Академический Документы
Профессиональный Документы
Культура Документы
Application Center
Disable Application Center
BlackBerry Messenger
Disable BlackBerry Messenger
BlackBerry Unite!
Disable Unite! Applications
Bluetooth
Disable Bluetooth
Disable Pairing
Require Encryption
Browser
MDS Browser Title
Camera
Disable Photo Camera
Certificate Synchronisation
Random Source URL
User Can Disable Automatic RNG
Initialization
RSA Jurisdiction ID
Key Algorithm
Key Length
Chalk Pushcast
Allow Launch of Chalk Pushcast
Player
Common
Lock Owner Info
IT Policy Notification
Confirm On Send
Set Owner Info
Disable MMS
Desktop
Desktop Password Cache Timeout
Desktop Only
Message Prompt
Auto Signature
Device Only
Password Required
Allow SMS
Documents To Go
Disable Documents To Go
Hide Documents To Go
Communication Menus
Email Messaging
Enable Wireless Message
Reconciliation
Attachment Viewing
Prepend Disclaimer
External Display
Display Notification Details
Include Message Text In Notification
Details
Firewall
Restrict Incoming Cellular Calls
Global
Allow Phone
Allow Browser
Instant Messaging
Disallow File Transfer Types
Disable Emoticons
Memory Cleaner
Memory Cleaner Maximum Idle Time
On-Device Help
On-Device Help Links
PGP Application
PGP Minimum Strong DH Key
Length
PGP Force Digital Signature
PIM Synchronization
Disable All Wireless Synchronization
Password
Set Password Timeout
Forbidden Passwords
Phone
Outgoing Call Redirection
Secure Email
Disable Certificate Address Checks
Canonical Certificate Domain Name
Security
Lock on Smart Card Removal
Disable Cut/Copy/Paste
Disable Radio When Cradled
FIPS Level
Disable IP Modem
Disable GPS
Login Disclaimer
Service Exclusivity
Allow Other Message Services
Smart Dialing
Enable Smart Dialing Policy
TCP
TCP APN
TCP Username
TCP Password
TLS Application
TLS Disable Weak Ciphers
User Feedback
Allow User Feedback
VPN
Enable VPN
VPN PFS
Require password
Password Complexity
VoIP
Allow VoIP
SIP Realm
SIP User ID
SIP Authentication ID
WTLS Application
WTLS Disable Weak Ciphers
Wi-Fi
Wi-Fi Allow Handheld Changes
Wi-Fi SSID
Wi-Fi IP Address
Disable Wi-Fi
Type a comma-separated list of application IDs of applications that are available on the BlackBerry App World storefront a
to BlackBerry device users. You must configure the Application Restriction Rule IT policy rule to indicate whether you want
that you specify in this rule to users. To find the application ID for an application, in http://appworld.blackberry.com/websto
application. The application ID is the number that is located at the end of the URL for the application.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify guidelines that a BlackBerry device can use to permit or prevent a user from purchasing and downloading categor
available on the BlackBerry App World storefront. If you set the value of this rule to None, the user can purchase or downlo
category. If you set the value of this rule to Allow, the user can only purchase or download applications that are included in
the Category Restriction List IT policy rule. If you set the value of this rule to Deny, the user cannot purchase or download
the categories that you specify in the Category Restriction List IT policy rule.
If you do not set this rule, a default value of "None" will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Type a comma-separated list of category IDs of application categories that are available on the BlackBerry App World stor
or deny to BlackBerry device users. You must configure the Category Restriction Rule IT policy rule to indicate whether yo
application categories that you specify in this rule to users. To find the category ID for a category, in http://appworld.blackb
application category name. The category ID is the number that is located at the end of the URL for the application category
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specifies whether a BlackBerry device user can purchase new applications from the BlackBerry App World storefront. To p
applications from BlackBerry App World, set the value of this rule to No. To prevent a user from purchasing applications fro
value of this rule to Yes.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specifies whether a BlackBerry device user can purchase applications from the BlackBerry App World storefront using the
organization's wireless service provider. To permit a user to purchase applications from BlackBerry App World using the w
purchasing plan, set this rule to Yes. To prevent a user from purchasing applications from BlackBerry App World using the
purchasing plan, set this rule to No.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Contains IT policy rules that apply to the BlackBerry Smart Card Reader.
Specify the maximum heartbeat period, in seconds. Each heartbeat period, the paired BlackBerry device or computer send
BlackBerry Smart Card Reader acknowledges. If either side fails to send or acknowledge a heartbeat in the maximum hea
device or computer closes the Bluetooth connection. Note: When the connection closes, the disconnected timer starts if yo
on the BlackBerry device or computer. The BlackBerry device or computer clears the secure pairing keys when the discon
policy rule to prevent an attacker from using a low-level Bluetooth heartbeat to keep the Bluetooth connection open betwee
computer, and the BlackBerry Smart Card Reader and the secure pairing keys present, for an extended period after the co
you set this IT policy rule, the user cannot disable the heartbeat, but can decrease the Connection Heartbeat Period field v
BlackBerry device or computer. If you do not set this IT policy rule, the user can choose any period or set the Connection H
None on the BlackBerry device or computer to disable the heartbeat period. Note: If you set this IT policy rule to a low hea
Specify the maximum time, in seconds, after the BlackBerry device and the BlackBerry Smart Card Reader close the Bluet
that the disconnected timeout fires. If you set this IT policy rule, the user cannot disable the timeout, but can decrease the
on the BlackBerry device. If you do not set this IT policy rule, the user can choose any disconnected timeout value or set th
value to None on the BlackBerry device to disable this feature. Note: You can use the Force Erase All Keys on BlackBerry
rule to specify whether the secure pairing keys for the current BlackBerry device and computer connections to the BlackBe
cleared when the disconnected timeout fires. The valid range for the value of this rule is 0 through 604800 seconds. This r
BlackBerry devices version 4.0.0 and higher.
Specify the maximum time, in hours, after the BlackBerry device and the BlackBerry Smart Card Reader establish the secu
them, that the BlackBerry device and the BlackBerry Smart Card Reader remove their secure pairing information. If you se
cannot disable the timeout, but can decrease the Long Term Timeout field value from that value on the BlackBerry device.
rule, the user can choose any disconnected timeout value or set the Long Term Timeout field value to None on the BlackB
Related IT policy rule: Maximum BlackBerry Bluetooth Traffic Inactivity Timeout. The valid range for the value of this rule is
applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the maximum time, in minutes, of secure Bluetooth traffic inactivity permitted between the BlackBerry Smart Card R
before the secure pairing information is removed from the BlackBerry device and the BlackBerry Smart Card Reader. Note
other than the connection heartbeat sent or received by the BlackBerry device and the BlackBerry Smart Card Reader. If y
cannot disable the inactivity timeout, but can decrease the Inactivity Timeout field value from that value on the BlackBerry
policy rule, the user can choose any inactivity timeout value or set the Inactivity Timeout field value to None on the BlackB
The valid range for the value of this rule is 1 through 10080 minutes. This rule applies only to Java-based BlackBerry devic
Specify the maximum time, in seconds, after the user removes the smart card from the BlackBerry Smart Card Reader tha
removed from the BlackBerry device and the BlackBerry Smart Card Reader. If you set this IT policy rule, the user cannot
timeout, but can decrease the Card Not Present Timeout field value from that value on the BlackBerry device. If you do no
can choose any smart card not present timeout value or set the Card Not Present Timeout field value to None on the Black
feature. The valid range for the value of this rule is 0 through 86400 seconds. This rule applies only to Java-based BlackBe
higher.
Specify the maximum number of transactions (smart card-related operations) that the BlackBerry device and the BlackBerr
and receive before the secure pairing information is removed from the BlackBerry device. If you set this IT policy rule, the u
pairing wipe, but can decrease the Number of Transactions field value from that value on the BlackBerry device. If you do
can choose any number of BlackBerry transactions or set the Number of Transactions field value to None on the BlackBer
The valid range for the value of this rule is 100 through 10000 transactions. This rule applies only to Java-based BlackBerr
higher.
Specify the maximum power range, as a value between 30% (the shortest range) and 100% (the longest range), that the B
uses to send Bluetooth packets. A longer range enables the BlackBerry device or the computer to communicate with the B
over a greater distance. If you do not set this rule, a default value of "100%" will be used. This rule applies only to Java-ba
4.0.0 and higher.
Specify the maximum time, in seconds, after the computer and the BlackBerry Smart Card Reader close the Bluetooth con
secure pairing information for that dropped connection is removed from the computer and the BlackBerry Smart Card Read
the user cannot disable the PC disconnected timeout, but can decrease the Disconnected Timeout field value in the BlackB
on the computer. If you do not set this IT policy rule, the user can choose any maximum PC disconnected timeout or set th
value to None in the BlackBerry Smart Card Reader Options on the computer to disable this feature. This rule applies to B
Version 1.5 or later only. The valid range for the value of this rule is 0 through 604800 seconds.
Specify the maximum time, in hours, after the computer and the BlackBerry Smart Card Reader establish the secure pairin
the computer and the BlackBerry Smart Card Reader remove their secure pairing information. If you set this IT policy rule,
timeout, but can decrease the Long Term Timeout field value from that value in the BlackBerry Smart Card Reader Option
set this IT policy rule, the user can choose any disconnected timeout value or set the Long Term Timeout field value to No
Reader Options on the computer to disable this feature. Related IT policy rule: Maximum PC Inactivity Timeout. This rule a
Reader Version 1.5 or later only. The valid range for the value of this rule is 1 through 720 hours.
Specify the maximum time, in minutes, of secure Bluetooth traffic inactivity permitted between the BlackBerry Smart Card R
the secure pairing information is removed from the computer and the BlackBerry Smart Card Reader. Note: Activity is any
connection heartbeat sent or received by the BlackBerry device and the BlackBerry Smart Card Reader. If you set this IT p
the inactivity timeout, but can decrease the Inactivity Timeout field value from that value in the BlackBerry Smart Card Rea
you do not set this IT policy rule, the user can choose any inactivity timeout value or set the Inactivity Timeout field value to
Card Reader Options on the computer to disable this feature. This rule applies to BlackBerry Smart Card Reader Version 1
for the value of this rule is 1 through 10080 minutes.
Specify the maximum number of transactions (smart cardrelated operations) that the computer and the BlackBerry Smart C
receive between them before the secure pairing information is removed from the computer and the BlackBerry Smart Card
any request and response set of packets other than a connection heartbeat. If you set this IT policy rule, the user cannot c
transactions, but can decrease the Number of Transactions field value from that value in the BlackBerry Smart Card Read
do not set this IT policy rule, the user can choose any number of PC transactions or set the Number of Transactions field v
Smart Card Reader Options on the computer to disable this feature. This rule applies to BlackBerry Smart Card Reader 1.5
the value of this rule is 100 through 10000 transactions.
Specify the maximum number of computers that can pair with the BlackBerry Smart Card Reader. If you set this IT policy r
with the BlackBerry Smart Card Reader, the BlackBerry Smart Card Reader disconnects and removes the pairings of the l
exceed the maximum number permitted. This rule applies to BlackBerry Smart Card Reader 1.5 or later only. The valid ran
through 65535.
Specify whether the connected BlackBerry device removes its secure pairing key and drops its connection to the BlackBer
BlackBerry Smart Card Reader removes all secure pairing keys and drops all connections to connected computers when t
timeout fires. The user can set this feature on the BlackBerry device. If you set this IT policy rule to Yes, the user cannot d
BlackBerry device. This rule applies to BlackBerry Smart Card Reader Version 1.5 and later only. If you do not set this rule
used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify a period, in hours, after which the BlackBerry Smart Card Reader regenerates the Bluetooth encryption key if the B
connected to the BlackBerry Smart Card Reader when the period expires. If the BlackBerry device or computer is not conn
Card Reader when the period expires, the BlackBerry Smart Card Reader regenerates the key when the BlackBerry device
BlackBerry Smart Card Reader. The valid range for the value of this rule is 1 through 720 hours. This rule applies only to J
version 4.0.0 and higher.
Specify whether the computer remove its secure pairing key and drops the connection to the BlackBerry Smart Card Read
standby mode. The user can set this feature on the computer. If you set this IT policy rule to Yes, the user cannot disable t
you do not set this rule, a default value of No will be used.
Prevent automatic reconnections to the BlackBerry Smart Card Reader from previously connected BlackBerry devices and
Auto Reconnect On BlackBerry option to prevent the BlackBerry device from reconnecting automatically to the BlackBerry
Disable Auto Reconnect On PC option to prevent the computer from reconnecting automatically to the BlackBerry Smart C
reconnections from the BlackBerry device is designed to increase the life of the BlackBerry device. This rule applies only to
version 4.0.0 and higher.
Specify the minimum PIN entry mode required when pairing the BlackBerry Smart Card Reader with a BlackBerry device o
Secure Pairing PINs enforce this mode. If you do not set this rule, a default value of "Numeric" will be used. This rule appli
devices version 5.0.0 and higher.
Specify whether a Bluetooth enabled BlackBerry device can use the Bluetooth Audio/Video Remote Control Profile (AVRC
audio & video via Bluetooth. If you do not set this rule, a default value of No will be used. This rule applies only to Java-bas
4.2.2 and higher.
Specify the minimum encryption key length (in bytes) that the BlackBerry device uses to encrypt Bluetooth connections. Th
rule is 1 through 16 bytes. If you do not set this rule, a default value of 1 will be used. This rule applies only to Java-based
and higher.
Specify whether the BlackBerry device user can set the Bluetooth discoverable mode option to have no time limit. Set this
set the Bluetooth discoverable mode option to have a time limit of 2 minutes or to turn off Bluetooth discoverable mode. Th
policy rule only if the Disable Discovery Mode IT policy rule is set to No. If you do not set this rule, a default value of No wil
Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether to prevent a Bluetooth enabled BlackBerry device from using SIM Access Profile (SAP). Some car kits req
when the car kit initiates dialing. If you do not set this rule, a default value of No will be used. This rule applies only to Java
version 4.6.0 and higher.
This rule specifies whether a Bluetooth device can retrieve email and SMS messages from a BlackBerry device. By defaul
retrieve email and SMS messages from a BlackBerry device. If you change the value to Yes, a Bluetooth enabled device c
messages from a BlackBerry device.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Contains the IT policy rules that are used to create a certificate authority profile for wireless certificate requests.
Specify the friendly name for the certificate authority profile. Note: This IT policy rule is required for the feature to work corr
limited to 32 characters. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify whether the certification authority profile begins enrollment automatically. In most cases, setting this IT policy rule t
interaction. However, if the certification authority type is Microsoft Enterprise the user will be prompted for his/her NTLM cr
enrollment.
If you do not set this rule, a default value of Yes will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the type of certificate authority. If you do not set this rule, a default value of "MS-Enterprise" will be used. This rule
BlackBerry devices version 5.0.0 and higher.
Specify the host of the certificate authority for the profile including the protocol (i.e. http://). Note: This IT policy rule is requ
correctly. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the port of the certificate authority for the profile. The valid range for the value of this rule is 0 through 65535. If you
value of 80 will be used. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the unique certificate authority certificate ID that is associated with the RSA certificate authority. This value maps t
provided by the administrator of the RSA certificate authority. Note: This IT policy rule is required if the certificate authority
ignored. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the unique domain ID that is associated with the RSA certificate authority. This value maps to the jurisdiction ID pr
RSA certificate authority . Note: This IT policy rule is required if the certificate authority type is RSA; otherwise, it is ignored
based BlackBerry devices version 5.0.0 and higher.
Specify a certificate template for the Microsoft enterprise certificate authority. Note: This IT policy rule applies if the certifica
Enterprise; otherwise, it is ignored. If you do not set this rule, a default value of "User" will be used. This rule applies only to
version 5.0.0 and higher.
Specify the algorithm that the BlackBerry device should use to generate the key. If you do not set this rule, a default value
applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the length of the key that the BlackBerry device generates. Note: If RSA has been chosen as the key algorithm, th
multiple of 64. If DSA has been chosen as the key algorithm, then the key length must be one of 512, 768 and 1024. If an
entered, the device will choose the next strongest key length and proceed with the key generation. The valid range for the
16384 bits. If you do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry
Specify a time, in hours, that the enrollment can be delayed. New enrollments are throttled over this time period to reduce
policy rule is also used as the enrollment retry time if there is an error during enrollment. Note: If a value of 0 is chosen the
enrollment retry time will default to 1 hour. This is not recommended if you have a large number of users. The valid range f
through 24 hours. If you do not set this rule, a default value of 1 will be used. This rule applies only to Java-based BlackBe
higher.
Specify the length of time before a certificate expires that the BlackBerry device should start generating a new certificate re
certificate. The valid range for the value of this rule is 1 through 30 days. If you do not set this rule, a default value of 7 will
Java-based BlackBerry devices version 5.0.0 and higher.
Specify the components should appear in the common name of distinguished name of the certificate. The Local Email Add
username of the email address only, and does not include the '@' or the domain information. Note: If the certificate authori
uses a template which builds the subject name from Active Directory, then this IT policy rule is ignored. In this case, the co
Directory are used (NTLM credentials). If you do not set this rule, a default value of "User Name | Device PIN" will be used
based BlackBerry devices version 5.0.0 and higher.
Specify whether to prevent the user from exporting private keys associated with the CA profile using the Backup and Resto
tool. If set to Yes, users can only restore the private key to the same Blackberry device because the private key is encrypte
to the BlackBerry device. If Disable Key Store Backup is set to Yes, then private keys are not backed up. If you do not set
be used. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify a custom certificate template for the Microsoft Enterprise certificate authority. The value entered here must be the
configured on the Microsoft Enterprise certificate authority. If this value is populated, then the Microsoft Certificate Authorit
rule is ignored. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the other components that should appear in the distinguished name of the certificate in a comma-delimited list (for
O=Organization, OU=Organizational Unit). Note: If the certificate authority type is Microsoft Enterprise and uses a template
from Active Directory, then this IT policy rule is ignored. In this case, the components defined in the Active Directory are us
C: Country
L: Locality
O: Organization
OU: Organizational unit
ST: state or province
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify whether a user of the Chalk Pushcast Player on a BlackBerry device can receive content from the Chalk Pushcast
Fi.
If you do not set this rule, a default value of "No Restrictions" will be used.
Specify the data limit (in MBs) that can be used to download content over the mobile network connection in a calendar mo
To allow unlimited data usage, set the value to -1.
To not allow any data usage, set the value to 0.
The valid range for the value of this rule is -1 through 1048576 megabytes.
If you do not set this rule, a default value of -1 will be used.
Specify if the Chalk Pushcast Player should enable the auto update prompt when a new version of the player is available.
To notify the user when an update is available, set the rule to Yes.
To not notify the user when an update is available, set the rule to No.
If you do not set this rule, a default value of Yes will be used.
Specify the URL of the Chalk Pushcast Software server host that the Chalk Pushcast Player will communicate with by defa
Specify the default connection type that the Chalk Pushcast Player is to attempt communication on first.
If you do not set this rule, a default value of "BES" will be used.
Contains IT policy rules that apply to BlackBerry device owner information and the Multimedia Messaging Service
Specify whether users can change specified fields in the Owner options screen of the BlackBerry device.
1: Lock Information text
2: Lock Name text
3: Lock both Name and Information text.
Note: You can use this rule to lock the text defined in the Set Owner Info and Set Owner Name rules. If you set this rule, th
only if you change the values of those rules and the BlackBerry device receives the IT policy again, or if you send a Set Ow
command to the BlackBerry device. This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/
2.7.0 and higher.
Specify if warnings of IT policy changes are displayed to the BlackBerry device user. If you do not set this rule, a default va
applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and hig
Type the message that prompts BlackBerry device users to confirm before sending an email message, PIN message, SMS
Note: If you do not specify a message using this rule, a confirmation dialog does not appear (in other words, the BlackBerr
to confirm before sending a message). This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 8
version 2.7.0 and higher.
Type the owner information that is set on the BlackBerry device. Use the Lock Owner Info rule to prevent the BlackBerry d
information. Warning: This information is overwritten by the Set Owner Information IT Admin command. The length of this s
This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.
Type the owner name that is set on the BlackBerry device. Use the Lock Owner Info rule to prevent the BlackBerry device
Warning: This information is overwritten by the Set Owner Information IT Admin command. The length of this string is limite
applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and hig
Specify whether to prevent the BlackBerry device user from using Multimedia Messaging Service (MMS) functionality on th
policy rule to Yes to hide MMS functionality on the BlackBerry device. Note: To block incoming MMS messages, set the Fir
IT policy rule in the Security policy group. If you do not set this rule, a default value of No will be used. This rule applies on
devices version 4.0.2 and higher.
Specify whether to prevent the BlackBerry device user from using the Voice-Activated Dialing functionality on the BlackBer
rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether to prevent the BlackBerry device user from using Kodiak Instant Calling, or Push to Talk (PTT) functionalit
devices. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devi
Specify whether the voice note recording feature on the BlackBerry device is turned on. Set this rule to Yes to turn off the v
prevent applications on the BlackBerry device from accessing it. If you do not set this rule, a default value of No will be use
based BlackBerry devices version 4.3.0 and higher.
Specify whether a BlackBerry device can turn on data during a phone call. Set to 0 to never allow simultaneous phone and
simultaneous phone and data. Set to 2 to turn on data during a phone call if the phone application is in the background. Th
rule is 0 through 2. This rule applies only to Java-based BlackBerry devices version 4.6.0 and higher.
IT policy rules in the Date and Time IT policy group apply to the date and time on a BlackBerry device, including th
information.
Specify whether a BlackBerry device can update the time zone setting automatically based on the information that it receiv
you do not set this rule, a default value of "Prompt" will be used. This rule applies only to Java-based BlackBerry devices v
Specifies whether a BlackBerry device can synchronize the real-time clock periodically with the wireless network. If you do
of Yes will be used. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Permit a BlackBerry device to update the time zones definitions over the wireless network when a user requests a time zon
this rule to No, the BlackBerry device cannot update time zone definitions over the wireless network. If you do not set this r
used. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the interval (in days) that a BlackBerry device must wait between time zone definitions updates over the wireless n
turns off Automatic Updates. The valid range for the value of this rule is 0 through 365 days. If you do not set this rule, a de
rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify the FQDN of the web server that a BlackBerry device can use to retrieve time zone definitions updates from. This
BlackBerry devices version 5.0.0 and higher.
Specify whether the BlackBerry Desktop Software enables the user to configure and execute desktop add-ins (third-party C
access the BlackBerry device databases during synchronization). This rule does not apply to users running on BlackBerry
GroupWise. If you do not set this rule, a default value of Yes will be used. This rule applies to BlackBerry Desktop Softwar
Specify whether the BlackBerry Desktop Software allows users to switch BlackBerry devices. For users running on BlackB
GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a defau
rule applies to BlackBerry Desktop Software version 3.6.1 and higher.
Specify whether the media manager tool of the BlackBerry Desktop Manager is available. This rule does not apply to users
Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of No will be used. This rule applies to B
version 4.2.0 and higher.
Specify whether the 'Check for updates' link is available on the home screen of the BlackBerry Desktop Manager. If you do
of No will be used. This rule applies to BlackBerry Desktop Software version 4.5.0 and higher.
Specify the destination URL for the 'Check for updates' link on the home screen of the BlackBerry Desktop Manager. The l
512 characters. This rule applies to BlackBerry Desktop Software version 4.5.0 and higher.
Specify whether BlackBerry Media Sync is available. This rule does not apply to users running on BlackBerry Enterprise S
do not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop Software version 4.6.0 and
Specify whether to allow BlackBerry Device Software updates from software servers that are hosted externally. This rule d
BlackBerry Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of No will be used. This rule
Software version 4.7.0 and higher.
Specify whether to allow serial email reconciliation with personal folders. This rule does not apply to users running on Blac
Novell GroupWise. If you do not set this rule, a default value of Yes will be used. This rule applies to BlackBerry Desktop S
Specify whether to require the user to generate encrypted backup files. This rule does not apply to users running on Black
GroupWise. If you do not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop Software
Specify whether to allow BlackBerry Desktop Software to send statistical information to RIM when the device is connected
default value of Yes will be used. This rule applies to BlackBerry Desktop Software version 5.0.0 and higher.
Specifies whether a BlackBerry device user can use the integrated IP modem application in the BlackBerry Desktop Mana
integrated IP modem application, set this rule to Yes. To prevent a user from using the integrated IP modem application, s
this rule to No, the BlackBerry Desktop Manager does not display the integrated IP modem application.
If you do not set this rule, a default value of Yes will be used.
This rule applies to BlackBerry Desktop Software version 5.0.1 and higher.
Specifies whether to force the user to update the application loader tool when an updated version is available and the user
Device Software. If you set this rule to Yes, the BlackBerry Desktop Manager will update the application loader tool if an up
set this rule to No, the BlackBerry Desktop Manager does not check for a later version of the application loader tool.
If you do not set this rule, a default value of Yes will be used.
This rule applies to BlackBerry Desktop Software version 5.0.1 and higher.
Contains IT policy rules that apply to settings that appear in the BlackBerry Desktop Software.
Type a message to prompt the user each time the BlackBerry Desktop Software starts. This rule does not apply to users ru
Server for Novell GroupWise. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry device user has access to the application loader in the BlackBerry Desktop Software. For
Enterprise Server for Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager versio
this rule, a default value of Yes will be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify the number of times a BlackBerry device user can decline when prompted to update the BlackBerry device before
the forced update functionality, set this rule to -1. For users running on BlackBerry Enterprise Server for Novell GroupWise
conjunction with BlackBerry Web Desktop Manager version 1.0 or 1.0.1. The valid range for the value of this rule is -1 thro
this rule, a default value of no limit will be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher
Specify whether message and folder synchronization can occur instead of an import of moves and deletes on the BlackBe
apply to users running on BlackBerry Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of
applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry Desktop Software or the BlackBerry device wins when a conflict occurs during folder recon
software wins. Set this rule to No to force the BlackBerry device to overrule the desktop software if a conflict occurs. This r
running on BlackBerry Enterprise Server for Novell GroupWise. If you do not set this rule, a default value of Yes will be use
Desktop Software version 3.5.0 and higher.
Specify whether the wireless calendar synchronization option (BlackBerry Wireless Synchronization) is available to BlackB
option. This rule does not apply to users running on BlackBerry Enterprise Server for Novell GroupWise. If you do not set t
be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the option to automatically backup data and encryption keys on the BlackBerry device is turned on. Set th
in the backup and restore settings of the BlackBerry Desktop Software. For users running on BlackBerry Enterprise Server
only applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a default value of No will be
BlackBerry Desktop Software version 3.5.0 and higher.
Specify, in days, how often the BlackBerry device performs an automatic backup of its data and encryption keys. For users
Server for Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager. The valid range
through 99 days. If you do not set this rule, a default value of 7 will be used. This rule applies to BlackBerry Desktop Softw
Specify whether all data is included in automatic backups. If this rule is set to Yes, the "Backup all BlackBerry device applic
Backup and Restore Options of the BlackBerry Desktop Manager will be selected. For users running on BlackBerry Enterp
this rule only applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a default value of Ye
to BlackBerry Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry device excludes messages from automatic backups of its data. If this rule is set to Yes, the
must be set to No. For users running on BlackBerry Enterprise Server for Novell GroupWise, this rule only applies in conju
Desktop Manager. If you do not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop So
Specify whether synchronized application data (data configured for synchronization with Intellisync) can be excluded from
set to Yes, the Auto Backup Include All rule must be set to No. For users running on BlackBerry Enterprise Server for Nove
applies in conjunction with BlackBerry Web Desktop Manager. If you do not set this rule, a default value of No will be used
Desktop Software version 3.5.0 and higher.
Specify whether the BlackBerry device user has access to the Web Link icon in the BlackBerry Desktop Software. Note: Th
default URL is set using the WebLinkURL rule. This rule does not apply to users running on BlackBerry Enterprise Server f
not set this rule, a default value of No will be used. This rule applies to BlackBerry Desktop Software version 3.5.0 and hig
Type the URL for the Web Link icon, if it appears on the BlackBerry Desktop Software. Note: If you set this value the Web
also set the Show Web Link rule to Yes. This rule does not apply to users running on BlackBerry Enterprise Server for Nov
to BlackBerry Desktop Software version 3.5.0 and higher.
Type the label for the Web Link icon, if it appears in the BlackBerry Desktop Software. Setting this value does not imply tha
Note: When setting this rule, also set the Show Web Link rule to Yes. This rule does not apply to users running on BlackBe
GroupWise. If you do not set this rule, a default value of "Downloads" will be used. This rule applies to BlackBerry Desktop
higher.
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.2. The functionality provided by this rule is now provide
settings. Setting this policy rule will not prevent a user from changing their Auto Signature text on BlackBerry devices runn
refer to the Administration Guide for BlackBerry Enterprise Server 4.1 for information on how to set disclaimer text. Type th
automatically to the BlackBerry device user's outgoing messages. For users running on BlackBerry Enterprise Server for N
applies in conjunction with BlackBerry Web Desktop Manager. The length of this string is limited to 4096 characters. This r
Software version 3.5.0 and higher.
Specify whether the BlackBerry device continues to receive messages while it is connected to the desktop computer using
rule does not apply to users running on BlackBerry Enterprise Server for Novell GroupWise. This rule applies to BlackBerry
and higher.
Specify whether a copy of each message that the BlackBerry device user sends is saved to a Sent messages folder. Set to
every message that the BlackBerry device user sends. Set to No to save a copy of every message that the BlackBerry dev
BlackBerry Enterprise Server for Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Man
BlackBerry Desktop Software version 3.5.0 and higher.
Type the message that appears when the BlackBerry device prompts users are to update to a later version of the BlackBe
BlackBerry device uses this rule only if you also set the Force Load Count rule to a positive number. For users running on
Novell GroupWise, this rule only applies in conjunction with BlackBerry Web Desktop Manager version 1.0 or 1.0.1. This ru
Software version 3.5.0 and higher.
Specify whether the user can disable the requirement for a BlackBerry device password. Set this rule to No to prevent use
requirement on the BlackBerry device. Rule dependency: The BlackBerry device uses this rule only if a BlackBerry device
BlackBerry device password, set the Password Required rule to Yes. If you do not set this rule, a default value of Yes will b
based BlackBerry devices version 3.6.0 through 4.0.0, and 85x/95x BlackBerry devices version 2.5.0 through 2.7.0.
Specify the maximum time, in minutes, that a BlackBerry device user can set as the security timeout value (the number of
inactivity allowed before the security timeout occurs and the BlackBerry device requires the user to type the BlackBerry de
BlackBerry device). The BlackBerry device user can set any timeout value that is less than or equal to the maximum value
Change Timeout rule value to No. The maximum security timeout value available by default on the BlackBerry device is 60
Timeout rule to set a specific timeout value. Rule dependency: The BlackBerry device uses this IT policy rule only if the Pa
Yes. The valid range for the value of this rule is 10 through 480 minutes. This rule applies to Java-based BlackBerry device
85x/95x BlackBerry devices version 2.5.0 and higher.
Type the number of days until a BlackBerry device password expires and the BlackBerry device prompts the user to set a
to 0 to prevent the BlackBerry device password from expiring. Rule dependency: The BlackBerry device uses this rule only
is set. To require a BlackBerry device password, set the Password Required rule to Yes. The valid range for the value of th
This rule applies to Java-based BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.
Specify whether the BlackBerry device user can change the security timeout to any value less than the value you can set u
Timeout rule. Set this rule to No to prevent the user from changing the timeout value. If you do not set this rule, a default v
applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify a character pattern that the BlackBerry device password must match. Rule dependency: The BlackBerry device us
device password is set. To require a BlackBerry device password, set the Password Required rule to Yes. Warning: If you
password pattern checking is disabled on 95x/85x BlackBerry devices. If you do not set this rule, a default value of "No res
applies to Java-based BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.0 and hig
Specify whether the BlackBerry device locks after a predefined period of time, regardless of whether the BlackBerry device
that interval. Set this rule to Yes to force the BlackBerry device to lock automatically after 60 minutes. Note: You can use th
shorten the timeout interval. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether the BlackBerry device permits sending Short Message Service (SMS) messages (text messaging). Set thi
messaging functionality on the BlackBerry device. Note: To block incoming text, or SMS, messages, set the Firewall Block
in the Security policy group. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-ba
3.6.0 and higher.
Specify whether the user can include BCC recipients when composing messages on the BlackBerry device. Set this rule to
including BCC recipients when sending messages. If you do not set this rule, a default value of Yes will be used. This rule
devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.0 and higher.
Type the URL of the BlackBerry device browser's home page. Note: If you do not specify a URL, the BlackBerry device us
page URL. This rule applies to Java-based BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices v
Specify whether the BlackBerry device user can modify the URL address of the browser home page. This rule applies to J
version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.0 and higher.
Specify whether the user can see and use the WAP browser icon on the BlackBerry device (when the Internet service prov
and the appropriate service books are on the BlackBerry device). Set this rule to No to hide the WAP Browser icon on the
applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Type a unique identifier (UID) for the Browser Config Service Record, which sets the default browser on the BlackBerry de
links in messages). This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Contains IT policy rules that apply to wireless message reconciliation and attachment viewing.
Specify whether the BlackBerry device supports wireless message reconciliation functionality. Default setting: If you enable
on the BlackBerry Enterprise Server, wireless message reconciliation is enabled on the BlackBerry device by default, even
policy to which a user is assigned. Set this rule to No to disable wireless message reconciliation on the BlackBerry device.
BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.6.0 and higher.
Specify whether users can view supported attachments in messages and calendar entries received on the BlackBerry dev
users viewing attachments in messages and calendar entries received on the BlackBerry device. Setting this rule to No do
viewing native attachments on the BlackBerry device. To support attachment viewing in calendar entries, you must use Bla
5.0 or later and BlackBerry Enterprise Server version 5.0 or later. If you do not set this rule, a default value of Yes will be u
based BlackBerry devices version 3.7.0 and higher, and 85x/95x BlackBerry devices version 2.6.1 and higher.
Type a disclaimer to appear at the beginning of all email messages that the user composes and sends using the BlackBer
Java-based BlackBerry devices version 4.1 MR2 and higher.
Specify the maximum length of time, in days, that the BlackBerry device keeps messages. Note: Set this IT policy rule to 0
BlackBerry device indefinitely. The valid range for the value of this rule is -1 through 180 days. If you do not set this rule, a
This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify the maximum length of time, in days, that the BlackBerry device keeps saved messages. Note: Set this IT policy ru
messages on the BlackBerry device indefinitely. Set this rule to -2 to delete saved messages and turn off the ability to save
device that is running BlackBerry Device Software version 4.5 or later. The valid range for the value of this rule is -2 throug
rule, a default value of -1 will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify the total size (in bytes) of all native attachments that can be uploaded from the BlackBerry device. The valid range
through 5242880 bytes. If you do not set this rule, a default value of 5242880 will be used. This rule applies only to Java-b
4.2.0 and higher.
Specify the maximum size (in bytes) of a single native attachment that can be uploaded from the BlackBerry device. The v
is 0 through 3145728 bytes. If you do not set this rule, a default value of 3145728 will be used. This rule applies only to Ja
version 4.2.0 and higher.
This rule is obsolete as of BlackBerry Enterprise Server version 5.0.0. Specify whether supported BlackBerry devices can
attachments from received messages using the Attachment Service. If you set this IT policy rule to Yes, users can use the
message option on their BlackBerry devices if the Attachment Service is installed, running, and connected to the BlackBer
attachment connector. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based Bl
through 5.0.0.
Specify whether to prevent a BlackBerry device user from forwarding and replying to received IBM Lotus Notes encrypted
devices. If you set this rule to Yes, BlackBerry device users cannot forward or reply to received IBM Lotus Notes encrypted
devices. By default, a BlackBerry device user with support for reading IBM Lotus Notes encrypted messages enabled on th
or reply to an encrypted message that the BlackBerry device has received, decrypted, and decompressed. The BlackBerry
Domino decrypts the message before the BlackBerry device sends the message to the recipient as plain text. If you do not
No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify whether to prevent a BlackBerry device user from forwarding and replying to received IBM Lotus Notes encrypted
devices. If you set this rule to Yes, BlackBerry device users cannot forward or reply to received IBM Lotus Notes encrypted
devices. By default, a BlackBerry device user with support for reading IBM Lotus Notes encrypted messages enabled on th
or reply to an encrypted message that the BlackBerry device has received, decrypted, and decompressed. The BlackBerry
Domino decrypts the message before the BlackBerry device sends the message to the recipient as plain text. If you do not
No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify the maximum size (in kilobytes) of a single native attachment that can be downloaded to the BlackBerry device. A
to download native attachments is turned off on the BlackBerry device. The valid range for the value of this rule is 0 throug
set this rule, a default value of 10240 will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 a
Specify whether the BlackBerry Enterprise Server sends email messages to the BlackBerry device in Rich Content (HTML
a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether the BlackBerry device can send messages with inline content and request inline content in received mess
BlackBerry device user must manually request inline content on the BlackBerry device. If you do not set this rule, a default
be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether the BlackBerry device user can manually request URL-referenced content (images) that are embedded in
BlackBerry device receives. If you do not set this rule, a default value of No will be used. This rule applies only to Java-bas
4.5.0 and higher.
Specify whether the BlackBerry device user can submit forms embedded in email. If you do not set this rule, a default valu
applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether all email messages sent from a BlackBerry device that uses email services capable of IBM Lotus Notes en
necessary, the user is prompted for encryption credentials (the Notes Native Encryption password) on the BlackBerry devi
device does not perform the encryption. This IT policy rule ensures that the BlackBerry device configures messages that it
encryption by the BlackBerry Enterprise Server. This IT policy rule does not affect messages sent from the BlackBerry dev
not capable of IBM Lotus Notes encryption. If you do not set this rule, a default value of No will be used. This rule applies o
devices version 5.0.0 and higher.
Specifies whether the BlackBerry device displays a confirmation dialog box to a user when the user clicks Get Images in a
message. The message of the confirmation dialog box informs the user that downloading an image from the Internet can e
do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 5.0
Contains IT policies that allow you to restrict the enterprise voice client functionality on the BlackBerry device.
Specify whether enterprise voice functionality is available for the BlackBerry device. If you do not set this rule, a default va
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.4. Specify whether incoming calls are accepted only if
server. If you do not set this rule, a default value of No will be used.
Specify whether to lock outgoing calls to the enterprise voice line. User can only make or receive calls on the Work line. Th
lines for inbound or outbound calls. Best practice is to remove voicemail from the other lines. If you do not set this rule, a d
Specify whether the BlackBerry device can use a DTMF call format for outgoing calls if outgoings calls using the protocol f
wireless coverage levels. The DTMF call format uses weaker authentication than the protocol call format. Set this IT policy
calls if the protocol format cannot be used. If you do not set this rule, a default value of No will be used.
Contains IT policy rules that apply to the external display on applicable BlackBerry devices.
Specify when to display notifications on the external display. If you do not set this rule, a default value of "Always" will be u
Java-based BlackBerry devices version 4.6.0 and higher.
Specify whether to display preview text for a notification on the external display. Note: This rule is dependent on the "Displ
to "Always" or "Only when unlocked". If you do not set this rule, a default value of Yes will be used. This rule applies only to
version 4.6.0 and higher.
Specify whether the BlackBerry device firewall blocks calls that the user makes unless the calls use a set fixed dialing patt
dialing number (FDN) patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix) sep
example, type "+1...;1..." to permit calls from numbers preceded by 1 or +1 only. Append "r" to a pattern to prevent calls us
example, type "011...r" to prevent calls in the format 011NNNNNNNNNN. Type "r" in the pattern list to indicate that all othe
example, to allow phone calls from the number 5198881234 only, type "+15198881234;+15198881234;r". The BlackBerry
to use this IT policy rule setting. This IT policy rule does not affect the emergency calling functionality on the BlackBerry de
Java-based BlackBerry devices version 4.3.0 and higher.
Contains IT policy rules that apply to phone and browser functionality on the BlackBerry device, and IT policy rule
attaching an auto signature to email messages sent from the BlackBerry device.
Specify whether the phone functionality on the BlackBerry device is available to the user. Set this IT policy rule to No to pre
receiving any phone calls except emergency calls from their BlackBerry devices. The phone icon is still visible to users on
not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0
Specify whether the user can use the BlackBerry Browser included on the BlackBerry device. Set this rule to No to hide the
BlackBerry device. If you do not set this rule, a default value of Yes will be used. This rule applies to Java-based BlackBer
higher, and 85x/95x BlackBerry devices version 2.5.0 and higher.
Contains IT policy rules that apply to the BlackBerry MDS Integration Service.
Specify whether to disable the BlackBerry MDS Runtime on the BlackBerry device. Set this rule to Yes to prevent the Blac
the BlackBerry MDS Runtime. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.0.0 and higher.
Specify the lowest security version permitted for the BlackBerry MDS Integration Service. The security version affects the c
MDS Runtime Version 1.1 and later and the BlackBerry MDS Integration Service. Set this IT policy rule to 1 to permit Black
MDS Runtime Version 1.1 or later to communicate with all versions of the BlackBerry MDS Integration Service. Set this IT
BlackBerry devices running the BlackBerry MDS Runtime Version 1.1 or later to communicate with the BlackBerry MDS In
or later only. The valid range for the value of this rule is 1 through 65535. If you do not set this rule, a default value of 1 wil
Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether the BlackBerry MDS Runtime Version 1.1 or later verifies the BlackBerry MDS Integration Service certifica
No, the BlackBerry MDS Integration Service permits unauthenticated connections from BlackBerry devices running the Bla
1.1 or later. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry d
This rule is obsolete as of BlackBerry Enterprise Server version 4.0.6. Specify whether to prevent BlackBerry devices from
MDS Integration Service.
Specify whether to prevent the BlackBerry device user from initiating activation with the BlackBerry MDS Integration Servic
the user from specifying the BlackBerry MDS Integration Service to connect to on the BlackBerry device. If you do not set
be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether to prevent the user from being able to search and install BlackBerry MDS Runtime Applications. If you do
Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether to allow the user to install BlackBerry MDS Runtime Applications that use multiple web services on the Bla
this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and high
Specify the queue limit for inbound application messages. The valid range for the value of this rule is 0 through 50 messag
default value of 8 will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify the queue limit for outbound application messages. The valid range for the value of this rule is 0 through 50 messa
default value of 16 will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify whether the BlackBerry MDS Runtime version 4.3.0 and earlier can access the organizer data, interprocess comm
BlackBerry device. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based Black
higher.
Contains IT policy rules that apply to the help on the BlackBerry device.
Type the links to add to the On-Device Help index page using the format "uri1|label1|...|uriN|labelN". If you specify multiple
Device Help Group Label rule. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Type the label to use when grouping multiple On-Device Help links. This rule applies only to Java-based BlackBerry device
Specify the minimum RSA key size, in bits, allowed for use in the PGP application. The valid range for the value of this rule
do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices version 4
Specify the minimum DSA key size, in bits, allowed for use in the PGP application. The valid range for the value of this rule
do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices version 4
Type the URL of a PGP Universal Server that your organization uses to enforce a secure email policy and access PGP ke
BlackBerry devices with the PGP Support Package installed receive this rule set to a PGP Universal Server URL, they mus
communicate with the specified PGP Universal Server to send PGP messages. This rule applies only to Java-based Black
higher.
Specify the method by which BlackBerry devices with the PGP Support Package installed are prompted to enroll with the P
setting: 1 (The BlackBerry device prompts the user to type their email address.) You can set this rule to 0 to force the Blac
to enroll with the PGP Universal Server by typing their domain user name and password. If you do not set this rule, a defau
enrolment" will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Type the maximum length of time, in hours, that the BlackBerry device caches the PGP Universal Server secure email poli
Universal Server again. Default setting: 24 hours. The valid range for the value of this rule is 4 through 48. If you do not se
will be used. This rule applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Specify the least restrictive mode for retrieving PGP-encrypted attachment information on the BlackBerry device. If you do
"Automatic" will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify the types of encryption that are allowed for PGP protected messages. If you do not set this rule, a default value of
applies only to Java-based BlackBerry devices version 4.6.0 and higher.
Specify the mode that a BlackBerry device can use to retrieve the complete text of the original message when a user replie
you do not set this rule, a default value of "Manual" will be used. This rule applies only to Java-based BlackBerry devices v
Contains IT policy rules that apply to settings for synchronization of PIM data over the wireless network.
Specify whether to turn off wireless synchronization of all PIM databases. Set this rule to Yes to turn off synchronization of
calendar. Note: This rule does not affect wireless message reconciliation. Users can still send and receive messages. If yo
value of No will be used. This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackB
higher.
Specify whether to turn off wireless synchronization of the Address Book database. If you do not set this rule, a default val
applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and hig
Specify whether to turn off wireless synchronization of the Calendar database. If you do not set this rule, a default value of
to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and higher.
Specify whether to turn off wireless synchronization of the Memo Pad database. If you do not set this rule, a default value
applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and hig
Specify whether to turn off wireless synchronization of the Tasks database. If you do not set this rule, a default value of No
Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackBerry devices version 2.7.0 and higher.
Specify whether to turn off wireless synchronization of PIM data during wireless enterprise activation or as part of a backup
require that the BlackBerry device is physically connected to a desktop computer before the activation data transfer starts.
transfers when activating or updating BlackBerry devices. Note: If the BlackBerry device is disconnected from the desktop
the BlackBerry Desktop Software sends the remainder of the data to the BlackBerry device over the wireless network. If yo
value of No will be used. This rule applies to Java-based BlackBerry devices version 4.0.0 and higher, and 85x/95x BlackB
higher.
Specify whether to turn off wireless synchronization of the PIN messages database. Warning: Turning on this feature enab
message text in unencrypted format to the specified log file. Make sure that the target log file is in a location for which your
restrict internal and external user access. If you do not set this rule, a default value of Yes will be used. This rule applies on
devices version 4.1.0 and higher.
Specify whether to turn off wireless synchronization of the SMS Messages database. Warning: Turning on this feature ena
message text in unencrypted format to the specified log file. Make sure that the target log file is in a location for which your
restrict internal and external user access. If you do not set this rule, a default value of Yes will be used. This rule applies on
devices version 4.1.0 and higher.
Specify whether to turn off wireless synchronization of the Phone Call Logs database. If you do not set this rule, a default v
applies only to Java-based BlackBerry devices version 4.1.0 and higher.
Specify whether the Home screen displays enterprise activation progress. If you set this IT policy rule to Yes, enterprise ac
on the Home screen. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based Bl
and higher.
Specify whether to turn off wireless synchronization of the messages database for the BlackBerry Messenger. Warning: If
BlackBerry Messenger logs all message text in unencrypted format to a log file that you specify. You must ensure that the
which your organization's security policies restrict internal and external user access. If you do not set this rule, a default va
applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Set the number of password attempts (incorrect passwords entered) permitted on the BlackBerry device before the BlackB
the BlackBerry device is disabled. Default setting: 10 password attempts You can use this rule to lower the number of pass
dependency: The BlackBerry device uses this rule only if a BlackBerry device password is set. To require a BlackBerry dev
Required rule to Yes. The valid range for the value of this rule is 3 through 10 attempts. This rule applies only to Java-base
3.6.0 and higher.
Set this rule to Yes to prevent the echoing (printing to the screen) of characters typed into the password screen after the u
incorrect passwords when attempting to unlock the BlackBerry device. Rule dependency: The BlackBerry device uses this
password is set. To require a password, set the Password Required rule to Yes. Note: You can set the number of incorrec
BlackBerry device permits before password echoing (if permitted) occurs, using the Set Maximum Password Attempts rule
to 2, then the BlackBerry device ignores this rule and explicitly prevents password echoing. This rule applies only to Java-b
3.6.0 and higher.
Set the maximum number of previous passwords against which the BlackBerry device can check new passwords to preven
Note: Set this rule to 0 to prevent the BlackBerry device from checking for reused passwords. Rule dependency: The Black
a BlackBerry device password is set. To require a BlackBerry device password, set the Password Required rule to Yes. Th
rule is 0 through 15 passwords. If you do not set this rule, a default value of 0 will be used. This rule applies only to Java-b
3.6.0 and higher.
Type the message account address that receives notification when users type their BlackBerry device passwords under du
indicate that they are unlocking their BlackBerry devices against their will). Warning: If you do not specify an email address
respond to passwords entered under duress. Warning: To prevent a party who has stolen the unlocked BlackBerry device
duress notification on the BlackBerry device, the message account you specify to receive duress notification messages sh
out of office or other auto-reply function set. Rule dependency: The BlackBerry device uses this rule only if a BlackBerry de
a BlackBerry device password, set the Password Required rule to Yes. Warning: If you set this IT policy rule, the set maxim
attempts is effectively reduced by half; each time the user types a password to unlock the BlackBerry device, the BlackBer
the password attempt is either the correct password or the correct duress password. This rule applies only to Java-based B
and higher.
If you set the Enable Long-Term Timeout IT policy rule to Yes, the security timeout interval is turned on and set to 60 minu
time elapsed, in minutes, after which the BlackBerry device locks and prompts the user to type the BlackBerry device pass
BlackBerry device has been idle or in use during that interval. Type a periodic challenge time to shorten or extend the secu
the range of 1 to 1440 minutes (24 hours). Note: To disable the security timeout, set the Enable Long-Term Timeout IT pol
Periodic Challenge Time. Rule dependency: The BlackBerry device uses this rule only if a BlackBerry device password is s
device password, set the Password Required rule to Yes. The valid range for the value of this rule is 1 through 1440 minut
based BlackBerry devices version 4.0.0 and higher.
Type a list of comma-separated string values representing words that users are not permitted to use within their passwords
BlackBerry device uses this rule only if a BlackBerry device password is set. To require a BlackBerry device password, set
Yes. Note: The BlackBerry device automatically prevents common letter substitutions. For example, if you include "passwo
list, users cannot use "p@ssw0rd", "pa$zword", or "password123" on the BlackBerry device. This rule applies only to Java
version 4.1.0 and higher.
Contains IT Policy rules that control the availability of RIM value-added applications.
Specify whether to prevent RIM value-added applications on the BlackBerry device. Note: This policy does not apply to so
(Yahoo! Messenger, Windows Live Messenger, AOL Instant Messenger, ICQ, Google Talk, Microsoft Office Communicato
GroupWise Messenger, BlackBerry Messenger), BlackBerry Maps, some public photo-sharing clients (Flickr, Picasa Web A
MDS Runtime Applications, or the Device Diagnostic Application. For these applications, use the application specific policy
default value of No will be used.
Specify whether to prevent the E-Commerce Optimization Engine from running on the BlackBerry device. If you do not set
be used.
Specify whether to prevent BlackBerry Wallet from running on the BlackBerry device. If you do not set this rule, a default v
Specify whether to prevent IBM Lotus Connections from running on the BlackBerry device. If you do not set this rule, a def
Specify the server address of the server that hosts IBM Lotus Connections Dogear. If this rule is not set, users can enter th
this rule is set, users will only be allowed to use the specified server information.
Specify the server address of the server that hosts IBM Lotus Connections Profiles. If this rule is not set, users can enter th
this rule is set, users are only allowed to use the specified server information.
Specify the server address of the server that hosts IBM Lotus Connections Communities. If this rule is not set, users can e
manually. If this rule is set, users are only allowed to use the specified server information.
Specify the server address of the server that hosts IBM Lotus Connections Blogs. If this rule is not set, users can enter the
this rule is set, users are only allowed to use the specified server information.
Specify the server address of the server that hosts IBM Lotus Connections Activities. If this rule is not set, users can enter
this rule is set, users are only allowed to use the specified server information.
Specify whether to prevent social networking applications from accessing organizer data. If set to Yes, then social network
Facebook cannot have read or write access to the address book, calendar, and other organizer data. If you do not set this
used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether the TiVo for BlackBerry application is turned on, on the BlackBerry device. If you do not set this rule, a de
This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify the URL of the server that hosts the BlackBerry Social Network Application Proxy that the BlackBerry Client for Lot
https://server_name:port/qkr-100. If you do not set this rule, a user can type the server URL on the BlackBerry device. If yo
'Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr' IT Policy rule to control whether the use
Specify whether to permit a user to change the BlackBerry Social Network Application Proxy URL for Lotus Quickr on a Bla
rule to No, a user cannot change the URL that you specified in the BlackBerry Social Network Application Proxy URL for L
do not set this rule, a default value of Yes will be used.
Specify whether to permit the Tell a Friend feature in the BlackBerry Client for Lotus Quickr. If you turn this feature off, a us
invitation with a link that the recipient can use to download the Blackberry Client for Lotus Quickr. If you do not set this rule
used.
Specify the URL of the server that hosts the BlackBerry Social Network Application Proxy that the BlackBerry Client for Lot
example, https://server_name:port/lcs-230.
If you do not set this rule, a user can type the server URL on the BlackBerry device. If you set this rule, you can use the 'A
Network Application Proxy URL for Lotus Connections' IT Policy rule to control whether the user can edit this URL.
Specify whether to permit a user to change the BlackBerry Social Network Application Proxy URL for Lotus Connections o
If you set this rule to No, a user cannot change the URL that you specified in the BlackBerry Social Network Application Pr
policy rule.
If you do not set this rule, a default value of Yes will be used.
Specify whether to permit the Tell a Friend feature in the BlackBerry Client for Lotus Connections.
If you turn this feature off, a user cannot send an email invitation with a link that the recipient can use to download the Blac
Connections.
If you do not set this rule, a default value of Yes will be used.
Specify whether a BlackBerry device can run eBay for BlackBerry smartphones. By default, the BlackBerry device can run
smartphones.
If you dowhether
Specify not set athis rule,
user cana default
upload value
videosoftoNo will be used.
YouTube from a BlackBerry device. If you set this rule to Yes, a user cannot u
set this rule to No, a user can upload videos to YouTube.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 6.0.0 and higher.
This rule applies to BlackBerry Desktop Software version 5.2.0 and higher.
Specify whether a user can run BlackBerry Podcasts on a BlackBerry device. If you set this rule to No, a user can run Blac
device. If you set this rule to Yes, a user cannot run BlackBerry Podcasts.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 6.0.0 and higher.
This rule applies to BlackBerry Desktop Software version 5.2.0 and higher.
Specify whether a BlackBerry device can run the Feeds application. If you set this rule to Yes, the BlackBerry device cann
you set this rule to No, the BlackBerry device can run the Feeds application.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.2.0 and higher.
This rule applies to BlackBerry Desktop Software version and higher.
Specify whether the Feeds application can run RSS feeds on a BlackBerry device. If you set this rule to Yes, the Feeds ap
you set this rule to No, the Feeds application can run RSS feeds.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.2.0 and higher.
This rule applies to BlackBerry Desktop Software version and higher.
Contains IT policy rules that apply to the S/MIME Support Package.
Specify the minimum RSA key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this
you do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices versi
Specify the minimum DH key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this ru
do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices version 3
Specify the minimum ECC key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this
you do not set this rule, a default value of 163 will be used. This rule applies only to Java-based BlackBerry devices versio
Specify whether all outgoing S/MIME messages are digitally signed. If you do not set this rule, a default value of No will be
Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether all outgoing S/MIME messages are encrypted. If you do not set this rule, a default value of No will be used
based BlackBerry devices version 3.6.0 and higher.
Specify whether all key operations must be performed using an attached smart card reader. If you do not set this rule, a de
This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Type an email address that the BlackBerry device adds as a BCC recipient on all outgoing S/MIME messages. This rule ap
BlackBerry devices version 3.6.0 and higher.
Specify the content ciphers that the BlackBerry device can use to encrypt S/MIME messages. Warning: To maintain comp
enable at least one of Triple DES or an RC2 cipher. Warning: If the FIPS Level rule is set to 2, then the setting of this rule
device is explicitly permitted to use AES (256-bit), AES (192-bit), AES (128-bit) and 3DES. If you do not set this rule, a def
(192-bit) | AES (128-bit) | CAST (128-bit) | RC2 (128-bit) | Triple DES" will be used. This rule applies only to Java-based Bl
and higher.
Specify the minimum DSA key size, in bits, allowed for use in the S/MIME application. The valid range for the value of this
you do not set this rule, a default value of 1024 will be used. This rule applies only to Java-based BlackBerry devices versi
Type the email address for your organization's Entrust Messaging Server (EMS). This rule applies only to Java-based Blac
higher.
Specify the least restrictive mode for retrieving S/MIME-encrypted attachment information on the BlackBerry device. If you
value of "Automatic" will be used. This rule applies only to Java-based BlackBerry devices version 4.5.0 and higher.
Specify the types of encryption that are allowed for S/MIME protected messages. If you do not set this rule, a default value
applies only to Java-based BlackBerry devices version 4.6.0 and higher.
Specify the mode that a BlackBerry device can use to retrieve the complete text of the original message when a user replie
you do not set this rule, a default value of "Manual" will be used. This rule applies only to Java-based BlackBerry devices v
Specify whether to prevent the BlackBerry device user from sending messages that are encrypted with certificates that the
Set this rule to No to force the BlackBerry device to warn the user that the certificate is not trusted. The BlackBerry device
sending the message. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based Bl
and higher.
Specify whether to prevent the BlackBerry device user from sending messages that are encrypted using revoked certificate
BlackBerry device to warn the user that the certificate is revoked. The BlackBerry device does not prevent the user from se
set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and
Specify whether to force the BlackBerry device user to send encrypted or signed email. Set this rule to force the BlackBerr
or signed email. Warning: If you set this rule to Yes, you must enable the secure message package support on the BlackB
user must install the supported secure message package on the BlackBerry device to send email messages. For Java-bas
version 5.0.0, the IT policy applies to all email services. For Java-based BlackBerry devices version 5.0.0 and above, the I
organization's email services. To block other email services, see the Allow Other Message Services IT policy under Servic
rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether to prevent the BlackBerry device user from sending plain text PIN messages. Set this rule to Yes to preve
sending plain text PIN messages. Warning: If you set this rule to Yes, you must enable secure message package support
Server and the user must install the supported secure message package on the BlackBerry device to send PIN messages
entirely, set the Allow Peer-to-Peer Messages rule to No. If you do not set this rule, a default value of No will be used. This
BlackBerry devices version 3.6.0 and higher.
Specify whether to prevent the BlackBerry device user from setting the Security Data security level to Low on the BlackBer
automatically change Security Data security to a higher level. For BlackBerry devices running BlackBerry Device Software
High. For BlackBerry devices running BlackBerry Device Software Version 4.0, the next level is Medium. If you do not set t
be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Type the maximum number of minutes allowed before the cached key store password times out and the BlackBerry device
store password. If you set this rule to 0, the BlackBerry device does not cache the key store password. Note: The BlackBe
database that stores the user's private keys. The key store uses a password to protect the user's private keys. By default,
key store password to minimize the number of key store password prompts. The valid range for the value of this rule is 0 th
set this rule, a default value of 1 will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and hi
Type the maximum number of days that the BlackBerry device caches the certificate status. The valid range for the value o
If you do not set this rule, a default value of 7 will be used.
Specify whether applications that are not digitally signed by the Research In Motion signing authority system are permitted
user tries to download the applications or the BlackBerry Enterprise Server or another party sends the applications to the d
from installing unsigned third-party applications over the wireless network or when the BlackBerry device is connected to th
or application loader tool. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based
and higher.
Specify whether the BlackBerry device is security locked when placed in the holster. If you do not set this rule, a default va
applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether third-party applications on the BlackBerry device can use the serial port, IrDA, or USB ports. If you do not
Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
This rule is obsolete as of BlackBerry Enterprise Server version 3.6.2. Specify whether third-party applications on the Black
persistent store application programming interface (API). BlackBerry devices with OS version 3.x and lower should use the
AllowThirdPartyUsePersistentStore IT policy. Those with 4.0 and later should use application control policy. If you do not s
will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 through 4.0.0.
Specify whether content protection is turned on by selecting the cryptography strength that the BlackBerry device uses to e
while it is locked. When content protection is turned on, BlackBerry device content is always protected with the 256 bit AES
BlackBerry device is locked when it receives content, the BlackBerry device randomly generates the content protection key
and an ECC key pair, derives an ephemeral 256 bit AES encryption key from the BlackBerry device password, and uses th
content rotection key and the ECC private key. Strong: Provides good security and performance. This setting is adequate f
Provides better security, but slower performance. If you use this setting, RIM recommends that you set the Minimum Passw
characters. trongest: Provides the best security, but with the slowest performance. If you use this setting, RIM recommend
set a password of at least 21 characters. Note: Set this rule to prioritize either encryption strength or decryption time. When
Server decrypts the message using the BlackBerry device master encryption key, it uses the ECC public key in the decryp
Specify whether applications can initiate internal connections (for example, to BlackBerry MDS Services) on the BlackBerr
rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether applications can initiate external connections (for example, to WAP, SMS, or other public gateways) on th
set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and
Specify whether applications can open both internal and external connections simultaneously. Note: If you set this rule to Y
surreptitiously collect data from inside the firewall and send it outside the firewall without any auditing, introducing a possib
this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 3.6.0 and high
Specify whether to prevent the BlackBerry device user from sending a message using a certificate that is expired or not va
BlackBerry device to warn the user that the certificate is expired or not valid. The BlackBerry device does not prevent the u
you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version
Specify whether to prevent the BlackBerry device user from sending a message using a certificate that has a weak corresp
No to force the BlackBerry device to warn the user that the certificate has a weak corresponding public key. The BlackBerr
user from sending the message. Note: Use the IT policy rules provided for each secure messaging application (WTLS, TLS
minimum strength for each type of encryption key (RSA, DH, DSA, ECC). Note: Use the Weak Digest Algorithms IT policy
that the BlackBerry device considers weak. If you do not set this rule, a default value of No will be used. This rule applies o
devices version 3.6.0 and higher.
Type a string that contains a semi-colon delimited list of Hex-ASCII trusted certificate thumbprints, generated using SHA-1
algorithms. If the BlackBerry device receives a certificate with a thumbprint that does not appear in the list that you define u
add the certificate to the trusted key store on the BlackBerry device. SHA-256 and SHA-512 algorithms are only supported
Software version 5.1 and later. This rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether to prevent the BlackBerry device user from backing up certificates and private keys in the BlackBerry devi
rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the maximum length of time, in hours, that a certificate status can remain on the BlackBerry device before it should b
Synchronization Manager and in the BlackBerry device key store. By default a certificate status can remain indefinitely on
range for the value of this rule is 1 through 4380 hours. This rule applies only to Java-based BlackBerry devices version 4.
Specify whether to prevent the BlackBerry device user from sending a message that is encrypted using a certificate with a
force the BlackBerry device to warn the user that the certificate is stale. The BlackBerry device does not revent the user fro
do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.0
Specify whether to prevent the BlackBerry device user from cutting, copying, and pasting content on the BlackBerry device
default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether the BlackBerry device turns off the wireless transceiver when it connects to a USB device. Note: Only USB
support this IT policy rule. Set this IT policy rule to 0 to keep the wireless transceiver turned on when connected to a USB
to turn off the wireless transceiver when connected to a USB device. Set this IT policy rule to 2 to turn off the wireless tran
USB device (for example, a computer) sends standard USB requests to communicate with the BlackBerry device. If you do
of "Radio not disabled when USB device is connected" will be used. This rule applies only to Java-based BlackBerry devic
Specify whether to prevent the BlackBerry device user from forwarding or replying to a message on the BlackBerry device
messaging service that is associated with a BlackBerry Enterprise Server or BlackBerry Internet Service that is different fro
original message. For example, use this IT policy rule to prevent forwarding or replying to a PIN message with an email me
message with a PIN message. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.0.0 and higher.
This rule is obsolete as of BlackBerry Enterprise Server version 4.1.3. Specify the level of Federal Information Processing
Level 1: You can apply Level 1 compliance to Java based BlackBerry devices using BlackBerry Device Software Version 3
affects the BlackBerry Cryptographic Kernel, which is the embedded cryptographic module required for basic operation of
You can apply Level 2 compliance to Java based BlackBerry devices using BlackBerry Device Software Version 4.0 and la
only the BlackBerry Device Software and does not result in the BlackBerry device meeting FIPS 140-2 Level 2 hardware s
Selecting Level 2 prevents WTLS from using the RC5 cipher, which can result in problems using the WTLS protocol. Set th
BlackBerry Device Software to operate in a FIPS-compliant mode of operation and enforce the following IT policy rules wit
Password Required = Yes
Minimum Password Length >= 5 characters
Specify whether users can place calls from the BlackBerry device while it is security locked. If you set this rule to Allow or d
the Allow Outgoing Calls While Locked field to Yes on their BlackBerry devices to turn on the ability to place outgoing calls
are locked. If you explicitly set this rule to No, users cannot place outgoing calls while their BlackBerry devices are locked.
default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether to prevent the BlackBerry device user from accepting unverified CRLs on the Mobile Data Service when c
If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices versi
Type RGB (hexadecimal) codes to set the background color of messages. Use a semi-colon to separate colors (for examp
color represents the background color of encrypted messages sent from the BlackBerry Enterprise Server that sends the I
encrypted with a corporate scrambling key. The second color represents the background color of messages sent from all o
encrypted with the global scrambling key. This rule applies only to Java-based BlackBerry devices version 4.0.0 and highe
Specify whether to prevent the BlackBerry device from using the Triple DES algorithm to encrypt and decrypt packets that
BlackBerry Enterprise Server that sends the IT policy send between them. Set this IT policy rule to Yes to require the Blac
Enterprise Server to use the AES algorithm to encrypt and decrypt the communication between them. If you do not set this
used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether to prevent applications from persisting the plain text form of a content protected object in the persistent sto
Set this rule to Yes to enable the BlackBerry device to write information about the application in the BlackBerry device Eve
the BlackBerry device to a valid known state. Warning: If you set this rule to Yes, all applications might not work. RIM reco
security-conscious customers who need assurance that sensitive data cannot be persisted in plain text form. If you do not
will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the minimum security level for the signing key in the key store. Note: All keys on the BlackBerry device are forced
using this rule as their minimum, but the user can set a higher security level if desired. Low security: The BlackBerry device
key store password when accessing the signing key. Medium security: The BlackBerry device only prompts the user for the
password is cleared from the key store cache. Note: Medium security is the default security level assigned to a private key
device. High security: The BlackBerry device always prompts the user for their password when accessing the signing key.
password, the BlackBerry device prompts the user to confirm access to the private key. If you do not set this rule, a defaul
used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the minimum security level for the encryption key in the key store. All keys on the BlackBerry device are forced to h
using this rule as their minimum, but the user can set a higher security level if desired. Low security: The BlackBerry device
key store password when accessing the encryption key. Medium security: The BlackBerry device only prompts the user for
password is cleared from the key store cache. Note: Medium security is the default security level assigned to a private key
device. High security: The BlackBerry device always prompts the user for their password when accessing the encryption k
password, the BlackBerry device prompts the user to confirm access to the private key. If you do not set this rule, a defaul
used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify which BlackBerry device databases are backed up by the BlackBerry Desktop Software. All databases: The deskto
BlackBerry device databases. Minimal subset of databases: The desktop software backs up a minimal subset of BlackBerr
these are databases which some desktop software components, such as the Certificate Synchronization Manager, require
No databases: The desktop software does not back up BlackBerry device databases. If you do not set this rule, a default v
used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether to prevent the BlackBerry device user from sending messages that are encrypted with a certificate that the
If this rule is set to No, the user is warned about, but not prevented from, using an unverified certificate. If you do not set th
be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether the Internet Protocol (IP) modem feature on applicable BlackBerry devices is turned off. If you do not set t
be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether the smart card password can be cached. If this rule is set to Yes, the password is cached for a period of ti
private key timeout. Cached passwords are cleared by the memory cleaner. If you do not set this rule, a default value of N
only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether the GPS functionality on the BlackBerry device is turned on. If you do not set this rule, a default value of N
only to Java-based BlackBerry devices version 4.3.0 and higher.
Specify whether the BlackBerry device, when locked, prevents the radio and serial bypass from receiving datagrams it can
encrypt the device transport keys stored in BlackBerry device flash memory. If you set this rule to Yes, the device transpor
message key. The message key is encrypted with the BlackBerry device user's password (using content protection) when
text copy of the message key resides in BlackBerry device RAM only and is never pushed to flash memory. After the Black
BlackBerry device LED blinks to indicate that it needs to be unlocked. The user must type their BlackBerry device passwor
After the BlackBerry device is unlocked, the message key is decrypted into RAM and the radio and serial bypass are enab
on content protection for master keys, you or a user must turn on content protection on the BlackBerry device. You can tur
BlackBerry device using the Content Protection Strength IT Policy Rule. If you do not set this rule, a default value of No wi
to Java-based BlackBerry devices version 4.1.0 and higher.
Specify whether the BlackBerry device indicates that its microphone is on (for example, when a phone call is in progress o
If you set this rule to Yes, the BlackBerry device LED blinks rapidly when its microphone is on. If you set this rule to No, the
indicate that its microphone is on. If you do not set this rule, a default value of No will be used. This rule applies only to Jav
version 4.1.0 and higher.
Specify whether the Include Contacts option on the BlackBerry device is set to Yes or No. Set this rule to Allowed to allow
exclude their contact list from content protection. Set this rule to Required to turn off the option so that the contact list is alw
user cannot change this setting on the BlackBerry device. Set this rule to Disallowed to turn off the option so that the conta
the user cannot change this setting on the BlackBerry device. Warning: You must set this rule, or the Include Contacts opt
from content protection, or the BlackBerry device will apply content protection to the contact list. Note: The contact list is on
user turn on content protection. Note: When the address book is content-protected, features such as Caller ID and Bluetoo
work when the BlackBerry device is locked, and exceptions to the firewall whitelist do not apply successfully. If you or a us
content protection, these features work even when the BlackBerry device is locked. Note: The Disallowed option is only su
Specify whether to prevent the BlackBerry device from displaying warnings and visual indications if the user receives an em
certificate with stale status. Consider setting this IT policy rule to Yes if your organization uses a PKI that does not update
dependency: If this rule is set to Yes, the "Certificate Status Maximum Expiry Time" rule will be ignored, i.e. the status of ce
do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2
Specify whether to prevent the expandable memory (microSD) feature from working on supported BlackBerry devices. If yo
value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether to prevent the USB Mass Storage feature or the Media Transfer Protocol feature from working on support
this IT policy rule to Yes, the BlackBerry device cannot use an external file system connected to the USB port. This means
an external file system using the Media Manager with BlackBerry Desktop Manager Version 4.2.2 and 4.3 is turned off. If y
value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify the level of file system encryption that the BlackBerry device uses to encrypt files that it stores on an external file s
rule to require the BlackBerry device to encrypt an external file system, either including or excluding multi-media directories
BlackBerry Desktop Manager Version 4.2 only. Note: The external file system encryption does not apply to files that the Bl
transfers to the external memory device (for example, from a USB mass storage device). If you do not set this rule, a defau
used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether to disable access to the file transfer protocol channel from the media manager tool of the BlackBerry Desk
this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and high
Specify whether to prevent the user from using smart password entry on the BlackBerry device when using two factor auth
rule to Yes, the BlackBerry device resets any knowledge of the user's numeric passwords if the user is currently using sma
IT policy rule to No, the user cannot use smart password entry on the BlackBerry device when using two factor authenticat
authentication and their BlackBerry device password or authenticator password is numeric, smart password entry enables
remember whether the last password that the user typed in a password field was numeric and if it was, the next time that t
BlackBerry device applies a numeric filter so that the user does not have to press the Alt key to type the numbers. By defa
knowledge of the user's numeric passwords only if the user is using smart password entry. If you do not set this rule, a def
rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether the user must choose a smart card certificate for use with smart card two-factor authentication. If smart ca
turned on, when the user unlocks the BlackBerry device, the BlackBerry device sends a challenge to the smart card to ver
that the BlackBerry device used to initialize the authenticator module. If you set this IT policy rule to Yes, smart card two fa
increases, but the BlackBerry device requires more time to unlock and the user must have the appropriate smart card drive
reader driver installed on their BlackBerry device or they cannot unlock their BlackBerry device. Rule dependency: The Bla
rule only if the Password Required rule and the Force Smart Card User Authentication rule are set to Yes. If you do not se
will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether the BlackBerry device securely wipes all of its user data if the BlackBerry device battery becomes critically
require a BlackBerry device with insufficient battery power to perform a secure wipe of user data. If you do not set this rule
used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify the length of time, in hours, after receiving an IT policy update that the BlackBerry device securely wipes all of its u
require a BlackBerry device that cannot receive IT policy updates or IT Admin commands to perform a secure wipe of user
specified. Warning: If you set this IT policy rule, set the Policy Resend Interval on the BlackBerry Enterprise Server (in the
that is lower than this rule setting to prevent unwanted BlackBerry device wiping. The valid range for the value of this rule i
not set this rule, a default value of Disabled will be used. This rule applies only to Java-based BlackBerry devices version 4
Specify the length of time, in hours, after the BlackBerry device locks that the BlackBerry device securely wipes all of its us
require a BlackBerry device that the user has not unlocked within the length of time specified to perform a secure wipe of u
value of this rule is 2 through 720 hours. If you do not set this rule, a default value of Disabled will be used. This rule applie
devices version 4.2.0 and higher.
Specify whether the firewall on the BlackBerry device blocks, and prevents the BlackBerry device from processing, specific
bypass your corporate network. If you set this IT policy rule, the BlackBerry device drops the specified type(s) of incoming
not display received message notifications for those messages. Note: Users can specify whether to block public PIN mess
Users cannot specify whether to block corporate PIN messages on the BlackBerry device. This rule applies only to Java-ba
4.2.0 and higher.
Specify the permitted structure of the BlackBerry device password. A character in the password pattern specifies the chara
in the password. You can require a letter, uppercase letter, number, symbol, consonant letter, or vowel letter character typ
set a password greater than or equal to the length of the pattern on their BlackBerry device. Password characters that exc
letters, numbers, or symbols. Warning: Preventing a particular password character reduces the entropy level and security l
the maximum security level of the password pattern by summing the number of bits of entropy associated with each passw
the sum of entropy bits in the password pattern, a total of (2 to the power of t) passwords could match the pattern. An attac
power t) chance of randomly guessing the password. Supported pattern characters:
a: Permits any letter. (5.7 bits of entropy)
A: Permits an uppercase letter only. (4.7 bits of entropy)
Specify whether the BlackBerry device can receive unsecured messages, including All Points Bulletin (APB) messages, fro
Server. The BlackBerry device can receive all messages from the BlackBerry Enterprise Server that are not blocked at the
unless you set this IT policy to Yes to prevent the BlackBerry device from receiving unsecured messages. If you do not set
will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
Specify whether the BlackBerry device will prompt the user for their password prior to using the browser to download appli
BlackBerry device uses this IT policy rule only if the Password Required rule is set to Yes. If you do not set this rule, a defa
rule applies only to Java-based BlackBerry devices version 4.2.2 and higher.
Specify whether the BlackBerry will allow third party applications to reset the device's idle timer, bypassing the security tim
default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify whether the BlackBerry device resets itself to factory default settings when it receives the Delete all device data an
command over the wireless network. Set this IT policy rule to Yes to require the BlackBerry device to permanently delete it
third party applications, in addition to performing the BlackBerry device wipe process. For BlackBerry devices version 5.0.0
only enforced on the remote wipe, but will also be enforced on a local wipe i.e. when the user exceeds the maximum pass
security wipe. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry
Specify whether the BlackBerry device will allow applications to capture screen shots. This applies to RIM applications and
not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.2.2
Specify whether to prevent public photo sharing applications (for example, Flickr) on the BlackBerry device from uploading
do not set this rule, a default value of No will be used.
Specify whether to prevent the BlackBerry device from adding geographical co-ordinates to the meta-data of photos. If you
value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.0 and higher.
vSpecify the message classification title that BlackBerry devices will include when users within the organization send mess
Java-based BlackBerry devices version 4.3.0 and higher.
Specify the list of email addresses that the BlackBerry device firewall allows. The BlackBerry device receives messages fro
the user blocks all incoming messages on the BlackBerry device. Specify email addresses with wildcard characters (for ex
allow email messages from a specific domain. Note: When the address book is included in Content Protection, the Firewal
Excluding the address book from Content Protection allows this features to work properly. This rule applies only to Java-ba
4.5.0 and higher.
Specify the digest algorithms that the BlackBerry device considers weak. The BlackBerry device uses the list of weak dige
algorithms used to digitally sign messages that the BlackBerry device receives are strong enough. The BlackBerry device
algorithms to verify that the certificate chains for the certificates used to sign messages that the BlackBerry device receive
of algorithms that the BlackBerry device considers weak to prevent users from sending an S/MIME-encrypted or PGP encr
or key whose corresponding public key is weak. For BlackBerry devices 5.0.0 and above, a default value of MD2 will be us
Java-based BlackBerry devices older than version 5.0.0, no digest algorithm is specified as weak by default, in case the ru
specify SHA-384 and SHA-512 as weak algorithms. This rule applies only to Java-based BlackBerry devices version 4.3.0
Specify the maximum length of time (in minutes) between status checks of the user authentication certificates that the Blac
cards. Each period, the BlackBerry device requests the status of the certificate. If the certificate is revoked, the BlackBerry
unable to unlock it unless the certificate status changes from On Hold to Good. The BlackBerry device uses this rule only i
Smart Card User Authentication, and Force Smart Card Two Factor Challenge Response rules are set to Yes. The valid ra
240 through 40320 minutes. If you do not set this rule, a default value of -1 will be used. This rule applies only to Java-bas
4.5.0 and higher.
Specify the hash or hashes of the .cod file for a transcoder implementation to permit the BlackBerry device to register the t
each hash in hexadecimal, delimited by semi-colons, to be read from the command "javaloader siblinginfo <implementation
BlackBerry Enterprise Solution to use a third-party encoding scheme in addition to BlackBerry transport layer encryption an
If you specify third-party applications that can use the Transcoder API on the BlackBerry device, those applications might i
performance of the BlackBerry Enterprise Solution. This rule applies only to Java-based BlackBerry devices version 4.5.0 a
Specify whether to prevent public social networking applications on the BlackBerry device from accessing public social net
Facebook). If you do not set this rule, a default value of No will be used.
Specify whether the BlackBerry device is security locked when closed. If you do not set this rule, a default value of No will
Java-based BlackBerry devices version 4.6.0 and higher.
Specify whether to require users to type both their User Authenticator credentials as well as their BlackBerry device passw
option is turned on.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify which types of authentication mechanisms the BlackBerry device user can turn on. The authentication mechanism
device. Authentication mechanisms considered "Other" can be controlled using the User Authenticator API application con
takes priority over the Force Smart Card Two Factor Authentication IT policy rule. For example, if this IT policy rule preven
the Force Smart Card Two Factor Authentication IT policy rule is set to Yes, smart card authentication is not enforced. If yo
value of "Smart Card | Fingerprint | Smart Card & Fingerprint | Proximity | Other" will be used. This rule applies only to Java
version 5.0.0 and higher.
Specify whether to force the use of multi-factor authentication on BlackBerry devices. Users are required to use a user aut
their BlackBerry devices. Related rules: The Allowed Authentication Mechanisms IT policy rule controls which user authen
more than one authentication mechanism is allowed, the BlackBerry device lock screen will prompt users to select a user a
not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 5.0.0 a
Specify whether the BlackBerry device requires the user to always use the same smart card reader, in addition to the User
the User Authenticator option is enabled. Note: If you set this rule to Yes, the user is required to wipe the BlackBerry devic
stolen.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify a disclaimer that a BlackBerry device can display before a user unlocks the BlackBerry device for the first time afte
The length of this string is limited to 512 characters. This rule applies only to Java-based BlackBerry devices version 5.0.0
Specify whether a user can turn on two-factor content protection on a BlackBerry device. If a user turns on two-factor conte
device protects the content protection decryption keys with a private key that is stored on a smart card and the BlackBerry
content protection decryption keys and unlock the BlackBerry device, a user must know the BlackBerry device password a
turn on two-factor content protection on a BlackBerry device, the protection of the content protection decryption keys incre
device requires more time to unlock and, to unlock the BlackBerry device, the user must have the appropriate smart card d
reader driver installed on the BlackBerry device. You or a user cannot reset the BlackBerry device password when a user
protection. Rule dependency: If you change the value of this rule to Required, the BlackBerry uses this rule only if you also
Strength IT policy rule and change the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes. Alte
Force Smart Card Two Factor Authentication IT policy rule to Yes to configure two-factor content protection, you can set th
Specify whether the BlackBerry App World is turned off on the BlackBerry device. If you do not set this rule, a default value
Specify whether a BlackBerry device can import certificates and PGP keys, including private keys, from external memory d
you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices versio
Specify whether a BlackBerry device must lock when a user disconnects the proximity authenticator or the proximity authe
the BlackBerry device. This policy does not require the BlackBerry device to use a proximity authenticator. To require the B
proximity authenticator, you can use the Force Multi Factor Authentication IT policy rule and Allowed Authentication Mecha
set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 5.0.0 and
Specify whether a BlackBerry device must display key store notifications for private keys with a medium security level durin
If you set this rule to Yes, the BlackBerry device always displays a key store notification during the cached period, every tim
uncached secure email message. If you set this rule to No, the user can turn off key store notifications for a specific key an
not set this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 5.1.0 a
Specify whether the media files located on the on-board device memory will be encrypted to the user password and the de
device memory exists. Set this rule to Required or Disallowed to disable the option so that the user cannot change this set
BlackBerry device uses this IT policy rule only if the Content Protection Strength is set. If you do not set this rule, a default
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Specify whether a BlackBerry device formats the media card when a user or administrator permanently deletes all BlackBe
this rule to Allowed, a user can change the setting on the BlackBerry device. To prevent a user from changing this setting o
rule to Required or Disallowed. If you do not set this rule, a default value of "Allowed" will be used. This rule applies only to
version 5.0.0 and higher.
Specifies whether a user can turn on content protection on a BlackBerry device. When content protection is turned on, Bla
protected with the AES-256 encryption algorithm. If the BlackBerry device is locked when it receives content, the BlackBer
content protection key (a AES-256 encryption key) and an ECC key pair, derives an ephemeral AES-256 encryption key fr
password, and uses the ephemeral key to encrypt the content protection key and the ECC private key.
Set this rule to Disallowed to prevent the use of content protection. Set this rule to Allowed to allow the use of content prote
Note: The setting of this rule does not turn on content protection on the user's device. The Content Protection Strength rule
protection on the user's device.
This rule only applies to BlackBerry devices that run BlackBerry Device Software version 5.2.0 or later.
If you do not set this rule, a default value of "Allowed" will be used.
This rule applies only to Java-based BlackBerry devices version 5.2.0 and higher.
Specifies whether a BlackBerry device displays the IT Policy Viewer application icon on the homescreen. Set this rule to Y
user cannot change this setting on the device.
If you do not set this rule, a default value of No will be used.
This rule applies only to Java-based BlackBerry devices version 5.2.0 and higher.
Specify whether a user can browse shared folders and files located on servers in your organization's network using the file
If you set this rule to No, a user can browse shared folders and files on your organization's network.
If you set this rule to Yes, a user cannot browse shared folders and files on your organization's network.
If you do not set this rule, a default value of No will be used.
This rule applies to a feature that requires BlackBerry Enterprise Server 5.0.2 or higher.
This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
Contains IT policies that allow you to restrict the services that are available on the BlackBerry device.
Specify whether users can use other message services on the BlackBerry device.Set this rule to No to force all outbound m
organization's BlackBerry Enterprise Server and prevent users from sending outbound messages from other message serv
prevent users from receiving inbound messages from other message services. If you do not set this rule, a default value of
applies to Java-based BlackBerry devices version 3.6.0 and higher, and 85x/95x BlackBerry devices version 2.5.0 and hig
Specify whether users can use other browser services on the BlackBerry device. Set this rule to No to force all browser tra
BlackBerry Enterprise Server and prevent users from installing other browser services. If you do not set this rule, a default
rule applies only to Java-based BlackBerry devices version 3.6.0 and higher.
Specify whether the public Yahoo! Messenger for BlackBerry service is permitted on the BlackBerry device. Set this rule to
using the public Yahoo! Messenger service on the BlackBerry device. If you do not set this rule, a default value of Yes will
Specify whether the public AOL Instant Messenger (AIM) for BlackBerry service is permitted on the BlackBerry device. Set
communication using the public AIM service on the BlackBerry device. If you do not set this rule, a default value of Yes wil
Specify whether the public ICQ service is permitted on the BlackBerry device. Set this rule to No to prevent communication
the BlackBerry device. If you do not set this rule, a default value of Yes will be used.
Specify whether any public instant messaging (IM) for BlackBerry services are permitted on the BlackBerry device. Set this
all public IM services on the BlackBerry device, and to prevent communication using any public instant messaging service
This rule applies to all RIM public IM services that were released after the first availability of this rule. To prevent Yahoo! M
BlackBerry device, use the Allow Public Yahoo! Messenger Services rule. If you do not set this rule, a default value of Yes
Specify whether the public Google Talk for BlackBerry service is permitted on the BlackBerry device. Set this rule to No to
public Google Talk service on BlackBerry devices. Note: If you set this rule to No and users have downloaded Google Talk
BlackBerry devices, the Google Talk for BlackBerry icon remains on the Home screen. If users attempt to sign into Google
on their BlackBerry devices indicates that they cannot use Google Talk for BlackBerry. If you do not set this rule, a default
Specify whether BlackBerry device users can use calendar services other than the standard calendar application. Set this
for BlackBerry device users in your organization to send appointments through a BlackBerry Enterprise Server within your
do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devices version 4.3
Specify whether the public Windows Live Messenger for BlackBerry service is permitted on the BlackBerry device. Set this
communication using the public Windows Live Messenger service on BlackBerry devices. If you do not set this rule, a defa
Specify whether the Network Address Book service is allowed to run on the device. If this service is enabled, contacts on t
the carrier's Network Address Book server. This service may be enabled or disabled. My Faves applies only to T-Mobile an
carrier will behave with the default.
If you do not set this rule, a default value of "Disabled" will be used.
This rule applies only to Java-based BlackBerry devices version 5.2.0 and higher.
Contains IT policy rules that apply to default Access Point Names (APN) for TCP on the BlackBerry device.
Type the default Access Point Name (APN) on the BlackBerry device for Transmission Control Protocol (TCP). The length
characters. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the default Access Point Name (APN) username on the BlackBerry device for Transmission Control Protocol (TCP).
to 32 characters. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the default Access Point Name (APN) password on the BlackBerry device for Transmission Control Protocol (TCP). T
to 32 characters. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the minimum RSA key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range
through 4096 bits. If you do not set this rule, a default value of 512 will be used. This rule applies only to Java-based Black
higher.
Specify the minimum DH key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range f
through 4096 bits. If you do not set this rule, a default value of 512 will be used. This rule applies only to Java-based Black
higher.
Specify the minimum ECC key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range
through 571 bits. If you do not set this rule, a default value of 160 will be used. This rule applies only to Java-based BlackB
higher.
Specify whether the BlackBerry device permits the use of connections to servers with invalid certificates during TLS conne
a default value of "Prompt user on BlackBerry device" will be used. This rule applies only to Java-based BlackBerry device
Specify whether the BlackBerry device can use an algorithm with TLS that is not FIPS-compliant. Warning: If the FIPS Lev
default, the BlackBerry device ignores this IT policy rule and uses only algorithms that are FIPS-compliant. If you do not se
will be used. This rule applies only to Java-based BlackBerry devices version 3.6.1 and higher.
Specify the minimum DSA key size, in bits, that the BlackBerry device permits for use in TLS connections. The valid range
through 1024 bits. If you do not set this rule, a default value of 512 will be used. This rule applies only to Java-based Black
higher.
Specify whether the BlackBerry Enterprise Solution permits the use of proxy mode TLS/SSL or proxy HTTPS connections
and the BlackBerry Enterprise Server. By default, the BlackBerry Enterprise Solution permits proxy mode TLS or proxy HT
Yes to force the use of device-side TLS/SSL for all HTTPS connections. Warning: If you set this rule to Yes and device-sid
exception occurs. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based BlackB
higher.
Specify whether to prevent a BlackBerry device from using weak digests during TLS connections. For Java-based BlackBe
5.0.0, a default value of Allow weak digests will be used. For BlackBerry devices 5.0.0 and above, a default value of Disab
rule applies only to Java-based BlackBerry devices version 4.7.1 and higher.
Specify whether to prevent a BlackBerry device from opening a TLS connection to a server that has a domain name that d
in the server's certificate. If you do not set this rule, a default value of "Prompt user on BlackBerry device" will be used. Thi
BlackBerry devices version 5.0.0 and higher.
Contains IT policy rules that apply to VPN settings to use in conjunction with the WLAN support on the BlackBerr
Specify whether the BlackBerry device VPN client is turned on. Set this rule to Yes if the BlackBerry device requires the us
Fi network. Set this rule to No to disable the VPN client on the BlackBerry device. If you turn off the VPN client on the Blac
device might not be able to use a Wi-Fi network that requires VPN access, or it might require the use of an alternate form o
this rule, a default value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and high
Specify whether users can change all VPN policy rules on the BlackBerry device. If this rule is set to No, BlackBerry device
user name and VPN password on the BlackBerry device. If you do not set this rule, a default value of Yes will be used. Thi
BlackBerry devices version 4.0.0 and higher.
Specify the type of VPN client that the BlackBerry device VPN client should emulate. This rule applies only to Java-based
and higher.
Type the VPN server IP address in "dotted" (for example, 10.0.0.0) or FQDN format. This rule applies only to Java-based B
and higher.
Type the VPN server group name. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the VPN server group password. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the Default User Name that the BlackBerry device uses to login to the VPN server. If you set this rule, you must set t
rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the Default User Password that the BlackBerry device uses to login to the VPN server. If you set this rule, you must s
This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the VPN DNS configuration. If this rule is set to Yes, the DNS settings are automatically fetched from the VPN gate
static settings specified in the VPN Primary DNS, VPN Secondary DNS, and VPN Domain Name policy rules are used. If y
Enable VPN rule to Yes. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based
and higher.
Type the static setting for the Primary DNS Server in dotted IP Address format (for example, 10.0.0.0). Note: If you set this
Configuration policy rule to No and set the Enable VPN rule to Yes. This rule applies only to Java-based BlackBerry device
Type the static setting for the Secondary DNS Server in IP Address format (for example, 10.0.0.1). Note: If you set this rule
policy rule to No and set the Enable VPN rule to Yes. This rule applies only to Java-based BlackBerry devices version 4.0.
Type the internal domain name suffix using the FQDN format. Note: If you set this rule, set the VPN DNS Configuration po
VPN rule to Yes. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether the client should use extended authentication (XAUTH) during authentication process with the VPN gatew
those vendor types which support both regular and extended authentication (such as Nortel). There is no need to specify t
type either uses extended authentication exclusively (such as Cisco 3000) or does not support it (such as CheckPoint). If y
Enable VPN rule to Yes. If you do not set this rule, a default value of No will be used. This rule applies only to Java-based
and higher.
Specify the type of user-level authentication to be used by the server. If you set this rule, you must set the Enable VPN rule
rule, a default value of "Username and password required" will be used. This rule applies only to Java-based BlackBerry d
Specify the Diffie-Hellman group used to generate key material. RIM recommends setting this rule to use Group 7. Note: If
Enable VPN rule to Yes. If you do not set this rule, a default value of "Group 7" will be used. This rule applies only to Java-
4.0.0 and higher.
Specify the hash used to authenticate IKE exchanges. RIM recommends using AES128. If you do not set this rule, a defau
This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the hash message authentication code (HMAC) to be used. RIM recommends using SHA1. If you do not set this ru
160bits" will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify whether Perfect Forward Secrecy (PFS) is enabled. RIM recommends using PFS. If you do not set this rule, a defa
rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the cipher and hash for IPSec Security Associations (SAs). RIM recommends using SHA1 with AES128 cipher. If y
value of "SHA1 Hash and AES128 Cipher" will be used. This rule applies only to Java-based BlackBerry devices version 4
Specify whether users can save VPN passwords on the BlackBerry device. Set this rule to Yes to permit users to save VP
device. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java-based BlackBerry devic
Type the NAT "keep alive" frequency. The valid range for the value of this rule is 1 through 1439 minutes. If you do not set
be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Set to Yes to mask the password that the BlackBerry device user types. Set to No to allow the BlackBerry device to display
BlackBerry device user types. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.2.1 and higher.
Set to Yes to disable the prompt for re-entry of VPN credentials on the BlackBerry device after an authentication failure. If
value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to prevent the BlackBerry device user from creating new VPN profiles on the BlackBerry device. If you do not se
will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify the minimum security level for private keys used by methods employing client certificates. Low security: The user w
their Key Store password. At this point the private key is retrieved and then stored, unencrypted, with the VPN profile. The
again for their Key Store password. Medium security: The user will initially be prompted for their Key Store password and f
prompted again after a device reset. Private keys are cached in memory, but are not stored with the VPN profile. High sec
prompted for the Key Store password when access to the private key is required. This may happen frequently, even if the
password. Private keys are not stored with the VPN profile. If you do not set this rule, a default value of "Low security" will
Java-based BlackBerry devices version 4.2.2 and higher.
Specifies the emergency number used on your network. If you do not set this rule, a default value of "911" will be used. Th
BlackBerry devices version 4.0.1 and higher.
Specifies whether the call hold feature is enabled on the BlackBerry device. If you do not set this rule, a default value of Ye
only to Java-based BlackBerry devices version 4.0.1 and higher.
Specifies whether the ability to perform an unattended call transfer is enabled on the BlackBerry device. If you do not set th
be used. This rule applies only to Java-based BlackBerry devices version 4.0.1 and higher.
Specifies whether the ability to perform an attended call transfer is enabled on the BlackBerry device. If you do not set this
be used. This rule applies only to Java-based BlackBerry devices version 4.0.1 and higher.
Set to Yes to prevent the BlackBerry device user from creating new VoIP profiles on the BlackBerry device. If you do not s
will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify whether the BlackBerry device can use an algorithm with WTLS that is not FIPS-compliant. Warning: If the FIPS L
default, the BlackBerry device ignores this IT policy rule and uses only algorithms that are FIPS-compliant. If you do not se
will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Contains IT policy rules that apply to Wi-Fi support on the BlackBerry device.
Specify whether to enable users to change all Wi-Fi policy rules on the BlackBerry device. Set to No to permit users to cha
rules on the BlackBerry device. If you do not set this rule, a default value of Yes will be used. This rule applies only to Java
version 4.0.0 and higher.
Specifies the type of security required for Wi-Fi network access. (Open, WEP, PSK, EAP-PEAP, EAP-LEAP, EAP-TLS). If
value of "Open Wi-Fi security" will be used. This rule applies only to Java-based BlackBerry devices version 4.0.0 and high
Type the network name of the Wi-Fi network and its access points. This rule applies only to Java-based BlackBerry device
Type the Default WEP Key ID. Note: The WEP Key ID must match the desired WEP access point ID and the correspondin
the value of this rule is 1 through 4. If you do not set this rule, a default value of 1 will be used. This rule applies only to Jav
version 4.0.0 and higher.
Type the password for WEP key 1 using the format xx:xx:xx:xx:xx. Allowable values are either 5 or 13 pairs of hexadecima
by a colon. For example, "AB:CD:EF:01:23" or "AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23" are acceptable values. This ru
BlackBerry devices version 4.0.0 and higher.
Type the password for WEP key 2 using the format xx:xx:xx:xx:xx. Allowable values are either 5 or 13 pairs of hexadecima
by a colon. For example, "AB:CD:EF:01:23" or "AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23" are acceptable values. This ru
BlackBerry devices version 4.0.0 and higher.
Type the password for WEP key 3 using the format xx:xx:xx:xx:xx. Allowable values are either 5 or 13 pairs of hexadecima
by a colon. For example, "AB:CD:EF:01:23" or "AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23" are acceptable values. This ru
BlackBerry devices version 4.0.0 and higher.
Type the password for WEP key 4 using the format xx:xx:xx:xx:xx. Allowable values are either 5 or 13 pairs of hexadecima
by a colon. For example, "AB:CD:EF:01:23" or "AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23" are acceptable values. This ru
BlackBerry devices version 4.0.0 and higher.
Type the pre-shared key. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the user name for EAP-PEAP or EAP-LEAP security access on the BlackBerry device. This rule applies only to Java
version 4.0.0 and higher.
Type the user password for EAP-PEAP or EAP-LEAP security access on the BlackBerry device. This rule applies only to J
version 4.0.0 and higher.
Specify whether Dynamic Host Configuration Protocol (DHCP) is used for dynamic network configuration. Note: If you are
network, RIM recommends turning on DHCP to enable roaming between subnets. If you do not set this rule, a default valu
applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the IP address in IP address format (for example,10.0.0.1) for use if Dynamic Host Configuration Protocol (DHCP) is
device (in other words, if the Wi-Fi DHCP Configuration rule is set to No). Warning: If the Wi-Fi DHCP Configuration rule is
Yes. This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the subnet mask in dotted format (for example, 10.0.0.1) for use if Dynamic Host Configuration Protocol (DHCP) is tu
Warning: Do not apply this rule if the DHCP is enabled. This rule applies only to Java-based BlackBerry devices version 4.
Type the primary DNS in IP address format (for example, 10.0.0.1) if the DHCP is disabled. Do not apply this rule if the DH
only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the secondary DNS in dotted format (for example, 10.0.0.1) if the DHCP is disabled. Do not apply this rule if the DHC
only to Java-based BlackBerry devices version 4.0.0 and higher.
Type the default gateway in IP address format (for example, 10.0.0.1) if the DHCP is disabled. Do not apply this rule if the
applies only to Java-based BlackBerry devices version 4.0.0 and higher.
Specify the minimum security level for private keys used by EAP methods employing client certificates (for example, EAP-T
prompts the user for the key store password once to retrieve the private key for encrypting messages. Device stores the un
Wi-Fi profile. Medium security: Device prompts the user for the key store password only once to retrieve the private key for
subsequently only after a device reset. Device caches the private key in memory but does not store it with the Wi-Fi profile
prompts the user for the key store password when accessing the private key for encrypting messages. Device does not sto
with the Wi-Fi profile. If you do not set this rule, a default value of "Low security" will be used. This rule applies only to Java
version 4.0.1 and higher.
Set to Yes to enable handheld users to use the HTTP browser. Please note that this policy has been made obsolete on the
named "Allow Hotspot Browser" instead. If you do not set this rule, a default value of No will be used. This rule applies only
devices version 4.0.0 through 4.6.0.
Set to Yes to disable use of Wi-Fi on the device. If you do not set this rule, a default value of No will be used. This rule app
BlackBerry devices version 4.2.1 and higher.
Set to Yes to mask the password that the BlackBerry device user types. Set to No to allow the BlackBerry device to display
BlackBerry device user types. If you do not set this rule, a default value of No will be used. This rule applies only to Java-b
4.2.1 and higher.
Set to Yes to disable use of WAN-only mode in the GAN selection modes of the BlackBerry device. If you do not set this ru
used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to disable use of WAN-preferred mode in the GAN selection modes of the BlackBerry device. If you do not set t
be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to disable use of GAN-only mode in the GAN selection modes of the BlackBerry device. If you do not set this ru
used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to disable use of GAN-preferred mode in the GAN selection modes of the BlackBerry device. If you do not set th
be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to disable changing the GAN selection mode on the BlackBerry device. If you do not set this rule, a default valu
applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to disable the prompt for re-entry of Wi-Fi credentials on the BlackBerry device after an authentication failure. If
value of No will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to prevent the BlackBerry device user from creating new Wi-Fi profiles on the BlackBerry device. If you do not s
will be used. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify the Wi-Fi signal quality threshold for roving from GAN to WAN. If the Wi-Fi signal quality drops below this threshold
BlackBerry device attempts to handover or rove to the WAN, if an acceptable cell is available. If this rule is not specified, th
suitable value (possibly specified by the carrier). Possible values are:
Low: use GAN mode unless the Wi-Fi signal quality is very low.
Medium: use GAN mode if Wi-Fi signal quality is high or medium.
High: use GAN mode only if Wi-Fi signal quality is high.
This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify the signal strength threshold for rove-in from WAN to GAN. In WAN-preferred mode, if the signal strength of the se
then the device will use the GAN cell, if one is available. This value is specified in RXLEV units, described in 3GPP 5.08 8.
63 means -48 dBm. If this rule is not specified, the device chooses a suitable value (possibly specified by the carrier). The
rule is 0 through 63 RXLEV. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Specify the signal quality threshold for handover from WAN to GAN. In WAN-preferred mode, if the signal quality drops be
attempt a handover to a GAN, if possible. The signal quality is related to bit error rate and is described in 3GPP 5.08 8.2.4
means worst quality. If this rule is not specified, the device chooses a suitable value (possibly specified by the carrier). The
rule is 0 through 7. This rule applies only to Java-based BlackBerry devices version 4.2.1 and higher.
Set to Yes to disable direct access to the BlackBerry Enterprise Server from Wi-Fi networks using a direct BlackBerry Rou
direct access to the BlackBerry Enterprise Server from Wi-Fi networks. The default value is carrier-dependent; some carrie
the BlackBerry Enterprise Server by default. Note, in order to disable Wi-Fi access to the BlackBerry Enterprise Server usi
the "BlackBerry Infrastructure Wi-Fi Access Mode" IT policy or Wi-Fi configuration setting. By using these settings together
Fi access to the BlackBerry Enterprise Server and/or BlackBerry Internet Service. This rule applies only to Java-based Bla
higher.
Specify whether to allow forwarding of Wi-Fi profiles that a user creates. Depending on the mode, the user can forward a W
devices using one the following options: Email message, PIN message (if allowed by the IT policy), SMS (if allowed by the
message (if allowed by the IT policy). Note that forwarding of Wi-Fi profiles that are pushed using an IT policy is not allowe
can set the profile forwarding mode to one of the following options:
Enabled: Wi-Fi profile forwarding is allowed and the user is not required to specify a forwarding password.
Enabled with password: Wi-Fi profile forwarding is allowed, but the user is required to specify a forwarding password.
Disabled: Wi-Fi profile forwarding is not allowed.
If you do not set this rule, a default value of "Enabled" will be used. This rule applies only to Java-based BlackBerry device
Specify whether BlackBerry device can use the BlackBerry Infrastructure over a Wi-Fi network to access the BlackBerry En
Internet Service. You can set the mode to one of the following:
Access does not require VPN: Wi-Fi access to the BlackBerry Infrastructure can bypass an active VPN connection on the
Access requires VPN: Wi-Fi access to the BlackBerry Infrastructure requires an active VPN connection, either due to the s
Access disabled: Wi-Fi access to the BlackBerry Infrastructure is disabled.
Note that you can override this setting by the related Wi-Fi configuration setting called Wi-Fi BlackBerry Infrastructure Wi-F
configuration setting allows you to configure an access mode in regards to VPN depending on a particular corporate Wi-Fi
policy rule can configure the access mode for other non-corporate Wi-Fi networks. Note, however, that you can turn off Wi
Infrastructure only using the IT policy rule and you cannot override the IT policy rule using a Wi-Fi configuration settting. No
field is to allow a Wi-Fi connection to the BlackBerry Infrastructure to bypass an active VPN connection. If you do not set th
does
Specifynotarequire VPN" will belist
comma-separated used. This SSIDs
of Wi-Fi rule applies
whichonly to Java-based
should be blocked BlackBerry
from usage.devices version
If specified, 5.0.0 and
handheld will higher.
never be a
given SSIDs. This rule applies only to Java-based BlackBerry devices version 5.0.0 and higher.
No
No
No
None
None
No
No
No
24
168
No
No
No
No
No
No
No
No
100%
No
No
Numeric
No
No
No
No
No
No
No
No
Always
No
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
Blackberry Browser
No
Yes
No
No
No
Yes
No
No
Yes
Allow
No
No
Yes
Yes
MS-Enterprise
80
RSA
1024
No
Yes
Yes
No Restrictions
-1
Yes
BES
No
No
No
No
No
Prompt
Yes
No
10
Yes
Yes
No
No
No
No
Yes
No
Yes
Yes
Yes
Yes
no limit
Yes
Yes
No
No
Yes
No
No
No
Downloads
No
No
Yes
Yes
60
Yes
No restriction
Yes
Yes
No
No
No
Yes
-1
-1
5242880
3145728
No
No
-1
10240
No
Automatic Allowed
No
No
No
No
No
No
No
No
Yes
Yes
No
No
No
4096
No
No
No
Yes
No
No
Yes
No
Yes
No
Yes
No
16
No
60
No
No
No
1024
No
No
1024
1024
Email-based enrolment
24
Automatic
Both
Manual
No
No
No
No
No
No
Yes
Yes
No
Yes
Yes
10
0
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
1024
1024
163
No
No
No
1024
Automatic
Both
Manual
No
No
No
No
No
No
No
No
No
No
No
7
No
No
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
Radio not disabled when USB
device is connected
No
No
No
No
No
Low security
Low security
All databases
No
No
No
No
No
No
Allowed
No
No
No
Not Required
No
No
No
No
Disabled
Disabled
No
No
No
No
Yes
No
No
-1
No
No
No
No
Allowed
No
Yes
No
No
Allowed
Allowed
Allowed
No
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Disabled
Yes
Yes
Prompt user on Blackberry
device
Prompt user on Blackberry
device
512
512
160
No
512
No
Disable
No
No
Yes
Yes
No
Group 7
Group 7
AES128
SHA1 160bits
Yes
Yes
1
No
No
No
Low security
No
Yes
No
Yes
Yes
Generic SIP
5060
911
UDP
25
51100
5060
911
Yes
Yes
Yes
No
512
160
No
Yes
1
Yes
Low security
No
No
No
No
No
No
No
No
No
No
Enabled
No
Yes
No
No
No
No
Category Header
Added in BES 4.1.7
Added in BES 5.0.1
Added in BES 5.0.2