

Disable Location Requests,

Disable Server Based Contact List

Disable Check For Updates

Enforce Security Question In

Disallow Setting A Subject On

Disable BlackBerry Messenger

BlackBerry Smart Card Reader

Maximum BlackBerry Disconnected

Maximum BlackBerry Bluetooth

Maximum Smart Card Not Present

Maximum Number of BlackBerry

Maximum Bluetooth Range

Maximum PC Disconnected Timeout

Maximum PC Long Term Timeout

Maximum PC Bluetooth Traffic

Maximum Number of PC Pairings

Force Erase All Keys on BlackBerry

Maximum Bluetooth Encryption Key

Force Erase Key On PC Standby

Disable Auto Reconnect To

Minimum PIN Entry Mode

Disable Download Manager

Disable Headset Profile

Disable Serial Port Profile

Disable Discoverable Mode

Allow Outgoing Calls

Disable Address Book Transfer

Disable Desktop Connectivity

Disable Wireless Bypass

Require Password for Enabling

Require Password for Discoverable

Disable File Transfer

Require LED Connection Indicator

Disable Dial-Up Networking

Force CHAP Authentication on

Disable Advanced Audio Distribution

Disable Audio/Video Remote Control

Minimum Encryption Key Length

Limit Discoverable Time

Disable SIM Access Profile

Disable Java Script in Browser

Allow IBS Browser

MDS Browser JavaScript Enabled

MDS Browser Style Sheets Enabled

MDS Browser HTML Tables Enabled

MDS Browser BSM Enabled

Download Images URL

MDS Browser Domains

Allow Application Download Services