Академический Документы
Профессиональный Документы
Культура Документы
SWDT323212-832026-1204092649-001
Contents
1 IT policy rules............................................................................................................................................................................... Using IT policy rules on other devices.......................................................................................................................................... Preconfigured IT policies................................................................................................................................................................ New IT policy rules in this release................................................................................................................................................. 21 21 21 22 25 25 25 25 26 26 27 27 28 28 29 30 30 31 31 32 32 33 33 34 34 34 35 36 36 37 37 38 38
2 Descriptions of IT policy rules................................................................................................................................................... Desktop Only items........................................................................................................................................................................ Auto Backup Enabled IT policy rule...................................................................................................................................... Auto Backup Exclude Messages IT policy rule.................................................................................................................... Auto Backup Exclude Synchronization IT policy rule......................................................................................................... Auto Backup Frequency IT policy rule.................................................................................................................................. Auto Backup Include All IT policy rule................................................................................................................................. Disable Wireless Calendar IT policy rule.............................................................................................................................. Do Not Save Sent Messages IT policy rule.......................................................................................................................... Force Load Count IT policy rule............................................................................................................................................ Force Load Message IT policy rule........................................................................................................................................ Forward Messages In Cradle IT policy rule.......................................................................................................................... Message Conflict Mailbox Wins IT policy rule..................................................................................................................... Message Prompt IT policy rule.............................................................................................................................................. Show Application Loader IT policy rule................................................................................................................................ Show Web Link IT policy rule................................................................................................................................................. Synchronize Messages Instead Of Importing IT policy rule.............................................................................................. Web Link Label IT policy rule................................................................................................................................................. Web Link URL IT policy rule................................................................................................................................................... Device Only Items........................................................................................................................................................................... Allow BCC Recipients IT policy rule..................................................................................................................................... Allow Peer-to-Peer Messages IT policy rule....................................................................................................................... Allow SMS IT policy rule........................................................................................................................................................ Default Browser Config UID IT policy rule.......................................................................................................................... Enable Long-Term Timeout IT policy rule............................................................................................................................ Enable WAP Config IT policy rule......................................................................................................................................... Home Page Address IT policy rule........................................................................................................................................ Home Page Address Is Read-Only IT policy rule................................................................................................................ Maximum Password Age IT policy rule................................................................................................................................
Maximum Security Timeout IT policy rule........................................................................................................................... Minimum Password Length IT policy rule............................................................................................................................ Password Pattern Checks IT policy rule............................................................................................................................... Password Required IT policy rule.......................................................................................................................................... User Can Change Timeout IT policy rule............................................................................................................................. User Can Disable Password IT policy rule........................................................................................................................... Global items..................................................................................................................................................................................... Allow Browser IT policy rule.................................................................................................................................................. Allow Phone IT policy rule..................................................................................................................................................... Auto Signature IT policy rule................................................................................................................................................. Application Center policy group................................................................................................................................................... Disable Application Center IT policy rule............................................................................................................................ Disable Carrier Directory IT policy rule................................................................................................................................ BlackBerry Messenger policy group............................................................................................................................................. Disable BlackBerry Messenger IT policy rule...................................................................................................................... Disable Check for Updates IT policy rule............................................................................................................................ Disable Location Requests, Responses, and Proximity Alerts IT policy rule.................................................................... Disable Server Based Contact List Synchronization IT policy rule................................................................................... Disallow External Email Address for Server Registration IT policy rule........................................................................... Disallow Forwarding of Contacts IT policy rule.................................................................................................................. Disallow Setting a Subject on Conversations IT policy rule.............................................................................................. Enforce Security Question in BlackBerry Messenger Invitation IT policy rule................................................................ Messenger Audit Email Address IT policy rule.................................................................................................................... Messenger Audit Max Report Interval IT policy rule.......................................................................................................... Messenger Audit Report Interval IT policy rule.................................................................................................................. Messenger Audit UID IT policy rule..................................................................................................................................... BlackBerry Smart Card Reader policy group............................................................................................................................... Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule...................................................................... Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule....................................................................... Force Erase Key on PC Standby IT policy rule..................................................................................................................... Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule........................................................................ Maximum BlackBerry Disconnected Timeout IT policy rule.............................................................................................. Maximum BlackBerry Long Term Timeout IT policy rule................................................................................................... Maximum Bluetooth Encryption Key Regeneration Period IT policy rule........................................................................ Maximum Bluetooth Range IT policy rule...........................................................................................................................
39 40 40 41 42 42 43 43 44 44 45 45 45 46 46 46 46 47 47 48 48 48 49 49 49 50 50 50 51 51 52 53 53 54 54
Maximum Connection Heartbeat Period IT policy rule...................................................................................................... Maximum Number of BlackBerry Transactions IT policy rule........................................................................................... Maximum Number of PC Pairings IT policy rule................................................................................................................. Maximum Number of PC Transactions IT policy rule......................................................................................................... Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule..................................................................................... Maximum PC Disconnected Timeout IT policy rule............................................................................................................ Maximum PC Long Term Timeout IT policy rule................................................................................................................. Maximum Smart Card Not Present Timeout IT policy rule................................................................................................ Minimum PIN Entry Mode IT policy rule.............................................................................................................................. BlackBerry Unite! policy group..................................................................................................................................................... Disable Download Manager IT policy rule........................................................................................................................... Disable Unite! Applications IT policy rule........................................................................................................................... Bluetooth policy group................................................................................................................................................................... Allow Outgoing Calls IT policy rule...................................................................................................................................... Disable Address Book Transfer IT policy rule...................................................................................................................... Disable Advanced Audio Distribution Profile IT policy rule............................................................................................... Disable Audio/Video Remote Control Profile IT policy rule.............................................................................................. Disable Bluetooth IT policy rule............................................................................................................................................ Disable Desktop Connectivity IT policy rule........................................................................................................................ Disable Dial-Up Networking IT policy rule......................................................................................................................... Disable Discoverable Mode IT policy rule............................................................................................................................ Disable File Transfer IT policy rule....................................................................................................................................... Disable Handsfree Profile IT policy rule.............................................................................................................................. Disable Headset Profile IT policy rule.................................................................................................................................. Disable Pairing IT policy rule................................................................................................................................................ Disable Serial Port Profile IT policy rule.............................................................................................................................. Disable SIM Access Profile IT policy rule............................................................................................................................. Disable Wireless Bypass IT policy rule................................................................................................................................. Force CHAP Authentication on Bluetooth Link IT policy rule........................................................................................... Limit Discoverable Time IT policy rule................................................................................................................................. Minimum Encryption Key Length IT policy rule.................................................................................................................. Require Encryption IT policy rule.......................................................................................................................................... Require LED Connection Indicator IT policy rule................................................................................................................ Require Password for Discoverable Mode IT policy rule.................................................................................................... Require Password for Enabling Bluetooth Support IT policy rule.....................................................................................
55 56 56 57 57 58 59 59 60 60 60 61 61 61 62 62 62 63 63 64 64 64 65 65 66 66 67 67 67 68 68 69 69 69 70
Browser policy group...................................................................................................................................................................... Allow Application Download Services IT policy rule.......................................................................................................... Allow Hotspot Browser IT policy rule................................................................................................................................... Allow IBS Browser IT policy rule........................................................................................................................................... Disable Auto Synchronization in Browser IT policy rule.................................................................................................... Disable JavaScript in Browser IT policy rule........................................................................................................................ Download Images URL IT policy rule................................................................................................................................... Download Themes URL IT policy rule.................................................................................................................................. Download Tunes URL IT policy rule...................................................................................................................................... MDS Browser BSM Enabled IT policy rule........................................................................................................................... MDS Browser Domains IT policy rule................................................................................................................................... MDS Browser HTML Tables Enabled IT policy rule............................................................................................................. MDS Browser JavaScript Enabled IT policy rule.................................................................................................................. MDS Browser Style Sheets Enabled IT policy rule.............................................................................................................. MDS Browser Title IT policy rule........................................................................................................................................... MDS Browser Use Separate Icon IT policy rule.................................................................................................................. Camera policy group....................................................................................................................................................................... Disable Photo Camera IT policy rule.................................................................................................................................... Disable Video Camera IT policy rule.................................................................................................................................... Certification Authority Profile policy group................................................................................................................................. Allow Private Key Export IT policy rule................................................................................................................................ Certificate Enrollment Delay IT policy rule.......................................................................................................................... Certificate Expiry Window IT policy rule.............................................................................................................................. Certification Authority Host IT policy rule........................................................................................................................... Certificate Authority Port IT policy rule............................................................................................................................... Certification Authority Profile Name IT policy rule............................................................................................................ Certification Authority Profile Required IT policy rule....................................................................................................... Certification Authority Type IT policy rule........................................................................................................................... Common Name Components IT policy rule........................................................................................................................ Custom Microsoft Certification Authority Certificate Template IT policy rule................................................................ Distinguished Name Components IT policy rule................................................................................................................ Key Algorithm IT policy rule.................................................................................................................................................. Key Length IT policy rule....................................................................................................................................................... Microsoft Certification Authority Certificate Template IT policy rule.............................................................................. RSA Certification Authority Certificate ID IT policy rule...................................................................................................
70 70 71 71 72 72 72 73 73 73 74 74 75 75 76 76 76 76 77 77 77 78 78 79 79 79 80 81 81 82 82 83 83 84 84
RSA Jurisdiction ID IT policy rule.......................................................................................................................................... Certificate Synchronization policy group..................................................................................................................................... Random Source URL IT policy rule....................................................................................................................................... User Can Disable Automatic RNG Initialization IT policy rule......................................................................................... Common policy group.................................................................................................................................................................... BlackBerry Server version IT policy rule............................................................................................................................... Confirm On Send IT policy rule............................................................................................................................................. Disable Kodiak PTT IT policy rule......................................................................................................................................... Disable MMS IT policy rule.................................................................................................................................................... Disable Voice-Activated Dialing IT policy rule................................................................................................................... Disable Voice Note Recording IT policy rule....................................................................................................................... Enable Simultaneous Phone and Data IT policy rule......................................................................................................... IT Policy Notification IT policy rule....................................................................................................................................... Lock Owner Info IT policy rule.............................................................................................................................................. Set Owner Info IT policy rule................................................................................................................................................. Set Owner Name IT policy rule............................................................................................................................................. Date and Time IT policy group...................................................................................................................................................... Automatic Time Zone Change Detection IT policy rule..................................................................................................... Enable Time Zone Definitions Update IT policy rule.......................................................................................................... Periodic Time Synchronization IT policy rule...................................................................................................................... Time Zone Definitions Automatic Update Interval IT policy rule..................................................................................... Time Zone Definitions Update Server IT policy rule........................................................................................................... Desktop policy group...................................................................................................................................................................... Allow BlackBerry Desktop Software Statistics IT policy rule............................................................................................. Allow External Device Software Servers IT policy rule....................................................................................................... Allow Personal Folder Reconciliation IT policy rule............................................................................................................ Desktop Allow Desktop Add-ins IT policy rule.................................................................................................................... Desktop Allow Device Switch IT policy rule........................................................................................................................ Desktop Password Cache Timeout IT policy rule................................................................................................................ Disable Check For Updates Link IT policy rule................................................................................................................... Disable Media Manager IT policy rule................................................................................................................................. Disable Media Synchronization IT policy rule..................................................................................................................... Generate Encrypted Backup Files IT policy rule................................................................................................................. Override Check For Updates URL IT policy rule................................................................................................................. Device IOT Application policy group............................................................................................................................................
85 85 85 86 86 86 87 87 88 88 88 89 89 90 90 91 92 92 92 93 93 93 94 94 94 95 95 95 96 97 97 97 98 98 99
Device Diagnostic App Disable IT policy rule..................................................................................................................... Set Diagnostic Report Email Address IT policy rule........................................................................................................... Set Diagnostic Report PIN Address IT policy rule.............................................................................................................. Documents To Go policy group..................................................................................................................................................... Disable Documents To Go IT policy rule.............................................................................................................................. Hide Documents To Go Communication Menus IT policy rule......................................................................................... Hide Documents To Go Premium Feature Menus IT policy rule....................................................................................... Email Messaging policy group....................................................................................................................................................... Allow Auto Attachment Download IT policy rule................................................................................................................ Attachment Viewing IT policy rule....................................................................................................................................... Confirm External Image Download IT policy rule............................................................................................................... Disable Form Submission IT policy rule............................................................................................................................... Disable Manual Download of External Images IT policy rule............................................................................................ Disable Notes Native Encryption Forward And Reply IT policy rule................................................................................ Disable Rich Content Email IT policy rule........................................................................................................................... Enable Wireless Message Reconciliation IT policy rule...................................................................................................... Inline Content Requests IT policy rule................................................................................................................................. Keep Message Duration IT policy rule................................................................................................................................. Keep Saved Message Duration IT policy rule...................................................................................................................... Maximum Native Attachment MFH attachment size IT policy rule................................................................................. Maximum Native Attachment MFH total attachment size IT policy rule........................................................................ Maximum Native Attachment MTH attachment size IT policy rule................................................................................. Notes Native Encryption Password Timeout IT policy rule................................................................................................ Prepend Disclaimer IT policy rule......................................................................................................................................... Require Notes Native Encryption For Outgoing Messages IT policy rule....................................................................... Enterprise Voice Client policy group............................................................................................................................................ Disable DTMF Fallback IT policy rule................................................................................................................................... Disable Enterprise Voice Client IT policy rule..................................................................................................................... Lock Outgoing Line IT policy rules....................................................................................................................................... Reject Non-Enterprise Voice Calls IT policy rule................................................................................................................ External Display policy group........................................................................................................................................................ Display Notification Details IT policy rule........................................................................................................................... Include Message Text in Notification Details IT policy rule.............................................................................................. Firewall policy group....................................................................................................................................................................... Restrict Incoming Cellular Calls IT policy rule....................................................................................................................
99 99 99 100 100 100 101 101 101 102 102 103 103 103 104 104 105 105 106 106 106 107 107 108 108 109 109 109 109 110 110 110 111 111 111
Restrict Outgoing Cellular Calls IT policy rule.................................................................................................................... Instant Messaging policy group.................................................................................................................................................... Disable Address Book Lookup for Enterprise Messenger IT policy rule........................................................................... Disable Automatic Login IT policy rule................................................................................................................................ Disable Broadcast Messages IT policy rule......................................................................................................................... Disable Emailing Conversation IT policy rule...................................................................................................................... Disable Emoticons IT policy rule........................................................................................................................................... Disable Offline Messaging for Enterprise Messenger IT policy rule................................................................................ Disable Saving Conversation IT policy rule......................................................................................................................... Disallow File Transfer Types IT policy rule........................................................................................................................... Maximum File Transfer Size (MB) IT policy rule.................................................................................................................. Location Based Services policy group........................................................................................................................................... Allow Geolocation Service IT policy rule.............................................................................................................................. Disable BlackBerry Maps IT policy rule................................................................................................................................ Enable Enterprise Location Tracking IT policy rule............................................................................................................. Enterprise Location Tracking Interval IT policy rule........................................................................................................... Enterprise Location Tracking User Prompt Message IT policy rule.................................................................................. MDS Integration Service policy group.......................................................................................................................................... Allow Access to Multiple Domains IT policy rule................................................................................................................ Allow Discovery By User IT policy rule................................................................................................................................. Disable Activation With Public BlackBerry MDS Integration Service IT policy rule....................................................... Disable MDS Runtime IT policy rule..................................................................................................................................... Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule.............................. Enable Access to Device Data for MDS Runtime 4.3.0 and earlier IT policy rule.......................................................... Lowest BlackBerry MDS Integration Service Security Version Allowed IT policy rule................................................... Queue Limit for Inbound Application Messages IT policy rule......................................................................................... Queue Limit for Outbound Application Messages IT policy rule...................................................................................... Verify BlackBerry MDS Integration Service Certificate IT policy rule.............................................................................. Memory Cleaner policy group....................................................................................................................................................... Force Memory Clean When Closed IT policy rule............................................................................................................... Force Memory Clean When Holstered IT policy rule.......................................................................................................... Force Memory Clean When Idle IT policy rule..................................................................................................................... Memory Cleaner Maximum Idle Time IT policy rule........................................................................................................... On-Device Help policy group........................................................................................................................................................ On-Device Help Group Label IT policy rule........................................................................................................................
112 113 113 113 113 114 114 114 115 115 116 116 116 117 117 117 118 118 118 118 119 119 120 120 120 121 121 122 122 122 123 123 124 124 124
On-Device Help Links IT policy rule..................................................................................................................................... 125 Password policy group.................................................................................................................................................................... 125 Duress Notification Address IT policy rule.......................................................................................................................... 125 Forbidden Passwords IT policy rule...................................................................................................................................... 126 Maximum Password History IT policy rule.......................................................................................................................... 126 Periodic Challenge Time IT policy rule................................................................................................................................. 127 Set Maximum Password Attempts IT policy rule................................................................................................................ 128 Set Password Timeout IT policy rule..................................................................................................................................... 128 Suppress Password Echo IT policy rule................................................................................................................................ 129 PIM Synchronization policy group................................................................................................................................................ 130 Disable Address Wireless Synchronization IT policy rule................................................................................................... 130 Disable All Wireless Synchronization IT policy rule............................................................................................................ 130 Disable BlackBerry Messenger Wireless Synchronization IT policy rule.......................................................................... 131 Disable Calendar Wireless Synchronization IT policy rule................................................................................................. 131 Disable Enterprise Activation Progress IT policy rule........................................................................................................ 132 Disable Memopad Wireless Sync IT policy rule................................................................................................................... 132 Disable Phone Call Log Wireless Synchronization IT policy rule...................................................................................... 133 Disable PIN Messages Wireless Synchronization IT policy rule........................................................................................ 133 Disable SMS Messages Wireless Sync IT policy rule.......................................................................................................... 133 Disable Task Wireless Sync IT policy rule............................................................................................................................ 134 Disable Wireless Bulk Loads IT policy rule........................................................................................................................... 134 PGP Application policy group........................................................................................................................................................ 135 PGP Allowed Content Ciphers IT policy rule....................................................................................................................... 135 PGP Allowed Encrypted Attachment Mode........................................................................................................................ 136 PGP Allowed Encryption Types IT policy rule...................................................................................................................... 136 PGP Blind Copy Address IT policy rule................................................................................................................................ 137 PGP Force Digital Signature IT policy rule.......................................................................................................................... 137 PGP Force Encrypted Messages IT policy rule.................................................................................................................... 138 PGP Minimum Strong DH Key Length IT policy rule......................................................................................................... 138 PGP Minimum Strong DSA Key Length IT policy rule........................................................................................................ 139 PGP Minimum Strong RSA Key Length IT policy rule........................................................................................................ 139 PGP More All and Send Mode IT policy rule....................................................................................................................... 140 PGP Universal Enrollment Method IT policy rule............................................................................................................... 140 PGP Universal Policy Cache Timeout IT policy rule........................................................................................................... 141 PGP Universal Server Address IT policy rule....................................................................................................................... 141
RIM Value-Added Applications policy group.............................................................................................................................. Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule............................... Allow TiVo for BlackBerry application IT policy rule........................................................................................................... BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule.............................................. BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule........................................................ Disable BlackBerry Wallet IT policy rule.............................................................................................................................. Disable Ecommerce Content Optimization Engine IT policy rule..................................................................................... Disable Lotus Connections IT policy rule............................................................................................................................. Disable Organizer Data Access for Social Networking Applications............................................................................... Disable RIM Value-Added Applications IT policy rule....................................................................................................... Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr IT policy rule................................................ Lotus Connections Activities Server IT policy rule.............................................................................................................. Lotus Connections Blogs Server IT policy rule.................................................................................................................... Lotus Connections Communities Server IT policy rule....................................................................................................... Lotus Connections Dogear Server IT policy rule................................................................................................................. Lotus Connections Profiles Server IT policy rule................................................................................................................. Secure Email policy group.............................................................................................................................................................. Canonical Certificate Domain Name IT policy rule............................................................................................................ Disable Certificate Address Checks IT policy rule.............................................................................................................. Security policy group...................................................................................................................................................................... Allow External Connections IT policy rule........................................................................................................................... Allow Internal Connections IT policy rule............................................................................................................................ Allow Outgoing Call When Locked IT policy rule................................................................................................................ Allow Resetting of Idle Timer IT policy rule......................................................................................................................... Allow Screen Shot Capture IT policy rule............................................................................................................................ Allow Smart Card Password Caching IT policy rule........................................................................................................... Allow Split-Pipe Connections IT policy rule........................................................................................................................ Allow Third Party Apps to Use Persistent Store IT policy rule.......................................................................................... Allow Third Party Apps to Use Serial Port IT policy rule.................................................................................................... Allowed Authentication Mechanisms IT policy rule........................................................................................................... Certificate Status Maximum Expiry Time IT policy rule..................................................................................................... Content Protection of Contact List IT policy rule................................................................................................................ Content Protection Strength IT policy rule.......................................................................................................................... Desktop Backup IT policy rule............................................................................................................................................... Disable 3DES Transport Crypto IT policy rule.....................................................................................................................
142 142 142 143 143 144 144 144 145 145 145 146 146 147 147 147 148 148 148 149 149 149 150 150 151 151 152 152 153 153 154 154 155 156 157
Disable BlackBerry App World IT policy rule....................................................................................................................... Disable Certificate or Key Import From External Memory IT policy rule......................................................................... Disable Cut/Copy/Paste IT policy rule................................................................................................................................ Disable External Memory IT policy rule............................................................................................................................... Disable Forwarding Between Services IT policy rule.......................................................................................................... Disable Geo-Tagging of Photos IT policy rule.................................................................................................................... Disable GPS IT policy rule..................................................................................................................................................... Disable Invalid Certificate Use IT policy rule...................................................................................................................... Disable IP Modem IT policy rule........................................................................................................................................... Disable Key Store Backup IT policy rule.............................................................................................................................. Disable Key Store Low Security IT policy rule..................................................................................................................... Disable Media Manager FTP Access.................................................................................................................................... Disable Message Normal Send IT policy rule...................................................................................................................... Disable Peer-to-Peer Normal Send IT policy rule.............................................................................................................. Disable Persisted Plain Text IT policy rule........................................................................................................................... Disable Public Photo Sharing Applications IT policy rule.................................................................................................. Disable Public Social Networking Applications IT policy rule........................................................................................... Disable Radio When Cradled IT policy rule......................................................................................................................... Disable Revoked Certificate Use IT policy rule................................................................................................................... Disable Smart Password Entry IT policy rule....................................................................................................................... Disable Stale Certificate Status Checks IT policy rule....................................................................................................... Disable Stale Status Use IT policy rule................................................................................................................................ Disable Untrusted Certificate Use IT policy rule................................................................................................................ Disable Unverified Certificate Use IT policy rule................................................................................................................ Disable Unverified CRLs IT policy rule................................................................................................................................. Disable USB Mass Storage IT policy rule............................................................................................................................. Disable Weak Certificate Use IT policy rule........................................................................................................................ Disallow Third Party Application Downloads IT policy rule............................................................................................... Encryption on On-Board Device Memory Media Files IT policy rule............................................................................... External File System Encryption Level IT policy rule.......................................................................................................... FIPS Level IT policy rule......................................................................................................................................................... Firewall Block Incoming Messages IT policy rule............................................................................................................... Firewall Whitelist Addresses IT policy rule.......................................................................................................................... Force Content Protection Of Master Keys IT policy rule................................................................................................... Force Device Password Entry While User Authentication is Enabled IT policy rule.......................................................
157 157 158 158 159 159 159 160 160 161 161 162 162 163 164 164 165 165 166 166 167 167 168 168 169 169 169 170 171 171 172 173 174 174 175
Force LED Blinking When Microphone Is On IT policy rule............................................................................................... Force Lock When Closed IT policy rule................................................................................................................................. Force Lock When Holstered IT policy rule........................................................................................................................... Force Multi Factor Authentication IT policy rule................................................................................................................ Force Notifications for Keys with Medium Security Level IT policy rule.......................................................................... Force Smart Card Reader Challenge Response while User Authentication is enabled IT policy rule......................... Force Smart Card Two Factor Authentication IT policy rule.............................................................................................. Force Smart Card Two Factor Challenge Response IT policy rule.................................................................................... Key Store Password Maximum Timeout IT policy rule....................................................................................................... Lock on Proximity Authenticator Disconnect IT policy rule............................................................................................... Lock on Smart Card Removal IT policy rule......................................................................................................................... Login Disclaimer IT policy rule.............................................................................................................................................. Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule........................................... Media Card Format on Device Wipe IT policy rule............................................................................................................. Message Classification IT policy rule................................................................................................................................... Message Classification Title IT policy rule........................................................................................................................... Minimal Encryption Key Store Security Level IT policy rule.............................................................................................. Minimal Signing Key Store Security Level IT policy rule.................................................................................................... Password Required for Application Download IT policy rule............................................................................................ Require Secure APB Messages IT policy rule...................................................................................................................... Required Password Pattern IT policy rule............................................................................................................................ Reset to Factory Defaults on Wipe IT policy rule................................................................................................................ Secure Wipe Delay After IT Policy Received IT policy rule................................................................................................ Secure Wipe Delay After Lock IT policy rule........................................................................................................................ Secure Wipe if Low Battery IT policy rule............................................................................................................................. Security Service Colors IT policy rule................................................................................................................................... Security Transcoder Cod File Hashes IT policy rule........................................................................................................... Trusted Certificate Thumbprints IT policy rule.................................................................................................................... Two Factor Content Protection Usage IT policy rule.......................................................................................................... Weak Digest Algorithms IT policy rule................................................................................................................................. S/MIME Application policy group................................................................................................................................................. Entrust Messaging Server (EMS) Email Address IT policy rule......................................................................................... S/MIME Allowed Content Ciphers IT policy rule................................................................................................................ S/MIME Allowed Encrypted Attachment Mode IT policy rule.......................................................................................... S/MIME Allowed Encryption Types IT policy rule...............................................................................................................
175 176 176 176 177 177 178 179 179 180 180 181 182 182 183 183 183 184 185 185 185 186 187 187 188 188 189 189 190 191 191 192 192 193 193
S/MIME Blind Copy Address IT policy rule.......................................................................................................................... S/MIME Force Digital Signature IT policy rule................................................................................................................... S/MIME Force Encrypted Messages IT policy rule............................................................................................................. S/MIME Force Smartcard Use IT policy rule....................................................................................................................... S/MIME Minimum Strong DH Key Length IT policy rule.................................................................................................. S/MIME Minimum Strong DSA Key Length IT policy rule................................................................................................. S/MIME Minimum Strong ECC Key Length IT policy rule................................................................................................. S/MIME Minimum Strong RSA Key Length IT policy rule................................................................................................. S/MIME More All and Send Mode IT policy rule................................................................................................................ Service Exclusivity policy group..................................................................................................................................................... Allow Other Browser Services IT policy rule........................................................................................................................ Allow Other Calendar Services IT policy rule...................................................................................................................... Allow Other Message Services IT policy rule...................................................................................................................... Allow Public AIM Services IT policy rule.............................................................................................................................. Allow Public Google Talk Services IT policy rule................................................................................................................. Allow Public ICQ Services IT policy rule.............................................................................................................................. Allow Public IM Services IT policy rule................................................................................................................................. Allow Public WLM Services IT policy rule............................................................................................................................. Allow Public Yahoo! Messenger Services IT policy rule..................................................................................................... Allow T-Mobile Mobile Backup Contact Sync IT policy rule.............................................................................................. SIM Application Toolkit policy group............................................................................................................................................ Disable Network Location Query IT policy rule.................................................................................................................. Disable SIM Call Control IT policy rule................................................................................................................................ Disable SIM Originated Calls IT policy rule......................................................................................................................... Smart Dialing policy group............................................................................................................................................................ Enable Smart Dialing Policy IT policy rule........................................................................................................................... Set Local Area Code IT policy rule........................................................................................................................................ Set Local Country Code IT policy rule.................................................................................................................................. Set National Number Length IT policy rule......................................................................................................................... Smart Dialing Allow Device Changes IT policy rule........................................................................................................... TCP policy group............................................................................................................................................................................. TCP APN IT policy rule........................................................................................................................................................... TCP Password IT policy rule.................................................................................................................................................. TCP Username IT policy rule................................................................................................................................................. TLS Application policy group.........................................................................................................................................................
194 194 195 195 196 196 197 197 198 198 198 199 199 200 200 200 201 201 202 202 202 202 203 203 204 204 204 205 205 206 207 207 207 207 208
TLS Device Side Only IT policy rule...................................................................................................................................... TLS Disable Invalid Connection IT policy rule..................................................................................................................... TLS Disable Untrusted Connection IT policy rule............................................................................................................... TLS Disable Weak Ciphers IT policy rule.............................................................................................................................. TLS Disable Weak Digests IT policy rule.............................................................................................................................. TLS Minimum Strong DH Key Length IT policy rule........................................................................................................... TLS Minimum Strong DSA Key Length IT policy rule......................................................................................................... TLS Minimum Strong ECC Key Length IT policy rule......................................................................................................... TLS Minimum Strong RSA Key Length IT policy rule......................................................................................................... TLS Prevent Unmatched Domain Name IT policy rule...................................................................................................... TLS Restrict FIPS Ciphers IT policy rule............................................................................................................................... User Feedback IT policy group...................................................................................................................................................... Allow User Feedback IT policy rule...................................................................................................................................... Visual Voice Mail policy group...................................................................................................................................................... Allow Users to Save Messages IT policy rule...................................................................................................................... Disable Visual Voice Mail IT policy rule............................................................................................................................... Password Complexity IT policy rule...................................................................................................................................... Require Password IT policy rule............................................................................................................................................ VoIP policy group............................................................................................................................................................................ Allow VoIP IT policy rule........................................................................................................................................................ Disable VoIP User Profiles IT policy rule............................................................................................................................. SIP Authentication ID IT policy rule..................................................................................................................................... SIP Domain IT policy rule...................................................................................................................................................... SIP Local Port IT policy rule................................................................................................................................................... SIP Realm IT policy rule......................................................................................................................................................... SIP Registration Timeout IT policy rule................................................................................................................................ SIP RTP Media Port IT policy rule......................................................................................................................................... SIP Server Name IT policy rule.............................................................................................................................................. SIP Server Port IT policy rule................................................................................................................................................. SIP Server Transport IT policy rule....................................................................................................................................... SIP Server Type IT policy rule................................................................................................................................................ SIP User Display Name IT policy rule.................................................................................................................................. SIP User ID IT policy rule....................................................................................................................................................... SIP User Password IT policy.................................................................................................................................................. VoIP Allow BlackBerry Device Changes IT policy rule.......................................................................................................
208 208 209 209 210 210 211 211 212 213 213 213 214 214 214 214 215 215 216 216 216 217 217 217 218 218 219 219 219 220 220 221 221 222 222
VoIP Emergency Number IT policy rule............................................................................................................................... VoIP Enable Attended Call Transfer IT policy rule.............................................................................................................. VoIP Enable Call Hold IT policy rule..................................................................................................................................... VoIP Enable Unattended Call Transfer IT policy rule......................................................................................................... VPN policy group............................................................................................................................................................................ Disable VPN User Profiles IT policy rule.............................................................................................................................. Enable VPN IT policy rule...................................................................................................................................................... Use VPN Xauth IT policy rule................................................................................................................................................ VPN Allow Handheld Changes IT policy rule...................................................................................................................... VPN Allow Password Save IT policy rule............................................................................................................................. VPN Disable Prompt for Credentials Re-Entry IT policy rule............................................................................................ VPN DNS Configuration IT policy rule................................................................................................................................. VPN Domain Name IT policy rule......................................................................................................................................... VPN Gateway Address IT policy rule.................................................................................................................................... VPN Group Name IT policy rule........................................................................................................................................... VPN Group Password IT policy rule..................................................................................................................................... VPN IKE Cipher IT policy rule............................................................................................................................................... VPN IKE DH Group IT policy rule......................................................................................................................................... VPN IKE Hash IT policy rule.................................................................................................................................................. VPN IPSec Cipher and Hash IT policy rule.......................................................................................................................... VPN Minimal Certificate Encryption Key Security Level IT policy rule............................................................................ VPN NAT Keep Alive IT policy rule....................................................................................................................................... VPN Password Hidden on Input IT policy rule.................................................................................................................... VPN PFS IT policy rule........................................................................................................................................................... VPN Primary DNS IT policy rule........................................................................................................................................... VPN Secondary DNS IT policy rule...................................................................................................................................... VPN User Name IT policy rule.............................................................................................................................................. VPN User Password IT policy rule........................................................................................................................................ VPN Vendor Type IT policy rule............................................................................................................................................ VPN Xauth Type IT policy rule.............................................................................................................................................. Wi-Fi policy group........................................................................................................................................................................... BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule............................................................................................. Blocked Wi-Fi SSIDs IT policy rule........................................................................................................................................ Disable GAN-Only Mode IT policy rule............................................................................................................................... Disable GAN-Preferred Mode IT policy rule.......................................................................................................................
223 223 224 224 224 224 225 225 226 226 227 227 227 228 228 229 229 229 230 230 231 231 232 232 232 233 233 234 234 235 235 235 236 236 237
Disable GAN Selection Mode Editing IT policy rule........................................................................................................... Disable WAN-Only Mode IT policy rule............................................................................................................................... Disable WAN-Preferred Mode IT policy rule....................................................................................................................... Disable Wi-Fi IT policy rule.................................................................................................................................................... Disable Wi-Fi Direct Access to BlackBerry Enterprise Server IT policy rule.................................................................... Disable Wi-Fi User Profiles IT policy rule............................................................................................................................. GAN Signal Quality Threshold IT policy rule...................................................................................................................... GAN Signal Strength Threshold IT policy rule.................................................................................................................... GAN Wi-Fi Threshold IT policy rule...................................................................................................................................... Wi-Fi Allow Handheld Changes IT policy rule..................................................................................................................... Wi-Fi Default Gateway IT policy rule.................................................................................................................................... Wi-Fi Default KEY ID IT policy rule....................................................................................................................................... Wi-Fi DHCP Configuration IT policy rule............................................................................................................................. Wi-Fi Disable Prompt for Credentials Re-Entry IT policy rule........................................................................................... Wi-Fi Enable Authentication Page IT policy rule................................................................................................................ Wi-Fi IP Address IT policy rule.............................................................................................................................................. Wi-Fi Link Security IT policy rule........................................................................................................................................... Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level IT policy rule........................................................... Wi-Fi Password Hidden on Input IT policy rule................................................................................................................... Wi-Fi Preshared Key IT policy rule........................................................................................................................................ Wi-Fi Primary DNS IT policy rule.......................................................................................................................................... Wi-Fi Profile Forwarding Mode IT policy rule...................................................................................................................... Wi-Fi Secondary DNS IT policy rule..................................................................................................................................... Wi-Fi SSID IT policy rule........................................................................................................................................................ Wi-Fi Subnet Mask IT policy rule.......................................................................................................................................... Wi-Fi User Name IT policy rule............................................................................................................................................. Wi-Fi User Password IT policy rule....................................................................................................................................... Wi-Fi WEP Key 1 IT policy rule............................................................................................................................................... Wi-Fi WEP Key 2 IT policy rule.............................................................................................................................................. Wi-Fi WEP Key 3 IT policy rule.............................................................................................................................................. Wi-Fi WEP Key 4 IT policy rule.............................................................................................................................................. Wired Software Updates policy group.......................................................................................................................................... Allow Web-Based Software Loading IT policy rule............................................................................................................. Cryptographic Services Backup IT policy rule..................................................................................................................... Wireless Software Upgrades policy group...................................................................................................................................
237 237 238 238 239 239 240 240 241 241 242 242 243 243 243 244 244 245 245 246 246 247 248 248 249 249 250 250 251 251 251 252 252 252 253
Allow Non Enterprise Upgrade IT policy rule...................................................................................................................... Disallow Device User Requested Rollback IT policy rule................................................................................................... Disallow Device User Requested Upgrade IT policy rule.................................................................................................. Disallow Patch Download Over International Roaming WAN IT policy rule................................................................... Disallow Patch Download Over Roaming WAN IT policy rule.......................................................................................... Disallow Patch Download Over WAN IT policy rule........................................................................................................... Disallow Patch Download Over Wi-Fi IT policy rule........................................................................................................... WTLS Application policy group...................................................................................................................................................... WTLS Disable Invalid Connection IT policy rule.................................................................................................................. WTLS Disable Untrusted Connection IT policy rule............................................................................................................ WTLS Disable Weak Ciphers IT policy rule........................................................................................................................... WTLS Minimum Strong DH Key Length IT policy rule........................................................................................................ WTLS Minimum Strong ECC Key Length IT policy rule...................................................................................................... WTLS Minimum Strong RSA Key Length IT policy rule...................................................................................................... WTLS Restrict FIPS Ciphers IT policy rule............................................................................................................................ 3 Descriptions of application control policy rules..................................................................................................................... Are Internal Network Connections Allowed application control policy rule............................................................................ Are External Network Connections Allowed application control policy rule........................................................................... Are Local Connections Allowed application control policy rule................................................................................................ Can Device Settings be Modified application control policy rule............................................................................................. Can the Security Timer be Reset application control policy rule.............................................................................................. Disposition application control policy rule................................................................................................................................... Is Access to the Browser Filters API Allowed application control policy rule.......................................................................... Is Access to the Email API Allowed application control policy rule.......................................................................................... Is Access to the Event Injection API Allowed application control policy rule.......................................................................... Is Access to the File API Allowed application control policy rule.............................................................................................. Is Access to the GPS API Allowed application control policy rule............................................................................................ Is Access to the Handheld Key Store Allowed application control policy rule........................................................................ Is Access to the Interprocess Communication API Allowed application control policy rule.................................................. Is Access to the Phone API Allowed application control policy rule......................................................................................... Is Access to the Media API Allowed application control policy rule......................................................................................... Is Access to the Module Management API Allowed application control policy rule.............................................................. Is Access to the PIM API Allowed application control policy rule............................................................................................. Is Access to the Screen, Microphone, and Video Capturing APIs Allowed application control policy rule.........................
253 253 254 254 255 255 255 256 256 256 257 257 258 259 260 261 261 261 262 262 262 263 263 263 264 264 264 265 265 266 266 266 267 267
Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule.............................................. Is Access to the User Authenticator API Allowed application control policy rule.................................................................. Is Access to the Wi-Fi API Allowed application control policy rule........................................................................................... Is Key Store Medium Security Allowed application control policy rule.................................................................................... Is Theme Data Allowed application control policy rule.............................................................................................................. List of Browser Filter Domains application control policy rule.................................................................................................. List of External Domains application control policy rule............................................................................................................ List of Internal Domains application control policy rule............................................................................................................ 4 Configuration settings................................................................................................................................................................ Configuration settings for VoIP profiles....................................................................................................................................... Allow VoIP configuration setting.......................................................................................................................................... SIP Authentication ID configuration setting....................................................................................................................... SIP Domain configuration setting........................................................................................................................................ SIP Local Port configuration setting.................................................................................................................................... SIP Realm configuration setting........................................................................................................................................... SIP Registration Timeout configuration setting................................................................................................................. SIP RTP Media Port configuration setting........................................................................................................................... SIP Server Name configuration setting............................................................................................................................... SIP Server Port configuration setting.................................................................................................................................. SIP Server Transport configuration setting......................................................................................................................... SIP Server Type configuration setting.................................................................................................................................. SIP User Display Name configuration setting.................................................................................................................... SIP User ID configuration setting........................................................................................................................................ SIP User Password configuration setting............................................................................................................................ VoIP Allow BlackBerry Device Changes configuration setting......................................................................................... VoIP Emergency Number configuration setting................................................................................................................. VoIP Enable Attended Call Transfer configuration setting............................................................................................... VoIP Enable Call Hold configuration setting...................................................................................................................... VoIP Enable Unattended Call Transfer configuration setting.......................................................................................... Configuration settings for VPN profiles....................................................................................................................................... Enable VPN configuration setting........................................................................................................................................ Suppress VPN Banner configuration setting...................................................................................................................... Use VPN Xauth configuration setting................................................................................................................................. VPN Allow Handheld Changes configuration setting.......................................................................................................
268 268 269 269 270 270 270 271 272 272 272 272 273 273 273 274 274 275 275 275 276 276 277 277 278 278 279 279 279 280 280 280 281 281
VPN Allow Password Save configuration setting............................................................................................................... VPN Disable Server Certificate Validation configuration setting.................................................................................... VPN DNS Configuration configuration setting.................................................................................................................. VPN Domain Name configuration setting.......................................................................................................................... VPN Gateway Address configuration setting..................................................................................................................... VPN Group Name configuration setting............................................................................................................................. VPN Group Password configuration setting....................................................................................................................... VPN Hard Token Required configuration setting............................................................................................................... VPN IKE Cipher configuration setting................................................................................................................................. VPN IKE DH Group configuration setting........................................................................................................................... VPN IKE Hash configuration setting.................................................................................................................................... VPN IP Address configuration setting................................................................................................................................. VPN IPSec Cipher and Hash configuration setting........................................................................................................... VPN Minimal Certificate Encryption Key Security Level configuration setting.............................................................. VPN NAT Keep Alive configuration setting........................................................................................................................ VPN PFS configuration setting............................................................................................................................................. VPN Primary DNS configuration setting............................................................................................................................. VPN Profile Visibility configuration setting......................................................................................................................... VPN Profile Editability configuration setting...................................................................................................................... VPN Secondary DNS configuration setting........................................................................................................................ VPN Subnet Mask configuration setting............................................................................................................................. VPN Token Serial Number configuration setting............................................................................................................... VPN User Name configuration setting................................................................................................................................ VPN User Password configuration setting.......................................................................................................................... VPN Vendor Type configuration setting.............................................................................................................................. VPN Xauth Type configuration setting................................................................................................................................ Configuration settings for Wi-Fi profiles...................................................................................................................................... Associated Certificate Authority Configuration configuration setting............................................................................ Associated VoIP Configuration configuration setting....................................................................................................... Associated VPN Configuration configuration setting........................................................................................................ Wi-Fi Allow AP to AP Handover configuration setting...................................................................................................... Wi-Fi Allow Handheld Changes configuration setting...................................................................................................... Wi-Fi Allow Password Save configuration setting.............................................................................................................. Wi-Fi Band Type configuration setting................................................................................................................................ Wi-Fi BlackBerry Infrastructure Wi-Fi Access Mode configuration setting.....................................................................
282 282 283 283 283 284 284 285 285 285 286 286 287 287 288 288 288 289 289 289 290 290 291 291 292 292 293 293 293 293 294 294 295 295 295
Wi-Fi Default Gateway configuration setting..................................................................................................................... Wi-Fi Default KEY ID configuration setting........................................................................................................................ Wi-Fi DHCP Configuration configuration setting............................................................................................................... Wi-Fi Disable Server Certificate Validation configuration setting................................................................................... Wi-Fi Domain Suffix configuration setting.......................................................................................................................... Wi-Fi EAP-FAST Provisioning method configuration setting............................................................................................ Wi-Fi Enable Authentication Page configuration setting.................................................................................................. Wi-Fi Hard Token Required configuration setting.............................................................................................................. Wi-Fi Inner Authentication Mode configuration setting................................................................................................... Wi-Fi IP Address configuration setting................................................................................................................................ Wi-Fi Link Security configuration setting............................................................................................................................ Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level configuration setting............................................. Wi-Fi Preshared Key configuration setting......................................................................................................................... Wi-Fi Primary DNS configuration setting............................................................................................................................ Wi-Fi Profile Editability configuration setting..................................................................................................................... Wi-Fi Profile Visibility configuration setting....................................................................................................................... Wi-Fi Protected Access Credential Key configuration setting.......................................................................................... Wi-Fi Roaming Threshold configuration setting................................................................................................................. Wi-Fi Secondary DNS configuration setting....................................................................................................................... Wi-Fi Server SAN configuration setting............................................................................................................................... Wi-Fi Server Subject configuration setting......................................................................................................................... Wi-Fi SSID configuration setting.......................................................................................................................................... Wi-Fi Subnet configuration setting...................................................................................................................................... Wi-Fi Token Serial Number configuration setting.............................................................................................................. Wi-Fi User Name configuration setting............................................................................................................................... Wi-Fi User Password configuration setting......................................................................................................................... Wi-Fi WEP Key 1 configuration setting................................................................................................................................. Wi-Fi WEP Key 2 configuration setting................................................................................................................................ Wi-Fi WEP Key 3 configuration setting................................................................................................................................ Wi-Fi WEP Key 4 configuration setting................................................................................................................................
296 297 297 297 298 298 299 299 300 300 300 301 301 302 302 303 303 303 304 304 305 305 306 306 306 307 307 308 308 309
5 Examples of security policy goals............................................................................................................................................. 310 Defining acceptable use of passwords and passphrases on BlackBerry devices.................................................................... 311 Defining measures to protect BlackBerry devices from unauthorized use.............................................................................. 312 Defining the encryption strength that the BlackBerry device uses to protect data............................................................... 312
Restricting unsecured messaging........................................................................................................................................ Defining measures to prevent threats from viruses and malicious users................................................................................ Limiting the resources that third-party applications installed on BlackBerry devices can access............................... Limiting user control of third-party applications on BlackBerry devices......................................................................... Preventing RIM value-added applications from running on BlackBerry devices.................................................................... 6 Glossary.........................................................................................................................................................................................
IT policy rules
IT policy rules
You can assign IT policies to BlackBerry devices to satisfy your organization's security policy requirements and to reflect the needs of users who use the BlackBerry devices. For example, you can create an IT policy, configure the IT policy rules for executivelevel feature and security requirements, add executives to a group, and assign the IT policy to the group. For more information about how to create an IT policy, configure an IT policy rule, and assign an IT policy to a user account or group, see the BlackBerry Enterprise Server Administration Guide.
Preconfigured IT policies
The BlackBerry Enterprise Server includes the following preconfigured IT policies that you can change to create IT policies that meet the requirements of your organization. Preconfigured IT policy Default Basic Password Security Description This policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server. Similar to the Default IT policy, this policy also requires a basic password that users can use to log in to the BlackBerry device. Users must change the passwords regularly. The IT policy includes a password timeout that locks the BlackBerry device. Similar to the Default IT policy, this policy also requires a complex password that users can use to log in to the BlackBerry device. Users must change the passwords regularly. This policy includes a maximum password history and turns off Bluetooth technology on the BlackBerry device.
21
Description Similar to the Medium Password Security, this policy requires a complex password that a user must change frequently, a security timeout, and a maximum password history. This policy prevents users from making their BlackBerry devices discoverable by other Bluetooth enabled devices and turns off the ability of BlackBerry devices to download third-party applications. Similar to the Default IT policy, this IT policy also requires a complex password that a user must change frequently, a password timeout that locks the BlackBerry device, and a maximum password history. This policy restricts Bluetooth technology on the BlackBerry device, turns on strong content protection, turns off USB mass storage, and requires the BlackBerry device to encrypt external file systems. Similar to the Advanced Security IT policy, this IT policy requires a complex password that a user must change frequently, a password timeout that locks the BlackBerry device, and a maximum password history. This policy restricts Bluetooth technology on the BlackBerry device, turns on strong content protection, turns off USB mass storage, requires the BlackBerry device to encrypt external file systems, and turns off the ability of BlackBerry devices to download third-party applications.
Advanced Security
22
Policy group Date and Time Desktop Desktop Desktop Desktop Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging PIM Synchronization PGP Application RIM Value-Added Applications RIM Value-Added Applications RIM Value-Added Applications RIM Value-Added Applications RIM Value-Added Applications Security Security Security Security Security Security Security Security S/MIME Application TLS Application
Rule Time Zone Definitions Update Server Allow BlackBerry Desktop Software Statistics Allow External Device Software Servers Allow Personal Folder Reconciliation Generate Encrypted Backup Files Disable Automatic Login Disable Broadcast Messages Disable Emoticons Disable Offline Messaging for Enterprise Messenger Maximum File Transfer Size (Mb) Disable BlackBerry Messenger Wireless Synchronization PGP More All And Send Mode Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr Allow TiVo for BlackBerry Application BlackBerry Social Network Application Proxy URL for Lotus Connections BlackBerry Social Network Application Proxy URL for Lotus Quickr Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr Disable BlackBerry App World Disable Certificate or Key Import From External Memory Encryption on On-Board Device Memory Media Files Force Notifications for Keys with Medium Security Level Lock on Proximity Authenticator Disconnect Login Disclaimer Media Card Format on Device Wipe Two Factor Content Protection Usage S/MIME More All And Send Mode TLS Disable Weak Digests
BlackBerry Device Software (minimum requirement) 5.0 4.5 4.5 4.5 4.5 4.5 5.0 5.0 5.0 4.2 5.0 5.0 5.0 4.2 5.0 5.0 5.0 5.0 5.0 5.0 5.0 5.0 4.7.1
23
Policy group TLS Application User Feedback Wired Software Updates Wired Software Updates
Rule TLS Prevent Unmatched Domain Name Allow User Feedback Allow Web-Based Software Loading Cryptographic Services Backup
For information about adding new IT policy rules to a BlackBerry Enterprise Server version earlier than the minimum requirement, visit www.blackberry.com/btsc to read article KB05439.
24
This rule specifies whether the automatic backup option in the backup and restore tool of the BlackBerry Desktop Manager or BlackBerry Web Desktop Manager is turned on.
Default value
The default value is No.
Usage
To allow the backup and restore tool to back up BlackBerry device data automatically, change this rule to Yes. Automatic backups can help provide recent BlackBerry device data for recovery if you need to replace a lost or stolen BlackBerry device.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is No.
Dependencies
If you change this rule to Yes, you must configure the Auto Backup Include All IT policy rule to No.
Minimum requirements
BlackBerry Application Suite version 1.0
25
BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is No.
Dependencies
If you change this rule to Yes, you must configure the Auto Backup Include All IT policy rule to No.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is 7 days.
Usage
Change this value to a minimum of 2 days so that backups of BlackBerry device data occur more frequently, to a maximum of 99 days.
26
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is Yes.
Usage
By default, in the backup and restore tool options, the Backup all device application data option is selected. If you configure the Auto Backup Exclude Sync or Auto Backup Exclude Messages IT policy rules to Yes, change this rule to No.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is No.
Usage
27
Change this rule to Yes to prevent users from using wireless calendar synchronization.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is No. The BlackBerry device saves a copy of each email message that a user sends.
Usage
Change this rule to Yes to prevent the storage of email messages that a user sends from a BlackBerry device.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is No Limit.
Usage
28
To turn off mandatory updates of the BlackBerry Device Software, change this rule to -1. To turn on the forced update feature, change this rule to 0 or higher. If you turn on the feature, when a user logs in and connects a BlackBerry device to a computer, the BlackBerry Desktop Manager or BlackBerry Web Desktop Manager version 1.0 or 1.0.1 automatically checks whether newer versions of the software are available and prompts the user to update the BlackBerry device. This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is a null value.
Usage
This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.
Dependencies
A BlackBerry device uses this rule only if you configure the Force Load Count IT policy rule to 0 or higher.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
29
Default value
The default value is Yes. By default, a BlackBerry device receives email messages from the inbox only.
Usage
When you change this rule, the option changes in the email settings tool of the BlackBerry Desktop Manager.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Yes.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
30
Default value
The default value is a null value.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Yes.
Usage
Change this rule to No to hide the Device Software tab in the BlackBerry Web Desktop Manager and the Application Loader icon in the BlackBerry Desktop Manager. This rule is obsolete in BlackBerry Web Desktop Manager version 5.0 and later.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with BlackBerry Web Desktop Manager version 1.0 or 1.0.1 only.
31
Default value
The default value is No.
Usage
You can use this rule when you manage BlackBerry devices that are running BlackBerry Application Suite versions 1.0 and later.
Dependencies
The link icon appears only if you configure a default web address using the Web Link URL IT policy rule.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Yes.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
32
Default value
The default value is Downloads.
Usage
Configure the label according to your organization's requirements.
Dependencies
If you configure this rule, you must also change the Show Web Link IT policy rule to Yes so that the web link icon appears.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Dependencies
If you configure this rule, you must also configure the Show Web Link IT policy rule to Yes so that the web link icon appears.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
33
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Yes.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default value
The default value is Yes.
Usage
Change this rule to No to prevent users from sending PIN messages. Changing this rule to No does not prevent users from receiving PIN messages.
Dependencies
34
To block incoming PIN messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule to PIN Messages (Public) and PIN Messages (Corporate).
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default value
The default value is Yes.
Usage
Change this rule to No to prevent a user from sending SMS text messages. Changing this rule to No does not prevent a user from receiving SMS text messages.
Dependencies
To block incoming SMS text messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
35
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Connect versions 2.1 or 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default values
The default value in the Default and Basic password security IT policies is a null value. The default value in all other IT policies is Yes. The BlackBerry device locks automatically after 60 minutes.
Dependencies
Use the Periodic Challenge Time IT policy rule to shorten or extend the timeout interval.
Minimum requirements
Java based BlackBerry device BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
36
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is Yes.
Usage
Change this rule to No to turn off the WAP service and hide the WAP Browser icon on a BlackBerry device. Turning off the WAP service might turn off the ability to send and receive MMS messages if your organization's network service provider uses the WAP service for MMS messaging.
Minimum requirements
Java based BlackBerry device BlackBerry Connect versions 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is a null value.
Usage
If you do not configure this rule, a BlackBerry device uses the default home page.
Minimum requirements
37
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default value
The default value is a null value.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default values
The default value in the Default IT policy is a null value. The default value in the Basic password security IT policy is 60 days.
38
Usage
If you configure this rule to 0, the BlackBerry device password does not expire.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes.
Minimum requirements
C++-based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default values
The default value in the Default IT policy is a null value. The default value in the Basic password security IT policy is 30 minutes. The default value in all other preconfigured IT policies is 10 minutes.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes. A BlackBerry device user can specify any timeout value that is lower than the maximum value, unless you configure the User Can Change Timeout rule to No. To configure a timeout value, in the Password policy group, configure the Set Password Timeout rule.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6
39
BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5
Default value
The default value is a null value.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes. If the FIPS Level IT policy rule is configured to 2, by default, a BlackBerry device requires a minimum password length of 5 characters.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1 or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default values
The default value in the Default and Basic password security IT policies is No restriction. The default value in all other preconfigured IT policies is At least one alpha character and one numeric character.
Usage
40
Change this rule to At least 1 alpha and 1 numeric character to require that a BlackBerry device user enter at least 1 alphabetic character and 1 numeric character. Change this rule to At least 1 alpha, 1 numeric, and 1 special character to require that a BlackBerry device user enter at least 1 alphabetic, 1 numeric and 1 special character. Change this rule to At least 1 upper-case alpha, one lower-case alpha, 1 numeric, and 1 special character to require that a BlackBerry device user enter at least 1 upper-case alphabetic, one lower-case alphabetic, 1 numeric, and 1 special character. If you select option 2 or 3, password pattern checking is not available for C++ based BlackBerry devices. By default, a BlackBerry device prevents setting passwords that use a natural sequence of characters or numbers. If a symbol is inserted into a natural sequence, a BlackBerry device can use the password.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default values
The default value in the Default IT policy is No. The default value in all other preconfigured IT policies is Yes.
Dependencies
If the FIPS Level IT policy rule is configured to 2, by default, a user must configure a password.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0
41
BlackBerry Connect versions 1.2, 2.0, 2.1 or 4.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default values
The default value in the Default IT policy is Yes. The default value in all other preconfigured IT policies is No. A user cannot turn off the requirement for a BlackBerry device security password.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes.
42
Global items
This rule is obsolete for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later and C++ based BlackBerry devices that are running BlackBerry Device Software version 2.7.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Enterprise Server version 3.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Global items
Allow Browser IT policy rule
Description
This rule specifies whether the BlackBerry Browser is available on a BlackBerry device.
Default value
The default value is Yes.
Usage
This rule does not affect other browsers such as the WAP browser. For more information about the browser configurations that are available on a BlackBerry device, see the Browser policy group.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, or 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
43
Global items
Default value
The default value is Yes.
Usage
Change this rule to No to prevent a user from making and receiving any calls except emergency calls. The phone icon remains on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect versions 1.2, 2.0, 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is a null value.
Usage
Use this rule to add a disclaimer to the end of email messages that a user sends from a BlackBerry device. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP2 and later.
Minimum requirements
BlackBerry Desktop Software version 3.5 BlackBerry Enterprise Server for IBM Lotus Domino version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.5
Exceptions
44
The BlackBerry Enterprise Server for Microsoft Exchange supports this rule in BlackBerry Enterprise Server versions 3.5 to 4.1 SP2. The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a BlackBerry device user from accessing the application center.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from accessing the carrier directory in the application center.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP6
45
Default value
The default value is No.
Usage
Change this rule to Yes to turn off the BlackBerry Messenger. This might help prevent risks that are associated with PIN messaging. For more information about PIN messaging risks, see the BlackBerry Enterprise Solution Security Technical Overview.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP2
Default value
The default value is No. The BlackBerry device checks automatically for a more recent version of the BlackBerry Messenger.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
46
This rule specifies whether a BlackBerry Messenger user can make location requests, respond to location requests, or request or send proximity alerts to another BlackBerry Messenger user.
Default value
The default value is No. A BlackBerry Messenger user can make location requests, respond to location requests, or request or send proximity alerts.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No. A BlackBerry device user can store a contact list in the BlackBerry Infrastructure.
Usage
When the contact list for BlackBerry Messenger is stored in the BlackBerry Infrastructure, a user who frequently switches between BlackBerry devices can use the same synchronized contact list on all BlackBerry devices.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No. A BlackBerry Messenger user can register an email address with the BlackBerry Messenger server, even if the email address is not associated with a BlackBerry Enterprise Server.
Minimum requirements
Java based BlackBerry device
47
BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No. A BlackBerry device user can forward a BlackBerry Messenger contact to another user.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No. A BlackBerry device user can type a subject for a BlackBerry Messenger conversation.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No. A BlackBerry device does not enforce a security question for invitations that the BlackBerry Messenger processes.
Minimum requirements
Java based BlackBerry device
48
BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is a null value. BlackBerry Messenger turns off auditing and does not send reports.
Usage
Configure a value for this rule if you want to audit the use of BlackBerry Messenger in your organization.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP2
Default value
The default value is 168 hours.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP2
49
This rule specifies the amount of time (in hours) that can elapse between BlackBerry Messenger audit reports that a BlackBerry device sends when there is new data. The permitted range is 1 through 8736 hours.
Default value
The default value is 24 hours.
Usage
Change this rule to a shorter interval to manage the BlackBerry device memory.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP2
Default value
The default value is a null value. The BlackBerry device uses the first available service that encrypts messages to send reports.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP2
50
Turning off automatic reconnections is designed to increase the life of the BlackBerry device battery.
Default value
The default value is a null value.
Usage
Select the Disable Auto Reconnect On BlackBerry option to prevent a BlackBerry device from reconnecting automatically to a BlackBerry Smart Card Reader. Select the Disable Auto Reconnect On PC option to prevent a computer from reconnecting automatically to a BlackBerry Smart Card Reader.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP7 BlackBerry Smart Card Reader software version 1.5.1
Default value
The default value is No. The secure pairing keys are not deleted from the BlackBerry device or the computer.
Usage
If you change this rule to Yes, a user cannot change this feature on a BlackBerry device.
Dependencies
A BlackBerry device uses this rule only if you configure the Maximum BlackBerry Disconnect Timeout IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP5 BlackBerry Smart Card Reader software version 1.5
51
This rule specifies whether the computer deletes the secure pairing key and closes the connection to the BlackBerry Smart Card Reader when the computer goes into standby mode.
Default value
The default value is No.
Usage
The user can configure this feature on the computer. If you change this rule to Yes, the user cannot turn off this feature on the computer.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP7 BlackBerry Smart Card Reader software version 1.5.1
Default value
The default value is a null value. The secure pairing information is not deleted from the BlackBerry device.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Inactivity Timeout field on the BlackBerry device to a lower value. If you do not configure this rule, the user can change the Inactivity Timeout field to any value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP2 BlackBerry Smart Card Reader software version 1.5.1
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
52
Default value
The default value is a null value. The secure pairing information is not deleted from the BlackBerry device.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Disconnected Timeout field on a BlackBerry device to a lower value. If you do not configure this rule, the user can change the Disconnected Timeout value to any value.
Dependencies
The value of this rule affects how a BlackBerry device uses the Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule, if you configure that rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP2 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Long Term Timeout field on a BlackBerry device to a lower value.
53
If you do not configure this rule, the user can change the Long Term Timeout field to any value.
Dependencies
This rule is related to the Maximum BlackBerry Bluetooth Traffic Inactivity Timeout IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP2 BlackBerry Smart Card Reader software version 1.5.1
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP7 BlackBerry Smart Card Reader software version 1.5.1
Default value
The default value is 100%.
Usage
54
Configure a lower power range for a BlackBerry device or a computer to communicate with a BlackBerry Smart Card Reader over a shorter distance.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP3 BlackBerry Smart Card Reader software version 1.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value. The heartbeat period is turned off.
Usage
Use this rule to prevent an attacker from using a low-level Bluetooth heartbeat period to keep a Bluetooth connection between a BlackBerry device or computer and a BlackBerry Smart Card Reader open and the secure pairing keys present. If you configure this rule, the user cannot turn off the heartbeat period but can change the Connection Heartbeat Period field on a BlackBerry device or a computer to a lower value. If you do not configure this rule, the user can change the Connection Heartbeat Period field to any value. If you configure a low value, such as 1, 2, or 5 minutes, Bluetooth traffic increases. The increased traffic might affect the battery power level of the BlackBerry device and BlackBerry Smart Card Reader.
Dependencies
You can use the Maximum BlackBerry Disconnected Timeout and Maximum PC Disconnected Timeout rules to specify the BlackBerry device and the computer disconnected timers.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0
55
BlackBerry Enterprise Server version 4.0 SP2 BlackBerry Smart Card Reader software version 1.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value. The secure pairing information is not deleted from the BlackBerry device.
Usage
If you configure this rule, the user cannot stop the secure pairing information from being deleted but can change the Number of Transactions field on a BlackBerry device to a lower value. If you do not configure this rule, the user can change the Number of Transactions field to any value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP2 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Usage
56
If you configure this rule while computers are paired with a BlackBerry Smart Card Reader and more than the maximum number of computers are connected, the BlackBerry Smart Card Reader closes connections with the last computers to pair.
Minimum requirements
BlackBerry Enterprise Server version 4.0 SP5 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Usage
If you configure this rule, the user cannot stop the secure pairing information from being deleted, but can change the Number of Transactions field in the BlackBerry Smart Card Reader options on a computer to a lower value. If you do not configure this rule, the user can change the Number of Transactions field to any value.
Minimum requirements
BlackBerry Enterprise Server version 4.0 SP5 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
57
Activity is any secure packet that is sent or received by a BlackBerry device and a BlackBerry Smart Card Reader over a Bluetooth connection, other than the connection heartbeat packet.
Default value
The default value is a null value. The secure pairing information is not deleted from the computer.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Inactivity Timeout field in the BlackBerry Smart Card Reader options on the computer to a lower value. If you do not configure this rule, the user can change the Inactivity Timeout field to any value.
Minimum requirements
BlackBerry Enterprise Server version 4.0 SP5 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Disconnected Timeout field in the BlackBerry Smart Card Reader options on a computer to a lower value. If you do not configure this rule, the user can change the Disconnected Timeout field to any value.
Minimum requirements
BlackBerry Enterprise Server version 4.0 SP5 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
58
Default value
The default value is a null value.
Usage
If you configure this rule, the user cannot turn off this feature but can change the Long Term Timeout field in the BlackBerry Smart Card Reader options on a computer to a lower value. If you do not configure this rule, the user can change the Long Term Timeout field to any value.
Dependencies
This rule is related to the Maximum PC Bluetooth Traffic Inactivity Timeout IT policy rule.
Minimum requirements
BlackBerry Enterprise Server version 4.0 SP5 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value. The secure pairing information is not deleted from the BlackBerry device.
Usage
If you configure this rule, the user can change the Card Not Present Timeout value on the BlackBerry device to any value. If you do not configure this rule, the user cannot turn off this feature but can change the Card Not Present Timeout field to a lower value.
Minimum requirements
59
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP2 BlackBerry Smart Card Reader software version 1.5
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Numeric.
Usage
Configure this rule to Alphanumeric Lowercase to enforce a user authenticator password that includes both numeric and lower case alphabetic characters. Configure this rule to Alphanumeric Mixed Case to enforce a user authenticator password that includes numeric characters and both upper case and lower case alphabetic characters.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 BlackBerry Smart Card Reader version 2.0
Default value
60
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is Always.
Usage
Configure this rule to Always, Never, or Only when the BlackBerry device is unlocked.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0 SP1
61
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes. A BlackBerry device cannot exchange address book data using Bluetooth technology. The default value in all other preconfigured IT policies is No.
Usage
Change this rule to Yes to turn off the ability to exchange address book data using Bluetooth technology.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Default value
The default value is No.
Usage
Change this rule to Yes to turn off the ability to stream audio using Bluetooth technology.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
62
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Usage
If Bluetooth technology is turned on when a BlackBerry device receives this rule, the user must reset the BlackBerry device for the change to take effect.
Minimum requirement
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 and later.
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1
63
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default values
The default value in the Default and Basic password security IT policies is No. The default value in all other preconfigured IT policies is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0 SP2
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes.
64
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Usage
A BlackBerry device uses the Bluetooth HFP to connect to most car kits and some headsets.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 and later.
Default value
The default value is No.
Usage
A BlackBerry device uses the Bluetooth HSP to connect to most headsets and some car kits.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8
65
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 and later.
Default value
The default value is No.
Usage
After a BlackBerry device pairs with a supported Bluetooth enabled device, you can use this rule to prevent the BlackBerry device from pairing with other Bluetooth enabled devices.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 and later.
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Usage
A BlackBerry device uses the Bluetooth SPP to establish a serial connection between the BlackBerry device and a Bluetooth enabled device that uses a serial port interface.
Minimum requirements
Java based BlackBerry device
66
BlackBerry Connect version 4.0 BlackBerry Device Software version 3.8 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 and later.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Default value
67
Minimum requirements
Java based BlackBerry device BlackBerry Desktop Software version 4.2.2 BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Usage
Change this rule to Yes to permit a user to set the Bluetooth discoverable mode option to use a time limit of 2 minutes or to turn off Bluetooth discoverable mode.
Dependencies
A BlackBerry device uses this rule only if you configure the Disable Discovery Mode IT policy rule to No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is 1 byte.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
68
Default value
The default value is No.
Usage
If you change this rule to Yes to require Bluetooth encryption for all connections, you might restrict compatibility with some Bluetooth enabled devices.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP4
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
69
Dependencies
A BlackBerry device uses this rule only if the Password Required IT policy rule is configured to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Default value
The default value is No.
Dependencies
A BlackBerry device uses this rule only if the Password Required IT policy rule is configured to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Default value
The default value is Yes.
Usage
70
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is Allow.
Usage
Change this rule to Disallow to prevent a Wi-Fi enabled BlackBerry device from accessing a hotspot browser. Change this rule to Only for Hotspot Login to permit access only for the purpose of authenticating to the hotspot.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is Yes.
Usage
Change this rule to No to hide the BlackBerry Internet Service Browsing icon.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0
71
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is a null value.
Minimum requirements
72
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 SP3 BlackBerry Device Software version 4.1
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Default value
73
Usage
The browser session manager is designed to improve BlackBerry Browser performance by helping the BlackBerry MDS Connection Service use the BlackBerry Browser cache.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0 SP2
Default value
The default value is a null value.
Usage
This rule supports the use of wildcard characters. If you want to permit the BlackBerry Browser to retrieve sub-domains of a web address, prefix the domain with a period. For example, type ".yahoo.ca" to permit the BlackBerry Browser to retrieve all sub-domains of yahoo.ca (such as mail.yahoo.ca, www.yahoo.ca).
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
74
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0 SP2
Default value
The default value is No.
Usage
Change this rule to Yes to render web pages that use JavaScript correctly.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0 SP2
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0 SP2
75
Default value
The default value is BlackBerry Browser.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for Microsoft Exchange version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
76
The default value is No. The camera is available on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No. The video camera is available on the BlackBerry device.
Usage
Change this rule to Yes to turn off the video camera feature.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is No.
Usage
77
If you change this rule to Yes, a user can restore the private keys to the same BlackBerry device only, not to another BlackBerry device. A BlackBerry device encrypts the private key using a key that is specific to the BlackBerry device.
Dependencies
A BlackBerry device uses this rule only if the Disable Key Store Backup rule is configured to No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is 1 hour.
Usage
If the initial certificate enrollment process does not complete, a BlackBerry device uses this rule to specify a retry time for the enrollment process.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is 7 days.
Minimum requirements
Java based BlackBerry device
78
BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Usage
Accepted values are uppercase and lowercase alphabetical characters, periods (.), forward slashes (/), and hyphens (-).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is 80 (port 80).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
79
This rule specifies a name for the certification authority profile that a BlackBerry device requires for certificate enrollment requests over a wireless network. The permitted range is 0 through 32 characters. The previous name of this rule was Certificate Authority Profile Name.
Default value
The default value is a null value.
Usage
If you change this rule after the BlackBerry Enterprise Server sends the certification authority profile to a BlackBerry device, and you resend the IT policy, the BlackBerry device restarts the certificate enrollment process.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is Yes. The BlackBerry device enrolls the certificate without any user interaction after the BlackBerry Enterprise Server pushes the IT policy to the BlackBerry device. The user cannot delete the certificate.
Usage
If you change this rule to No, the certification authority profile is optional, and the BlackBerry device starts the certificate enrollment process automatically after the BlackBerry Enterprise Server pushes the IT policy to the BlackBerry device. The user can cancel the enrollment process when the BlackBerry device requests the user's credentials. If the user cancels the enrollment process, the BlackBerry device does not add the certificate to the key store. The certification authority might still issue the certificate to the BlackBerry device, and the BlackBerry MDS Connection Service might still retrieve the certificate, but the BlackBerry device does not store the certificate in the key store.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
80
Default value
The default certification authority type is Microsoft Enterprise.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is User Name and BlackBerry Device PIN.
Usage
If you select the Local Email Address option, the certification authority adds the user name from the email address to the common name, but not the at sign (@) or domain information.
Dependency
If you change the Certification Authority Type rule to Microsoft Enterprise certification authority, and the Microsoft certification authority uses a template to build the subject name of the certificate from the Microsoft Active Directory, a BlackBerry device does not use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
81
Default value
The default value is a null value.
Usage
You must use the exact value that the administrator for the certification authority configures for the Microsoft enterprise certificate authority.
Dependencies
If you configure this rule, a BlackBerry device does not use the Microsoft Certification Authority Certificate Template rule. A BlackBerry device uses this rule only if the Certification Authority Type rule is configured to Microsoft Enterprise.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Usage
A BlackBerry device accepts certificates only if the email address in the distinguished name of the certificate matches an email address on a BlackBerry device. Supported values are the following: C=<Country>, L=<Locality>, O=<Organization>, OU=<Organizational_unit>, and ST=<State_or_Province>.
Dependencies
82
If you change the Certification Authority Type rule to Microsoft Enterprise, and the Microsoft certification authority uses a template to build the subject name of the certificate from the Microsoft Active Directory, a BlackBerry device does not use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is RSA algorithm.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is 1024 bits.
Usage
If you change the Key Algorithm rule to RSA, you must configure the key size to be a multiple of 64. If you change the Key Algorithm rule to DSA, you must configure the key size to be 512,768, or 1024 bits. If you configure an unsupported key size, a BlackBerry device chooses the next strongest key size and generates the key.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
83
Default value
The default value is User certificate template.
Dependencies
If you configure the Certification Authority Type rule to Microsoft Stand-alone or RSA, a BlackBerry device does not use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Usage
You must map this value to the MD5 certificate ID (for example, 2094a3d152b66fb45ea69501970511f9) that the administrator of the RSA certification authority provides.
Dependencies
A BlackBerry device uses this rule only if you change the Certification Authority Type IT policy rule to RSA.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
84
Default value
The default value is a null value.
Usage
This value maps to the jurisdiction ID (for example, 15c128ec4b2a798c09427072efeddb5d96aa4664) that the administrator of the RSA certification authority provides.
Dependencies
A BlackBerry device uses this rule only if you configure the Certification Authority Type IT policy rule to RSA.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Minimum requirements
S/MIME Support Package for BlackBerry Smartphones version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 4.0
85
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default setting
The default value is Yes.
Minimum requirements
BlackBerry Desktop Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is a null value.
Usage
Configure this rule to 4.0 to support application control features. This rule is obsolete in BlackBerry Enterprise Server version 4.1 and later.
Minimum requirements
86
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0 and earlier
Default value
The default value is a null value.
Usage
Use this rule to create a customized confirmation message.
Minimum requirements
Java based BlackBerry device that is running BlackBerry Device Software version 4.0 C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
87
Default value
The default value is No.
Usage
Change this rule to Yes to prevent security risks that are associated with sending and receiving MMS messages. For more information, see the BlackBerry Enterprise Solution Security Technical Overview.
Dependencies
To block incoming MMS messages, in the Security policy group, configure the Firewall Block Incoming Messages IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0.2 BlackBerry Enterprise Server version 4.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
88
Usage
Change this rule to Yes to turn off the voice note recording feature and to prevent applications on a BlackBerry device from accessing this feature.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is a null value.
Usage
Change this rule to 0 to prevent phone calls and data use from occurring at the same time on the BlackBerry device. Change this rule to 1 to allow phone calls and data use to occur at the same time on the BlackBerry device. Change this rule to 2 to allow data use during a phone call if the phone application runs in the background on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0
89
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
Default value
The default value is a null value.
Usage
Configure this rule to Lock Information text that is defined using the Set Owner Info IT policy rule. Configure this rule to Lock Name text that is defined using the Set Owner Name IT policy rule. Configure this rule to Lock both Name and Information text that is defined using the Set Owner Info and Set Owner Name IT policy rules. You can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.
Dependencies
The Lock Owner Info IT policy rule is related to the Set Owner Info and Set Owner Name IT policy rules.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
90
This rule specifies the owner information that appears on a BlackBerry device.
Default value
The default value is a null value.
Usage
You can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.
Dependencies
The Set Owner Info IT policy rule is related to the Lock Owner Info IT policy rule.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
Default value
The default value is a null value.
Usage
You can overwrite this information by sending the Set Owner Information IT administration command to a BlackBerry device.
Dependencies
The Set Owner Name IT policy rule is related to the Lock Owner Info IT policy rule.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Exceptions
91
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
Default value
The default value is Prompt. The BlackBerry device prompts the BlackBerry device user to update the time zone setting.
Usage
Change this rule to On so that the BlackBerry device updates changes to the time zone setting automatically.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No. A BlackBerry device cannot update time zone definitions after a user requests a time zone definitions update.
Usage
Change this rule to Yes to allow the BlackBerry device to update time zone definitions over the wireless network.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0
92
Default value
The default value is Yes. A BlackBerry device can synchronize its clock automatically.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 4.1 SP7
Default value
The default value is 0 (days). Automatic updates are turned off.
Usage
Specify a value for this rule to turn on automatic updates of time zone definitions on a BlackBerry device so that they occur at a specific interval. The permitted range between automatic updates is 1 to 365 days.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
Default value
93
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is Yes. The BlackBerry Desktop Software can send statistical information when a BlackBerry device is connected to a computer.
Minimum requirements
BlackBerry Desktop Software version 5.0 BlackBerry Enterprise Server version 4.1 SP7
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No. The BlackBerry Device Software cannot receive updates from software servers that an external organization hosts.
Minimum requirements
BlackBerry Desktop Software version 4.7 BlackBerry Enterprise Server version 4.1 SP7
Exceptions
94
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Yes. A BlackBerry device can synchronize email messages in personal folders over a serial connection or USB connection.
Minimum requirements
BlackBerry Desktop Software version 4.7 BlackBerry Enterprise Server version 4.1 SP7
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Yes.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange or BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
95
This rule specifies whether BlackBerry Desktop Software users or BlackBerry Web Desktop Manager users can switch BlackBerry devices.
Default value
The default value is Yes.
Usage
Change this rule to No to prevent users from switching to an unapproved BlackBerry device. The Enterprise Service Policy overrides this rule. For more information about using the Enterprise Service Policy, see the BlackBerry Enterprise Solution Security Technical Overview.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is 10 minutes.
Usage
If you change this rule to 0, a BlackBerry device clears the password from memory when a user disconnects the BlackBerry device from a computer, regardless of the length of time that the BlackBerry device was connected.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required IT policy rule to Yes.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Desktop Software version 3.5 or BlackBerry Web Desktop Manager version 1.0 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
96
The BlackBerry Enterprise Server for Novell GroupWise supports this rule with the BlackBerry Web Desktop Manager only.
Default value
The default value is No.
Minimum requirements
BlackBerry Desktop Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from accessing a media card using the media manager tool.
Minimum requirements
BlackBerry Connect version 4.0 (internal) BlackBerry Desktop Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
97
Minimum requirements
BlackBerry Desktop Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No. A BlackBerry device does not create encrypted backup files.
Minimum requirements
BlackBerry Desktop Software version 4.7.1 BlackBerry Enterprise Server version 4.1 SP7
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Minimum requirements
BlackBerry Desktop Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
98
Default value
The default value is No.
Minimum requirements
BlackBerry Application Suite version 1.0 Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is a null value.
Minimum requirements
99
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 with the DataViz Documents to Go application installed BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is No.
Dependencies
If you configure the Disable Documents To Go IT policy rule to Yes, the BlackBerry device ignores this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 with the DataViz Documents to Go application installed BlackBerry Enterprise Server version 4.1 SP5
100
Default value
The default value is No.
Dependencies
If you configure the Disable Documents To Go IT policy rule to Yes, the BlackBerry device ignores this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 with the DataViz Documents to Go application installed BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is No. A BlackBerry device does not automatically download attachments from email messages.
Usage
If you change this rule to Yes, and the BlackBerry Attachment Service is connected to the BlackBerry Enterprise Server using the BlackBerry Attachment Connector, a BlackBerry device downloads attachments automatically.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
101
Default value
The default value is Yes.
Usage
A BlackBerry device can use this rule if the BlackBerry Attachment Service is connected to the BlackBerry Enterprise Server using the BlackBerry Attachment Connector. Changing this rule to No does not prevent a user from downloading or viewing native attachments on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.2 for messages and version 5.0 for calendar entries BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No.
Usage
The message that the confirmation dialog box displays informs users that they might expose their email addresses if they download an image from the Internet. If you change this rule to Yes, BlackBerry device users must verify whether they want to download an image each time they click the Get Images link in an HTML-formatted email message.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0
102
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
103
The default value is No. A BlackBerry device user can forward or reply to IBM Lotus Domino encrypted email messages that were received, decrypted, and decompressed on the BlackBerry device.
Usage
If you change this rule to Yes, a BlackBerry device user cannot forward or reply to received IBM Lotus Domino encrypted email messages on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is Yes.
Usage
If you configure this rule to Yes, or if it is not a part of the IT policy that you assigned to a user, by default, wireless email reconciliation is turned on for both the BlackBerry device and BlackBerry Enterprise Server.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.6 Java based BlackBerry device that is running BlackBerry Device Software version 3.6
104
BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 (internal) BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default value
The default value is Automatic Allowed.
Usage
If you change this rule to Manual Only, a BlackBerry device user can continue to request inline content in messages manually.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is -1. A BlackBerry device keeps messages indefinitely.
Usage
Configure this rule to 0 or -1 to keep messages on a BlackBerry device indefinitely.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2
105
Default value
The default value is -1. A BlackBerry device keeps messages indefinitely.
Usage
Configure this rule to 0 or -1 to keep saved messages on a BlackBerry device indefinitely. Configure this rule to -2 to delete saved messages and turn off the ability to save messages on a BlackBerry device that is running BlackBerry Device Software version 4.5 or later.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is 3 MB.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
106
This rule specifies the total size (in bytes) of all standard attachments that can be uploaded from a BlackBerry device. The permitted range is 0 through 5 MB.
Default value
The default value is 5 MB.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is 10,240 KB.
Usage
Change this rule to 0 to turn off the ability to download standard attachments on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is -1, which indefinitely stores the password that the user types.
Usage
Change this rule to 0 to never store the password that a user types on a BlackBerry device. If you do this, you should also prevent the BlackBerry Enterprise Server from storing a copy of the password by default.
107
For more information on changing the BlackBerry Enterprise Server default behavior, visit www.blackberry.com/support to read Prevent the BlackBerry Enterprise Server from storing the password for decrypting IBM Lotus Notes-encrypted messages.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1.2 BlackBerry Enterprise Server version 4.0 SP5
Default value
The default value is No.
Usage
Change this rule to Yes to permit a user to send messages using IBM Lotus Notes encryption. If necessary, the BlackBerry device prompts a user for the IBM Lotus Notes encryption passwords. A BlackBerry device does not perform IBM Lotus Notes encryption itself; it configures sent messages for IBM Lotus Notes encryption by the BlackBerry Enterprise Server. This rule does not affect messages sent from a BlackBerry device using email services that do not support IBM Lotus Notes encryption.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
108
Default value
The default value is No.
Usage
Change this rule to Yes to prevent outgoing calls if the protocol format cannot be used.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP4
Default value
109
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is Always.
Usage
Change this rule to Never to never display notification messages on the external display.
Minimum requirements
Java based BlackBerry Pearl 8220 device Java based BlackBerry 8210 device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
110
Default value
The default value is No.
Dependencies
A BlackBerry device uses this rule only if the Display Notification Details IT policy rule is configured to Only when unlocked or Always.
Minimum requirements
Java based BlackBerry Pearl 8220 device Java based BlackBerry 8210 device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is a null value.
Usage
Type one or more fixed dialing patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix) separated by a semi-colon (;). To receive calls from numbers that are preceded by 1 or +1 only, type +1...;1... To deny receiving calls using a specific pattern, append r to that pattern. For example, type 011...r to deny receiving calls in the format 011xxxxxxxxxx.
111
To indicate that all other patterns are denied, type r in the pattern list. For example, to receive calls from the number 519-555-1234 only, type +15195551234;15195551234;5195551234;r.
Dependencies
BlackBerry device users must subscribe to caller ID to use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is a null value.
Usage
Type one or more fixed dialing patterns (for example, specific dialing numbers, or a set of dialing numbers with the same prefix) separated by a semi-colon (;). To make calls to numbers that are preceded by 1 or +1 only, type +1...;1... To deny making calls using a specific pattern, append r to that pattern. For example, type 011...r to deny making calls in the format 011xxxxxxxxxx. To indicate that all other patterns are denied, type r in the pattern list. For example, to make calls to the number 519-555-1234 only, type +15195551234;15195551234;5195551234;r.
Dependencies
A BlackBerry device user must subscribe to caller ID to use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
112
Default value
The default value is No.
Usage
The contact list search can return an email address that a user cannot use to add a contact because the search does not return the correct SIP address. Change this rule to Yes to permit contact list searches.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No. A BlackBerry device user can permit collaboration clients to log back in automatically when a connection is established again.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
113
This rule specifies whether a user can broadcast email messages or PIN messages to multiple recipients from a BlackBerry device.
Default value
The default value is No. A user can broadcast messages to multiple recipients from a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No. The collaboration client on a BlackBerry device displays emoticons and makes them available in conversations.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
114
This rule specifies whether instant messaging that uses the collaboration client is turned off when the BlackBerry device is offline.
Default value
The default value is Yes. Instant messaging that uses the collaboration client is turned off when the BlackBerry device is offline.
Usage
If you change this rule to No, a BlackBerry device might require additional software to deliver messages when the BlackBerry device is offline.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is a null value. The user can send all file types.
Usage
Specify the extensions of the disallowed file types in a comma-delimited format (for example, bat, exe, mp3) to prevent a user from sending specific file types. Configure this rule to "*" to prevent a user from sending any file type.
Minimum requirements
115
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is 6 MB.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is Yes.
Usage
Change this rule to No to turn off the geolocation service for a BlackBerry device.
Dependencies
This service is available only on BlackBerry devices that have internal GPS capability.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
116
Default value
The default value is No.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No. The default interval is 15 minutes.
Usage
Change this rule to Yes to permit a BlackBerry device user to require that a BlackBerry device report its location to the BlackBerry Enterprise Server at regular intervals. You can use the Enterprise Location Tracking Interval IT policy rule to change the interval.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is 15 minutes.
Minimum requirements
Java based BlackBerry device
117
BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is "Your location is now being tracked at the server."
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 BlackBerry Application Suite version 1.0
118
This rule specifies whether to prevent a user from searching for and installing BlackBerry MDS Runtime Applications on a BlackBerry device.
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 BlackBerry Application Suite version 1.0
Disable Activation With Public BlackBerry MDS Integration Service IT policy rule
Description
This rule specifies whether to prevent a BlackBerry device user from initiating a connection with the public BlackBerry MDS Integration Service.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from activating the BlackBerry MDS Runtime.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0
119
Disable User-Initiated Activation With Public BlackBerry MDS Integration Service IT policy rule
Description
This rule specifies whether to prevent a BlackBerry device user from initiating a connection with the BlackBerry MDS Integration Service.
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from initiating the BlackBerry MDS Integration Service connection.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Enable Access to Device Data for MDS Runtime 4.3.0 and earlier IT policy rule
Description
This rule specifies whether BlackBerry MDS Runtime version 4.3.0 and earlier can access the organizer data, interprocess communication, and phone on a BlackBerry device.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1.0 BlackBerry Enterprise Server version 5.0
Lowest BlackBerry MDS Integration Service Security Version Allowed IT policy rule
Description
120
This rule specifies the lowest security version permitted for the BlackBerry MDS Integration Service.
Default value
The default value is 1.
Usage
Change this rule to 1 to permit a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later to communicate with all versions of the BlackBerry MDS Integration Service. Change this rule to 2 to permit a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later to communicate with BlackBerry MDS Integration Service version 4.1 SP2 or later only.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is 8 messages.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0
Default value
The default value is 16 messages.
Minimum requirements
Java based BlackBerry device
121
BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0
Default value
The default value is No. The BlackBerry MDS Integration Service permits unauthenticated connections from a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later.
Usage
If you change this rule to Yes, the BlackBerry MDS Integration Service does not permit unauthenticated connections from a BlackBerry device that is running BlackBerry MDS Runtime version 1.1 or later.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Minimum requirements
Java based BlackBerry Pearl 8220 device Java based BlackBerry 8210 device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
122
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
123
Default value
The default value is 60 minutes.
Dependencies
A BlackBerry device uses this rule only if you configure the Force Memory Clean When Idle IT policy rule to Yes.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Dependencies
Configure a group label if you specify multiple links using the On-Device Help Links IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1
124
Default value
The default value is a null value.
Usage
Specify links using the following format: <uri1|label1|>...<|urix|labelx> .
Dependencies
If you specify multiple links, you should also configure a label in the On-Device Help Group Label IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Default value
125
Usage
Configure this rule to permit a user to notify you that a BlackBerry device might have been stolen. Instruct users how to use the duress password feature. To prevent an unlocked BlackBerry device that was stolen from receiving a response to the duress notification, the email address that you specify should be active and you should not configure an out-of-office reply for it.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is a null value.
Usage
By default, a BlackBerry device prevents a user from configuring passwords that use a natural sequence of characters or numbers. The BlackBerry device also automatically prevents common letter substitutions. For example, if you include "password" in the forbidden passwords list, users cannot use "p@ssw0rd", "pa$zword", or "password123" on the BlackBerry device.
Dependencies
A BlackBerry device uses this rule only if the Password Required rule is configured to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
126
This rule specifies the maximum number of previous passwords that a BlackBerry device checks new passwords against to prevent a user from reusing previous passwords.
Default values
The default value in the Default and Basic password security IT policies is 0. The BlackBerry device does not check for reused passwords. The default value in all other preconfigured IT policies is 6.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
By default, if you change the Enable Long-Term Timeout IT policy rule to Yes, the security timeout interval is turned on and set to 60 minutes.
Usage
Type a periodic challenge time to shorten or extend the security timeout interval to a value that is within the range of 1 to 1440 minutes.
Dependencies
A BlackBerry device uses this rule only if a password is configured on the BlackBerry device. To require that a user configure a password, configure the Password Required IT policy rule to Yes. You can also change the User Can Change Timeout IT policy rule to No so that a user cannot change the timeout settings on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0
127
Default value
The default setting is 10 password attempts.
Usage
The maximum number of password attempts is 10. Use this rule to lower the number of password attempts.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software versions 4.0 and later.
Default value
For BlackBerry Device Software versions earlier than version 4.7, the default value is 2 minutes. For BlackBerry Device Software version 4.7 and later, the default value is 30 minutes.
Usage
Use this rule to change the default security timeout interval.
Dependencies
A BlackBerry device uses this rule only if you change the Password Required IT policy rule to Yes. If you do not change the User Can Change Timeout IT policy rule to No, the user can change the security timeout to any value.
128
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is Yes.
Dependencies
The BlackBerry device uses this rule only if a password is configured on the BlackBerry device. To require a password, configure the Password Required rule to Yes. To specify the number of incorrect password attempts that the BlackBerry device permits before the typed characters appear on the screen, configure the Set Maximum Password Attempts rule. By default, if you configure the FIPS Level IT policy rule to 2, the characters that a user types do not appear on the screen.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 1.2, 2.0, 2.1, or 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5 for Microsoft Exchange, BlackBerry Enterprise Server version 4.0 for IBM Lotus Domino, or BlackBerry Enterprise Server version 4.0 for Novell GroupWise
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
129
Default value
The default value is No.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
Default value
The default value is No.
Usage
Change this rule to Yes to turn off all wireless data synchronization, except wireless email reconciliation. Changing the rule prevents the following actions: wireless synchronization of contact entries, calendar entries, email message filters, tasks, and memos wireless synchronization of all logging information wireless backup of data, including device configuration data wireless bulk loads activation of BlackBerry devices over the wireless network When you change this rule, wireless synchronization of all logging on the BlackBerry device, including phone call logs, PIN message logs, and SMS message logs, is turned off, and log information is not available for compliance purposes.
130
The BlackBerry device does not report its IT policy time, model name, BlackBerry Device Software version, phone number, or SIM information to the BlackBerry Enterprise Server, although you can verify this information on the BlackBerry device. If you apply this rule, the user account name no longer appears in the SyncDeviceMgmtSummary table in the BlackBerry Configuration Database.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Default value
The default value is Yes. The message database for the BlackBerry Messenger does not synchronize wirelessly.
Usage
When you change this rule, the BlackBerry Messenger logs all message text in unencrypted format in the log file that you specify. You must verify that the target log file is in a location that your organization's security policies restrict internal and external user access to.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0
131
BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
Default value
The default value is Yes. Activation progress does not appear on the Home screen.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices.
132
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is Yes.
Usage
If you change this rule to No, the BlackBerry Enterprise Server logs all PIN messages in unencrypted format to the log file that you specify. Make sure that the log file is in a location that restricts internal and external user access.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is Yes.
Usage
133
If you change this rule to No, the BlackBerry Enterprise Server logs all SMS text messages in unencrypted format to the log file that you specify. Make sure that the log file is in a location that restricts internal and external user access.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this IT policy rule only for Java based BlackBerry devices.
Default value
The default value is No.
Usage
Change this rule to Yes to minimize wireless data transfers when activating or updating a BlackBerry device. A BlackBerry device must be physically connected to a computer before the data transfer starts.
134
If a BlackBerry device is disconnected from the computer during the initial data transfer, the BlackBerry Desktop Software sends the remaining data over the wireless network.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.7 Java based BlackBerry device that is running BlackBerry Device Software version 4.0 BlackBerry Connect version 4.0 (internal) BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule only for Java based BlackBerry devices that are running BlackBerry Device Software version 4.0 or later.
Default value
The default value is to use all supported algorithms.
Usage
Specify the content ciphers that a BlackBerry device can use to encrypt PGP messages from the following list: AES (256-bit) AES (192-bit) AES (128-bit) CAST (128-bit) Triple DES
To maintain compatibility with most PGP clients, use Triple DES encryption and CAST. By default, a BlackBerry device is designed to encrypt email messages using Triple DES encryption if it does not know the decryption capabilities available to a recipient.
Dependencies
135
If you configure the FIPS Level IT policy rule to 2, a BlackBerry device uses AES (256-bit), AES (192-bit), AES (128-bit), and Triple DES encryption.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Automatic. A BlackBerry device requests decrypted attachment information from the BlackBerry Enterprise Server automatically when users open PGP protected messages that contain attachments.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is Both. The BlackBerry device uses PGP based encryption and conventional encryption.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.0 BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
136
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No.
Usage
If you apply this rule, you might override secure email policy settings on the PGP Universal Server.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
137
Default value
The default value is No.
Usage
If you apply this rule, you might override secure email policy settings on the PGP Universal Server.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is 1024 bits.
Dependencies
Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent a user from sending email messages using certificates that have corresponding weak public keys.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
138
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is 1024 bits.
Dependencies
Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent a user from sending email messages using certificates that have corresponding weak public keys.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is 1024 bits.
Dependencies
Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent users from sending email messages using certificates that have corresponding weak public keys.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0
139
BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Manual. A BlackBerry device user must request the complete text of the email message when the user replies to or forwards that email message.
Usage
Change this rule to Automatic to retrieve the complete text of the email message automatically.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.1 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is Email-based enrolment. Users are prompted to type their email address.
Usage
Change this rule to Domain username/password enrolment to prompt users to type their user name and password. Users must submit their enrollment information before sending and receiving PGP protected messages on a BlackBerry device.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1
140
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is 24 hours.
Minimum requirements
Java based BlackBerry device PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is a null value.
Usage
Configure this rule to require the user to register with the PGP Universal Server. When registered, a BlackBerry device with the PGP Support Package for BlackBerry smartphones enforces compliance with the secure email policies for all email messages.
Dependencies
If you configure this rule, a user must install the PGP Support Package for BlackBerry smartphones on the BlackBerry device.
Minimum requirements
Java based BlackBerry device
141
PGP Support Package for BlackBerry smartphones version 4.1 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP2
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Yes. A BlackBerry device user can change the URL that you specify in the BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Usage
If you change this rule to No, a user cannot change the URL that you specify in the BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Dependencies
This rule is related to the BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP7
Default value
The default value is Yes. The TiVo for BlackBerry application is turned on.
Minimum requirements
142
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP7
BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule
Description
This rule specifies the URL of the server that hosts the BlackBerry Social Networking Application Proxy that the BlackBerry Client for IBM Lotus Connections uses (for example, https://<server_name>:<port>/ lcs-230/services/).
Default value
The default value is a null value.
Usage
If you configure this rule, you can use the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule to control whether the user can change the URL of the host server. If you do not configure this rule, a user can access the host server by typing the URL on the BlackBerry device.
Dependencies
This rule is related to the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Connections IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 5.0 SP1
BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule
Description
This rule specifies the URL of the server that hosts the BlackBerry Social Networking Application Proxy that the BlackBerry Client for IBM Lotus Quickr uses (for example, https://<server_name>:<port>/qkr-100/services/).
Default value
The default value is a null value.
Usage
If you configure this rule, you can use the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule to control whether the user can change the URL of the host server. If you do not configure this rule, a user can access the host server by typing the URL on the BlackBerry device.
Dependencies
143
This rule is related to the Allow Edits to BlackBerry Social Network Application Proxy URL for Lotus Quickr IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP7
Default value
The default value is No.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is No.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
144
Default value
The default value is Yes. Social networking applications, such as Facebook, do not have read or write access to the address book, calendar, and other organizer data.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is No.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
Exceptions
This rule does not apply to some applications such as the following: Yahoo! Messenger for BlackBerry devices, Windows Live Messenger for BlackBerry devices, AOL Instant Messenger service (AIM service) for BlackBerry devices, ICQ for BlackBerry devices, Google Talk for BlackBerry devices, BlackBerry Client for Microsoft Office Communicator, BlackBerry Client for IBM Lotus Sametime, BlackBerry Client for Novell GroupWise Messenger, BlackBerry Messenger, BlackBerry Maps, some public photo-sharing applications (for example, Flickr and Picasa), Facebook, the BlackBerry MDS Runtime Application, or device diagnostic applications. For more information about the applications, see the application-specific IT policy rules.
Enable the "Tell A Friend" Feature in BlackBerry Client for Lotus Quickr IT policy rule
Description
This rule specifies whether the Tell a Friend feature is turned on in the BlackBerry Client for IBM Lotus Quickr.
Default value
145
The default value is Yes. The Tell a Friend feature is turned on.
Usage
If you change this rule to No, a user cannot send an email invitation with a link that the recipient can use to download the BlackBerry Client for IBM Lotus Quickr.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP7
Default value
The default value is a null value.
Usage
If you configure this rule, users can use the specified server address only. If you do not configure this rule, users must specify the server address manually.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is a null value.
Usage
If you configure this rule, users can use the specified server address only. If you do not configure this rule, users must specify the server address manually.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
146
Default value
The default value is a null value.
Usage
If you configure this rule, users can use the specified server address only. If you do not configure this rule, users must specify the server address manually.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is a null value.
Usage
If you configure this rule, users can use the specified server address only. If you do not configure this rule, users must specify the server address manually.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is a null value.
Usage
147
If you configure this rule, users can use the specified server address only. If you do not configure this rule, users must specify the server address manually.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP6
Default value
The default value is a null value.
Usage
Specify the domain name that is used for the email addresses contained in certificates that are issued within the organization. This rule is intended for use in organizations where users' certificates contain a long-lived email address, but users typically send email messages from a shorter-lived email address with the same username component and a different domain component. Use a comma (,) to separate multiple domain names.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
148
Usage
Consider changing this rule to Yes if your organizations certificates contain email addresses that are different from those that users typically use to send email messages.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
149
This rule specifies whether applications, including third-party applications, can initiate internal connections (for example, to the BlackBerry MDS Connection Service).
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Default value
150
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Usage
Change this rule to Yes to cache the smart card password for the period of time that the private key timeout sets. The memory cleaner application deletes the password when the timeout expires.
Dependencies
If you configure this rule, you should also configure the Key Store Password Maximum Timeout IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
151
Default value
The default value is No.
Usage
Opening internal and external connections simultaneously might present a security issue because applications can collect data from inside the firewall and send it outside the firewall without any auditing.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is Yes.
Usage
This rule is obsolete in BlackBerry Enterprise Server version 3.6 SP2. In later versions of the BlackBerry Enterprise Server , use the Is access to the interprocess communication API allowed application control policy rule to specify whether applications can access the persistent store API.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0
152
BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Default value
The default value is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is Allowed. Any authentication mechanism permits a user access to a BlackBerry device.
Usage
To permit a user to turn on a specific authentication mechanism, configure this rule to one of the following mechanisms: Smartcard Fingerprint Smartcard and Fingerprint Proximity Other You can control other authentication mechanisms using the User Authenticator API application control policy rule.
Dependencies
153
This rule takes priority over the Force Smart Card Two Factor Authentication IT policy rule. For example, if you configure this rule to prevent smart card authentication but the Force Smart Card Two Factor Authentication IT policy rule is configured to Yes, smart card authentication is not forced.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value. The certificate status can remain on the BlackBerry device indefinitely.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is Allowed. A user can choose to either exclude the contact list from content protection or include it in content protection.
Usage
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, change this rule to Disallowed to turn off the option. The contact list is not content-protected, and the user cannot change this setting on the BlackBerry device.
154
BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0 process the Disallowed setting in the same way that they process the Required setting. If the contact list is content-protected, when the BlackBerry device is locked, the BlackBerry device does not permit call display and does not share contacts over a Bluetooth connection. If the contact list is not content-protected, when the BlackBerry device is locked, the BlackBerry device permits call display and can share contacts over a Bluetooth connection.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Strong. The default value in all other preconfigured IT policies is a null value.
Usage
Configure this rule to Strong to use a 160-bit ECC public key. This key provides good security and good performance and is adequate for most situations. Configure this rule to Stronger to use a 283-bit ECC public key. This key provides better security but slower performance than the Strong setting. Configure this rule to Strongest to use a 571-bit ECC public key. This key provides the highest level of security but the slowest performance of the three settings. For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, if onboard device memory exists on the BlackBerry device when you configure this rule, the rule also encrypts the onboard device memory (embedded M.C.) to the user password and a device-generated key. To encrypt the media files in the onboard device memory, configure the Force Encryption on Internal File System Media Files IT policy rule, or instruct the BlackBerry device user to configure file encryption.
155
For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, you can configure the External File System Encryption Level IT policy rule. The External File System Encryption Level IT policy rule also encrypts the media card.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required IT policy rule to Yes. If you configure this rule to Strong or Stronger, configure the Minimum Password Length IT policy rule to 12 characters. If you configure the content protection strength to Strongest, instruct the user to create a password of at least 21 characters. These password lengths maximize the encryption strength that the longer ECC keys are designed to provide.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is All databases.
Usage
By default, the BlackBerry Desktop Software backs up the information in the following databases: Handheld Keys store Certificate Options Trusted Key Store Policy KeyStoreManager Random Pool PGP Key Store Change this rule to Minimal subset of databases to back up a minimal set of BlackBerry device databases, including databases that some desktop components, such as the certificate synchronization tool of the BlackBerry Desktop Manager, require access to. Change this rule to No databases to prevent the backup of BlackBerry device databases.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0
156
BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is No. A BlackBerry device and the BlackBerry Enterprise Server can use the Triple DES algorithm and the AES algorithm to encrypt and decrypt data that they send between each other.
Usage
Change this rule to Yes to make it mandatory that a BlackBerry device and the BlackBerry Enterprise Server use the AES algorithm to encrypt and decrypt data that they send between them.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is No. On the BlackBerry device, the BlackBerry App World application is turned on.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP7
157
This rule specifies whether a BlackBerry device can import certificates and PGP keys, including private keys, from a media card.
Default value
The default value is Yes. A BlackBerry device cannot import certificates and PGP keys from a media card.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.1 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
158
Usage
Use this rule to prevent forwarding or replying to a PIN message with an email message, or replying to an email message with a PIN message.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
159
Usage
Change this rule to Yes to turn off the GPS feature and prevent applications on a BlackBerry device from accessing it.
Dependencies
If you change this rule to Yes, BlackBerry Maps does not work and applications cannot access the GPS APIs for the BlackBerry device. This rule overrides the Is Access to the GPS API Allowed application control policy rule setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is No. A BlackBerry device warns the user that the certificate is expired or invalid, but it does not prevent the user from using the certificate.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
160
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 BlackBerry Connect version 4.0
Default value
The default value is No.
Usage
Change this IT policy rule to Yes to require the next highest level of key store security automatically. For BlackBerry devices that are running BlackBerry Device Software version 3.6, the next highest security level is High. For BlackBerry devices that are running BlackBerry Device Software version 4.0 or later, the next highest security level is Medium.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect Transport Stack version 4.0
161
BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No.
Usage
If you change this rule to Yes, to send email messages, the user must install the S/MIME Support Package for BlackBerry smartphones or the PGP Support Package for BlackBerry smartphones. You must also turn on S/MIME message processing on the BlackBerry Enterprise Server or, in the PGP Application policy group, configure the PGP Universal Server Address rule.
162
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, this rule applies only to email messages that a user sends through your organizations BlackBerry Enterprise Server. To prevent a user from sending email messages that are not encrypted or signed from a different email message service, such as the BlackBerry Internet Service, in the Service Exclusivity policy group, configure the Allow Other Message Services rule. For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule applies to all email message services.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No.
Usage
If you change this rule to Yes, to send PIN messages the user must install the S/MIME Support Package for BlackBerry smartphones or the PGP Support Package for BlackBerry smartphones on a BlackBerry device. You must also turn on S/MIME message processing on the BlackBerry Enterprise Server, or configure the PGP Universal Server Address IT policy rule to permit PGP message processing. To turn off all PIN messaging, configure the Allow Peer-to-Peer Messages IT policy rule to No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0
163
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No. The BlackBerry device can keep the plain text form of a content-protected object in the persistent store.
Usage
Configure this rule only if you require that sensitive data does not persist in plain text form on a BlackBerry device. To prevent any application from storing data in plain text form in the persistent store on a BlackBerry device, configure this rule to Yes. When you configure this rule to Yes, if an application that is installed on a BlackBerry device tries to save data to the persistent store in plain text form, the BlackBerry device performs the following actions: logs an exception error message in the log file on the BlackBerry device resets the BlackBerry device and displays a Java 576 error removes the data that the application tries to save Attention: If you change this rule to Yes, applications on the BlackBerry device that do not use the content protection framework API to encrypt data might not work.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
164
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP4 BlackBerry Application Suite version 1.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is Radio not disabled when USB device is connected. The wireless transceiver remains on.
Usage
Change this rule to Radio disabled when USB device is connected to turn off the wireless transceiver while the BlackBerry device is connected to a USB device. Change this rule to Radio disabled when connected USB device enumerates to turn off the wireless transceiver only when a connected USB device (for example, a computer) sends standard USB requests to communicate with a BlackBerry device.
Dependencies
Only USB enabled BlackBerry devices support this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0
165
Default value
The default value is No. A BlackBerry device warns the user that the certificate is revoked, but it does not prevent the user from using the certificate.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No. A BlackBerry device stores the users numeric passwords, and a user can use smart password entry on the BlackBerry device when using two-factor authentication.
Usage
If you change this rule to Yes, a BlackBerry device deletes any knowledge of the users numeric passwords if the user is currently using smart password entry.
Minimum requirements
Java based BlackBerry device
166
BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Usage
If you change this rule to Yes, a BlackBerry device does not display warnings and indicators about stale certificate status. Consider changing this rule to Yes if your organization uses a PKI that does not update the status of certificates.
Dependencies
If you change this rule to Yes, a BlackBerry device ignores the Certificate Status Maximum Expiry Time IT policy rule and the status of certificates on the BlackBerry device never expires.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No. A BlackBerry device warns the user that the certificate has a stale status, but it does not prevent the user from using the certificate.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0
167
Default value
The default value is No. A BlackBerry device warns the user that the certificate is not trusted, but it does not prevent the user from using the certificate.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No. A BlackBerry device warns the user that the certificate could not be verified, but it does not prevent the user from using the certificate.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
168
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default values
The default value in the Advanced security and Advanced Security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Usage
The media transport protocol allows a user to transfer media files to the BlackBerry device from a media card. If you change this rule to Yes, a BlackBerry device cannot access a media card that is connected to the USB port. This means that the ability to transfer files to a media card using the Roxio Media Manager with the BlackBerry Desktop Manager versions 4.2.2 and 4.3 is turned off.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
169
This rule specifies whether to prevent a BlackBerry device user from sending an email message using a certificate that has a corresponding weak public key.
Default value
The default value is No. A BlackBerry device warns the user that the corresponding public key is weak, but it does not prevent the user from using the certificate.
Usage
Use the IT policy rules that are provided for the TLS application, the WTLS application, the S/MIME Support Package for BlackBerry smartphones, or the PGP Support Package for BlackBerry smartphones. Configure the minimum strengths for the RSA, DSA, ECC, and Diffie-Hellman algorithm key lengths.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default values
The default value in the Medium password security with No 3rd Party Applications and the Advanced security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Usage
This rule prevents a user from installing an unsigned third-party application that is sent over a wireless network or when a BlackBerry device is connected to the BlackBerry Desktop Manager or application loader tool. This rule applies to any unsigned applications that the BlackBerry Enterprise Server or another party send to a BlackBerry device. If you change the value to Yes, this rule does not remove any existing third-party applications from a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0
170
BlackBerry Connect versions 2.1, 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is Allowed. If a media card is inserted in the BlackBerry device, encryption of the media files that are in the media card is allowed.
Usage
Change this rule to Required or Disallowed to prevent a user from changing this setting on the BlackBerry device.
Dependencies
A BlackBerry device can use this IT policy rule only if you also configure the Content Protection Strength IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
Default values
The default value in the Default IT policy is Not required. The default value in the Advanced Security and Advanced Security with No 3rd Party Applications IT policies is Encrypt to User Password (excluding multimedia directories).
171
Usage
You can use this rule to require that a BlackBerry device encrypt a media card, either including or excluding media card files. You cannot use this rule to encrypt files that a BlackBerry device user transfers to the media card manually (for example, from a USB mass storage device). The master keys for the media card are stored on the media card. A BlackBerry device is designed to use the master keys to decrypt and encrypt files on the media card. A BlackBerry device is designed to use the BlackBerry device key, a user-provided password, or both to encrypt the master keys. Change this rule to Encrypt to User Password (excluding multimedia directories) if the media card requires encryption with a password that the user provides. Change this rule to Encrypt to User Password (including multimedia directories) if the media card requires encryption with a password that the user provides. Change this rule to Encrypt to Device Key (excluding multimedia directories) if the media card requires encryption with a BlackBerry device key. Change this rule to Encrypt to Device Key (including multimedia directories) if the media card requires encryption with a BlackBerry device key. Change this rule to Encrypt to User Password and Device Key (excluding multimedia directories) if the media card requires encryption with a password that the user provides and a BlackBerry device key. Change this rule to Encrypt to User Password and Device Key (including multimedia directories) if the media card requires encryption with a password that the user provides and the BlackBerry device key.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is FIPS 140-2 Level 1 compliance.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP3 and later and BlackBerry Device Software versions 4.2.1 and later.
172
FIPS 140-2 Level 1 compliance affects the BlackBerry Cryptographic Kernel, which is the embedded cryptographic module required for basic operation of a BlackBerry device. FIPS 140-2 Level 2 compliance affects only the BlackBerry Device Software. It does not result in a BlackBerry device meeting FIPS 140-2 Level 2 hardware security requirements. If you change this rule to Level 2, a BlackBerry device prevents WTLS from using an RC encryption algorithm, which can cause problems when using WTLS.
Dependencies
If you change this rule to 2, the following additional IT policy rules are configured: Password Required is configured to Yes Minimum Password Length is configured to 5 Suppress Password Echo is configured to Yes PGP Allowed Content Ciphers is configured to AES (256-bit), AES (192-bit), AES (128-bit), Triple DES S/MIME Allowed Content Ciphers is configured to AES (256-bit), AES (192-bit), AES (128-bit), Triple DES TLS Restrict FIPS Ciphers is configured to Yes Disallow Third Party Application Download is configured to Yes Java based BlackBerry device For FIPS Level 1 compliance, BlackBerry Device Software version 3.3 For FIPS Level 2 compliance, BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
Minimum requirements
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 to version 4.2.1.
Default value
173
Usage
If you configure this rule, a BlackBerry device blocks the specified types of incoming messages at the firewall and does not notify the user that those types of messages were received. A user can specify whether to block public PIN messages on a BlackBerry device. A user cannot specify whether to block organization-specific PIN messages on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is a null value.
Usage
Specify email addresses with wildcard characters (for example, *@organization.com) to allow email messages from a specific domain.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is No.
Usage
174
Content protection is designed to encrypt the device transport keys on a BlackBerry device using 256-bit AES, and to store them in the BlackBerry device memory. To turn on content protection for device transport keys, you or a user must turn on content protection on the BlackBerry device. You can turn on content protection on the BlackBerry device using the Content Protection Strength IT Policy Rule.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
Force Device Password Entry While User Authentication is Enabled IT policy rule
Description
This rule specifies whether users must type their user names and BlackBerry device passwords when the user authenticator option is turned on.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.1 BlackBerry Enterprise Server version 4.0 SP3
175
Default value
The default value is No.
Minimum requirements
Java based BlackBerry Pearl 8220 device Java based BlackBerry 8210 device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6
Default values
The default value in the Default and Basic password security IT policies is No. The default value in all other preconfigured IT policies is Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this IT policy rule in BlackBerry Device Software versions 4.0 and later.
Default value
176
Usage
To use multifactor authentication on a BlackBerry device, change this rule to Yes. If multiple authentication mechanisms are permitted, a lock icon appears on the BlackBerry device to indicate that a user cannot change it.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Force Notifications for Keys with Medium Security Level IT policy rule
Description
This rule specifies whether a BlackBerry device displays key store notification messages for private keys with a medium security level during the lifetime of the cached key.
Default value
The default value is No. The user can turn off key store notifications for a specific key and application key usage.
Usage
If you change this rule to Yes, a BlackBerry device displays a key store notification message during the cached period when the user opens or sends an uncached secure email message. If a user opens an encrypted message, the BlackBerry device accesses the key store to obtain the private key to decrypt the message.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.1 BlackBerry Enterprise Server version 5.0 SP1
Force Smart Card Reader Challenge Response while User Authentication is enabled IT policy rule
Description
This rule specifies whether a BlackBerry device requires a user to use the same BlackBerry Smart Card Reader all the time, in addition to the user authenticator password (smart card PIN), when the user turns on two-factor authentication.
Default value
177
Usage
If you change this rule to Yes, a user must delete all of the BlackBerry device data if the BlackBerry Smart Card Reader is lost or stolen. If you change this rule to Yes, a user cannot change the Always Use Same <BlackBerry_device_name> option on a BlackBerry device from Enabled to Disabled.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 BlackBerry Smart Card Reader version 2.0
Default value
The default value is No.
Usage
If you change this rule to Yes, to unlock a BlackBerry device, a user might require an authenticator module for a smart card and must have a smart card driver and a BlackBerry Smart Card Reader driver installed on the BlackBerry device.
Dependencies
If you change this rule to Yes, the BlackBerry Enterprise Server automatically configures the Password Required IT policy rule to Yes in the same IT policy. You must configure the Password Required IT policy rule to Yes manually for a BlackBerry device that is running BlackBerry Device Software versions 4.2 and earlier.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Smart Card Reader software version 1.5 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
178
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is No.
Usage
If you change this rule to Yes, when the user unlocks a BlackBerry device, the BlackBerry device sends a challenge to the smart card to verify the authenticator module for the smart card. If you change this rule to Yes, to use a BlackBerry device, a user must have a BlackBerry Smart Card Reader, and must install a smart card driver and a BlackBerry Smart Card Reader driver on the BlackBerry device.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required and Force Smart Card Two Factor Authentication IT policy rules to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 4.2 BlackBerry Smart Card Reader software version 1.5 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is 60 minutes.
Usage
179
The BlackBerry device key store is the database that stores the user's private keys. The key store uses a password to protect the user's private keys. By default, the BlackBerry device caches the key store password to minimize the number of key store password prompts. If you change this rule to 0, a BlackBerry device cannot cache the key store password and cannot reduce the number of password prompts.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and BlackBerry Enterprise Server for Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value in the Advanced security and Advanced security with No 3rd Party Applications IT policies is Yes. The default value in all other preconfigured IT policies is No.
Usage
This IT policy rule does not require the BlackBerry device to use a proximity authenticator. To require the BlackBerry device to use a proximity authenticator, you can configure the Force Multi Factor Authentication IT policy rule and Allowed Authentication Mechanisms IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
This rule specifies whether a BlackBerry device locks when the user removes the paired smart card from the BlackBerry Smart Card Reader or disconnects the BlackBerry Smart Card Reader from a BlackBerry device. Not all smart card reader drivers support smart card removal detection.
Default value
The default value is No.
Usage
If you change this rule to Yes, to use a BlackBerry device, users might require an authenticator module for the smart card and must have a smart card driver and a BlackBerry Smart Card Reader driver installed on the BlackBerry device.
Dependencies
If you change this rule to Yes, the BlackBerry Enterprise Server configures the Password Required and Force Smart Card Two Factor Authentication IT policy rules to Yes automatically in the same IT policy.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server for IBM Lotus Domino and Novell GroupWise version 4.0 BlackBerry Enterprise Server for Microsoft Exchange version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software version 4.0 or later.
Default value
The default value is a null value.
Usage
The maximum length of a specified disclaimer is 512 characters.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
181
Maximum Smart Card User Authenticator Certificate Status Check Period IT policy rule
Description
This rule specifies the maximum length of time (in minutes) that can elapse between status checks of the user authentication certificates that a BlackBerry device uses with smart cards. During each period, the BlackBerry device requests the status of the certificate. If the certificate is revoked, the BlackBerry device locks and the user is unable to unlock it unless the certificate status changes from On Hold to Good. The permitted range between status checks is 240 to 40320 minutes.
Default value
The default value is -1, which specifies no time limit.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required, Force Smart Card User Authentication, and Force Smart Card Two Factor Challenge Response IT policy rules to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is Allowed.
Usage
To prevent a user from changing this setting on a BlackBerry device, change this rule to Required or Disallowed.
Dependencies
A BlackBerry device can use this IT policy rule only if you also configure the Content Protection Strength IT policy rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
182
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is Low security. A BlackBerry device never prompts the user for the key store password when accessing the private key to encrypt messages.
Usage
183
If you change this rule to Medium security, a BlackBerry device prompts the user for the key store password when accessing the private key to encrypt messages only if the password is cleared from the key store cache. If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when accessing the private key to encrypt messages. If the user typed the password recently, the BlackBerry device prompts the user to confirm the password. When you configure this rule, all keys must use the security level that you configure as the minimum, but a user can configure a higher security level on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is Low security. A BlackBerry device never prompts the user for the key store password when accessing the private key to sign messages.
Usage
If you change this rule to Medium security, a BlackBerry device prompts the user for the key store password when accessing the private key to sign messages only if the password is cleared from the key store cache. If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when accessing the private key to sign messages. If the user typed the password recently, the BlackBerry device prompts the user to confirm the password. When you configure this rule, keys must use the security level that you configure as the minimum, but the user can configure a higher security level on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
184
Default value
The default value is No.
Dependencies
A BlackBerry device uses this rule only if you configure the Password Required IT policy rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Usage
A BlackBerry device can receive all email messages from the BlackBerry Enterprise Server that are not blocked at the BlackBerry device firewall unless you change this rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
185
Default value
The default value is a null value.
Usage
Use the following characters in the password pattern to specify the character type that is permitted and its position in the password: a: Permits any letter. A: Permits an uppercase letter only. c: Permits any consonant letter. C: Permits an uppercase consonant letter only. v: Permits any vowel. V: Permits an uppercase vowel only. N, n, or #: Permits a number only. S, s, or @: Permits a symbol only. ?: Permits any letter, number, or symbol.
If you configure this rule, the user can create a password that is greater than or equal to the length of the pattern on a BlackBerry device. Password characters that exceed the pattern length can be any letters, numbers, or symbols. Attention: Preventing a particular password character reduces the entropy level and security level of the password.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Usage
Change this rule to Yes to require a BlackBerry device to delete its stored IT policy permanently, delete all third-party applications, and delete all user data after it receives the IT administration command.
186
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, this rule is enforced both remotely (when an administrator erases the data on a BlackBerry device remotely) and locally (for example, when the user exceeds the maximum password attempts or erases all data on the BlackBerry device). For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule is enforced only when an administrator erases the data remotely.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is Disabled.
Usage
Use this rule to require that a BlackBerry device that cannot receive IT policy updates or IT administration commands delete user data after a specific period of time.
Dependencies
If you configure this rule to prevent deleting user data unexpectedly, on the BlackBerry Enterprise Server, in the BlackBerry Administration Service, configure the Policy Resend Interval to a lower value than the value that you configure in this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default setting
187
Usage
Use this rule to require that a BlackBerry device delete the user data if the user has not unlocked the BlackBerry device within the specified period of time.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
The default value is No.
Usage
Use this rule to require that a BlackBerry device that cannot receive IT policy updates or IT administration commands deletes user data when the battery power level is too low.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 4.0 SP6
Default value
188
Usage
You might configure this rule to one of the following example colors: 0xffffff: white 0x000000: black 0xff0000: red 0x00ff00: green 0x0000ff: blue Java based BlackBerry device BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Minimum requirements
Default value
The default value is a null value.
Usage
To permit a third-party encryption scheme to be used in conjunction with BlackBerry Enterprise Solution encryption, configure hashes in hexadecimal format, separated by commas. A BlackBerry device reads this information from the command javaloader siblinginfo <implementation_file.cod> .
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
189
This rule specifies the Hex-ASCII certificate thumbprints used on a BlackBerry device that are generated using the SHA-1, MD5, SHA-256, or SHA-512 algorithm. Separate multiple thumbprints with semi-colons (;).
Default value
The default value is a null value.
Usage
If you configure this rule, a user can only add certificates to the trusted key store that use the thumbprints that appear in the defined list. The SHA-256 algorithm and SHA-512 algorithm require BlackBerry Device Software version 5.1 or later.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.6
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise supports this rule in BlackBerry Device Software versions 4.0 and later.
Default value
The default value is Allowed. A user can turn on two-factor content protection on a BlackBerry device.
Usage
Two-factor content protection on the BlackBerry device is designed to protect the content protection decryption keys with both a private key that is stored on a smart card and the BlackBerry device password. When a user turns on two-factor content protection, the BlackBerry device requires more time to unlock than when two-factor content protection is not turned on. To unlock the BlackBerry device, the user must have the appropriate smart card driver and a supported driver for the smart card reader installed on the BlackBerry device. You cannot reset the BlackBerry device password after you or a user turns on two-factor content protection. To restore the content protection decryption keys and unlock the BlackBerry device, the user must have the smart card and must know the BlackBerry device password and the PIN for the smart card.
Dependencies
190
If you change this rule to Required, the BlackBerry device can use this rule only if you also configure the Content Protection Strength IT policy rule and change the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes. Alternatively, instead of changing the value of the Force Smart Card Two Factor Authentication IT policy rule to Yes, you can change the value of the Force Multi Factor Authentication IT policy rule to Yes and change the Allowed Authentication Mechanisms IT policy rule to use only a smart card user authenticator.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
Default value
By default, no algorithms are specified as weak.
Usage
Specify a list of algorithms that a BlackBerry device considers weak. This prevents a user from sending an S/MIME-encrypted or PGP encrypted message using a certificate or key that has a corresponding public key that is weak. You cannot specify SHA-384 and SHA-512 as weak algorithms.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
191
Default value
The default value is a null value.
Usage
Use a null value if your organization does not use an Entrust Entelligence messaging server.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP3 S/MIME Support Package for BlackBerry smartphones version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is to use all supported algorithms.
Usage
To maintain compatibility with most S/MIME clients, use Triple DES encryption and one of the RC2 algorithms. By default, a BlackBerry device is designed to encrypt email messages using Triple DES encryption if it does not know the decryption capabilities available to the recipient.
Dependencies
If you configure the FIPS Level IT policy rule to 2, a BlackBerry device uses AES (256-bit), AES (192-bit), AES (128-bit), and Triple DES encryption.
Minimum requirements
Java based BlackBerry device
192
S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is Automatic. A BlackBerry device requests decrypted attachment information from the BlackBerry Enterprise Server automatically when a user opens S/MIME-protected messages that contain attachments.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is Both. The BlackBerry device uses certificate-based encryption and password-based encryption.
Usage
Configure this rule to Certificate-based encryption only. Configure this rule to Password-based encryption only.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.6 BlackBerry Enterprise Server version 4.1 SP6 S/MIME Support Package for BlackBerry smartphones version 4.0
193
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
194
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
195
Default value
The default value is 1024 bits.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is 1024 bits.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
196
Default value
The default value is 163 bits.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
Default value
The default value is 1024 bits.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 1.5 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Exceptions
The BlackBerry Enterprise Server for Novell GroupWise does not support this rule.
197
Default value
The default value is Manual. A BlackBerry device user must request the complete text of the email message when the user replies to or forwards that email message.
Usage
Change this rule to Automatic to retrieve the complete text of the email message automatically.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.1 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is Yes.
Usage
Change this rule to No to require that a BlackBerry device send browser data through your organization's BlackBerry Enterprise Server, and to prevent a user from installing other browser services on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 (internal) BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.5
198
Default value
The default value is Yes.
Usage
Change this rule to No to require that a BlackBerry device user in your organization send appointments using a BlackBerry Enterprise Server within your organization's environment.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 4.1 SP5
Default value
The default value is Yes.
Usage
Change this rule to No to require that a BlackBerry device user send outgoing email messages through your organization's BlackBerry Enterprise Server and to prevent a user from sending email messages using other email message services. This rule does not prevent a user from receiving email messages on a BlackBerry device from other email message services.
Minimum requirements
C++ based BlackBerry device that is running BlackBerry Device Software version 2.5 Java based BlackBerry device that is running BlackBerry Device Software version 3.6 BlackBerry Application Suite version 1.0 BlackBerry Connect version 2.1 BlackBerry Enterprise Server version 3.5
199
Default value
The default value is Yes.
Usage
Change this rule to No to prevent communication using AIM on a BlackBerry device.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Enterprise Server version 3.6 SP6
Default value
The default value is Yes.
Usage
Change this rule to No to prevent communication using Google Talk on a BlackBerry device. If you change this rule to No and a user has downloaded the Google Talk for BlackBerry devices application, the Google Talk for BlackBerry devices icon remains on the Home screen. If a user tries to sign into the application, a message appears indicating that the application cannot be used.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Enterprise Server version 4.0 SP4
Default value
200
Usage
Change this rule to No to prevent communication using ICQ on a BlackBerry device.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Enterprise Server version 3.6 SP6
Default value
The default value is Yes.
Usage
Change this rule to No to prevent using public instant messaging services on a BlackBerry device. This rule applies to all Research In Motion public instant messaging services for BlackBerry devices that were released after the first availability of this rule. To prevent a user from using Yahoo! Messenger for BlackBerry smartphones version 1.0 on a BlackBerry device, configure the Allow Public Yahoo! Messenger Services IT policy rule.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Enterprise Server version 4.0 SP4
Default setting
The default value is Yes.
Usage
Change this rule to No to prevent communication using Windows Live Messenger on a BlackBerry device.
Minimum requirements
BlackBerry Enterprise Server version 4.1 SP5
201
Default value
The default value is Yes.
Usage
Change this rule to No to prevent communication using Yahoo! Messenger on a BlackBerry device.
Minimum requirements
BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 3.6 SP4
Default value
The default value is Disabled. A BlackBerry device user cannot synchronize contacts with the T-Mobile Mobile Backup.
Usage
Change this rule to Enabled to permit a BlackBerry device user to synchronize contacts with the T-Mobile Mobile Backup. Change this rule to Faves to permit a BlackBerry device user to synchronize only the contacts that are included in the user's MyFaves plan with the T-Mobile Mobile Backup.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
This rule specifies whether to prevent a wireless network or SIM card from querying a BlackBerry device for certain locationrelated information.
Default setting
The default setting is No.
Usage
The information that the SIM card can query is limited to the current wireless network and cell identities, BlackBerry device IMEI, date, time, and some measurement results.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Default setting
The default setting is No.
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Default setting
203
Minimum requirements
Java based BlackBerry device S/MIME Support Package for BlackBerry smartphones version 4.0 BlackBerry Connect version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 4.0 SP3
Default setting
The default setting is Yes.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later and BlackBerry Device Software versions 4.0.2 and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewall policy group.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
204
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later and BlackBerry Device Software versions 4.0.2 and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewall policy group.
Dependencies
A BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later and BlackBerry Device Software versions 4.0.2 and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewall policy group.
Dependencies
A BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
205
Default value
The default value is a null value.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later and BlackBerry Device Software versions 4.0.2 and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewall policy group.
Dependencies
A BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
This rule is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later and BlackBerry Device Software versions 4.2.2 and later. Instead, consider configuring the Restrict Incoming Cellular Calls rule and Restrict Outgoing Cellular Calls rule in the Firewall policy group.
Dependencies
A BlackBerry device uses this rule only if you configure the Enable Smart Dialing IT policy rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
206
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Enterprise Server version 4.0
207
This rule specifies whether a default APN user name is required when a BlackBerry device uses TCP. The length of this string is limited to 32 characters.
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is No.
Usage
If you change this rule to Yes, all HTTPS connections must use TLS on the BlackBerry device. If you change this rule and TLS is not available on the BlackBerry device, an exception occurs.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
208
This rule specifies whether to prevent a BlackBerry device from permitting TLS connections to servers that have invalid certificates.
Default value
The default value is Prompt user on BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6
Default value
The default value is Prompt user on BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6
Default value
The default value is Prompt user on BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6
209
Default value
The default value for BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0 is Allow weak digests. The default value for BlackBerry devices that are running BlackBerry Device Software version 5.0 and later is Disable weak digests.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.7.1 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value on a BlackBerry device is 1024 bits. The default value on the BlackBerry Enterprise Server is 512 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit DH key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you set the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 2048 bits.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6
210
Default value
The default value on a BlackBerry device is 1024 bits. The default value on the BlackBerry Enterprise Server is 512 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on the BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit DSA key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 1024 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 1024 bits.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6 SP1
Default value
The default value on a BlackBerry device is 163 bits. The default value on the BlackBerry Enterprise Server is 160 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on the BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server.
211
For example, when a user browses to a secure web site that uses a 160-bit ECC key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 160 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 233 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 233 bits.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6
Default value
The default value on the BlackBerry device is 1000 bits. The default value on the BlackBerry Enterprise Server is 512 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on the BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit RSA key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is less than 2048 bits.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6
212
Default value
The default value is Prompt user on BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No.
Usage
By default, if you configure the FIPS Level IT policy rule to Level 2, a BlackBerry device does not use this rule and uses only algorithms that are FIPS-compliant.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6.1 BlackBerry Enterprise Server version 3.6
213
Default value
The default value is No.
Usage
Change this rule to Yes to allow a user to provide feedback.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.6.1 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is Yes.
Dependencies
If you want to permit a BlackBerry device user access to visual voice mail, you must change the Disable Visual Voice Mail IT policy rule to No.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.5 BlackBerry Device Software version 4.5
214
This rule specifies whether to permit a BlackBerry device user access to visual voice mail.
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a BlackBerry device user from accessing visual voice mail. Note: If a wireless service provider gives a BlackBerry device user access to visual voice mail, it might prevent the user from receiving standard voice mail notifications.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.5 BlackBerry Device Software version 4.5
Default value
The default value is 4 digits.
Dependencies
If you configure this rule, you must change the Password Required IT policy rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Connect version 4.5 BlackBerry Device Software version 4.5
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device
215
Default value
The default value is Yes. VoIP is turned on.
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from creating VoIP profiles on a BlackBerry device. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
216
Default value
The default value is a null value.
Usage
Specify a value only if your organizations SIP server requires it. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
217
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software e version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure this rule to specify a name for a SIP domain or host. The SIP realm value on a BlackBerry device must be the same as the SIP realm value that you specified on the SIP server. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 25 minutes.
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device
218
BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 51100.
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
219
This rule specifies the port number on your organization's SIP proxy server that the SIP proxy server uses to make network connections. The permitted range is 0 to 65536.
Default value
The default value is 5060.
Usage
Change this rule only if the port number that the SIP proxy server uses is not 5060. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is UDP.
Usage
Change this rule only if the transport protocol is not UDP. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Generic SIP.
Usage
220
Change this rule only if the SIP proxy server is not generic. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure this rule if you want to specify a default value for all users. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure this rule if you want to configure a default value for all users. If a user types an SIP user ID on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the BlackBerry device, verify that the updated IT policy uses the same value as this rule.
221
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure this rule if you want to configure a default value for all users. If the user types an SIP user password on a BlackBerry device manually, IT policy updates overwrite or delete the value. To retain the value on the BlackBerry device, verify that the updated IT policy uses the same value as this rule. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
222
Default value
The default value is 911.
Usage
Two versions of this rule are available. Refer to the descriptions in the BlackBerry Administration Service to determine which version of this rule is the appropriate version for the BlackBerry devices in your organization. One version of the rule is valid for Java versions 4.0.0 to 4.0.1.90 only and you must configure it as an integer. The other version of the rule is valid for Java versions 4.0.1 or later and you must configure it as a string. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0. BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
To use this feature, verify that your organizations PBX permits phones to transfer VoIP calls. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.1 BlackBerry Enterprise Server version 4.0 SP1
223
Default value
The default value is Yes. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.1 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
To use this feature, verify your that organizations PBX permits phones to transfer VoIP calls. This rule is made obsolete by BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.1 BlackBerry Enterprise Server version 4.0 SP1
224
This rule specifies whether a user can create VPN profiles on a BlackBerry device.
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from creating VPN profiles on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No. A BlackBerry device might not be able to use a Wi-Fi network that requires VPN access, or it might require an alternative form of access control.
Usage
Change this rule to Yes to require that a BlackBerry device use VPN server to access a Wi-Fi network. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP3 and later.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is No.
Dependencies
225
You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
If you change this rule to No, the user can continue to change the VPN user name and VPN password on theBlackBerry device. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP3 and later.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
If you change this rule to No (password not saved), the user must type a VPN password each time the BlackBerry device connects to the VPN concentrator.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
226
Default value
The default value is No.
Usage
Change this rule to Yes if you do not want a BlackBerry device to prompt a user to type VPN credentials after authentication is not successful.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is Yes. A BlackBerry device retrieves DNS settings from the VPN gateway.
Usage
To require that a BlackBerry device use the static settings that are specified in the VPN Primary DNS IT policy rule, VPN Secondary DNS IT policy rule, and VPN Domain Name IT policy rule, change this rule to No.
Dependencies
You must configure the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
This rule specifies the suffix for your organization's domain name using the FQDN format.
Default value
The default value is a null value.
Dependencies
You must configure the Enable VPN IT policy rule to Yes and the VPN DNS Configuration IT policy rule to No so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Specify the group name of your organization's VPN server only if the type of VPN client requires it.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
228
Default value
The default value is a null value.
Usage
Specify the group password for your organization's VPN server only if the type of VPN client requires it.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is AES-128.
Usage
Change the value only if the encryption algorithm does not support AES-128.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Group 7 (elliptic curve cryptography).
Usage
229
Change the value only if the DH group does not use ECC.
Dependencies
You must configure the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is SHA-1 (160 bits).
Usage
Change the value only if the hash method authentication code does not support SHA-1 (160 bits).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is SHA-1 Hash and AES-128 Cipher.
Usage
Change the value only if the IPSec cipher and hash are not AES-128 and SHA-1.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
230
Default value
The default value is Low security. A BlackBerry device prompts the user only once for the key store password. The BlackBerry device retrieves and stores, in unencrypted format, the private key with the VPN profile.
Usage
If you change this rule to High security, a BlackBerry device always prompts the user for the key store password when the BlackBerry device requires access to the private key. This might happen frequently, even if the user typed the password recently. Private keys are not stored with the VPN profile. If you change this rule to Medium security, a BlackBerry device prompts the user for the key store password the first time only and, from that point forward, only prompts the user again after the user resets the BlackBerry device. Private keys are cached in memory but are not stored with the VPN profile.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is 1 minute.
Usage
Specify the interval, in minutes, after which a BlackBerry device sends a keep-alive packet to the VPN concentrator to maintain the connection to the VPN concentrator. The permitted range is 1 to 1439 minutes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
231
Default value
The default value is No.
Usage
Change this rule to Yes to hide the VPN password as the user types it.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is Yes.
Usage
Change the value only if your organization does not support Perfect Forward Secrecy.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Dependencies
232
You must change the Enable VPN IT policy rule to Yes and the VPN DNS Configuration IT policy rule to No so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Dependencies
You must change the Enable VPN IT policy rule to Yes and the VPN DNS Configuration IT policy rule to No so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Specify a value for this rule if you want to configure a default user name for all user accounts. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the BlackBerry device, verify that the updated rule uses the same value as this rule.
Dependencies
You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
Minimum requirements
233
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Specify a value for this rule if you want to configure a default password for all user accounts. If a user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the BlackBerry device, verify that the updated rule uses the same value as this rule.
Dependencies
You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Dependencies
You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
234
Default value
The default value is User name and password required.
Dependencies
You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Access does not require VPN. A BlackBerry device can bypass an active VPN connection when the BlackBerry device connects to the BlackBerry Infrastructure over a Wi-Fi network.
Usage
You can select one of the following options to configure when a BlackBerry device can connect to the BlackBerry Infrastructure over a Wi-Fi network: If you want a BlackBerry device to always use a VPN connection when the BlackBerry device connects to the BlackBerry Infrastructure over a Wi-Fi network, you can select the Access requires VPN option. You can select this option if you want to enforce the additional security that a VPN connection provides. If you do not want a BlackBerry device to connect to the BlackBerry Infrastructure over a Wi-Fi network, you can select the Access disabled option.
Dependencies
235
You can override this rule using the related Wi-Fi configuration setting that is named Wi-Fi BlackBerry Infrastructure Wi-Fi access mode. You can use this setting to configure the access mode for a specific Wi-Fi network, and this rule to configure the access mode for other Wi-Fi networks. If you turn off access to the BlackBerry Infrastructure over the Wi-Fi network using this rule, you cannot override this rule using the configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Usage
Specify a list of Wi-Fi SSIDs, separated by commas (,), that you do not want a BlackBerry device to associate with.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from using the GAN-only mode on a BlackBerry device.
Minimum requirements
236
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from using the GAN-preferred mode on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from changing the GAN selection mode on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
237
This rule specifies whether a user can select the WAN-only mode from the list of GAN selection modes on a BlackBerry device.
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from using the WAN-only mode on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from using the WAN-preferred mode on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Usage
238
Change this rule to Yes to prevent a user from accessing a Wi-Fi network from the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value. The default value might vary depending on which mobile network provider a BlackBerry device is using.
Usage
Configure this rule to Yes to deny a BlackBerry device access to the BlackBerry Enterprise Server over a Wi-Fi network.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Usage
Change this rule to Yes to prevent a user from creating Wi-Fi profiles on a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1
239
Default value
The default value is a null value. A BlackBerry device chooses a suitable value. This value might be specified by the mobile network provider.
Usage
In WAN-preferred mode, if the signal quality drops below the threshold, a BlackBerry device tries a handover to the GAN, if possible. The signal quality is related to the bit error rate and is described in the 3GPP 5.08 8.2.4 specification as follows: 0: good quality 7: worst quality
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value. A BlackBerry device chooses a suitable value. This value might be specified by the mobile network provider.
Usage
In the WAN-preferred mode, if the signal strength of the serving cell drops below the value that you specify, a BlackBerry device uses the GAN cell if one is available. This value is specified in Received Signal Level units, as described in the 3GPP 5.08 8.1.4 specification: 0: -111 dBm 63: -48 dBm
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1
240
Default value
The default value is a null value. A BlackBerry device chooses an appropriate value. This value might be specified by the mobile network provider.
Usage
If you choose Low, a BlackBerry device uses the GAN mode unless the Wi-Fi signal quality is very low. If you choose Medium, a BlackBerry device uses the GAN mode if the Wi-Fi signal quality is high or medium. If you choose High, a BlackBerry device uses the GAN mode only if the Wi-Fi signal quality is high.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default values
The default value in the Default IT policy is Yes. The default value in all other preconfigured IT policies is No.
Usage
Change this rule to No to permit users to change only the user-specific Wi-Fi policy rules on a BlackBerry device. User-specific Wi-Fi policy rules are Wi-Fi User Name IT policy rule and Wi-Fi User Password IT policy rule.
Minimum requirements
Java based BlackBerry device
241
BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
A BlackBerry device uses this rule only if you change the value for the Wi-Fi DHCP Configuration IT policy rule to No.
Dependencies
If you configure the value for the Wi-Fi DHCP Configuration IT policy rule to Yes, do not change the value for this rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 1.
Usage
Verify that the WEP key ID matches the WEP access point ID and the corresponding WEP key.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
242
Default value
The default value is Yes. DHCP is turned on.
Usage
If you use a Wi-Fi network that includes subnets, turn on DHCP to permit roaming between subnets.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
243
Usage
Change this rule to Yes to permit a user to log in to a captive portal using a BlackBerry device. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP4 and later.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
A BlackBerry device uses this rule only if you change the Wi-Fi DHCP Configuration IT policy rule to No.
Dependencies
If you change the Wi-Fi DHCP Configuration IT policy rule to Yes, do not change this rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
244
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level IT policy rule
Description
This rule specifies the minimum security level for a private key that an EAP authentication method (for example, EAP-TLS) uses with a client certificate. The previous name of this rule was WLAN Minimal EAP-TLS Certificate Encryption Key Security Level.
Default value
The default value is Low security. A BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. The BlackBerry device stores the unencrypted private key with the WiFi profile.
Usage
If you change the value to Medium security, the BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. After the BlackBerry device retrieves the private key, the BlackBerry device only retrieves the private key again after the user resets the BlackBerry device. The BlackBerry device caches the private key in memory but does not store it with the Wi-Fi profile. If you change the value to High security, the BlackBerry device always prompts the user for the key store password when it accesses the private key and encrypts messages. The BlackBerry device does not store the unencrypted private key with the WiFi profile. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP4 and later.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
245
The previous name of this rule was WLAN Password Hidden on Input.
Default value
The default value is No. A BlackBerry device displays the characters that the user types.
Usage
Change this rule to Yes to mask the password that the user types.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Dependencies
A BlackBerry device uses this rule only if you configure the Wi-Fi Link Security IT policy rule to PSK.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
246
A BlackBerry device uses this rule only if you change the Wi-Fi DHCP Configuration IT policy rule to No.
Dependencies
If you change the Wi-Fi DHCP Configuration IT policy rule to Yes, do not change this rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Enabled.
Usage
You cannot resend an IT policy to forward Wi-Fi profiles.
Dependencies
A user can forward a Wi-Fi profile using a PIN message only if you change the Allow Peer-to-Peer Messages IT policy rule to Yes, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing PIN messages. A user can forward a Wi-Fi profile using a SMS text message only if you change the Allow SMS IT policy rule to Yes, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing SMS text messages. A user can forward a Wi-Fi profile using BlackBerry Messenger only if you change the Disable BlackBerry Messenger IT policy rule to No, and the Firewall Block Incoming Messages IT policy rule does not prevent the BlackBerry device from processing SMS messages.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 BlackBerry Smart Card Reader version 2.0
247
Default value
The default value is a null value.
Usage
A BlackBerry device uses this rule only if you change the Wi-Fi DHCP Configuration IT policy rule to No.
Dependencies
If you change the Wi-Fi DHCP Configuration IT policy rule to Yes, do not change this rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
You must change the value before a BlackBerry device can access the Wi-Fi network.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
248
Default value
The default value is a null value.
Usage
A BlackBerry device uses this rule only if you change the Wi-Fi DHCP Configuration IT policy rule to No.
Dependencies
If you change the Wi-Fi DHCP Configuration IT policy rule to Yes, do not change this rule to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure a value if you want to create a default value for all users. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types. To retain the value that the user specifies on the BlackBerry device, verify that the updated IT policy uses the same value as the IT policy on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
249
Default value
The default value is a null value.
Usage
Configure a value if you want to create a default value for all users. If a user types a password on a BlackBerry device manually, any IT policy updates overwrite or delete the value that the user types. To retain the value that the user specifies on the BlackBerry device, verify that the updated IT policy uses the same value as the IT policy on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
250
Default value
The default value is a null value.
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
251
This rule specifies the password for WEP key 4 using the format xx:xx:xx:xx:xx. The previous name of this rule was WLAN WEP Key 4.
Default value
The default value is a null value.
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) separated by a colon (for example, AB:CD:EF:01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
252
A cryptographic service is any service that uses a cryptographic key to protect the communication between the BlackBerry device and the BlackBerry Enterprise Server or the BlackBerry Internet Service (for example, the encryption keys that are generated during activation that are used to protect the data that the BlackBerry device and the BlackBerry Enterprise Server send between each other).
Default value
The default value is Yes.
Usage
If you allow a BlackBerry device to back up cryptographic services data, the BlackBerry device can continue to use a cryptographic service after the software loading process completes without requiring the user to reactivate the BlackBerry device manually.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0 SP1
Default value
The default value is No.
Usage
The BlackBerry Administration Service changes the value for this rule to the default value and does not display this rule when you configure the BlackBerry Administration Service to display the BlackBerry Device Software pages. For more information, see the BlackBerry Device Software Update Guide.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP4
253
This rule specifies whether to prevent a BlackBerry device user from returning to a previous version of the BlackBerry Device Software after a previously successful update of the BlackBerry Device Software over the wireless network.
Default value
The default value is No.
Usage
The BlackBerry Administration Service changes the value for this rule to the default value and does not display this rule when you configure the BlackBerry Administration Service to display the BlackBerry Device Software pages. For more information, see the BlackBerry Device Software Update Guide.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Usage
The BlackBerry Administration Service changes the value for this rule to the default value and does not display this rule when you configure the BlackBerry Administration Service to display the BlackBerry Device Software pages. For more information, see the BlackBerry Device Software Update Guide.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP4
Default value
254
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP4
255
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.5 BlackBerry Enterprise Server version 4.1 SP4
Default value
The default value is Prompt user on BlackBerry device.
Usage
If you want to prevent a BlackBerry device user from connecting to WTLS servers that have invalid certificates, change this rule to Disable invalid connections. If you want to permit a BlackBerry device user to connect to WTLS servers that have invalid certificates, change this rule to Allow invalid connections.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.6
Default value
256
Usage
If you want to prevent a BlackBerry device user from creating WTLS connections to untrusted servers, change this rule to Disable untrusted connections. If you want to permit a BlackBerry device user to create WTLS connections to untrusted servers, change this rule to Allow untrusted connections.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.6
Default value
The default value is Prompt user on BlackBerry device.
Usage
If you want to prevent a BlackBerry device user from using weak algorithms over WTLS connections, change this rule to Disable weak algorithms. If you want to permit a BlackBerry device user to use weak algorithms over WTLS connections, change this rule to Allow weak algorithms.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.6
257
This rule specifies the minimum DH key size (in bits) to use over WTLS connections. The permitted range is 512 through 4096 bits.
Default value
The default value on a BlackBerry device is 1024 bits. The default value on the BlackBerry Enterprise Server is 512 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit DH key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than 2048 bits.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.6
Default value
The default value on the BlackBerry device is 163 bits. The default value on the BlackBerry Enterprise Server is 160 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than the minimum key size on the BlackBerry Enterprise Server.
258
For example, when a user browses to a secure web site that uses a 160-bit ECC key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 160 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 233 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than 233 bits.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.6
Default value
The default value on the BlackBerry device is 1000 bits. The default value on the BlackBerry Enterprise Server is 512 bits.
Usage
If you configure the minimum key size on the BlackBerry Enterprise Server to be higher than the minimum key size on a BlackBerry device, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than the minimum key size on the BlackBerry Enterprise Server. For example, when a user browses to a secure web site that uses a 512-bit RSA key in its certificate, the BlackBerry device prompts the user to trust the web site. If the user trusts the web site and selects the Don't Ask Again option, the minimum key size on the BlackBerry device is configured to 512 bits. If you configure the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the BlackBerry device continues to prompt the user to trust every secure web site that uses a key size in its certificate that is lower than 2048 bits.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 3.6 BlackBerry Enterprise Server version 3.6
259
Default value
The default value is No.
Usage
By default, if you configure the FIPS Level IT policy rule to 2, a BlackBerry device ignores this rule and uses only algorithms that are FIPS-compliant.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Connect version 4.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
260
For information about configuring application control policy rules, see the BlackBerry Enterprise Server Administration Guide.
Default value
The default value is Prompt User.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is Prompt User.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
261
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 5.0
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1
262
Default value
The default value is Optional.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Is Access to the Browser Filters API Allowed application control policy rule
Description
This rule specifies whether an application can access browser filter APIs to register a browser filter on a BlackBerry device. You can use this rule to permit third-party applications to apply custom browser filters to web page content on a BlackBerry device.
Default value
The default value is Not Permitted.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
263
Is Access to the Event Injection API Allowed application control policy rule
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Is Access to the Event Injection API Allowed application control policy rule
Description
This rule specifies whether an application can simulate input events on a BlackBerry device, such as pressing keys or performing trackball actions.
Default value
The default value is Not Permitted.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2 BlackBerry Enterprise Server version 5.0
264
Is Access to the Handheld Key Store Allowed application control policy rule
This rule specifies whether an application can access the GPS APIs on a BlackBerry device. You can configure this rule to prevent the application from accessing the GPS APIs on a BlackBerry device or to prompt the user before an application can access the GPS APIs.
Default value
The default value is Prompt User.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.1 SP2
Is Access to the Handheld Key Store Allowed application control policy rule
Description
This rule specifies whether an application can access the key store APIs on a BlackBerry device.
Default value
The default value is Allowed.
Dependencies
If you configure the Minimal Signing Key Store Security Level and the Minimal Encryption Key Store Security Level IT policy rules to use the high security level, this rule does not apply. A BlackBerry device prompts the user for the key store password each time that an application tries to access the private key.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Is Access to the Interprocess Communication API Allowed application control policy rule
Description
This rule specifies whether an application can perform cross application communication operations. You can use this rule to permit two or more applications to share data or for one application to use the connection permissions of another application.
Default value
265
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is Prompt User.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 5.0
Is Access to the Module Management API Allowed application control policy rule
Description
266
This rule specifies whether an application can add, modify or delete Java .cod files on theBlackBerry device.
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.3 BlackBerry Enterprise Server version 5.0
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Is Access to the Screen, Microphone, and Video Capturing APIs Allowed application control policy rule
Description
This rule specifies whether an application can record media, such as audio and video, using the BlackBerry Browser or other applications on a BlackBerry device.
Default value
The default value is No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1
267
Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule
Is Access to the Serial Port Profile for Bluetooth API Allowed application control policy rule
Description
This rule specifies whether an application can access the Bluetooth SPP API.
Default value
The default value is Allowed.
Dependencies
If you configure the Disable Serial Port Profile IT policy rule to Yes, this rule does not apply. A BlackBerry device cannot use the Bluetooth SPP to establish a serial connection to a Bluetooth enabled device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Is Access to the User Authenticator API Allowed application control policy rule
Description
This rule specifies whether an application can access the user authenticator framework API. The user authenticator framework permits the registration of drivers that provide two-factor authentication to unlock a BlackBerry device. This rule applies to the BlackBerry Device Software and third-party Java applications.
Default value
The default value is Allowed.
Usage
For BlackBerry devices that are running BlackBerry Device Software version 5.0 and later, this rule applies to drivers for smart card readers and to custom two-factor authentication methods that are created by developers in your organization. For BlackBerry devices that are running BlackBerry Device Software versions that are earlier than version 5.0, this rule applies to drivers for smart cards only.
Minimum requirements
268
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 5.0
Default value
The default value is Allowed.
Dependencies
If you configure the Minimal Signing Key Store Security Level and the Minimal Encryption Key Store Security Level IT policy rules to use the high security level, this rule does not apply. A BlackBerry device prompts the user for the key store password each time that an application tries to access the private key.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
269
Default value
The default value is Allowed.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device
270
BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Application Suite version 1.0 BlackBerry Device Software version 4.0 BlackBerry Enterprise Server version 4.0
271
Configuration settings
Configuration settings
Configuration settings for VoIP profiles
Allow VoIP configuration setting
Description
This setting specifies whether a user can make VoIP calls on a Wi-Fi enabled BlackBerry device.
Default value
The default value is Yes.
Usage
To turn off VoIP, change this setting to No. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Specify a value only if your organizations SIP server requires it. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
272
Default value
The default value is a null value.
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 5060.
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
273
Usage
Configure this setting to specify a name for a SIP domain or host. The SIP realm value on a BlackBerry device must be the same as the SIP realm value that you specify on the SIP server. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 25 minutes.
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 51100.
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0
274
Default value
The default value is a null value.
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 5060.
Usage
Change this setting only if the port number on the SIP proxy server is not 5060. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
275
This setting specifies the transport protocol that your organization's SIP server uses.
Default value
The default value is UDP.
Usage
Change this setting only if the transport protocol is not UDP. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Generic SIP.
Usage
Change this setting only if the SIP proxy server is not generic. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
276
Configure this setting if you want to create a default value for all users. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure this setting if you want to create a default value for all users. If the user types a SIP user ID on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated IT policy uses the same value as this setting. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure this setting if you want to create a default value for all users. If the user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated IT policy uses the same value as this setting.
277
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is 911.
Usage
Two versions of this setting are available. Refer to the descriptions in the BlackBerry Administration Service to determine which version of this setting is appropriate for the BlackBerry devices in your organization. One version of the setting is valid for BlackBerry Device Software versions 4.0.0 to 4.0.1.90 only and you must configure it as an integer. The other version of the setting is valid for BlackBerry Device Software versions 4.0.1 and later and you must configure it as a string. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0
278
Default value
The default value is Yes.
Usage
To use this feature, verify that your organizations PBX permits phones to transfer VoIP calls. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
279
This setting specifies whether a user can perform an unattended transfer to a VoIP call (where the original call ends automatically when the user dials the transfer number) on a BlackBerry device.
Default value
The default value is Yes.
Usage
To use this feature, verify that your organizations PBX permits phones to transfer VoIP calls. This setting is made obsolete by the BlackBerry Mobile Voice System.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is No. The BlackBerry device might not be able to use a Wi-Fi network that requires VPN access, or it might require the use of an alternative form of access control.
Usage
Change this setting to Yes to require that a BlackBerry device use a VPN server to access a Wi-Fi network. This configuration setting is obsolete in BlackBerry Enterprise Server versions 4.1 SP3 and later.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
280
This setting specifies whether the VPN dialog box displays on a BlackBerry device.
Default value
The default value is Yes. The VPN dialog box does not display on the BlackBerry device.
Usage
To display the VPN dialog box after the BlackBerry device connects to the VPN server, change this setting to No.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is No.
Usage
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is Yes.
Usage
If you change this setting to No, a user can continue to change the VPN user name and VPN password on a BlackBerry device.
Minimum requirements
281
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
If you change this setting to No (password not saved), the user must type a VPN password each time the BlackBerry device connects to the VPN concentrator.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is No.
Usage
Change this setting to Yes to turn off server certificate validation during PKI-based authentication.
Dependencies
This setting applies to the following VPN gateways that support PKI-based authentication using certificates: the Cisco Secure PIX Firewall, the Cisco IOS with Easy VPN Server, the NetScreen Series Security Systems, and the Nortel Networks Contivity VPN switch.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
282
Default setting
The default value is Yes. A BlackBerry device retrieves DNS settings from the VPN gateway.
Usage
To require that the BlackBerry device use the static settings that are specified in the VPN Primary DNS configuration setting, VPN Secondary DNS configuration setting, and VPN Domain Name configuration setting, change this setting to No.
Dependencies
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Usage
You must change the Enable VPN configuration setting to Yes and the VPN DNS Configuration configuration setting to No so that a BlackBerry device can use this configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
283
This setting specifies the IP address or FQDN of your organization's VPN server.
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Usage
Specify the group name of your organization's VPN server only if the type of VPN client requires it.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Usage
Specify the group name of your organization's VPN server only if the type of VPN client requires it.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
284
Default value
The default value is No.
Usage
Change this setting to Yes if the VPN server requires a hard token (for example, RSA SecurID) as part of the password for authentication.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is AES-128.
Usage
Change this setting only if the encryption algorithm does not support AES-128.
Minimum requirements
Java based BlackBerry device that is running BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
285
Usage
Change this setting only if the the DH group does not use ECC.
Dependencies
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is SHA-1 (160 bits).
Usage
Change this setting only if the hash method authentication code does not support SHA-1 (160 bits).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is 0.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
286
Default value
The default value is AES-128 Cipher and SHA-1 Hash.
Usage
Change this setting only if the IPSec Cipher and Hash are not AES-128 and SHA-1.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is Low security. A BlackBerry device prompts the user only once for the key store password. The BlackBerry device retrieves and stores, in unencrypted format, the private key with the VPN profile.
Usage
If you change this setting to High security, a BlackBerry device always prompts the user for the key store password when the BlackBerry device requires access to the private key. This might happen frequently, even if the user typed the password recently. Private keys are not stored with the VPN profile. If you change this setting to Medium security, the BlackBerry device prompts the user for the key store password the first time only and, from that point forward, only prompts the user after the user resets the BlackBerry device. Private keys are cached in memory but are not stored with the VPN profile. This rule is obsolete in BlackBerry Enterprise Server version 4.1 SP4.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
287
Default value
The default value is 1 minute.
Usage
Specify the interval, in minutes, that a BlackBerry device sends a keep-alive packet to the VPN concentrator to maintain the connection to the VPN concentrator.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is Yes.
Usage
Change this setting only if your organization does not support PFS.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
288
Dependencies
You must change the Enable VPN configuration setting to Yes and the VPN DNS Configuration setting to No so that a BlackBerry device can use this configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is Full Visibility. A user can view all the configuration settings of the VPN profile.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is Full editability.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
289
This setting specifies the static setting for the IP address of your organization's secondary DNS server.
Default value
The default value is a null value.
Dependencies
You must change the Enable VPN configuration setting to Yes and the VPN DNS Configuration setting to No so that a BlackBerry device can use this setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default setting
The default value is 0.
Dependencies
If you change this setting, you must also change the VPN DNS configuration setting to No and the Enable VPN configuration setting to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device
290
BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Usage
Configure this setting if you want to create a default user name for all user accounts. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated configuration setting uses the same value as this setting.
Dependencies
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Usage
Configure this setting if you want to create a default password for all user accounts. If a user types a password on the BlackBerry device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value that the user types on the BlackBerry device, verify that the updated configuration setting uses the same value as this configuration setting.
Dependencies
291
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Dependencies
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is User name and password required.
Dependencies
You must change the Enable VPN configuration setting to Yes so that a BlackBerry device can use this configuration setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
292
Default value
The default value is a null value.
Usage
After you associate a certificate authority profile with a Wi-Fi profile, you can assign the Wi-Fi profile to a user account and send the profile to a BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP2
293
This setting is a hidden property that contains the name of the VPN profile that you want to associate with the Wi-Fi profile.
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is Yes.
Usage
The default value permits handovers between access points in your organization's Wi-Fi network. Change this setting to No to prevent handovers between access points.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is Yes.
Usage
Change this setting to No to permit a user to change only the user-specific Wi-Fi policy settings on a BlackBerry device. Userspecific Wi-Fi policy settings are Wi-Fi User Name setting and Wi-Fi User Password setting. This configuration setting is obsolete in BlackBerry Enterprise Server version 4.1 SP3.
Minimum requirements
294
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes.
Usage
The default value permits a user to save passwords on a BlackBerry device for authentication to the Wi-Fi network.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is 802.11 a/b/g.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.2 BlackBerry Enterprise Server version 4.1 SP4
Default value
295
The default value is Access does not require VPN. A BlackBerry device can bypass active VPN connections when it connects to the BlackBerry Infrastructure over a Wi-Fi network.
Usage
You can configure one of the following options so that a BlackBerry device can connect to the BlackBerry Infrastructure over a Wi-Fi network: If you want a BlackBerry device to always use a VPN connection when it connects to the BlackBerry Infrastructure over a Wi-Fi network, you can choose the Access requires VPN option. You can choose this option if you want to enforce the additional security that a VPN connection provides. If you do not want a BlackBerry device to connect to the BlackBerry Infrastructure over a Wi-Fi network, you can choose the Access disabled option.
Dependencies
When you change this setting, you override the BlackBerry Infrastructure Wi-Fi Access Mode IT policy rule. You can use this setting to configure the access mode for a specific Wi-Fi network, and the IT policy rule to configure the access mode for other Wi-Fi networks. If you turn off access to the BlackBerry Infrastructure over a Wi-Fi network using the IT policy rule, you cannot override the IT policy rule using this setting.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Usage
A BlackBerry device uses this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No.
Dependencies
If you change the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
296
Default value
The default value is 1.
Usage
Verify that the WEP key ID matches the WEP access point ID and the corresponding WEP key.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is Yes. DHCP is turned on.
Usage
If your organization uses a Wi-Fi network that includes subnets, turn on DHCP to permit roaming between subnets.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
297
Usage
If you change this setting to Yes, a root certificate is not required for the EAP, EAP-TLS, or EAP-TTLS authentication method.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Default value
The default value is a null value.
Dependencies
Configure this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No to make DHCP unavailable.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is Anonymous. The server provisions the BlackBerry device with a PAC when the BlackBerry device connects for the first time. The server uses the user name and password to authenticate the user account. When you choose this option, server authentication does not occur.
Usage
You can configure one of the following options to change the type of provisioning methods that a BlackBerry device can use: If you want the server to authenticate a BlackBerry device using the user name and password of the user account and a root certificate when the BlackBerry device connects for the first time, you can select the Authenticated option. The BlackBerry device does not connect to the server if the server does not present a root certificate to the BlackBerry device.
298
If you want the server to authenticate a BlackBerry device using the user name and password of the user account, and you want the settings on the server to determine if server authentication must occur, you can select the Both option. If the server presents a root certificate, the BlackBerry device verifies the server using the selected root certificate. If the server does not present a root certificate, the BlackBerry device does not perform server authentication. Java based BlackBerry device BlackBerry Device Software version 5.0 BlackBerry Enterprise Server version 5.0
Minimum requirements
Default value
The default value is No.
Usage
Change this setting to Yes to permit a user to log in to a captive portal using a BlackBerry device. This setting is obsolete in BlackBerry Enterprise Server versions 4.1 SP4 and later.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is No.
Usage
Change this setting to Yes if a BlackBerry device requires a hard token (for example, RSA SecurID) as part of the password for authentication.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1
299
Default value
The default value is None.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Usage
A BlackBerry device uses this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No.
Dependencies
If you change the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
300
This setting specifies the type of authentication method (for example, Open, EAP-FAST, LEAP, PEAP, EAP-TLS, EAP-TTLS, PSK, or WEP) that a BlackBerry device requires to access a Wi-Fi network.
Default value
The default value is Open.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Wi-Fi Minimal EAP-TLS Certificate Encryption Key Security Level configuration setting
Description
This setting specifies the minimum security level for a private key that an EAP authentication method (for example, EAP-TLS) uses with a client certificate.
Default value
The default value is Low security. A BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. The BlackBerry device stores the unencrypted private key with the WiFi profile.
Usage
If you configure this setting to Medium security, a BlackBerry device prompts a user only once for the key store password so that the BlackBerry device can retrieve the private key and encrypt messages. After the BlackBerry device retrieves the private key, the BlackBerry device retrieves the private key again only after the user resets the BlackBerry device. The BlackBerry device caches the private key in memory but does not store it with the Wi-Fi profile. If you configure this setting to High security, a BlackBerry device always prompts a user for the key store password when it accesses the private key and encrypts messages. The BlackBerry device does not store the unencrypted private key with the WiFi profile.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
301
Dependencies
A BlackBerry device uses this setting only if you configure the Wi-Fi Link Security configuration setting to PSK.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
A BlackBerry device uses this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No.
Dependencies
If you configure the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is Full editability. The user can change all settings in the Wi-Fi profile.
Usage
When you change this setting to No editability, the user cannot change any settings in the Wi-Fi profile.
302
When you change this setting to Credentials editability, the user can change only the user credentials in the Wi-Fi profile.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is Full visibility. The BlackBerry device displays all the settings in the Wi-Fi profile.
Usage
When you configure this setting to Restricted visibility, the BlackBerry device displays only the profile name. When you configure this setting to Credentials visibility, the BlackBerry device displays only the profile name and login information of the user.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
303
This setting determines how often the Wi-Fi transceiver scans for nearby wireless access points and roams to one of them if the signal quality is better than the signal of the current access point.
Default value
The default value is Auto. A BlackBerry device selects roaming thresholds automatically.
Usage
When you configure this setting to Low, a BlackBerry device roams only when signal quality is very low. When you configure this setting to Medium, a BlackBerry device roams when the signal quality is medium to low. When you configure this setting to High, a BlackBerry device roams aggressively to access points with better signal strength.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Usage
A BlackBerry device uses this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No.
Dependencies
If you change the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
304
Default value
The default value is a null value.
Usage
If you do not specify a SAN field for the server certificate, the BlackBerry device accepts any valid server certificate.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Usage
If you do not specify the Subject field for a server certificate, the BlackBerry device accepts any valid server certificate.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
Default value
The default value is a null value.
Usage
You must configure this setting before a BlackBerry device can access the Wi-Fi network.
Minimum requirements
Java based BlackBerry device
305
BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
A BlackBerry device uses this setting only if you change the Wi-Fi DHCP Configuration configuration setting to No.
Dependencies
If you change the Wi-Fi DHCP Configuration configuration setting to Yes, do not change this setting to Yes.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
The default value is a null value.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.1 BlackBerry Enterprise Server version 4.1 SP3
306
This setting specifies the user name for PEAP or LEAP authentication on a BlackBerry device.
Default value
The default value is a null value.
Usage
Configure this setting if you want to create a default value for all users. If a user types a user name on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types. To retain the user-specified value on the BlackBerry device, verify that the updated Wi-Fi profile uses the same value as the WiFi profile on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Configure this setting if you want to create a default value for all users. If a user types a password on a BlackBerry device manually, IT policy updates overwrite or delete the value that the user types. To retain the user-specified value on the BlackBerry device, verify that the updated Wi-Fi profile uses the same value as the WiFi profile on the BlackBerry device.
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.2.0 BlackBerry Enterprise Server version 4.1 SP2
Default value
307
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF: 01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF: 01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is a null value.
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF: 01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device
308
BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
Default value
The default value is null.
Usage
Valid values are either 5 or 13 pairs of hexadecimal digits (0 to 9 and A to F) that you separate with a colon (for example, AB:CD:EF: 01:23 or AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23).
Minimum requirements
Java based BlackBerry device BlackBerry Device Software version 4.0.0 BlackBerry Enterprise Server version 4.0 SP1
309
Define the encryption strength that BlackBerry devices use to protect data.
Extend encryption of data that is in transit between the sender and recipient of an email message or PIN message. Require the BlackBerry device to generate and use the content protection key to encrypt user data while the BlackBerry device is locked. Require the BlackBerry device to generate and use the principal encryption key to encrypt the device transport key while the BlackBerry device is locked. To require a specific standard of encryption strength, specify the level of FIPS compliance for the embedded cryptographic module that is required for basic operation of the BlackBerry device. Prevent BlackBerry device users from downloading third-party applications over the wireless network. Specify whether applications on the BlackBerry device can establish specific types of connections. Specify the resources (for example, email, phone, and BlackBerry device key store) that a third-party application can access on the BlackBerry device. Specify the types of connections (for example, local, internal, and external) that a third-party application that is running on the BlackBerry device can open. Specify whether an application can access the user authenticator framework API, which permits the registration of drivers to provide two-factor authentication to unlock the BlackBerry device. Manage Bluetooth technology on BlackBerry devices. Prevent the use of Bluetooth technology on BlackBerry devices.
310
Example goal
Description Specify whether a BlackBerry device can pair with another Bluetooth enabled device. Specify whether the user can turn on and turn off the Bluetooth profiles that are on the BlackBerry device.
Delete all user data on the BlackBerry device if the user types the password incorrectly. Do not permit users to reuse an expired password.
311
Lock the BlackBerry device automatically, regardless of user activity. Prompt the user to type a password, whether the Periodic Challenge Time BlackBerry device is idle or in use. Lock the BlackBerry device automatically when a user inserts it in the holster. Lock the BlackBerry device automatically after a period of user inactivity. Force Lock When Holstered Maximum Security Timeout
60 (minutes that can elapse before the user must type a password) Yes 5 (minutes of idle time that is permitted before the BlackBerry device locks)
Defining the encryption strength that the BlackBerry device uses to protect data
Scenario Protect user and application data on the BlackBerry device. Protect the device transport key on a locked BlackBerry device. Specify the level of FIPS compliance on the BlackBerry device. Specify the algorithms that the BlackBerry device uses to encrypt and decrypt PGP messages. Example IT policy rule Content Protection Strength Example value Yes
Force Content Protection of Master Key Yes FIPS Level PGP Allowed Content Ciphers 2 AES (256-bit), AES (192-bit), AES (128bit), and Triple DES
312
Scenario Specify the algorithms that the BlackBerry device uses to encrypt and decrypt S/MIME messages.
Example value AES (256-bit), AES (192-bit), AES (128bit), and Triple DES
(Users can still receive SMS text messages.) Prevent users from forwarding or replying to Disable Forwarding Between messages using a different BlackBerry Enterprise Services Server. Display message sensitivity using different message Security Service Colors background colors.
313
Limiting the resources that third-party applications installed on BlackBerry devices can access
Scenario Prevent third-party Java applications from accessing a list of domains using the BlackBerry Browser. Permit a third-party Java application from sending and receiving messages on a BlackBerry device. Remove a third-party Java application from BlackBerry devices over the wireless network. Permit a third-party Java application to access the phone application on BlackBerry devices. Permit a third-party Java application to create public external network connections and permit connections to external domains without prompting users for a password on their BlackBerry devices. Permit a third-party Java application to establish connections to Bluetooth enabled devices. Example application control policy rule List of Browser Filter Domains Value addresses of the domains
Is Access to the Email API Allowed Disposition Is Access to the Phone API Allowed Are External Network Connections Allowed List of External Domains Is Access to the Serial Port Profile for Bluetooth API Allowed Are External Network Connections Allowed
Allowed Disallowed Allowed Allowed addresses of the external domains Allowed Allowed Disallowed
Prevent users from turning on a custom theme that Is Theme Data Allowed was created using the Plazmic Content Developer's Kit. Prevent users from unlocking their BlackBerry Is Access to the User devices using a BlackBerry Smart Card Reader and Authenticator API Allowed an authentication password.
Disallowed
314
Prevent users from unlocking their BlackBerry Is Access to the User devices using a BlackBerry Smart Card Reader and Authenticator API allowed an authentication password. (application control policy rule) Prevent users that are authenticating through a VPN Is Access to the User connection from using third-party applications on Authenticator API allowed their BlackBerry devices. (application control policy rule)
Required
315
To prevent the RIM value-added applications from running on BlackBerry Device Software versions earlier than 4.5, you can block all RIM value-added applications using the Disable RIM Value-Added Applications IT policy rule, or you can block specific RIM value-added applications using application-specific IT policy rules. To prevent the RIM value-added applications from running on BlackBerry Device Software version 4.5 or later, you can use any of the following application-specific methods: Application BlackBerry Wallet Method Configure the Disable BlackBerry Wallet IT policy rule to Yes. Apply an application control policy rule to block all third-party applications, or apply an application control policy to block specific RIM value-added applications if you want to remove the RIM value-added applications from BlackBerry devices. Configure the Disable RIM Value-Added Applications IT policy rule to Yes. Configure the Disable Ecommerce Content Optimization Engine IT policy rule to Yes. Apply an application control policy rule to block all third-party applications, or apply an application control policy to block specific RIM value-added applications if you want to remove the RIM value-added applications from BlackBerry devices. Configure the Disable RIM Value-Added Applications IT policy rule to Yes.
You can apply the Disposition application control policy rule to RIM value-added applications only. Other application control policy rules do not apply to RIM value-added applications.
316
Glossary
Glossary
A2DP Advanced Audio Distribution Profile AES Advanced Encryption Standard APB all points bulletin API application programming interface APN access point name ASCII American Standard Code for Information Interchange AVRCP Audio/Video Remote Control Profile BCC blind carbon copy BlackBerry MDS BlackBerry Mobile Data System BSM browser session manager CAST Computer Assisted Seriation Test CHAP Challenge Handshake Authentication Protocol COM Component Object Model CRL certificate revocation list
317
Glossary
DES Data Encryption Standard DHCP Dynamic Host Configuration Protocol DNS Domain Name System DSA Digital Signature Algorithm DTMF Dual Tone Multiple-frequency DUN Dial-up Networking EAP Extensible Authentication Protocol EAP-FAST Extensible Authentication Protocol Flexible Authentication via Secure Tunneling EAP-TLS Extensible Authentication Protocol Transport Layer Security EAP-TTLS Extensible Authentication Protocol Tunneled Transport Layer Security ECC Elliptic Curve Cryptography FIPS Federal Information Processing Standards FQDN fully qualified domain name GAN generic access network GPS Global Positioning System
318
Glossary
HFP Hands-Free Profile HSP Headset Profile HTML Hypertext Markup Language HTTPS Hypertext Transfer Protocol over Secure Sockets Layer IKE Internet Key Exchange IMEI International Mobile Equipment Identity IOT interoperability test IP Internet Protocol IPSec Internet Protocol Security LEAP Lightweight Extensible Authentication Protocol LED light-emitting diode MDS Mobile Data System MFH message from handheld MMS Multimedia Messaging Service MTH message to handheld
319
Glossary
NAT network address translation OBEX Object Exchange PAC proxy auto-configuration PBX Private Branch Exchange PEAP Protected Extensible Authentication Protocol PFS Perfect Forward Secrecy PIM personal information management PIN personal identification number PKI Public Key Infrastructure PSK pre-shared key RNG random number generator RTP Real-time Transport Protocol SAN subject alternative name SHA Secure Hash Algorithm SIM Subscriber Identity Module
320
Glossary
SIP Session Initiation Protocol S/MIME Secure Multipurpose Internet Mail Extensions SMS Short Message Service SPP Serial Port Profile SSID service set identifier TCP Transmission Control Protocol TLS Transport Layer Security TUI telephone UI UDP User Datagram Protocol UID unique identifier USB Universal Serial Bus VoIP Voice over Internet Protocol VPN virtual private network WAN wide area network WAP Wireless Application Protocol
321
Glossary
WEP Wired Equivalent Privacy WLAN wireless local area network WTLS Wireless Transport Layer Security
322
Provide feedback
Provide feedback
To provide feedback on this deliverable, visit www.blackberry.com/docsfeedback.
323
Legal notice
Legal notice
2009 Research In Motion Limited. All rights reserved. BlackBerry, RIM, Research In Motion, SureType, SurePress and related trademarks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. 3GPP is a trademark of 3GPP. AIM, AOL Instant Messenger, and ICQ are trademarks of AOL LCC. Bluetooth is a trademark of Bluetooth SIG. DataViz and Documents to Go are trademarks of DataViz. Entrust and Entrust Entelligence are trademarks of Entrust, Inc. Facebook is a trademark of Facebook, Inc. Google Talk and Picasa are trademarks of Google Inc. IrDA is a trademark of Infrared Data Association. IBM, Domino, Lotus, Lotus Notes, Quickr, and Sametime are trademarks of International Business Machines Corporation. Kodiak PTT is a trademark of Kodiak Networks Inc. Microsoft, Active Directory, and Windows Live are trademarks of Microsoft Corporation. NetScreen is a trademark of Juniper Networks, Inc. Novell and GroupWise are trademarks of Novell, Inc. PGP is a trademark of PGP Corporation. Plazmic is a trademark of Plazmic Inc. Roxio is a trademark of Sonic Solutions. RSA and RSA SecurID are trademarks of RSA Security. Java and JavaScript are trademarks of Sun Microsystems, Inc. TiVo is a trademark of TiVo Inc. T-Mobile is a trademark of Deutsche Telekom AG. Wi-Fi is a trademark of the Wi-Fi Alliance. Flickr and Yahoo! Messenger are trademarks of Yahoo! Inc. All other trademarks are the property of their respective owners. The BlackBerry smartphone and other devices and/or associated software are protected by copyright, international treaties, and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428; D433,460; D416,256. Other patents are registered or pending in the U.S. and in various countries around the world. Visit www.rim.com/patents for a list of RIM (as hereinafter defined) patents. This documentation including all documentation incorporated by reference herein such as documentation provided or made available at www.blackberry.com/go/docs is provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation, or warranty of any kind by Research In Motion Limited and its affiliated companies ("RIM") and RIM assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions in this documentation. In order to protect RIM proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of RIM technology in generalized terms. RIM reserves the right to periodically change information that is contained in this documentation; however, RIM makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all. This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party web sites (collectively the "Third Party Products and Services"). RIM does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by RIM of the Third Party Products and Services or the third party in any way. EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NONINFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE
324
Legal notice
OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL RIM BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH RIM PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF RIM PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, RIM SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY. THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO RIM AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED RIM DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF RIM OR ANY AFFILIATES OF RIM HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION. Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third Party Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with RIM's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by RIM and RIM assumes no liability whatsoever, in relation
325
Legal notice
thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with RIM. Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server, BlackBerry Desktop Software, and/or BlackBerry Device Software. The terms of use of any RIM product or service are set out in a separate license or other agreement with RIM applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY RIM FOR PORTIONS OF ANY RIM PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION. Research In Motion Limited 295 Phillip Street Waterloo, ON N2L 3W8 Canada Research In Motion UK Limited Centrum House 36 Station Road Egham, Surrey TW20 9LF United Kingdom Published in Canada
326